You are on page 1of 129

CCIE Routing and Switching Exam Quick Reference Sheets Page 4 Return to Table of Contents

[3]

CHAPTER 1 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

■ Forms adjacencies with neighboring routers that speak the same
General protocol; sends local link information to these devices.

Networking Theory Note that although this is flooding of information to all nodes, the
router is sending only the portion of information that deals with
the state of its own links.
■ Each router constructs its own complete “picture” or “map” of the
General Routing Concepts network from all of the information received.

Link-state and distance vector protocols Hybrid
■ Example: Enhanced Interior Gateway Routing Protocol (EIGRP)
Distance vector ■ Features properties of both distance vector and link-state routing
■ Examples: Routing Information Protocol Version 1 (RIPv1), protocols
RIPv2, Interior Gateway Routing Protocol (IGRP)
■ Features periodic transmission of entire routing tables to directly Path vector protocol
connected neighbors ■ Example: Border Gateway Protocol (BGP).
■ Mathematically compares routes using some measurement of ■ Path vector protocols are a subset of distance vector protocols;
distance BGP uses “path vectors” or a list of all the autonomous systems a
■ Features hop-count limitation prefix has crossed to make metric decisions and to ensure a loop-
free environment.
Link State ■ In addition to the autonomous system path list, an administrator
■ Examples: Open Shortest Path First (OSPF), Intermediate System- can use many other factors to affect the forwarding or receipt of
to-Intermediate System (IS-IS). traffic using BGP.

■ Sends local connection information to all nodes in the internet-
work.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 5 Return to Table of Contents

[4]

CHAPTER 1 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Split horizon The following routes exist in the routing table—all routes use a 24-bit
mask:
■ Split horizon is a technique used by routing protocols to help
prevent routing loops. The split-horizon rule states that an inter- 10.108.48.0 = 00001010 01101100 00110000 00000000
face will not send routing information out an interface from which 10.108.49.0 = 00001010 01101100 00110001 00000000
the routing information was originally received. Split horizon can
cause problems in some topologies, such as hub-and-spoke Frame 10.108.50.0 = 00001010 01101100 00110010 00000000
Relay configurations. 10.108.51.0 = 00001010 01101100 00110011 00000000
10.108.52.0 = 00001010 01101100 00110100 00000000
Summarization 10.108.53.0 = 00001010 01101100 00110101 00000000
Summarization is the process in which the administrator collapses 10.108.54.0 = 00001010 01101100 00110110 00000000
many routes with a long mask to form another route with a shorter 10.108.55.0 = 00001010 01101100 00110111 00000000
mask. Route summarization reduces the size of routing tables and
makes routing function more efficiently. Route summarization also Notice that the first 21 bits of the subnetwork IDs are all common.
helps make networks more stable by reducing the number of updates These can be masked off. You can use the single route entry for all
that are sent when subnets change state. Route summarization makes these subnetworks as follows:
classless interdomain routing (CIDR) possible. Variable-length subnet 10.108.48.0/21
masking (VLSM) promotes the use of route summarization. Some
dynamic routing protocols engage in route summarization automati-
cally for changes in a major classful network, whereas others do not. Classful and classless routing protocols
For any routing protocol within the scope of the CCIE written exam, an Classful routing protocols are considered legacy and do not include
administrator can disable any automatic summarization that might be subnet mask information with routing updates. Examples of classful
occurring and configure “manual” summarization. routing protocols are RIPv1 and IGRP. Because subnet mask informa-
To engage in route summarization, find all the leftmost bits that are in tion is not included in updates, consistency of the mask is assumed
common and create a mask that encompasses them. An example throughout the network. Classful routing protocols also feature auto-
follows. matic summarization of routing updates when sent across a major

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 6 Return to Table of Contents

[5]

CHAPTER 1 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

classful network boundary. For example, the 10.16.0.0/16 network Routing decision criteria
would be advertised as 10.0.0.0/8 when sent into a 172.16.0.0 domain.
Routers must determine the best route to send traffic on toward its
Note that although BGP and EIGRP are not classful routing protocols, destination. This is accomplished as follows (note that the order of
both engage in automatic summarization behavior by default, and in operations is critical and fixed):
that sense they act classful. The no auto-summary command is used to
1. Valid next-hop IP address—When updates are received, the router
disable this behavior.
first verifies that the next-hop IP address to reach the potential
Classful routing protocols feature a fixed-length subnet mask (FLSM) destination is valid.
as a result of their inherent limitations. The FLSM leads to inefficient 2. Metric—The router then examines the metrics for the various routes
use of addresses and limits the network’s overall routing efficiency. that might exist from a particular protocol. For example, if OSPF
By default, classful routing protocols discard traffic bound for any has several routes to the destination, the router tries to install the
unknown subnet of the major classful network. For example, if your route with the best metric (in this case, cost) into the routing table.
classful routing protocol receives traffic destined for 10.16.0.0 and it 3. Administrative distance—If multiple routing protocols are running
knows of only the 10.8.0.0 and 10.4.0.0 subnets in its routing table, it on the device, and multiple protocols are all presenting routes to
discards the traffic—even if a default route is present! The ip classless the destination with valid next hops, the router examines adminis-
command was introduced to change this behavior. The ip classless trative distance. The route sourced from the lowest administrative
command allows the protocol to use the default route in this case. This distance protocol or mechanism is installed in the routing table.
command is on by default with Cisco IOS Release 12.0 and later
4. Prefix—The router examines the route’s prefix length. If no exact
routers.
match exists in the routing table, the route is installed. Note that
As a classic example of a classless routing protocol, OSPF carries this might cause the routing table to be filled with the following
subnet mask information in updates. Wireless LAN Services Module entries: EIGRP 172.16.2.0/24 and RIP 172.16.2.0/19.
(WLSM) is possible with such protocols. On the subject of prefix length and the routing table, remember that
when a router is looking for a match in the IP routing table for the
destination address, it always looks for the longest possible prefix
match. For example, if the routing table contains entries of 10.0.0.0/8,
10.2.0.0/16, and 10.2.1.0/24, and your traffic is destined for
10.2.1.0/24, the longest match prefix is selected.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 7 Return to Table of Contents

[6]

CHAPTER 1 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Administrators can create static routes that “float.” A floating static
Routing Information Base and route means the administrator increases the administrative distance of
Routing Protocol Interaction the static route to be greater than the administrative distance of the
dynamic routing protocol in use. This means the static route is relied on
only when the dynamic route does not exist.
Administrative distance
If a router learns of a network from multiple sources (routing protocols
or static configurations), it uses the administrative distance value to Routing table
determine which route to install in the routing (forwarding) table. The
The routing table has been the principal element of IP routing and the
default administrative distance values are listed here.
primary goal of routing protocols to build and maintain for most of
modern internetworking. The main routing table model, the hop-by-hop
Source Administrative Distance
routing paradigm, has the routing table list for each destination network
Connected interface 0 the next-hop address to reach that destination. As long as the routing
Static route 1 tables are consistent and accurate, with no misinformation, this simple
EIGRP summary route 5 hop-by-hop paradigm works well enough to deliver data to anywhere
from anywhere in the network. In recent practice, this simple hop-by-
External BGP 20
hop model is being abandoned for new technologies such as
Internal EIGRP 90 Multiprotocol Label Switching (MPLS). These technologies allow a
IGRP 100 simple and efficient label lookup to dictate the next hop that data
OSPF 110 should follow to reach a specific destination. Although this determina-
IS-IS 115 tion can be based on the routing table information, it can easily be
based on other parameters, such as quality of service or other traffic
RIP 120
engineering considerations. Note that MPLS is explored in its own
Exterior Gateway Protocol 140 chapter of this Short Cut.
On-Demand Routing 160
External EIGRP 170
Internal BGP 200
Unknown 255

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 8 Return to Table of Contents

[7]

CHAPTER 1 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Routing information base and forwarding routing protocols might be a necessity because of an interim period
during conversion from one to another, application-specific protocol
information base interaction requirements, political reasons, or a lack of multivendor interoperability.
The routing and forwarding architecture in Cisco routers and multilayer
switches used to be a centralized, cache-based system that combined A major issue with redistribution is the seed metric to be used when the
what is called a control plane and a data plane. The control plane refers routes enter the new routing protocol. Normally, the seed metric is
to the resources and technologies used to create and maintain the generated from the originating interface. For example, EIGRP would
routing table. The data plane refers to those resources and technologies use the bandwidth and delay of the originating interface to seed the
needed to actually move data from the ingress port to the egress port on metric. With redistributed routes, however, these routes are not
the device. This centralized architecture has migrated so that the two connected to the router. Some routing protocols feature a default seed
planes can be separated to enhance scalability and availability in the metric for redistribution, whereas others do not. Here is a list of the
routing environment. defaults for the various protocols. Note that Infinity indicates a seed
metric must be configured; otherwise, the route will not be used by the
The separation of routing and forwarding tasks has created the Routing receiving protocol.
Information Base (RIB) and the Forwarding Information Base (FIB).
The RIB operates in software, and the control plane resources take the Protocol Default Seed Metric
best routes from the RIB and place them in the FIB. The FIB resides in
OSPF 20; except BGP, which is 1
much faster hardware resources. The Cisco implementation of this
enhanced routing and forwarding architecture is called Cisco Express IS-IS 0
Forwarding (CEF). RIP Infinity
IGRP/EIGRP Infinity

Redistribution
Redistribution between routing protocols
Route redistribution might be required in an internetwork because
multiple routing protocols must coexist in the first place. Multiple

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 9 Return to Table of Contents

[8]

CHAPTER 1 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Redistribution into RIP Redistribution into EIGRP
Remember to set a default metric, using either the redistribute Remember that like RIP, you must set a default seed metric when redis-
command or the default-metric command. The command to redistrib- tributing into EIGRP. The command for redistribution into EIGRP is as
ute routes into RIP is as follows: follows:
redistribute protocol [process-id] [match route-type] redistribute protocol [process-id] [match {internal | external
[metric metric-value] [route-map map-tag] 1 | external 2}] [metric metric-value] [route-map map-tag]

The match keyword allows you to match certain route types when
redistributing OSPF. For example, you can specify internal, or external
Troubleshooting routing loops
1, or external 2. The route-map keyword allows you to specify a route
map for controlling or altering the routes that are being redistributed. You can perform one-way or two-way redistributions. Redistribution
can also be performed in multiple locations throughout the topology.
With one-way redistribution, you typically pass a default route into the
Redistribution into OSPF “edge” protocol, and take all the edge protocol routes and redistribute
The default seed metric is 20. The default metric type for redistributed them into the core protocol of the network.
routes is Type 2. Subnets are not redistributed by default. The
command for redistribution into OSPF is as follows: With two-way redistribution, all routes from each routing protocol are
passed into each other. If two-way redistribution is performed in multi-
redistribute protocol [process-id] [metric metric-value] ple areas in the network, there is an excellent chance for route “feed-
[metric-type type-value] [route-map map-tag] [subnets] back” and routing loops. Routing loops are highly likely to occur
[tag tag-value]
because routing information from one autonomous system can easily be
The subnets keyword is critical in this command and specifies that passed back into that same autonomous system.
subnets should indeed be redistributed. The tag value allows the admin-
istrator to configure an optional tag value that can be used later to
easily identify these routes.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 10 Return to Table of Contents

[9]

CHAPTER 1 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

The safest way to eliminate the chance for a loop is to redistribute only
in one direction (one-way redistribution). If this is not possible, and
two-way redistribution is desired, try these techniques to ensure a lack
of loops:

Redistribute from the core protocol into the edge with filtering to block
routes that are native to the edge.

Apply two-way redistribution on all routes, and manipulate administra-
tive distance associated with the external routes so that they are not
selected when multiple routes exist for the same destination.
An excellent technique to detect a routing loop during redistribution is
to use the debug ip routing command. This command shows all
routing table activity as it occurs and demonstrates a loop condition
through routing table instability.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 11 Return to Table of Contents

[ 10 ]

CHAPTER 2 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

while still using the same MAC address and priority value. Previously,
Bridging and LAN multiple MAC addresses were needed for each VLAN to ensure
uniqueness.
Switching Path cost is the measure of distance from one bridge to another. Links
are assigned a cost value by STP. This cost value is based on band-
width. Higher-bandwidth links receive a lower-cost value, and STP
Spanning Tree Protocol deems a lower-cost path as preferred to a higher-cost path.

Initially with STP operations, a root bridge must be selected. This root
802.1D bridge will have all of its ports in the forwarding state (designated
ports) and will be the central reference point for the creation of a loop-
802.1D Spanning Tree Protocol (STP) is a Layer 2 loop-prevention
free Layer 2 topology. For the “election” of this device, configuration
mechanism. It is an IEEE standards-based protocol. Over the years,
bridge protocol data units (BPDU) are sent between switches for each
Cisco has enhanced this protocol with new features to make much-
port. Switches use a four-step process to save a copy of the “best”
needed improvements. This chapter discusses those improvements and
BPDU seen on every port. When a port receives a better BPDU, it stops
new IEEE versions of the protocol that dramatically improve the tech-
sending them. If the BPDUs stop arriving for 20 seconds (the default),
nology. Layer 2 loops are terrible because of no Time To Live (TTL)
the port begins sending them again. The process for selecting the best
value in frame. Loops can cause broadcast storms, MAC table corrup-
BPDU is as follows:
tion, and multiple-frame copies.
1. Lowest root bridge ID (BID)
STP process 2. Lowest path cost to root bridge
The bridge ID is a critical element for the creation of the spanning-tree,
3. Lowest sender BID
loop-free topology. The bridge ID consists of a 2-byte bridge priority
and a 6-byte MAC address. The default priority is 32,768. Newer 4. Lowest port ID (for example, Fa0/10 versus Fa0/20)
switch operating systems feature a third component for the bridge ID: After the root bridge for the network has been determined, this refer-
the extended system ID. This value is just the VLAN ID. Use of the ence point can be used to create the loop-free topology. This initial
three-part bridge ID allows each VLAN to have a unique bridge ID creation of the loop-free topology takes place in three steps:

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 12 Return to Table of Contents

[ 11 ]

CHAPTER 2 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Step 1. Elect a root bridge. The lowest BID wins. with the timers that control the transition times. Note that the states are
carefully ordered here to demonstrate the order of transition:
Step 2. Elect root ports. Every nonroot bridge selects one root
port. 1. Disabled—Administratively down
Step 3. Elect designated ports. Each segment has one designated 2. Blocking—BPDUs received only (20 sec)
port (the bridge with the designated port is the designated
3. Listening—BPDUs sent and received (15 sec)
bridge for that segment); all active ports on the root bridge
are designated (unless you connect two ports to each other). 4. Learning—Bridging table is built (15 sec)
When convergence occurs, BPDUs radiate out from the root bridge 5. Forwarding—Sending/receiving data
over loop-free paths. Figure 2-1 shows an example of STP in action. STP timers are used in the process to control convergence:
Lowest BID
Root Bridge ■ Hello—2 sec (time between each configuration BPDU)
■ Forward Delay—15 sec (controls durations of listening/learning
DP DP states)
■ Max Age—20 sec (controls the duration of the blocking state)
Default convergence time is 30 to 50 seconds. Timer modification is
RP RP possible from the root bridge. See Figure 2-2.

DP NDP Although the timers can be manipulated, Cisco does not recommend
this. Instead, there are Cisco mechanisms that can be used to improve
FIGURE 2-1 Spanning-tree topology convergence times without direct manipulation of the timers by the
administrator. Convergence time is a recognized issue with STP and the
Ports have a port state under 802.1D STP. Ports begin life on the switch
exact reason for IEEE’s creation of new versions of the protocol.
as disabled and gradually transition to a forwarding state as long as
STP deems it is safe to do so. The possible states are listed here along

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 13 Return to Table of Contents

[ 12 ]

CHAPTER 2 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

b. A port goes from Forwarding/Learning to Blocking.
Blocking
TCNs are sent out the root port of nonroot devices; they are sent
Max Age 20 Seconds
each hello interval until they are acknowledged by the upstream
device.
Listening
2. Upstream bridges process TCN on DPs.
Forward Delay 15 Seconds
3. The upstream switch sets the Topology Change Acknowledgement
Learning (TCA) field of the next configuration BPDU received and sends
Forward Delay 15 Seconds
this downstream. This causes the downstream switch to stop
sending TCN BPDUs.
Forwarding 4. The upstream switch then sends the TCN further upstream.
5. This continues until the root bridge receives the TCN.
FIGURE 2-2 802.1D timers
6. The root bridge then sets the TCA and Topology Change flags in
Topology changes the next configuration BPDU sent out downstream.
STP uses a Topology Change Notification (TCN) BPDU to alert the 7. The root bridge sets the TC flag in all BPDUs sent for Forward
root bridge that a topology change to the spanning tree might need to Delay + Max Age. This instructs all switches to age MAC table
occur. The Type field of the BPDU signifies the TCN BPDU: 0x80. address entries faster.
TCN BPDUs improve convergence time when failures in the network
occur—primarily because they help in a rapid updating of the MAC Root bridge placement
address tables.
You should set the root bridge location in your network using the
The TCN process of 802.1D is as follows: appropriate Cisco IOS command.
1. A bridge sends a TCN BPDU in two cases:
a. It takes a port into forwarding, and it has at least one designated
port (DP).

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 14 Return to Table of Contents

[ 13 ]

CHAPTER 2 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

NOTE Fast STP convergence with Cisco-proprietary
The CCIE written exam focuses on the Cisco IOS-based enhancements to 802.1D
command set. As a result, no CatOS commands are shown in
any of the Quick Reference Sheets.
PortFast
PortFast, shown in Figure 2-3, is a Cisco-proprietary enhancement to
the 802.1D STP implementation. You apply the command to specific
You should also select a secondary root in the event the primary root ports, and that application has two effects:
fails.
■ Ports coming up are put directly into the forwarding STP mode.
spanning-tree vlan vlan_ID priority priority_value allows you to
■ The switch does not generate a TCN when a port configured for
modify the priority value and directly manipulate the root election. For
example, spanning-tree vlan 100 priority 4096 sets the priority to PortFast is going up or down—for example, when a workstation
4096 for VLAN 100 on the local switch. If all switches are at the power-cycles.
default priority value of 32,768, the bridge becomes the root. You can Therefore, consider enabling PortFast on ports that are connected to
use the priority value of 8192 in this case on another switch to elect it end-user workstations. Caution must be used with PortFast ports to
as the secondary root bridge. ensure that hubs, switches, bridges, or any other device that could
cause a loop are not connected to these ports.
The command spanning-tree vlan vlan_ID root primary is actually a
macro command that examines the priority of the existing root and sets PortFast
the priority on the local switch to be 1 less. If the default is used on the
PortFast PortFast
root, the priority is set to 8192. To create a secondary root, you can use
the following command:
spanning-tree vlan vlan_ID root secondary

This command sets the priority value to 16,384. FIGURE 2-3 PortFast

Remember, in a Cisco environment, by default all spanning-tree mecha-
nisms occur on a VLAN-by-VLAN basis. This is called Per-VLAN
Spanning Tree (PVST+).

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 15 Return to Table of Contents

[ 14 ]

CHAPTER 2 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

UplinkFast RSTP defines edge ports as those not participating in STP. Edge ports
Configure UplinkFast on wiring closet switches. It detects a directly can be statically configured or will be recognized by the PortFast
connected failure and allows a new root port to come up almost imme- configuration command.
diately.
When you are configuring UplinkFast, the local switch has a priority
RSTP port states
set to 49,152, and it adds 3000 to the cost of all links. Finally, a mecha- RSTP port states are simplified from 802.1D and consist of the following:
nism is included that causes the manipulation of MAC address tables ■ Discarding
for other bridges.
■ Learning
BackboneFast ■ Forwarding
Configure BackboneFast on all switches. It speeds convergence when
Also, the port states are no longer tied directly to port roles. For
the failure occurs and is indirectly located, such as in the core of the
example, a DP could be Discarding, even though it is destined to transi-
backbone. It reduces convergence from about 50 seconds to about 30
tion to the Forwarding state.
seconds.

RSTP port roles
802.1w Rapid Spanning Tree Protocol ■ Root port—This port role exists in 802.1D, too, and is the “best”
Rapid Spanning Tree Protocol (RSTP or IEEE 802.1w) improves on path back to the root bridge; it must exist on all nonroot bridges.
802.1D. The protocol incorporates many new features to speed conver- ■ Designated port—This port role exists in 802.1D, too, and there
gence, including incorporation of the ideas presented by Cisco in its must be a DP on all segments in the topology. By default, all ports
enhancements to 802.1D. Although there are many, many improvements on the root bridge are DPs.
with the new technology, the configuration remains almost identical—
■ Alternative port—This port role is new to 802.1w. This port is a
and the two technologies can coexist. Full benefits are not realized
until all systems are running RSTP, however. quickly converging backup port to the current DP on a segment.
■ Backup port—This port role is new to 802.1w. This port is a
RSTP requires full-duplex, point-to-point connections between adjacent
quickly converging backup to the root port for a system.
switches to achieve fast convergence.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 16 Return to Table of Contents

[ 15 ]

CHAPTER 2 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

RSTP BPDUs 802.1s Multiple Spanning Tree
All bridges now send BPDUs every hello time period (2 seconds by MSTP (IEEE 802.1s) is an IEEE standard that allows several VLANs
default). The BPDUs now act as a keepalive—protocol information is to be mapped to a reduced number of spanning-tree instances. This
aged if no BPDUs are heard for three consecutive hello times. provides advantages over PVST+ because typical topologies need only
a few spanning-tree topologies to be optimized.
RSTP proposal and agreement process/topology You configure a set of switches with the same MISTP parameters, and
change mechanism this becomes an MST region. With MISTP, you have an internal span-
Convergence occurs on a link-by-link basis in 802.1w. No longer is ning tree capable of representing the entire MST region as a common
there a reliance on timers for convergence as there is in 802.1D. A spanning tree for backward compatibility with earlier IEEE implemen-
proposal and agreement process replaces the timer methodology of STP tations.
and flows downstream from the root device.
Follow these steps to configure MISTP:
In RSTP, only nonedge ports moving to the Forwarding state cause a
topology change (TC). The originator of a TC is now responsible for Step 1. Globally enable MISTP (MSTP) on your switches:
flooding it through the network. spanning-tree mode mst

Step 2. Enter MST configuration submode:
Implementing RSTP
spanning-tree mst configuration
On most Cisco switches, configuring 802.1s (Multiple Spanning Tree,
MST) automatically enables RSTP. Cisco did invent a mode of opera-
Step 3. Set the MST region name:
tion that allows you to use RSTP without the implementation of MST.
It is called PVST+ mode. You can enable it on a switch with the name name
following command:
Step 4. Set a configuration revision number:
spanning-tree mode rapid-pvst revision rev_num

Step 5. Map your VLANs to MST instances:
instance int vlan range

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 17 Return to Table of Contents

[ 16 ]

CHAPTER 2 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

You can easily verify an MSTP configuration using the following Unidirectional Link Detection
commands:
Unidirectional Link Detection (UDLD), shown in Figure 2-4, detects
show spanning-tree mst configuration and disables unidirectional links. A unidirectional link occurs when
show spanning-tree mst vlan_id traffic transmitted from the local switch is received by the neighbor, but
traffic sent from the neighbor is not. Unidirectional links can cause a
variety of problems, including spanning-tree loops. UDLD performs
Loop Guard tasks that autonegotiation cannot perform.
As its name implies, Loop Guard is a method for ensuring that STP
loops never occur in a particular topology. Even though STP guards
against such loops as best it can, they could still occur because of
things like unidirectional link failures or switch congestion issues.
Sends function fine, but
receives function inoperable.
Loop Guard prevents loops conservatively by preventing alternate or
root ports from becoming DPs in the topology. If BPDUs are not FIGURE 2-4 UDLD
received on a non-DP, and Loop Guard is enabled, that port is moved
into the STP loop-inconsistent Blocking state, instead of the Listening / To perform UDLD, packets are sent to neighbor devices on interfaces
Learning / Forwarding state. with UDLD enabled. Therefore, both sides of the link must support
UDLD. By default, UDLD is locally disabled on copper interfaces and
Loop Guard operates only on ports that are considered point-to-point is locally enabled on all Ethernet fiber-optic interfaces. The Cisco IOS
by the spanning tree, and it cannot be run in conjunction with Root command to enable UDLD on an interface is simply this:
Guard on an interface.
udld enable
To enable Loop Guard, you can use the following global configuration
mode command:
spanning-tree loopguard default

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 18 Return to Table of Contents

[ 17 ]

CHAPTER 2 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Root Guard You can configure BPDU Guard globally to have the feature enabled
for all PortFast ports on the system. The command to do this is as
Root Guard enables an administrator to enforce the root bridge place-
follows:
ment in the network. Service providers that connect switches to
customer networks are often interested in this technology because they spanning-tree portfast bpduguard
want to ensure that no customer device inadvertently or otherwise
becomes the root of the spanning tree. Root Guard ensures that the port You can also enable the feature at the interface level. Use this
on which Root Guard is enabled is the DP. If the switch receives supe- command:
rior STP BPDUs on a Root Guard–enabled port, the port is moved to a spanning-tree bpduguard enable
root-inconsistent STP state. This root-inconsistent state is effectively
equal to the Listening port state. No traffic is forwarded across this You can enable this feature at the interface level even if PortFast is not
port. This protects the current placement of the root bridge in the infra- enabled on the port. Once again, the receipt of a BPDU causes the port
structure. to error-disable.
You can enable this feature on a port with the following interface
configuration command:
Storm Control
spanning-tree guard root The Storm Control feature protects a LAN from being affected by
unicast, broadcast, or multicast storms that might develop. The switch
implements storm control by counting the number of packets of a spec-
BPDU Guard ified type received within the one-second time interval and compares
This Cisco STP feature protects the network from loops that could the measurement with a predefined suppression-level threshold. Storm
occur if BPDUs were received on a PortFast port. Because BPDUs Control can typically enable the administrator to control traffic by a
should never arrive at these ports, their reception indicates a misconfig- percentage of total bandwidth or the traffic rate at which packets are
uration or a security breach. BPDU Guard causes the port to error- received. It is important to note that when the rate of multicast traffic
disable upon the reception of these frames. exceeds a set threshold, all incoming traffic (broadcast, multicast, and
unicast) is dropped until the level drops below the specified threshold
level. Only spanning-tree packets are forwarded in this situation. When
broadcast and unicast thresholds are exceeded, traffic is blocked for
only the type of traffic that exceeded the threshold.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 19 Return to Table of Contents

[ 18 ]

CHAPTER 2 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Storm Control is configured at the interface level with the following
command:
LAN Switching
storm-control {broadcast | multicast | unicast} level {level
[level-low] | pps pps [pps-low]} VLAN trunking
802.1Q
Unicast flooding The IEEE 802.1Q standard trunking protocol uses an extra tag in the
MAC header to identify the VLAN membership of a frame across
If a destination MAC address is not in the MAC address table of the
bridges. This tag is used for VLAN and quality of service (QoS)
switch, the frame is flooded out all ports for that respective VLAN.
priority identification.
Although some flooding is unavoidable and expected, excessive flood-
ing might be caused by asymmetric routing, STP topology changes, or The VLAN ID (VID) associates a frame with a specific VLAN and
forwarding table overflow. Also, flooding can result from attacks on the provides the information that switches need to process the frame across
network, especially in the case of denial-of-service (DoS) attacks. the network. Notice that a tagged frame is 4 bytes longer than an
untagged frame and contains 2 bytes of Tag Protocol Identifier (TPID)
Switches can now implement a unicast flood-prevention feature. This is
and 2 bytes of Tag Control Information (TCI). These components of an
implemented through the following global configuration command:
802.1Q tagged frame are described in more detail here:
mac-address-table unicast-flood {limit kfps} {vlan vlan}
{filter timeout | alert | shutdown} ■ TPID—The Tag Protocol Identifier has a defined value of 8100 in
hex; with the EtherType set at 8100, this frame is identified as
An alternative configuration approach found on some Catalyst model carrying the IEEE 802.1Q/802.1P tag.
devices (such as the 6500 series) is to use what is known as Unknown ■ Priority—The first 3 bits of the Tag Control Information define
Unicast Flood Blocking (UUFB). This is configured with the following user priority; notice the eight (23) possible priority levels. IEEE
simple interface command: 802.1P defines the operation for these 3 user-priority bits.
switchport block unicast ■ CFI—The Canonical Format Indicator is a single-bit flag, always
set to 0 for Ethernet switches. CFI is used for compatibility
reasons between Ethernet networks and Token Ring.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 20 Return to Table of Contents

[ 19 ]

CHAPTER 2 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

■ VID—VLAN ID identifies the VLAN; notice it allows the identi- VLAN Trunking Protocol (VTP) is a Cisco-proprietary Layer 2 multi-
fication of 4096 (212) VLANs. Two of these identifications are cast messaging protocol that synchronizes VLAN information across all
reserved, permitting the creation of 4094 VLANs. media types and tagging methods on your switches. To enjoy the bene-
fits of VTP, your switches must meet the following requirements:
802.1Q trunks feature a concept called the native VLAN. The native
■ You must configure the VTP domain name identically on each
VLAN is a VLAN for which frames are not tagged. Here are the
device; domain names are case-sensitive.
aspects of the native VLAN:
■ The switches must be adjacent.
■ The VLAN a port is in when not trunking.
■ The switches must be connected with trunk links.
■ The VLAN from which frames are sent untagged on an 802.1Q
port. ■ The same VTP password must be configured if used in the
domain.
■ The VLAN to which frames are forwarded if received untagged on
an 802.1Q port. Generally, you find four items in all VTP messages:

Cisco switches produce errors if the native VLAN does not match at ■ VTP protocol version (either 1 or 2)
each end of the link. The default native VLAN in Cisco devices is ■ VTP message type
VLAN 1.
■ Management domain name length
You can control the 802.1Q VLAN traffic that is sent over a trunk; this
■ Management domain name
is possible for security purposes or load balancing.
The command used to create and control trunks on Cisco IOS-based VTP has four possible message types:
switches is the interface command:
■ Summary advertisements
switchport trunk {allowed vlan vlan-list} | {encapsulation
■ Subset advertisements
{dot1q | isl | negotiate}} | {native vlan vlan-id} | {pruning
vlan vlan-list} ■ Advertisement requests
■ VTP Join messages (used for pruning)

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 21 Return to Table of Contents

[ 20 ]

CHAPTER 2 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

The VTP configuration revision number is extremely important. This Here is a sample configuration of VTP for a Server mode system in
value is used to determine whether a switch has stale information about Cisco IOS mode. Note that changing the VTP domain on this system
VLANs and ultimately controls whether the switch overwrites its resets the configuration revision number to 0:
VLAN database with new information. The revision number increments
Switch# configure terminal
each time a change is made to the VLAN database on a Server mode Switch(config)# vtp mode server
VTP system. The number is one from 0 to 4,294,967,295. You must Setting device to VTP SERVER mode.
ensure when introducing new Server mode switches that you do not Switch(config)# vtp domain Lab_Network
inadvertently overwrite the VLAN database because of a higher config- Setting VTP domain name to Lab_Network
uration revision number on the new switch. Introducing new switches Switch(config)# end
in Transparent mode helps ensure that this problem never results. Switch#

You have three possible modes for your VTP servers:
VTP pruning
■ Server—This mode enables you to create, modify, and delete
VTP pruning enables you to limit the amount of traffic sent on trunk
VLANs; these changes are advertised to VTP Client mode
ports. It limits the distribution of flooded frames to only switches that
systems; Catalyst switches default to this mode.
have members of the particular VLAN. You can enable VTP pruning
■ Client—This mode does not allow for the creation, modification, with this command:
or deletion of VLANs on the local device; VLAN configurations
vtp pruning
are synchronized from Server mode system(s).
■ Transparent—This mode permits the addition, deletion, and When you enable pruning on the switch, all VLANs are pruned by
modification of VLAN information, but the information resides default (with the exception of VLAN 1). You need to configure pruning
only locally on the Transparent device; these systems forward adver- on only one VTP server, and the setting automatically propagates. You
tisements from servers but do not process them. can change this behavior by making select VLANs you choose prune-
ineligible. This is done with the following command:
switchport trunk pruning vlan {none | {{add | except |
remove} vlan[,vlan[,vlan[,...]]}}

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 22 Return to Table of Contents

[ 21 ]

CHAPTER 2 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

The Cisco IOS command is as follows: ■ The same allowed range of VLANs must be configured on all
ports in an EtherChannel.
vtp pruning
■ Interfaces with different STP port path costs can form an
EtherChannel.
EtherChannel ■ After an EtherChannel has been configured, a configuration made
EtherChannel allows you to bundle redundant links and treat them as a to the physical interfaces affects the physical interfaces only.
single link, thus achieving substantial bandwidth and redundancy bene- EtherChannel load balancing can use MAC addresses, IP addresses, or
fits. It is often advisable to use an EtherChannel for key trunks in your Layer 4 port numbers—either source, destination, or both source and
campus design. Notice that EtherChannel affects STP, because ordinar- destination addresses.
ily one or more of the links would be disabled to prevent a loop.
Here is an example:
Be aware of the following guidelines for EtherChannel:
Router# configure terminal
■ All Ethernet interfaces on all modules must support EtherChannel. Router(config)# interface range fastethernet 2/2 -8
Router(config-if)# channel-group 2 mode desirable
■ You have a maximum of eight interfaces per EtherChannel.
Router(config-if)# end
■ The ports do not need to be contiguous or on the same module.
■ All ports in the EtherChannel must be set for the same speed and
duplex. Ethernet
■ Enable all interfaces in the EtherChannel. Ethernet refers to the family of LAN products covered by the IEEE
802.3 standard. This standard defines the carrier sense multiple access
■ An EtherChannel will not form if one of the ports is a Switched collision detect (CSMA/CD) protocol. Four data rates are currently
Port Analyzer (SPAN) destination. defined for operation over optical fiber and twisted-pair cables:
■ For Layer 3 EtherChannels, assign a Layer 3 address to the port-
■ 10 Mbps—10BASE-T Ethernet
channel logical interface, not the physical interfaces.
■ 100 Mbps—Fast Ethernet
■ Assign all EtherChannel ports to the same VLAN or ensure they
are all set to the same trunk encapsulation and trunk mode.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 23 Return to Table of Contents

[ 22 ]

CHAPTER 2 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

■ 1000 Mbps—Gigabit Ethernet 802.3U (Fast Ethernet)
■ 10,000 Mbps—10 Gigabit Ethernet Fast Ethernet refers to any one of a number of 100-Mbps Ethernet
specifications. As its name implies, Fast Ethernet offers speeds 10
Ethernet has replaced just about every other LAN technology because times that of the 10BASE-T Ethernet specification.
of the following reasons:
Although Fast Ethernet is a much faster technology, it still preserves
■ It is easy to understand, implement, manage, and maintain. such qualities as frame format, MAC mechanisms, and maximum trans-
■ It has a relatively low cost. mission unit (MTU). These similarities permit you to use existing
10BASE-T applications and network management tools on Fast
■ It provides extensive topological flexibility. Ethernet networks.
■ It is a standards-compliant technology.

802.3Z (Gigabit Ethernet)
Once again, this Ethernet technology builds on the foundations of the
802.3
old, but it increases speeds tenfold over Fast Ethernet to 1000 Mbps, or
802.3 defines the original shared media LAN technology. This early 1 gigabit per second (Gbps).
Ethernet specification runs at 10 Mbps.

Ethernet can run over various media such as twisted pair and coaxial.
You often see 802.3 Ethernet referred to as different terms because of 802.3AB (Gigabit Ethernet over Copper)
the differences in the underlying media. Here are examples: Gigabit Ethernet over Copper (also known as 1000BASE-T) is yet
another extension of the existing Fast Ethernet standard. 802.3AB spec-
■ 10BASE-T—Ethernet over Twisted Pair Media ifies Gigabit Ethernet operation over the Category 5e/6 cabling systems
■ 10BASE-F—Ethernet over Fiber Media already installed. This reuse of the existing infrastructure helps make
802.3AB a highly cost-effective solution.
■ 10BASE2—Ethernet over Thin Coaxial Media
■ 10BASE5—Ethernet over Thick Coaxial Media

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 24 Return to Table of Contents

[ 23 ]

CHAPTER 2 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

10 Gigabit Ethernet
The latest in Ethernet technologies, 10 Gigabit Ethernet, provides the
following features:
■ High bandwidth
■ Low cost of ownership
■ Scalability from 10 Mbps to 10,000 Mbps

Long Reach Ethernet
The Cisco Long Reach Ethernet (LRE) networking solution delivers 5-
to 15-Mbps speeds over existing Category 1/2/3 wiring. As the name
conveys, this Ethernet-like performance extends 3500 to 5000 feet.

Gigabit Interface Converter
The Gigabit Interface Converter (GBIC) is a Cisco standards-based hot-
swappable input/output device that plugs into a Gigabit Ethernet slot on
a Cisco network device. This flexibility allows you to inexpensively
adapt your network equipment to any changes in the physical media
that might be introduced.
You can intermix GBICs in a Cisco device to support any combination
of 802.3z-compliant 1000BASE-SX, 1000BASE-LX/LH, or
1000BASE-ZX interfaces. Upgrading to the latest interface technolo-
gies is simple thanks to these GBICs.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 25 Return to Table of Contents

[ 24 ]

CHAPTER 3 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Class E addresses have the first 4 bits set to 1111 and have a first octet
IP of 248 to 255. These addresses are reserved for experimental use.

Addressing Subnetting
Subnetting allows for the creation of smaller, more-efficient networks.
Overall network traffic is reduced, and security measures can be easily
IPv4 addresses introduced in a subnetted network.
IPv4 addresses consist of 32 bits. These 32 bits are divided into four
The IP address is 32 bits in length. It has a network ID portion and a
sections of 8 bits, each called an octet. Addresses are typically repre-
host ID portion. The number of bits used for the host ID dictates the
sented in dotted-decimal notation. For example:
number of hosts possible on the network or subnetwork. One address is
10.200.34.201
reserved for the network ID (all host bits set to 0), and one address is
Subnet masks identify which portion of the address identifies a particu- reserved for a subnet broadcast (all host bits set to 1). To calculate the
lar network and which portion identifies a host on the network. number of hosts available on a subnet, use the formula 2 ^ n – 2, where
n is the number of bits used for the host ID.
The address classes defined for public and private networks consist of
the following subnet masks: To identify subnets, bits are “borrowed” from the host portion. The
Class A 255.0.0.0 (8 bits) number of subnets that can be created depends on the number of bits
Class B 255.255.0.0 (16 bits) borrowed. The number of subnets available is calculated with 2 ^ n,
Class C 255.255.255.0 (24 bits) where n is the number of bits “borrowed.”
Class A addresses begin with 0 and have a first octet in decimal of 1 to Here is an example of subnetting. Take the address 10.172.16.211 with
127. Class B addresses begin with 10 and range from 128 to 191. Class a subnet mask of 255.255.192.0. First note that this mask uses 18 bits.
C addresses begin with 110 and range from 192 to 223. There are 14 bits left for host addressing. That means that on a subnet
Class D and Class E addresses also are defined. The Class D address here 2 ^ 14 – 2 addresses are available. That is, 16,382 host addresses
space has the first 4 bits set to 1110 and has a first octet of 224 to 247. are possible. A default Class A network uses 8 bits for the mask. Here
These addresses are used for IP multicast. 10 bits are “borrowed” from the host portion. That allows for the
creation of 2 ^ 10 = 1024 subnets.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 26 Return to Table of Contents

[ 25 ]

CHAPTER 3 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Address Resolution Protocol packet, giving its own local MAC address. The host that sent the ARP
request then sends its packets to the router, which forwards them to the
Address Resolution Protocol (ARP) is used to resolve IP addresses to
intended host. Proxy ARP is enabled by default.
MAC addresses in an Ethernet network. A host wanting to obtain a
physical address broadcasts an ARP request onto the TCP/IP network. To enable proxy ARP if it has been disabled, use the following
The host on the network that has the IP address in the request then command:
replies with its physical hardware address. When a MAC address is
Router(config-if)# ip proxy-arp
determined, the IP address association is stored in an ARP cache for
rapid retrieval. Then the IP datagram is encapsulated in a link-layer
frame and sent over the network. Encapsulation of IP datagrams and Defining static ARP cache entries
ARP requests and replies on IEEE 802 networks other than Ethernet is To configure static mappings, use the following command:
specified by the Subnetwork Access Protocol (SNAP).
Router(config)# arp ip-address hardware-address type
Reverse Address Resolution Protocol (RARP) works the same way as
ARP, except that the RARP request packet requests an IP address rather Use the following command to set the length of time an ARP cache
than a MAC address. Use of RARP requires a RARP server on the entry stays in the cache:
same network segment as the router interface. RARP often is used by Router(config-if)# arp timeout seconds
diskless nodes that do not know their IP addresses when they boot. The
Cisco IOS Software attempts to use RARP if it does not know the IP
address of an interface at startup. Also, Cisco routers can act as RARP Setting ARP encapsulations
servers by responding to RARP requests that they can answer. Cisco routers can actually use three forms of address resolution: ARP,
proxy ARP, and Probe (similar to ARP). Probe is a protocol developed
Enabling proxy ARP by Hewlett-Packard (HP) for use on IEEE 802.3 networks.
Cisco routers use proxy ARP to help hosts with no knowledge of By default, standard Ethernet-style ARP encapsulation (represented by
routing determine the MAC addresses of hosts on other networks. If the the arpa keyword) is enabled on the IP interface. You can change this
router receives an ARP request for a host that is not on the same encapsulation method to SNAP or HP Probe, as required by your
network as the ARP request sender, and if the router has all of its routes
to that host through other interfaces, it generates a proxy ARP reply

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 27 Return to Table of Contents

[ 26 ]

CHAPTER 3 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

network, to control the interface-specific handling of IP address resolu- HSRP detects when the designated active router fails, at which point a
tion into 48-bit Ethernet hardware addresses. selected standby router assumes control of the MAC and IP addresses
of the Hot Standby group. A new standby router is also selected at that
To specify the ARP encapsulation type, use the following command:
time. Devices that are running HSRP send and receive multicast User
Router(config-if)# arp {arpa | probe | snap} Datagram Protocol (UDP)-based hello packets to detect router failure
and to designate active and standby routers. For an example of an
HSRP topology, see Figure 3-1.
Hot Standby Router Protocol HSRP
The Hot Standby Router Protocol (HSRP) provides high network avail-
ability by routing IP traffic from hosts without relying on the availabil- HSRP Group
ity of any single router. HSRP is used in a group of routers to select an
active router and a standby router. The active router is the router of
choice for routing packets; a standby router is a router that takes over
the routing duties when an active router fails, or when other preset Active Router Standby Router

conditions are met. Virtual Router

HSRP is useful for hosts that do not support a router discovery protocol
(such as Internet Control Message Protocol [ICMP] Router Discovery
Protocol [IRDP]) and that cannot switch to a new router when their
selected router reloads or loses power.
FIGURE 3-1 HSRP topology
When the HSRP is configured on a network segment, it provides a Devices that are running HSRP send and receive multicast UDP-based
virtual MAC address and an IP address that is shared among a group of hello packets to detect router failure and to designate active and
routers running HSRP. The address of this HSRP group is referred to as standby routers.
the virtual IP address. One of these devices is selected by the protocol
to be the active router. You can configure multiple Hot Standby groups on an interface,
thereby making fuller use of redundant routers and load sharing. To do
so, specify a group number for each Hot Standby command you config-
ure for the interface.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 28 Return to Table of Contents

[ 27 ]

CHAPTER 3 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

To enable the HSRP on an interface, use the following command: You can also configure the interface to track other interfaces so that if
one of the other interfaces goes down, the device’s Hot Standby priority
Router(config-if)# standby [group-number] ip [ip-address
[secondary]] is lowered:
Router(config-if)# standby [group-number] track type number
Whereas the preceding represents the only required HSRP configura- [interface-priority]
tion commands, you should be familiar with many others for configur-
ing additional HSRP behaviors. You can also specify a virtual MAC address for the virtual router:

To configure the time between hello packets and the hold time before Router(config-if)# standby [group-number] mac-address
other routers declare the active router to be down, use the following macaddress
command:
Finally, you can configure HSRP to use the burned-in address of an
Router(config-if)# standby [group-number] timers [msec] interface as its virtual MAC address rather than the preassigned MAC
hellotime [msec] holdtime address (on Ethernet and FDDI) or the functional address (on Token
Ring):
You can also set the Hot Standby priority used in choosing the active
router. The priority value range is from 1 to 255, where 1 denotes the Router(config-if)# standby use-bia [scope interface]
lowest priority and 255 denotes the highest priority:
Router(config-if)# standby [group-number] priority priority
Gateway Load Balancing Protocol
You can also configure a router with higher priority to preempt the Gateway Load Balancing Protocol (GLBP) takes HSRP even further.
active router. In addition, you can configure a preemption delay after Instead of just providing backup for a failed router, it can also handle
which the Hot Standby router preempts and becomes the active router: the load balancing between multiple routers. GLBP provides this func-
tionality using a single virtual IP address and multiple virtual MAC
Router(config-if)# standby [group-number] preempt [delay
{minimum delay | reload delay | sync delay}] addresses. Workstations are configured with the same virtual IP
address, and all routers in the virtual router group participate in
forwarding packets. GLBP members communicate with each other
using hello messages sent every three seconds to the multicast address
224.0.0.102.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 29 Return to Table of Contents

[ 28 ]

CHAPTER 3 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Members of a GLBP group elect one gateway to be the active virtual Network Address Translation
gateway (AVG) for that group. It is the job of other group members to
Network Address Translation (NAT) allows an organization to use
back up for the AVG in the event that the AVG fails. The AVG assigns a
private IP address space inside the organization (or any other IP address
virtual MAC address to each member of the GLBP group. The AVG is
it might require) and present this IP address differently to the outside
responsible for answering ARP requests for the virtual IP address. Load
networks. Organizations might use NAT for the following purposes:
sharing is achieved by the AVG replying to the ARP requests with
different virtual MAC addresses that the group members will respond to. ■ To connect private IP internetworks that use nonregistered IP
addresses to the Internet, NAT translates the internal local
Although you can use many optional commands with GLBP, the
addresses to globally unique IP addresses before sending packets
primary command to enable GLBP is as follows:
to the outside network.
glbp group ip [ip-address [secondary]]
■ Internal addresses must be changed, and this creates a large
administrative burden. NAT is used instead to translate addresses.
Note how similar this command is to the HSRP configuration
command. ■ To do basic load sharing of TCP traffic. A single global IP address
is mapped to many local IP addresses by using the TCP load
distribution feature.
Virtual Router Redundancy Protocol NAT uses the following definitions:
Virtual Router Redundancy Protocol (VRRP) is so similar to HSRP
that it can be basically thought of as the standards-based version of the ■ Inside local address—The IP address that is assigned to a host on
protocol. Like HSRP, it lacks the inherent load-balancing capabilities the inside network. Often, this is a nonregistered IP address.
that GLBP provides. ■ Inside global address—A legitimate IP address that represents
one or more inside local IP addresses to the outside world.
Although there are many customization commands, the command to
enable the protocol is just like that of the other redundancy protocols in ■ Outside local address—The IP address of an outside host as it
structure: appears to the inside network.
vrrp group ip ip-address [secondary] ■ Outside global address—The IP address assigned to a host on the
outside network by the owner of the host.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 30 Return to Table of Contents

[ 29 ]

CHAPTER 3 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

For a depiction of this NAT terminology, see Figure 3-2. Configuring static translations
NAT Terminology To establish a static translation between an inside local address and an
inside global address, use the following global configuration command:
Inside Outside Local Outside Router(config)# ip nat inside source static local-ip global-ip
2.2.2.2

To mark the appropriate interface as connected to the inside, use the
following interface configuration command:
Router(config-if)# ip nat inside

Inside Local Inside Global Outside Global To mark the appropriate interface as connected to the outside, use the
10.20.0.10 2.0.0.1 2.2.2.2
following interface configuration command:
Router(config-if)# ip nat outside

Configuring dynamic translations
FIGURE 3-2 NAT terminology To define a pool of global addresses to be allocated as needed, use the
following global configuration command:
Translating inside source addresses Router(config)# ip nat pool name start-ip end-ip {netmask
You can configure static or dynamic inside source translation: netmask | prefix-length prefix-length}

■ Static translation establishes a one-to-one mapping between your To define a standard access list permitting those addresses that are to be
inside local address and an inside global address. Static translation translated, use the following global configuration command:
is useful when a host on the inside must be accessible by a fixed
Router(config)# access-list access-list-number permit source
address from the outside. [source-wildcard]
■ Dynamic translation establishes a mapping between an inside local
address and a pool of global addresses.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 31 Return to Table of Contents

[ 30 ]

CHAPTER 3 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Next, establish dynamic source translation, specifying the access list Translating overlapping addresses
defined in the prior step, using the following global configuration You can use NAT to translate inside addresses that overlap with outside
command: addresses. Use this feature if your IP addresses in the stub network are
Router(config)# ip nat inside source list access-list-number legitimate IP addresses belonging to another network and you want to
pool name communicate with those hosts or routers.

To mark the appropriate interface as connected to the inside, use the You can configure the translations using static or dynamic means. To
following interface configuration command: do so, use the same commands from the “Translating inside source
addresses” section, but use the ip nat outside source syntax.
Router(config-if)# ip nat inside

To mark the appropriate interface as connected to the outside, use the TCP load distribution
following interface configuration command: If your organization has multiple hosts that must communicate with a
heavily used host, you can establish a virtual host on the inside network
Router(config-if)# ip nat outside
that coordinates load sharing among real hosts. Destination addresses
that match an access list are replaced with addresses from a rotary pool.
Overloading an inside global address Allocation is done on a round-robin basis, and only when a new
You can conserve addresses in the inside global address pool by allow- connection is opened from the outside to the inside.
ing the router to use one global address for many local addresses. When
First, define a pool of addresses containing the addresses of the real
multiple local addresses map to one global address, the TCP or UDP
hosts in global configuration mode:
port numbers of each inside host distinguish between the local
addresses. Router(config)# ip nat pool name start-ip end-ip {netmask
netmask | prefix-length prefix-length} type rotary
To permit this behavior, use the dynamic translations configuration
from the previous section and include the overload keyword as Next, define an access list permitting the address of the virtual host in
follows: global configuration mode:
Router(config)# ip nat inside source list access-list-number Router(config)# access-list access-list-number permit source
pool name overload [source-wildcard]

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 32 Return to Table of Contents

[ 31 ]

CHAPTER 3 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Next, establish dynamic inside destination translation, specifying the To clear a simple dynamic translation entry containing an outside trans-
access list defined in the prior step: lation, use the following command:
Router(config)# ip nat inside destination list access-list- Router# clear ip nat translation outside local-ip global-ip
number pool name
To clear an extended dynamic translation entry, use the following
To mark the appropriate interface as connected to the inside, use the command:
following interface configuration command:
Router# clear ip nat translation protocol inside global-ip
Router(config-if)# ip nat inside global-port local-ip local-port [outside local-ip local-
port global-ip global-port]
To mark the appropriate interface as connected to the outside, use the
following interface configuration command: To display active translations, use the following command:

Router(config-if)# ip nat outside Router# show ip nat translations [verbose]

To display translation statistics, use the following command:
Monitoring and maintaining NAT
Router# show ip nat statistics
To clear all dynamic address translation entries from the NAT transla-
tion table, use the following command:
Router# clear ip nat translation * Internet Control Message Protocol
Internet Control Message Protocol (ICMP) assists the operation of the
To clear a simple dynamic translation entry containing an inside trans-
lation, or both inside and outside translation, use the following IP network by delivering messages about the network’s functionality—
or lack thereof. ICMP includes functions for the following:
command:
Router# clear ip nat translation inside global-ip local-ip ■ Communicating network errors—Such as host or network
[outside local-ip global-ip] unreachable.
■ Announcing network congestion—An example is the ICMP
Source Quench messages used to cause a sender to slow down
transmission because of a router buffering too many packets.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 33 Return to Table of Contents

[ 32 ]

CHAPTER 3 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

■ Provide troubleshooting tools—The Echo function is used by the
ping utility to test connectivity between two systems.
Services
■ Communicate timeouts in the network—If a packet’s TTL
reaches 0, an ICMP message can be sent announcing this fact. Network Time Protocol
There are many reasons that an administrator will want to keep the time
ICMP protocol unreachable messages accurate on all systems in the infrastructure. Network Time Protocol
If the Cisco device receives a nonbroadcast packet destined for itself (NTP) assists the administrator in this goal by automatically synchro-
that uses an unknown protocol, it sends an ICMP protocol unreachable nizing the time between network devices.
message back to the source. Similarly, if the device receives a packet Devices in the network running NTP can receive the correct time from
that it is unable to deliver to the ultimate destination because it knows an authoritative time source, such as a Cisco router, a radio clock, or an
of no route to the destination address, it sends an ICMP host unreach- atomic clock attached to a timeserver.
able message to the source. This feature is enabled by default. To
enable it if it’s disabled, use the following command: To configure a router to receive the time from an authoritative time
source on the network, use the following command:
Router(config-if)# ip unreachables
ntp server {{[vrf vrf-name] ip-address | hostname} [version
number] [key key-id] [source interface] [prefer]}
ICMP redirects
If the router resends a packet through the same interface on which it Some platforms have a battery-powered hardware clock, referred to as
was received, the Cisco IOS Software sends an ICMP redirect message the calendar, in addition to the software-based system clock. The hard-
to the originator of the packet, telling the originator that the router is on ware clock runs continuously, even if the router is powered off or
a subnet directly connected to the receiving device and that it must rebooted. It is a good practice to periodically update the hardware clock
forward the packet to another system on the same subnet. with the time learned from NTP. To do this, use this command:

To enable the sending of ICMP redirect messages if this feature was ntp update-calendar
disabled, use the following command:
Router(config-if)# ip redirects

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 34 Return to Table of Contents

[ 33 ]

CHAPTER 3 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

To have the router provide the correct time for the network, you can DHCP
use this command:
DHCPDISCOVER (Broadcast)
ntp master [stratum] NAT Terminology

The stratum value is an indicator of how close a device is to the master DHCPOFFER (Unicast)

time source. Consider it like a hop count. If you set the stratum to 1 on DHCPREQUEST (Broadcast)
the router, you are indicating that it is itself the authoritative time DHCP Client DHCP Enabled Router
source. DHCPACK (Unicast)

You can also have the router synchronize the clock of a peer router, or FIGURE 3-3 DHCP
be synchronized from that peer. The command to configure this is as
follows: Configuring a Cisco device as a DHCP server
ntp peer {{[vrf vrf-name] ip-address | hostname}[normal- To configure the DHCP address pool name and enter DHCP pool
sync][version number] [key key-id] [source interface] [prefer]} configuration mode, use the following command:
You should also note that NTP messages can be authenticated to ensure Router(config)# ip dhcp pool name
that accurate time is being sent to all devices.
The DHCP server assumes that all IP addresses in a DHCP address
pool subnet are available for assigning to DHCP clients. You must
DHCP specify the IP address that the DHCP server should not assign to
clients. To do so, use the following command:
Cisco devices can function as DHCP servers. They can be configured
to forward requests to secondary servers should the Cisco device be Router(config)# ip dhcp excluded-address low-address [high-
unable to satisfy the request. Figure 3-3 shows the four-step process address]
that the router participates in to provide DHCP services.
To configure a subnet and mask for the DHCP address pool, use the
following command in DHCP pool configuration mode:
Router(config-dhcp)# network network-number [mask | /prefix-
length]

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 35 Return to Table of Contents

[ 34 ]

CHAPTER 3 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Additional DHCP pool configuration mode commands enable you to To actually redirect traffic on an interface to a cache engine, use the
configure additional parameters for the scope, including default following interface configuration command:
gateway, domain name, DNS server addresses, Windows Internet ip wccp {web-cache | service-number}
Naming Service (WINS) server addresses, and so on. redirect out

Web Cache Communication Protocol
Domain Name System
Web Cache Communication Protocol (WCCP) allows an administrator
Cisco routers can participate in the Domain Name System (DNS). For
to forward web traffic to a Cisco cache engine. The Cisco cache engine
example, you can specify a default domain name that the Cisco IOS
reduces transmission costs and downloading time for clients. When
Software uses to complete domain name requests. You can specify
users request web pages, the WCCP-capable router sends the requests
either a single domain name or a list of domain names. Any IP host-
to a cache engine. If the cache engine has a copy of the requested page
name that does not contain a domain name has the domain name you
in storage, the cache engine sends the user that page. If there is no
specify appended to it before being added to the host table. To specify
cached copy, the cache engine retrieves the requested page from the
this domain name, use the following command:
web server, stores a copy, and forwards the page to the user. The
routers and the cache engine operate transparently from the perspective Router(config)# ip domain name name
of end users. End users do not know that the page came from the cache
engine rather than the web server. To define a list of default domain names to complete unqualified host
names, use the following command:
The global configuration command used on the router to enable the
Router(config)# ip domain list name
protocol is this:
ip wccp {web-cache | service-number} You can also specify DNS name servers for the router or switch to call
[group-address groupaddress] [redirect-list access-list] on for name resolution. To do so, use the following command:
[group-list access-list] [password [0-7] password]
Router(config)# ip name-server server-address1 [server-
address2...server-address6]

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 36 Return to Table of Contents

[ 35 ]

CHAPTER 3 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

If you do not want to enable your router to use DNS for name resolution, To have the Cisco device store syslog messages in an internal buffer,
you can use the following command to disable this default behavior: administrators should ensure the logging process is in its default
enabled state (logging console command) and then use the command
Router(config)# no ip domain-lookup
logging buffered. This will use a default size of 4096 bytes. This can
be changed by specifying an optional size at the end of the logging
buffered command. To view the contents of the buffer, there is the
Network Management show logging command. The oldest messages display first. When the
buffer fills to capacity, new messages overwrite the oldest messages.
The buffer can be cleared anytime with the clear logging command.
Logging and syslog
Cisco devices communicate with an administrator through system Syslog messages can be stored on a server (UNIX- or Windows-based)
messages. These system messages are typically sent to a logging in the network. CiscoWorks LAN Management Suite (LMS) features a
process, so they are most often called syslog messages. Syslog is also built-in syslog server application that stores these messages in a search-
the name of the UNIX-based service that handles system messages able database. It allows the filtering of messages, reporting on
from UNIX systems (and also Cisco devices if configured to do so). messages, and even action filters that allow automated responses to
certain messages, including pages and e-mails.
Logging is enabled by default. The no logging on command actually
forces system messages to the console. In fact, this can impede the To send system messages to a UNIX or CiscoWorks syslog server,
performance of the Cisco device because processes must wait for ensure the logging process is enabled and then issue the command
messages to be written to the console before the processes can continue logging x.x.x.x, where x.x.x.x is the IP address of the syslog server. The
their operations. It is recommended that the administrator leave the command can be entered multiple times to configure multiple destina-
logging process enabled (the default behavior); that way logging tions for the messages. To limit the sending of all messages, use the
messages can be written to the console more efficiently. logging trap level command, where level is the number or the name of
the severity level. For example, logging trap notifications restricts the
Because there is really no way out to stop the sending of system messages sent to only those of level 0 through 5. This keeps debugging
messages to the console, administrators should use the logging and informational messages from being sent to the server. UDP port
synchronous command in line configuration mode. This command 514 is used for syslog messages, so be sure that your firewalls permit
prevents these messages from “interrupting” typing at the console. this port if you need the messages to pass through such devices.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 37 Return to Table of Contents

[ 36 ]

CHAPTER 3 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

UNIX syslog servers use a facility code to identify the source of syslog CiscoWorks
messages. They use this code to create different logs for the different
sources of messages. Sample facilities include lpr for the Line Printer
HTTP SNMP
System and mail for the e-mail system. UNIX syslog servers reserve
the facility codes local0 through local7 for log messages received from
remote servers and network devices. To have switches use one log file Admin Workstation CiscoWorks Server

on the server and routers use another, change the facility code for
switches using the logging facility local6 command. By default, Cisco
Managed Devices
devices use local7 for their messages so that your router messages will
be in a different log. Note that CiscoWorks requires the use of local7.
FIGURE 3-4 CiscoWorks
Some devices even allow logging of system messages to a file in flash
memory. The command to do this is simply logging file SNMP Version 2c
flash:myname.txt. This command can also set size limits on the file At a minimum, to configure a Cisco device for SNMP, you need to
and control the types of messages that are sent to flash. assign passwords—known as community strings in SNMP. Here are
Administrators should stamp syslog messages with the date and time typical Cisco IOS global configuration commands for setting strings
that they were generated. This is accomplished with the service that permit configuration and monitoring, respectively:
timestamps log datetime command. snmp-server community [string] rw
snmp-server community [string] ro

Simple Network Management Protocol Typically, you view information obtained by SNMP using a graphical
Simple Network Management Protocol (SNMP) is a part of the TCP/IP user interface, like that provided by CiscoWorks.
suite of protocols. It gives powerful monitoring capabilities. You should be aware of several show commands for monitoring SNMP
CiscoWorks relies on SNMP and various other protocols to configure activities on the equipment. Here are some examples:
and monitor Cisco equipment. For an example, see Figure 3-4.
■ no snmp-server—Disables SNMP agent operation

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 38 Return to Table of Contents

[ 37 ]

CHAPTER 3 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

■ show snmp engineid—Displays the identification of the local snmp-server view view-name oid-tree {included | excluded}
SNMP engine and all remote engines that have been configured on
the router Notice how you provide the view with a name, and then you specify
the portion of the MIB tree that the user can access. The example here
■ show management event—Displays the SNMP event values that adds the Internet portion of the tree and everything below it to the view
have been configured on your routing device through the use of name SAMPLEVIEW. This is basically the entire MIB structure:
the event Management Information Base (MIB)
snmp-server view SAMPLEVIEW internet included
■ show snmp—Checks the status of SNMP communications
■ show snmp group—Displays the names of groups on the router If you want a user or group of users to be able to access this view of
and the security model, the status of the different views, and the the MIB that you defined, use the following syntax:
storage type of each group snmp-server group [groupname {v1 | v2c | v3 [auth | noauth |
■ show snmp pending—Displays the current set of pending SNMP priv]}][read readview] [write writeview] [notify
notifyview] [access access-list]
requests
■ show snmp sessions—Displays the current SNMP sessions Here is an example of the creation of a group to use the view:
■ show snmp user—Displays information on each SNMP username snmp-server group MYSAMPLEGROUP v3 auth read SAMPLEVIEW
in the group username table
Adding a user account to this group is a simple matter. Use the syntax
SNMP Version 3 shown here:
SNMP Version 3 dramatically improves upon the security model for the snmp-server user username groupname [remote ip-address [udp-
management protocol. Whereas previous versions used clear-text pass- port port]] {v1 | v2c | v3 [encrypted] [auth {md5 | sha}
words, SNMP Version 3 provides for authentication and encryption of auth-password ]} [access access-list]
network management information.
Here is sample syntax using the group we just created:
With SNMP Version 3, you create a view that defines what MIB vari-
snmp-server user jsmith MYSAMPLEGROUP v3 auth md5 secret
ables a particular user or group of users can access. Here is the syntax
to create a view. Note that all the commands that follow are global
configuration mode commands:

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 39 Return to Table of Contents

[ 38 ]

CHAPTER 3 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

3. monitor session 1 source remote vlan999
Switched Port Analyzer monitor session 1 destination interface fa4/48

Network analysis in a switched Cisco environment is handled using
Switched Port Analyzer (SPAN). Traffic is mirrored from source ports Switch D D2
Destination Switch
D1
to a destination port on the switch; a network analyzer should be Probe
(Data Center)
located at the destination switch.
C3 1. VTP Server
vlan999
SPAN is available in several forms: Switch C remote span
Immediate Switch
(Building Distribution)
C1 C2
■ Local SPAN—SPAN source port(s) and the destination port are
located on the same device. A3 B4
Switch A Switch B
■ VLAN-based SPAN (VSPAN)—The source is a VLAN as Source Switches
(Building Access)
opposed to one or more ports. A2 B3
A1 B1
B2
■ Remote SPAN (RSPAN)—The SPAN source and destination
2. monitor session 1 source interface fast ethernet 1/1 both
ports are located on different switches; a special-purpose VLAN monitor session 1 destination remote vlan999
carries the mirrored frames to the destination port in the network.
FIGURE 3-5 RSPAN
Figure 3-5 shows a sample RSPAN configuration.
You should be aware of important guidelines for SPAN:

■ You can configure destination ports as trunks to capture tagged
traffic.
■ A port specified as a destination port in one SPAN session cannot
be a destination port for another SPAN session.
■ A port channel interface (an EtherChannel) cannot be a destination.
■ If you specify multiple ingress source ports, the ports can belong
to different VLANs.
■ Destination ports never participate in any spanning-tree instance.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 40 Return to Table of Contents

[ 39 ]

CHAPTER 4 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

■ Type 3, Link-State Request (LSR)—Requests link state specifics
IP Routing from the router
■ Type 4, Link-State Update (LSU)—Sends requested link-state
records
Open Shortest Path First ■ Type 5, Link-State Acknowledgment (LSA)—Acknowledges the
Open Shortest Path First (OSPF) link-state routing protocol is designed other packet types
to be more scalable and efficient than Routing Information Protocol
(RIP). Some OSPF features you should be aware of are as follows:
OSPF adjacencies
■ Runs on IP and uses protocol 89.
■ Occurs through the exchange of hello packets.
■ Classless with variable-length subnet mask (VLSM) support.
■ After adjacency is established, link-state databases (LSDB) are
■ Uses multicasts (224.0.0.5—all shortest path first [SPF] routers; synched.
224.0.0.6—Designated Router [DR]/Backup Designated Router
■ Two OSPF neighbors on a point-to-point link form full adjacency
[BDR]) for hellos and updates.
with each other.
■ Plain text and Message Digest Algorithm 5 (MD5) authentication
■ In LANs, all routers form adjacency with the DR and BDR;
available.
updates need to be sent only to the DR, which updates all other
■ Dijkstra’s algorithm is used to produce a shortest-path tree for routers; all other routers on the LAN are called DROTHERS and
each destination. Link-state advertisements are used to build a maintain a partial neighbor relationship with each other.
database of the topology.
After adjacencies have been established, LSAs are exchanged through a
reliable mechanism. LSAs are flooded to ensure topological awareness.
OSPF packet types LSAs have a sequence number and a lifetime value. LSAs convey the
cost of links used for the SPF calculation. The cost metric is based on
■ Type 1, Hello—These packets are used to build adjacencies
interface bandwidth. The LSA aging timer is a 30-minute default.
■ Type 2, Database Description (DBD)—Checks for database
synchronization between routers

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 41 Return to Table of Contents

[ 40 ]

CHAPTER 4 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Hello packets are sent periodically and contain the following fields: neighbors. This is the beginning of the Init State.
■ Router ID—Identifies the router; highest IP chosen; loopback 3. Router 2 sends a unicast hello packet response to Router 1.
overrides all interfaces, however; can also be set with the router- 4. Router 1 receives the hello and notes that it is listed in the packet.
id command; this ID is used to break ties for DR election. It adds Router 2 to its list of neighbors. Router 1 knows that it has
■ Hello/Dead intervals—Frequency at which hellos are sent and the bidirectional communication with Router 2. This is known as the
amount of time that can elapse before router is declared dead; two-way state.
default is 10 seconds, and the default dead interval is 4 times that 5. In a LAN environment, the DR and BDR are elected.
for an Ethernet-type network; these defaults vary based on
6. In a LAN environment, the hello packets function as a keepalive
network type.
mechanism every 10 seconds.
■ Neighbors—List of the adjacent routers.
After the DR and BDR are established, the routers are in Exstart State,
■ Area ID—Area identifier (always 0 for backbone). and they are ready to exchange database information. The exchange
■ Router priority—Priority value used for DR and BDR election. protocol functions as follows:
■ DR/BDR addresses—IP addresses of the DR and BDR if known. 1. In the Exstart State, the DR and BDR establish an adjacency with
each router in the network; a master-slave relationship is formed
■ Authentication password—This password must match on routers
with the router ID indicating the master in the relationship.
configured for authentication.
2. The master and slave routers exchange DBD packets; this is called
■ Stub area flag—All routers in the area must agree on this setting
the Exchange State. The LSAs in the DBD include sequence
to form a stub area.
numbers that are used to indicate “freshness.”
Here are the details of the exchange process between two routers on a
3. When a DBD is received, the router acknowledges the receipt and
LAN (Router 1 and Router 2) and the OSPF adjacency states involved:
compares the information with its current database. If more recent
1. Router 1 begins in the down state because it is not exchanging information is described in the DBD, the router sends an LSR to
OSPF information with any other router. It sends hello packets via request the information. This is called the Loading State. The
multicast address 224.0.0.5 (all SPF). router receiving the LSR responds with an LSU; this LSU is also
acknowledged by the receiver.
2. Router 2 receives the OSPF hello and adds Router 1 in its list of

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 42 Return to Table of Contents

[ 41 ]

CHAPTER 4 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

4. The router adds the new information to its LSDB. Nonbroadcast multiaccess modes of operation
5. When the exchange completes, the routers are in Full State. RFC-compliant modes:
Router information is later maintained using the following process: ■ Nonbroadcast multiaccess (NBMA)
1. The router notices the change and multicasts an LSU to the OSPF ■ One IP subnet required.
DR and BDR multicast address of 224.0.0.6. ■ Must manually configure neighbors—neighbor address
2. The DR acknowledges the LSU and floods to all using multicast [priority number] [poll-interval number]
224.0.0.5. This process involves acknowledgments, too. ■ DR/BDR election.
3. The DR also sends the LSU to any other networks to which it is ■ DR/BDR need full connectivity with all routers.
attached. ■ Sometimes used in partial mesh.
4. Routers update their LSDB with the new information in the LSU. ■ Frame Relay and ATM networks default to this type.
Summaries are sent every 30 minutes to ensure synchronization, and ■ Point-to-multipoint
link state entries have a Max Age of 60 minutes. ■ One IP subnet required.
■ Hello packets used to discover neighbors.
Point-to-point links ■ DR/BDR not required.
Typically, a point-to-point link is a serial link, but it might also be a
■ Sometimes used in partial mesh.
subinterface in a Frame Relay or ATM network. No DR or BDR elec-
tion exists in the point-to-point environment. Packets are multicast to Modes from Cisco:
224.0.0.5. ■ Point-to-multipoint nonbroadcast
■ Used if interface does not support multicast capabilities.
■ Neighbors must be manually configured.
■ DR/BDR election is not required.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 43 Return to Table of Contents

[ 42 ]

CHAPTER 4 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

■ Broadcast Troubleshooting neighbor relationships
■ Makes WAN appear as LAN. OSPF neighbor list is empty:
■ One IP subnet required.
■ OSPF not enabled properly on appropriate interfaces.
■ Hellos discover neighbors.
■ Layer 1 or 2 not functional.
■ DR/BDR elected.
■ Passive interface configured.
■ Requires full mesh.
■ Point-to-point ■ Access list(s) blocking OSPF packets in multiple directions.
■ One IP subnet required. ■ Error in IP address or subnet mask configuration.
■ No DR/BDR election. ■ Hello or dead interval mismatch.
■ Interfaces can be LAN or WAN. ■ Authentication configuration error.
You can use the following command to define the OSPF network type: ■ Area ID mismatch.
Router(config-if)# ip ospf network [{broadcast | nonbroadcast ■ Stub flag mismatch.
| point-to-multipoint | point-to-multipoint nonbroadcast}]
■ OSPF adjacency exists with secondary IP addressing or asynchro-
Here is an example of statically defining adjacencies in a nonbroadcast nous interface.
multiaccess environment: ■ Incorrect configuration type for NBMA environment.
RouterA(config)# router ospf 1 OSPF neighbor stuck in Attempt State:
RouterA(config-router)# network 172.16.0.0 0.0.255.255 area 0
RouterA(config-router)# neighbor 172.16.0.5 priority 0 ■ Misconfigured neighbor statement.
RouterA(config-router)# neighbor 172.16.0.10 priority 0
■ Unicast nonfunctional in NBMA environment.
Priorities are set to 0 for the neighboring routers to ensure that RouterA OSPF neighbor stuck in Init State:
becomes the DR. This is the only router with full connectivity. Note
that you can also set a router’s priority locally using the ip ospf ■ Access list or Layer 2 problem blocking hellos in one direction.
priority interface configuration command.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 44 Return to Table of Contents

[ 43 ]

CHAPTER 4 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

■ Multicast nonfunctional on one side. ■ Backbone routers—At least one interface in the backbone area.
■ Authentication configured on only one side. ■ Autonomous System Boundary Router (ASBR)—Inject routes
into the OSPF network learned from another protocol; this router
■ Broadcast keyword missing from the map command.
might be located anywhere (it might also be backbone, internal,
OSPF neighbor stuck in Two-Way State: or ABR).
■ Priority 0 configured on all routers. External Routing Protocol

■ OSPF neighbor stuck in Exstart/Exchange. OSPF Router Types

■ Mismatched interface maximum transmission unit (MTU).
Autonomous System
■ Duplicate router IDs on routers. Autonomous System
Boundary Router and
■ Broken unicast connectivity. Backbone Router
Backbone Area
(Area 0)
■ Network type of point-to-point between Primary Rate Interface
(PRI) and Basic Rate Interface (BRI)/dialer. Area Border Router
and Backbone Router Internal and
OSPF neighbor stuck in Loading State: Backbone Router

■ Mismatched MTU.
■ Corrupted link-state request packet. Internal Router

Area 10 Area 20

Router types
■ Internal routers—All interfaces belong within the same area;
these routers have a single link-state database. FIGURE 4-1 OSPF router types
■ Area Border Routers (ABR)—Connect one or more areas to the
backbone; act as gateway for interarea traffic; separate link-state
database for each connected area.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 45 Return to Table of Contents

[ 44 ]

CHAPTER 4 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

LSA types ■ AS External (Type 5)—Originated by ASBRs and advertises an
external destination or a default route to an external destination;
OSPF uses various types of LSAs in its operation. You should be famil-
flooded throughout the autonomous system.
iar with the following types for the CCIE written exam.
■ NSSA External (Type 7)—Originated by ASBRs in not-so-stubby
Type Description areas.
1 Router
2 Network Types of routes
3 Network Summary OSPF uses routing designators in the routing table to distinguish
4 ASBR Summary between types of routes. Here are the designators used and their
meaning. Remember, these can be seen using the show ip route
5 AS External
command:
7 NSSA External
■ O—OSPF intra-area (router LSA)—Networks from within the
■ Router LSA (Type 1)—Lists all of a router’s links and their state. same area as the router; Type 1 LSAs are used to advertise.
These LSAs are flooded within the area they originated. ■ O IA—OSPF interarea (summary LSA)—These are networks
■ Network LSA (Type 2)—Produced by the DR on every multi- outside of the area of the router, but within the autonomous
access network. These LSAs list all attached routers, including the system; Type 3 LSAs are used to advertise.
DR itself; they are flooded within the originating area. ■ O E1—Type 1 external routes—Networks outside of the
■ Network Summary (Type 3)—Originated ABRs; sent into an autonomous system; advertised by Type 5 LSAs; calculate cost by
area to advertise destinations outside the area; flooded throughout adding the external cost to the internal cost of each link that the
the autonomous system. packet crosses; used when multiple ASBRs are advertising the
external route.
■ ASBR Summary (Type 4)—Also originated by ABRs; the desti-
nation advertised is an ASBR; flooded throughout the autonomous ■ O E2—Type 2 external routes—Networks outside of the
system. autonomous system; advertised by Type 5 LSAs; cost is always
the external cost only. This is the default type on Cisco routers.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 46 Return to Table of Contents

[ 45 ]

CHAPTER 4 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Areas ■ Totally stubby area—Also block summary (Type 3 LSAs); the
only exception is a single Type 3 default LSA. To configure an
Routers must share an identical link-state database with other routers in
area as totally stubby, use the following command:
the same area. Area ID 0 is reserved for the backbone area. The back-
bone is responsible for summarizing each area to every other area. You Router(config-router)# area area-id stub [no-summary]
configure a router for the backbone area by placing interface(s) in area
The no-summary keyword needs to be used on the ABR only.
0 via the network command. For example:
You can change the cost of the default route sent into the totally
Router(config)# router ospf 1 stubby area using the following router configuration command
Router(config-router)# network 10.10.0.1 0.0.0.0 area 0 (default cost is 1):
Autonomous System area area-id default-cost cost
Backbone Area
(Area 0) Autonomous System
Backbone Area
(Area 0)

Area 10 Area 20 Area 10 Area 20
Stub Totally
Does not except Stubby Does not except
External LSAs External LSAs (Type 5);
(Type 5) Summary LSAs (Type 4); or
Summary Network (Type 3) LSAs
FIGURE 4-2 OSPF areas

■ Stub area—An area into which external LSAs are not flooded FIGURE 4-3 Stub and totally stubby areas
(Type 4 and 5 LSAs are blocked). Adjacencies do not form with
■ Not-so-stubby areas—Allows external routes to be advertised
any other router not marked as stub. Virtual links cannot be
into the stub area Type 7 LSAs. A not-so-stubby area (NSSA)
configured within a stub. To configure an area as stub, use the
ASBR generates the Type 7 LSA, and an NSSA ABR translates it
following command:
into a Type 5 LSA, which gets sent into the OSPF domain. To
Router(config-router)# area area-id stub

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 47 Return to Table of Contents

[ 46 ]

CHAPTER 4 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

configure an NSSA, use the following router configuration Configuring basic single-area OSPF
command:
First, you must enable the OSPF routing process on the router using the
area area-id nssa [no-redistribution] [default- following global configuration command:
information-originate]
router ospf process-id
The area area-id nssa command is used on all routers in the area;
it is used in place of the area stub command. Use the network command in router configuration mode to identify
those interfaces that are to participate in OSPF:
RIP Type 7 LSA Type 5 LSA
network address inverse-mask area [area-id]

Verification commands include the following:
RIP AS
NSSA 1 Area 0
10.10.0.0
■ show ip protocols
■ show ip route ospf
FIGURE 4-4 Not-so-stubby areas
■ show ip ospf interface
Here is a summary of the LSA types permitted in each area.
■ show ip ospf
Area LSA 1 LSA 2 LSA 3 LSA 4 LSA 5 LSA 7 ■ show ip ospf neighbor [detail]
Backbone Yes Yes Yes Yes Yes No
Nonbackbone Yes Yes Yes Yes Yes No
Stub Yes Yes Yes Yes No No OSPF router ID
Totally stubby Yes Yes No No No No The router ID is how the router is identified in OSPF. The router ID
also is used to break a tie for DR/BDR if the administrator has not set
NSSA Yes Yes Yes Yes No Yes
the OSPF priority values on routers using the ip ospf priority

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 48 Return to Table of Contents

[ 47 ]

CHAPTER 4 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

command. The router with the highest router ID wins the election in Default route advertisements in OSPF
that case. Here is the process for router ID selection:
For an OSPF router to advertise a default route into an area, the
1. The router ID as set with the router-id address router configura- command default-information originate must be used. If the advertis-
tion command. If you are using this command after OSPF has ing router does not possess a default route in its routing table, you can
selected a router ID, you should use clear ip ospf process to reset. use the always keyword to still generate the default route to 0.0.0.0.
The complete router configuration command syntax for generating
2. The highest IP address on a loopback interface.
default routes is as follows:
3. The highest IP address on an active interface.
default-information originate [always] [metric metric_value]
Use show ip ospf to verify the router ID selection. [metric-type type-value] [route-map map-name]

If you do not specify a metric value, the default of 10 is used. The
Route summarization metric-type allows you to specify a Type 1 or Type 2 external route.
Two types of summarization exist in OSPF: interarea, which is Finally, the route-map option allows you to control the generation of
performed on ABRs, and external route summarization, which is the default route further. For example, the default route is generated
performed on routes redistributed into OSPF autonomous systems. only if the route map is satisfied.

To configure interarea route summarization on the ABR, use the
following router configuration command: Authentication
area area-id range address mask Type 1—clear text; least secure. To configure:
Step 1. Enable area authentication on all routers in the area; use
To configure route summarization on an ASBR to summarize external
the following router configuration command:
routes, use the following router configuration command:
area area_id authentication
summary-address address mask [not-advertise] [tag tag]
Step 2. Enter the clear-text password on the interface in interface
The not-advertise optional keyword suppresses routes that match the configuration mode:
specified prefix. The tag value can be used as a “match” value for
ip ospf authentication-key password
controlling redistribution with route maps on the ABR.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 49 Return to Table of Contents

[ 48 ]

CHAPTER 4 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Type 2—MD5; most secure. To configure: You can also override the calculated cost value in any interface directly
by using the following interface configuration command:
Step 1. Enable MD5 area authentication on all routers in the area
using router configuration mode: ip ospf cost value

area area_id authentication message-digest
Values range from 1 to 65,535.
Step 2. Set the key and password on the interfaces using interface
configuration mode:
Optional OSPF interface parameters
ip ospf message-digest-key key_value md5 password
Additional optional interface parameters not covered elsewhere in this
Short Cut include the following:

Changing the cost metric ■ ip ospf retransmit-interval—Specifies the number of seconds
The Cisco implementation of OSPF calculates the metric using the between LSA retransmissions.
following formula: ■ ip ospf transmit-delay—Sets the number of seconds required to
send a link-state update.
cost = reference bandwidth/bandwidth
■ ip ospf hello-interval—Specifies the time between hello packets;
The default reference bandwidth is 100 Mbps. The bandwidth value is
must match on all routers in the network.
that which is configured on the interface using the bandwidth
command. If you are using many interfaces faster than 100 Mbps, ■ ip ospf dead-interval—Number of seconds before the router is
consider resetting the reference bandwidth value. You can do so on considered dead; must match on all routers in the network.
each router using the following router configuration mode command:
auto-cost reference-bandwidth refbw
Administrative distance and OSPF
Note that reference bandwidth is in megabits per second. For example,
Three different administrative distance values are possible for OSPF—
if you want to ensure Gigabit Ethernet interfaces evaluate to a cost of 5,
intra-area routes, interarea routes, and external routes. By default, all
set the refbw on each router to 5000. (Valid values are from 1 to
4,294,967.)

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 50 Return to Table of Contents

[ 49 ]

CHAPTER 4 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

are set to 110; these can be changed with the following router configu- Changing LSA group pacing
ration command:
Routers group LSAs and pace refreshing, checksumming, and aging
distance ospf {[intra-area dist1] [inter-area dist2] functions so that the resource strain on the router is reduced. This is
[external dist3]} default behavior; it can be tweaked with the following router configura-
tion command:
timers lsa-group-pacing seconds
OSPF passive interface
To set a passive interface in OSPF, use the following router configura-
tion command:
Blocking LSA flooding
passive-interface interface-type interface-number You can prevent the default flooding behavior; to do so on a broadcast,
nonbroadcast, or point-to-point network, use the following interface
When used with OSPF, this command prevents the interface from configuration command:
sending hello packets and therefore prevents an adjacency from
forming. It also prevents the sending or receiving of routing informa- ospf database-filter all out
tion through the interface. The specified interface address appears as a
stub network in the OSPF domain, therefore. On point-to-multipoint networks, use the following router configuration
command:
neighbor ip-address database-filter all out
Configuring route calculation timers
You can configure the delay between when a topology change is
received and when the SPF calculation takes place. You can also Reducing LSA flooding
configure the hold time between two consecutive SPF calculations. Use Reduces the flooding of LSAs in stable topologies by setting LSAs to
the following router configuration command: “do not age”; this is accomplished with the following interface configu-
timers spf spf-delay spf-holdtime ration command on a per-interface basis:
ip ospf flood-reduction

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 51 Return to Table of Contents

[ 50 ]

CHAPTER 4 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Virtual links To configure OSPF for on-demand circuits on a per-interface basis, use
the following interface configuration command:
A virtual link is a link to the backbone through a nonbackbone area.
Virtual links are created between two ABRs, and the area cannot be ip ospf demand-circuit
stub. Virtual links are typically implemented as a temporary fix for
OSPF design issues. For example, they can be used to connect an area If the router is part of a point-to-point topology, only one end of the
that has no direct connection to the backbone area. Or they can be used demand circuit must be configured with this command, although all
to connect to disconnected area 0s (backbones). The following routers must support the feature. If the router is part of a point-to-
command configures a virtual link: multipoint topology, only the multipoint end must be configured with
this command. Also, this feature does not work in a broadcast-based
area transit_area_id virtual-link router_id_of_remote topology. Finally, the feature is not supported for use with an
Virtual Link
asynchronous interface.

OSPF Graceful Restart
Area 10 Area 1 Area 0 RFC 3623 defines OSPF Graceful Restart. This functionality is incor-
porated into Cisco routers thanks to the Nonstop Forwarding (NSF)
capability that Cisco has engineered into the Border Gateway Protocol
FIGURE 4-5 Virtual links (BGP), Enhanced Interior Gateway Routing Protocol (EIGRP), OSPF,
and Intermediate System-to-Intermediate System (IS-IS) protocols.
OSPF over on-demand circuits The idea behind OSPF Graceful Restart/NSF is to allow the router to
On-demand circuit is an enhancement that allows efficient operations continue forwarding packets, even while undergoing specific well-
over dialup, ISDN, and other on-demand circuits. With this feature, known failure conditions. Perhaps a software upgrade is occurring, or
periodic hellos are suppressed, and the periodic refreshes of LSAs are a route processor crash is affecting the router. NSF allows for the
not flooded over the demand circuit. These types of packets bring up continued forwarding of packets.
the link only the first time—or when you have a topology change that
Before RFC 3623, Cisco offered a proprietary version of NSF. Cisco
needs to be propagated.
now refers to this version as Cisco NSF. The OSPF RFC 3623 Graceful

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 52 Return to Table of Contents

[ 51 ]

CHAPTER 4 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Restart feature enables you to configure IETF NSF in multivendor ■ A discontiguous area 0 exists.
networks. Cisco now refers to this version as simply IETF NSF.
Neighbor is not advertising external routes:
OSPF NSF operates in one of two modes when it comes to failover
■ Area is configured as stub or NSSA.
operations. The first possible mode is called Restarting mode. In
Restarting mode, the OSPF router process performs nonstop forwarding ■ The NSSA ABR is not translating Type 7 into Type 5 LSAs.
recovery because of a route processor switchover. The second possible
mode is Helper mode. In Helper mode, a neighboring router restarts, Neighbor is not advertising default routes:
and the Helper mode router assists in the nonstop forwarding recovery
■ No default-information originate command.
process.
■ No default route in the routing table.
Enabling IETF NSF on the Cisco router is simple. Enter router configu-
■ Stub area is in use.
ration mode for the OSPF process and issue the following command:
■ NSSA border router is not originating Type 7.
nsf ietf

Troubleshooting OSPF route Troubleshooting OSPF route installation
advertisements OSPF installing no routes in routing table:
OSPF neighbor is not advertising routes: ■ Network type mismatch
■ OSPF is not enabled on interface. ■ IP address or subnet mask misconfiguration
■ Advertising interface is down. ■ Unnumbered/numbered point-to-point configuration
■ Secondary interface is in different area from primary interface. ■ Distribute list
ABR is not advertising summary route: ■ Broken permanent virtual circuit (PVC) in full-mesh broadcast
mode Frame network
■ Area is configured as totally stubby area.
■ ABR lacks area 0 connectivity.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 53 Return to Table of Contents

[ 52 ]

CHAPTER 4 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

OSPF not installing external routes: Troubleshooting CPUHOG syslog reports
■ Forwarding address not known through intra-area or interarea CPUHOG messages during adjacency establishments:
route
■ No packet-pacing code executing
■ ABR not generating Type 4 LSAs
■ CPUHOG messages during LSA refresh
■ No LSA group-pacing code
Troubleshooting redistribution
Not advertising external routes:
Troubleshooting dial-on-demand routing
■ subnets keyword is missing. issues
■ Distribute list. Hello packets are bringing up the link:

■ Hellos are permitted as interesting traffic.

Troubleshooting route summarization Demand circuit keeps bringing up the link:
Router not summarizing interarea routes:
■ Link flapping.
■ No area range command on ABR
■ Network type is broadcast.
■ Router not summarizing external routes
■ PPP host route being redistributed.
■ No summary-address command on ASBR
■ One router is not demand-circuit-capable.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 54 Return to Table of Contents

[ 53 ]

CHAPTER 4 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Troubleshooting SPF calculations “Bad Checksum”:
SPF running constantly: ■ Device is corrupting the packet.
■ Flapping route ■ Sending router’s interface is bad, or a software bug exists.
■ Neighbor flapping ■ Receiving router’s interface is bad, or a software bug exists.
■ Duplicate router ID

General troubleshooting commands
Troubleshooting common error messages show ip ospf neighbor [interface-type interface-number] [neighbor-
id] [detail]—Displays OSPF neighbor information on a per-interface
“Could Not Allocate Router ID”:
basis.
■ No enabled interface with valid IP
show ip ospf [process-id]—Displays general information about OSPF
■ Not enough interfaces up with IP addresses for multiple OSPF routing processes.
processes
show ip ospf interface [interface-type interface-number]—Displays
OSPF-related interface information.
“%OSPF-4-BADLSATYPE: Invalid lsa: Bad LSA type” Type 6:
show ip ospf database—Displays lists of information related to the
■ Neighboring router is sending MOSPF packets that are not
OSPF database for a specific router.
supported on Cisco routers.
■ Eliminate the error with the ignore lsa mospf command. debug ip ospf packet—This EXEC command displays information
about each OSPF packet received:
“OSPF-4-ERRRCV”: Router# debug ip ospf packet
OSPF: rcv. v:2 t:1 l:48 rid:200.0.0.116
■ OSPF received an invalid packet because of a mismatched area ID, aid:0.0.0.0 chk:0 aut:2 keyid:1 seq:0x0
a bad checksum, or OSPF not enabled on a receiving interface.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 55 Return to Table of Contents

[ 54 ]

CHAPTER 4 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

The possible output values are as follows: Interior Gateway Protocols

■ v:—Version of OSPF
■ t:—Specifies the OSPF packet type (1: Hello, 2: DBD, 3: LSR, 4: AS 100 Exterior Gateway Protocols

LSU, 5: LAAck) Possible Protocols Include:
IGRP, EIGRP, OSPF, RIP,
IS-IS
■ rid:—Provides the OSPF router ID
BGP
■ aid:—Shows the area ID AS 200

■ chk:—Displays the checksum
■ aut:—Provides the authentication type (0: no, 1: simple password,
2: MD5)
FIGURE 4-6 Exterior Gateway Protocol
■ auk:—Specifies the authentication key
BGP is an advanced path vector protocol and includes the following:
■ keyed:—Displays the MD5 key ID
■ Reliable updates
■ seq:—Provides the sequence number
■ Triggered updates only
■ Rich metrics (path attributes)
BGP ■ Scalable to massive networks

Because of these enhancements, BGP is often described as advanced
BGP introduction distance vector. Perhaps the most technically accurate description is
Border Gateway Protocol (BGP) is an Exterior Gateway Protocol path vector.
(EGP) used for routing between autonomous systems. It enables
routing policies and improves security. Common uses for BGP include the following:

■ Customer connected to one Internet service provider (ISP) (not
always required, however)

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 56 Return to Table of Contents

[ 55 ]

CHAPTER 4 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

■ Customer connected to several ISPs ■ Prefer shortest autonomous system paths (compare length only)
■ Service provider networks (transit autonomous system) ■ Prefer lowest origin code (IGP < EGP < Incomplete)
■ Network cores of very large enterprise networks ■ Prefer lowest Multiexit Discriminator (MED)
■ Prefer external paths over internal BGP (iBGP) paths
Session establishment ■ For iBGP paths, prefer path through closest IGP neighbor
BGP neighbors are not discovered; they must be configured manually ■ For external BGP (eBGP) paths, prefer the oldest path
on both sides of the connection. TCP port number 179 is used. Only
one session remains if both connection attempts succeed. The show ip ■ Prefer paths from router with lower BGP router ID
bgp summary command gives an overview of the session status.
Indications include Idle, Active, OpenSent, OpenConfirm, and The best routes (valid and reachable) are propagated to BGP neighbors.
Established. Keepalives are sent every 60 seconds. Peers can use an The best BGP routes are copied into the IP routing table after the router
MD5 shared secret. checks administrative distance values.

Route processing The BGP process injects local routes in two different ways:
All routes received after the neighbor establishment are saved in ■ Using the network configuration commands. This command lists
memory. If more than one way to reach a destination exists, the best is networks that are candidates if they appear in the routing table.
selected. Use the show ip bgp command to view all the routing infor-
■ Using redistribution by another routing protocol.
mation received from all neighbors.

The best route selection criteria occurs in this order:
Route summarization
■ Exclude any route with inaccessible next hop Automatic classful summarization is enabled by default. When you
■ Prefer highest weight (local to router) disable automatic summarization, the routes introduced locally into the
BGP table are not summarized.
■ Prefer highest local preference (global within autonomous system)
■ Prefer routes that the router originated

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 57 Return to Table of Contents

[ 56 ]

CHAPTER 4 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

BGP basic configuration Announcing networks
To start BGP on your router, use the following global configuration To disable automatic summarization, use the following router configu-
command: ration command:
router bgp as-number no auto-summary

A public autonomous system number can be obtained from the appro- To manually define a network for advertisement by BGP, use the
priate agency, or a private autonomous system number is possible in following router configuration command:
some situations (64,512 to 65,535). Only one BGP process is permitted network network-number [mask network-mask]
per router.
If you use this command and auto-summarization is on (the default
To configure your BGP neighbors, use the following router configura-
behavior), at least one of the subnets must be present in the forwarding
tion commands:
table for the major network prefix to be advertised. If auto-summariza-
neighbor ip-address remote-as as-number tion is disabled, an exact match is required in the forwarding table. You
neighbor ip-address description neighbor description can use the mask keyword to specify a specific subnet with the
network command.
To temporarily disable a neighborship, use the following router config-
uration command: If you would like to modify attributes before inserting prefixes into the
BGP table, you can use a route map in the network command in router
neighbor ip-address shutdown
configuration mode:
To configure MD5 authentication between neighbors, use the following network network-number [mask network-mask] [route-map map-tag]
router configuration command. Keep in mind the password string must
match on both routers. This option might be used for one or more of the following:
neighbor ip-address password string ■ Change the weight of a locally sourced route
■ Manipulate source routes with BGP communities
■ Set the local preference
■ Change the value of the MED

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 58 Return to Table of Contents

[ 57 ]

CHAPTER 4 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

To advertise routes based on route redistribution, examine the following Aggregation in BGP
sample command syntax: Use the following router configuration command to configure route
Router(config)# router bgp 64500 summarization to suppress the advertising of individual networks.
Router(config-router)# redistribute ospf 1 Remember, at least one network of the summarized space must exist in
Router(config-router)# distribute-list prefix MY_PREFIX_LIST out the BGP table:

One caveat here is that the routes have an origin code of unknown. This aggregate-address address-prefix mask summary-only
makes them seem inferior to other routes per the BGP route-selection
process. Notice the optional use of the distribute list syntax to suppress
certain networks from being advertised in updates. Route selection using policy controls
Redistribution can be configured in conjunction with a route map to Autonomous system path filtering with regular
reset the origin code or set other attributes. Here is an example: expressions
Router(config)# router bgp 64500 String matching—A string of characters in the regular expression
Router(config-router)# redistribute ospf 1 route-map matches any equivalent substring in the autonomous system path; 29
MY_ROUTE_MAP
has three matches in | 210 291 1296 29 |, for example.
String matching alternatives—The pipe symbol (|) means “or.”
Classless BGP
To manually announce a classless prefix, be sure to use the following String matching ranges and wildcards—Brackets ([ ]) can be used
router configuration command: for ranges, and the period (.) can match any single character.
= network ip-prefix-address mask subnet-mask String matching delimiters—The caret (^) matches the beginning of
string, the dollar sign ($) matches the end of the string, and an under-
You should also consider creating a static route pointing to null0 to score (_) matches any delimiters.
create a matching prefix in the IP forwarding table to ensure the subnet
is advertised. String matching grouping—Parentheses can group smaller expres-
sions into larger expressions.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 59 Return to Table of Contents

[ 58 ]

CHAPTER 4 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

String matching special characters—You can use the backslash (\) to Autonomous system path filters configured inbound on a router select
remove the special meaning of the character that follows. those routes that are allowed.
String matching repeating operators—An asterisk (*) means the Router A
expression preceding repeats zero or more times, a question mark (?)
means the expression preceding repeats zero or one time, and a plus BGP
Table
sign (+) means the expression preceding repeats one or more times. Incoming Neighbor Outgoing Neighbor

Here are some string matching examples:
_200_ All routes going through autonomous system 200

^200$ Directly connected to autonomous system 200 Filter-List In Filter-List Out

_200$ Originated in autonomous system 200 FIGURE 4-7 AS-path filters

Routes that are selected enter the local BGP table when the selection is
^200_. Networks behind autonomous system 200
applied on the incoming routes from a neighbor. Routes that are not
selected are silently dropped. Routes selected if an outbound filter is
^[0-9]+$ Autonomous system paths one autonomous
used are transmitted to the neighbor when the selection is applied.
system long
Routes that are not selected are used locally but are never sent to the
neighbor.
^([0-9]+)(_\1)*$ Networks originating in the neighbor autonomous
system The commands used to configure an autonomous system path list are
relatively simple. First, configure an autonomous system path access
^$ Networks originated in local autonomous system list as follows in global configuration mode:
ip as-path access-list access-list-number {permit | deny}
.* Matches everything as-regular-expression

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 60 Return to Table of Contents

[ 59 ]

CHAPTER 4 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

To set up a BGP filter, use the neighbor filter-list router configuration To create an entry in a prefix list, use the ip prefix-list global configu-
command: ration command:
neighbor {ip-address | peer-group-name} filter-list access- ip prefix-list list-name [seq seq-value] deny | permit
list-number {in | out} network/len [ge ge-value] [le le-value]

Monitoring the use of regular expressions is critical. To display routes You can use the parameters ge (greater than) and le (less than) to
matching the autonomous system path regular expression, use the show specify the range of the prefix length to be matched for prefixes that
ip bgp regexp command. To display routes that conform to a specified are more specific than network/len. The exact match is assumed when
filter list, use the show ip bgp filter-list command. To display a neither ge nor le is specified. The range is assumed to be from ge-value
specific access list or all autonomous system path access lists in the to 32 only if the ge attribute is specified. The range is assumed to be
router, use the show ip as-path-access-list command. from le to le-value only if the le attribute is specified.
To distribute BGP neighbor information as specified in a prefix list, use
Prefix lists the following router configuration command:
Prefix lists are a powerful method to control the updates coming from
neighbor {ip-address | peer-group-name} prefix-list prefix-
other BGP speaking routers.
listname {in | out}

This might be useful to suppress a more specific route or to change the
ISP1 path used to reach a certain destination.
BGP

To suppress networks from being advertised in updates, use the follow-
Multihomed Customer Internet ing router configuration command:
distribute-list {access-list-number | name | prefix-list
prefix-listname} out [interface-name | routing-process |
BGP
ISP2
autonomous-system-number]

Service Providers May
Need to Filter IP Prefixes To display information about a prefix list or prefix list entries, use the
Being Announced by Customer
show ip prefix-list command.
FIGURE 4-8 Prefix filtering

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 61 Return to Table of Contents

[ 60 ]

CHAPTER 4 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Outbound Route Filtering An ORF type of NLRI-based filtering (type 1) uses the following
Outbound Route Filtering (ORF) is a prefix-based BGP feature that is actions:
enabled through the advertisement of ORF capabilities to peer routers. ■ ADD—Adds a line to a prefix list filter on the remote peer
The advertisement of the ORF capability indicates that a BGP-speaking
■ DELETE—Removes a line from a filter that was previously
router can accept a prefix list from a neighbor and apply the prefix list
to locally configured ORFs (if any exist). When this capability is installed on a remote peer
enabled, the BGP speaker can install an inbound prefix list filter to the ■ DELETE ALL—Removes all previously installed filters on the
remote peer as an outbound filter, which reduces unwanted routing remote peer
updates.
To advertise ORF capabilities to a peer router, use the neighbor orf
An ORF message contains the following information:
prefix-list command in address family or router configuration mode:
■ Address Family Information (AFI) and Subsequent Address
neighbor {ip-address} [capability] orf prefix-list [receive |
Family Information (SAFI) for which the filter should be used send | both]
■ ORF type
Use the clear ip bgp neighbor command with the prefix-filter
■ When to refresh (immediate or deferred refresh) keyword to push out the existing ORF prefix list so that a new route
■ List of ORF entries where the actual filter is defined refresh can be received from a neighbor. The neighbor uses the ORF
prefix list previously negotiated.
Commonly used ORF types are as follows:
Filtering with route maps
■ ORF type 1 filters based on Network Layer Reachability
Information (NLRI) Route maps are also a power filtering tool. They can be used to accom-
plish the following tasks:
■ ORF type 2 filters based on standard BGP community attributes
■ Filter on IP prefixes coming from a specific autonomous system
■ ORF type 3 filters based on extended BGP community attributes
■ Filter on other BGP attributes
■ ORF type 128 filters based on Cisco-proprietary implementation
of prefix filtering (prefix lists) ■ Modify BGP attributes

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 62 Return to Table of Contents

[ 61 ]

CHAPTER 4 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Match clauses in the BGP route map can be based on the following: permitting a route, the route is implicitly denied and dropped. The
syntax required is as follows:
■ IP network numbers and subnet masks (prefix list or access list)
Router(config-router)# neighbor ip-address route-map name
■ Route originator in | out
■ Next hop
The show ip bgp route-map command displays selected routes from a
■ Origin code BGP routing table based on the contents of a route map.
■ Tag value attached to an Interior Gateway Protocol (IGP) route
■ Autonomous system path Implementing changes in policy
■ Community The traditional method of clear ip bgp * is disruptive. Soft reconfigu-
ration was introduced in Cisco IOS Release 11.2 to facilitate nondis-
■ IGP route type ruptive changes in BGP. When you configure soft-reconfiguration
inbound for a neighbor, the router stores all routes received from that
With a route map, the following can be set: neighbor as an extra copy in memory. This copy is taken before any
filtering is applied by the router to routes it receives. When you have
■ Origin
completed the changes to filters and route maps that are applied on
■ Next hop incoming information, use clear ip bgp ip-address soft on the router
■ Weight in privileged EXEC mode.

■ Community When you have completed the changes to filters and route maps that
are applied on the outgoing information, execute clear ip bgp ip-
■ Local preference
address soft out on the router in privileged EXEC mode.
■ MED
Route refresh is another new feature in the Cisco implementation of
You can apply a route map on incoming or outgoing routing informa- BGP. Routers use the route refresh feature to ask a neighbor to resend
tion for a neighbor. The routing information must be permitted by the all the routing information when needed. Use the clear ip bgp *
route map to be accepted. If the route map has no statement explicitly command to send a route refresh message to all neighbors or clear ip
bgp ip-address to send a route refresh message to a specific neighbor.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 63 Return to Table of Contents

[ 62 ]

CHAPTER 4 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

BGP path attributes Transitive attributes
Aggregator—IP address and autonomous system of the router that
Mandatory well-known attributes performed aggregation
Origin—Specifies the router’s origin
Community—Used for route tagging
■ IGP
■ EGP
Influencing route selection using weights
■ Unknown—Route was redistributed
Using weight
AS-Path—Sequence of autonomous system numbers through which You can use weight to provide local routing policy, and you can use
the route is accessible local preference to establish autonomous system–wide routing policy.
Next-Hop—IP address of the next-hop router To assign a weight to a neighbor connection, use the neighbor weight
router configuration command:
Discretionary well-known attributes neighbor {ip-address | peer-group-name} weight weight
Local Preference—Used for consistent routing policy with an
autonomous system This approach assigns a weight value to all route updates from the
neighbor. Higher weights are preferred.
Atomic Aggregate—Informs the neighbor autonomous system that the
originating router aggregated routes You can also configure the router so that all incoming routes that match
an autonomous system filter receive the configured weight. Use the
Nontransitive attributes following router configuration command to do so:
Multiexit Discriminator—Used to discriminate between multiple neighbor {ip-address | peer-group-name} filter-list access-
entry points into an autonomous system list-number {in | out | weight weight}

You can also set weight with a route map in more complex scenarios.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 64 Return to Table of Contents

[ 63 ]

CHAPTER 4 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

The default weight value is 32,768 for locally originating networks You manipulate autonomous system paths by prepending autonomous
(including those via redistribution) and is 0 for all other networks. system numbers to existing autonomous system paths. Typically, you
perform autonomous system path prepending on outgoing eBGP
Using local preference updates over the nondesired return path. Because the autonomous
system paths sent over the nondesired link become longer than the
Local preference can be used to influence route selection within the
autonomous system path sent over the preferred path, the nondesired
local autonomous system; in fact, this attribute is stripped from outgo-
link is now less likely to be used as the return path. To avoid conflicts
ing updates via eBGP. You should decide between the use of weight or
with BGP loop-prevention mechanisms, no other autonomous system
local preference. The default local preference for iBGP and local routes
number, except that of the sending autonomous system, should be
is 100; all others are 0 by default.
prepended to the autonomous system path attribute.
You can apply local preference in the following ways:
You can configure manual manipulation of the autonomous system path
■ Using a route map with the set local-preference command attribute (prepending) using a route map with the set as-path prepend
command.
■ Using the bgp default local-preference command to change the
default local preference value applied to all updates coming from
external neighbors or originating locally
BGP Multi Exit Discriminator (MED)
You can apply the MED attribute on outgoing updates to a neighboring
For verification, you can use the use the command show ip bgp prefix autonomous system to influence the route selection process in that
to display the locally applied value. autonomous system. The MED attribute is useful only when you have
multiple entry points into an autonomous system.
Autonomous system path prepending The default value of the MED attribute is 0. A lower value of MED is
In networks where connections to multiple providers are required, it is more preferred. A router prefers a path with the smallest MED value
difficult to specify a return path to be used for traffic returning to the but only if weight, local preference, autonomous system path, and
autonomous system. One BGP mechanism you can use is autonomous origin code are equal.
system path prepending. Autonomous system path prepending poten-
MED is not a mandatory attribute; no MED attribute is attached to a
tially allows the customer to influence the route selection of its service
route by default. The only exception is if the router is originating
providers.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 65 Return to Table of Contents

[ 64 ]

CHAPTER 4 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

networks that have an exact match in the routing table (through the The actual community attribute is a transitive optional attribute. The
network command or through redistribution). In that case, the router value of this attribute is a 32-bit number in the possible range of 0 to
uses the metric in the routing table as the MED attribute value. 4,294,967,200. You can tag each network in a BGP routing table with a
set of communities. The default community is Internet (0).
Using the default-metric command in BGP configuration mode causes
all redistributed networks to have the specified MED value. The BGP standards define several well-known communities for your use:
You can use a route map to set MED on incoming or outgoing updates. ■ no-export—Do not advertise routes to real eBGP peers.
Use the set metric command within route map configuration mode to ■ no-advertise—Do not advertise routes to any peer.
set the MED attribute.
■ local-as—Do not advertise routes to any eBGP peers.
You must use the command bgp bestpath med confed when you use
■ internet—Advertise this route normally; this is the default
MED within a confederation to influence the route selection process. A
community value.
router compares MED values for those routes that originate in the
confederation. Because the community attribute is a transitive optional attribute,
routers that do not support communities pass them along unchanged.
BGP communities To define your own communities, you use a 32-bit community value
A community is an attribute used to set an identifier’s BGP routes. A that is split into two parts:
router can apply it to any BGP route by using a route map. Other
routers can then perform any action based on the tag (community) that ■ High-order 16 bits that contain the autonomous system number of
is attached to the route. the autonomous system that defines the community meaning
■ Low-order 16 bits that have local significance
Any BGP router can tag routes in incoming and outgoing routing
updates or when doing redistribution. In addition, any BGP router can
You can specify a 32-bit community value as follows:
filter routes in incoming or outgoing updates or select preferred routes
based on the community values. By default, communities are stripped [AS-number]:[low-order-16-bits]
in outgoing BGP updates.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 66 Return to Table of Contents

[ 65 ]

CHAPTER 4 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

You use communities in well-planned step-by-step fashion. Here are set keyword overwrite existing communities unless you specify the
the steps that you should consider and examples of each: additive option.
Step 1. Define administrative policy goals. After you have created the route map, you can apply it to inbound or
Example—Solve asymmetric customer routing problems. outbound BGP updates using the following router configuration
command:
Step 2. Design filters and path selection policy to achieve adminis-
neighbor ip-address route-map map in | out
trative goals.
Example—Set local preference of customer routes to 75 To apply a route map to redistributed routes, use the following router
for customers using the backup ISP. configuration command:
Step 3. Define communities to be used to achieve individual goals. redistribute protocol route-map map
Example—Community 367:20 indicates that the local
By default, communities are stripped in outgoing BGP updates; there-
preference of the route should be lowered to 75.
fore, you must manually configure community propagation to BGP
neighbors. You can do so using the following command:
To actually configure BGP communities, you can use the following steps:
neighbor ip-address send-community
Step 1. Configure route tagging with BGP communities.
Step 2. Configure BGP community propagation. Keep in mind that BGP peer groups are ideal for configuring BGP
community propagation toward a large number of neighbors.
Step 3. Define BGP community access lists (community lists) to
match BGP communities. You can use a standard community access list to find community attrib-
utes in routing updates. A standard community list is defined by its
Step 4. Configure route maps that match on community lists and
assigned list number. The list number uses a range from 1 to 99.
filter routes or set other BGP attributes.
Community lists are similar to standard IP access lists in these ways:
Step 5. Apply route maps to incoming or outgoing updates.
■ The router evaluates the lines in the community list sequentially.
Route tagging with communities is always done with a route map. You
can specify any number of communities; communities specified in the ■ If no line matches communities attached to a BGP route, the route
is implicitly denied.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 67 Return to Table of Contents

[ 66 ]

CHAPTER 4 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Standard community lists differ from standard IP access lists in these list. You can use the exact option to ensure that all communities
ways: attached to the route have to match the community list. Remember, you
can use route maps to filter routes or set other BGP attributes based on
■ The keyword internet should be used to permit any community
communities attached to routes.
value.
■ If more values are listed in a single line, they all have to be in an
update to have a match. Route reflectors
BGP requires that all BGP peers in the same autonomous system form
Here is the global configuration mode syntax for the creation of the an iBGP session with all peers in the autonomous system. This is too
standard community list: difficult in many environments. Route reflectors are fully functional
ip community-list 1-99 permit | deny value [ value ... ]
iBGP speakers that form iBGP sessions with other iBGP speakers, and
they also perform a second function—they forward routes from other
To create an extended community list, use the following global config- iBGP speakers to route reflector clients. The route reflector clients
uration mode syntax: form iBGP sessions only with the route reflectors. The route reflectors
and the clients form a cluster.
ip community-list 100-199 permit | deny regexp
To configure route reflectors, consider these initial tasks:
These extended community lists are like simple community lists, but
they match based on regular expressions. Specifically, communities ■ Configure the proper cluster ID value on the route reflectors.
attached to a route are ordered, converted to a string, and matched with ■ Configure the route reflector with information about which iBGP
regexp. You can use the .* syntax to match any community value. neighbor sessions are reaching their clients.
Community lists are used in match conditions in route maps to match ■ In the clients, remove all iBGP sessions to neighbors that are not a
on communities attached to BGP routes. route reflector in the client cluster.

After you create your community lists, you can match to these lists in ■ Make sure that the iBGP neighbor is removed on both ends of the
your route maps. A route map with a community list matches a route if iBGP session.
at least some communities attached to the route match the community

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 68 Return to Table of Contents

[ 67 ]

CHAPTER 4 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

The command used to configure the cluster ID if the BGP cluster has Step 4. Configure other neighbors within the same parent
redundant route reflectors is as follows: autonomous system by specifying their subautonomous
system number as the remote autonomous system number;
bgp cluster-id cluster-id
other confederation peers from different subautonomous
The command used to configure the router as a BGP route reflector and systems must also be identified as external confederation
configure the specified neighbor as its client is as follows: peers using the bgp confederation peers command.

neighbor ip-address route-reflector-client Step 5. Configure any eBGP neighbors as you normally would.

Peer groups
Confederations To configure one router with multiple BGP peer relationships, configu-
Confederations are another method of solving the iBGP full-mesh rations can be quite complex. Peer groups simplify the configuration
requirement. Confederations are smaller subautonomous systems process. You make peer groups and assign neighbors with the same
created within the primary autonomous system to decrease the number policies to the group. Peer group members inherit the policies assigned
of BGP peer connections. Five steps are used in the configuration of to the group.
confederations:
To configure BGP peer groups on Cisco IOS routers, complete the
Step 1. Enable BGP using the member autonomous system following steps:
number.
Step 1. Create a BGP peer group; use the neighbor peer-group
Step 2. Configure the confederation identifier using the bgp
router configuration command.
confederation identifier command.
Step 2. Specify parameters for the BGP peer group.
Step 3. Configure fully meshed iBGP subautonomous system
neighbor relationships using the subautonomous system Step 3. Create a BGP neighbor.
number as the remote autonomous system number (ASN) Step 4. Assign a neighbor to the peer group; use the neighbor
for all internal iBGP peers. peer-group router configuration command.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 69 Return to Table of Contents

[ 68 ]

CHAPTER 4 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

network backdoor command Troubleshooting and monitoring BGP
The network backdoor router configuration command causes the Important commands not included elsewhere in the BGP Short Cuts
administrative distance assigned to the network to be forced to 200. include the following:
The goal is to make IGP-learned routes preferred. A network that is
■ show ip bgp neighbors ip-address—Displays detailed neighbor
marked as a backdoor is not sourced by the local router, but should be
information
learned from external neighbors. You should be sure to verify the route
is in the BGP table for the command to have the desired effect. ■ show ip bgp—Displays all the routes in the BGP table
■ show ip bgp ip-prefix [mask subnet-mask]—Displays detailed
information about all paths for a single prefix
Configuring the BGP maximum-prefix
■ debug ip tcp transactions—Displays all TCP transactions
function
To control how many prefixes a BGP router can receive from a neigh- ■ debug ip bgp events—Displays significant BGP events
bor, use the neighbor maximum-prefix router configuration command. ■ debug ip bgp keepalives—Debugs BGP keepalive packets
■ debug ip bgp updates—Displays all incoming or outgoing BGP
updates
Route dampening
Flapping routes create problems for BGP. An approach was created to ■ debug ip bgp updates acl—Displays all incoming and sent
remove the update about a flapping route until it can be guaranteed that updates matching an ACL
the destination is more stable. This additional BGP scalability mecha- ■ debug ip bgp ip-address updates [acl]—Displays all BGP
nism, called route flap dampening, was created to reduce route update updates received from or sent to a specific neighbor
processing requirements by suppressing unstable routes.
To enable route dampening, use the bgp dampening command.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 70 Return to Table of Contents

[ 69 ]

CHAPTER 4 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

■ Bandwidth—Expressed in kilobytes; to adjust the bandwidth
EIGRP value assigned to an interface, use the bandwidth command.
Enhanced Interior Gateway Routing Protocol (EIGRP) is a hybrid
routing protocol—combining features of both distance vector and link- ■ Delay—Expressed in microseconds; it can be adjusted using the
state routing protocols. Advantages include the following: delay command; when manipulating metrics, consider delay
because bandwidth would affect other protocols, too.
■ VLSM support
■ Reliability—Expressed as a number in the range of 1 to 255; 1 is
■ Rapid convergence thanks to Diffusing Update Algorithm (DUAL) a completely unreliable link.
■ Low CPU utilization—with typically only hellos and partial ■ Load—Expressed as a number in the range of 1 to 255; 1 is a
updates being sent on a link minimally loaded link.
■ Incremental updates ■ MTU—Maximum transmission unit; the smallest recorded MTU
■ Scalability in the path.
■ Ease of configuration
The metric formula used by EIGRP is as follows:
■ Automatic route summarization, or manual route summarization
metric = [K1 * BW + ((K2 * BW)/(256 – load)) + K3 * delay]
■ MD5 route authentication
By default, K1 = 1, K2 = 0, K3 = 1, K4 = 0, K5 = 0.
EIGRP uses IP protocol 88. It uses a multicast address of 224.0.0.10 If you manipulate the K values on one router, you must manipulate on all.
for hellos and routing updates.
EIGRP uses a 32-bit metric as opposed to the 24-bit metric of IGRP;
the two are compatible automatically during redistribution, however.
EIGRP’s metric
EIGRP uses a composite metric like Interior Gateway Routing Protocol
(IGRP), but it is modified with a multiplier of 256. Bandwidth and
EIGRP packets
delay are the defaults enabled. EIGRP calls the metric feasible ■ Hello—Establish neighbor relationships
distance. All the possible metric values are as follows: ■ Update—Send routing updates

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 71 Return to Table of Contents

[ 70 ]

CHAPTER 4 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

■ Query—Ask neighbors about routing information Initial route discovery
■ Reply—Respond to queries Router discovery and route exchange happen simultaneously as
■ Ack—Used to acknowledge reliable packets follows:
1. Router comes up and sends hellos.
The address used for hello packets is 224.0.0.10; autonomous system
2. Reply from a neighbor includes Update.
numbers must match. Hellos are sent every 5 seconds on broadcast
links and point-to-point serial links, point-to-point subinterface links, 3. Ack packets are sent.
and multipoint circuits greater than T1. They are sent every 60 seconds
4. Update process occurs in the opposite direction.
on other link types. The hold time defaults to 3 times the hello time.
Neighborships form even if the values do not match. Hello Packet

Hello and Complete Routing Info

EIGRP reliability Ack and Complete Routing Info

Packets that require acknowledgment are as follows: Ack and Converged

■ Update
FIGURE 4-9 EIGRP discovery and route exchange
■ Query
■ Reply
EIGRP DUAL
Packet that do not are as follows: The lowest-cost route is calculated by adding the cost between the
■ Hello next-hop router and the destination (advertised distance [AD]) and the
cost between the local router and the next hop. This sum is referred to
■ Ack as the feasible distance (FD).

Neighbor reset after retry limit (16) is reached. Slow neighbors are sent A successor is a neighboring router that the local router has selected to
unicast packets instead. forward packets to the destination. Multiple successors can exist if they
have equal-cost paths.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 72 Return to Table of Contents

[ 71 ]

CHAPTER 4 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

The next-hop router for a backup path is called the feasible successor. the command considers the network listed in that command as the last-
To qualify as a feasible successor, a next-hop router must have an AD resort gateway. You should define the default route using a static route
less than the FD of the current successor route. More than one feasible to ensure it is advertised.
successor can exist.

The feasible successor means that a new path can be selected without Verification
recalculation and is a major advantage in EIGRP for convergence.
A command that deserves some elaboration is the show ip eigrp
Remember, EIGRP acts classful by default and automatically summa- topology command. The codes in the output are as follows:
rizes on major network boundaries. You typically want to disable this
■ Passive—This network is available, and installation can occur in
feature with the no auto-summary router configuration command.
the routing table.
■ Active—This network is currently unavailable, and installation
Configuring EIGRP cannot occur in the routing table.
To enable EIGRP, use the following global configuration command: ■ Update (U)—Applies if a network is being updated (placed in an
router eigrp autonomous-system-number update packet); this code also applies if the router is waiting for an
acknowledgment for this update packet.
To identify the interfaces participating in EIGRP, use the following ■ Query (Q)—Applies if an outstanding query packet exists for this
router configuration command: network other than being in the active state; also applies if the
network network-number [wildcard-mask] router is waiting for an acknowledgment for a query packet.
■ Reply (R)—Applies if the router is generating a reply for this
network or is waiting for an acknowledgment for the reply packet.
Using the default-network Command
■ Stuck in active (SIA) status—Signifies an EIGRP convergence
Using the default-network command, you can configure a default problem for the network with which it is associated.
route for the EIGRP process so that it propagates to other EIGRP
routers within the same autonomous system. A router configured with

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 73 Return to Table of Contents

[ 72 ]

CHAPTER 4 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

EIGRP route summarization You set the variance to a number from 1 to 128. The default is 1, which
indicates equal-cost load balancing. The multiplier defines the range of
EIGRP performs auto-summarization by default. You can enable
metric values that are accepted for load balancing by the EIGRP process.
manual summarization. Keep the following in mind about manual
summarization: For example, if you want load balancing to occur between two links,
and one has a metric of 1000 and the other has a metric of 2000, you
■ Summarization is configurable on a per-interface basis in any
need to set the variance to 2 to cause load balancing between the two
router within a network.
links.
■ When summarization is configured on an interface, the router
immediately creates a route pointing to null0. This is a loop-
prevention mechanism. Bandwidth utilization
■ When the last specific route of the summary goes away, the By default, EIGRP uses up to 50 percent of the bandwidth of an inter-
summary is deleted. face or subinterface, which is set with the bandwidth parameter. This
percentage can be changed on a per-interface basis by using the ip
■ The minimum metric of the specific routes is used as the metric of
bandwidth-percent eigrp nnn interface configuration command. In
the summary route. this command, nnn is the percentage of the configured bandwidth that
EIGRP can use. This percentage can be greater than 100. This is useful
To disable auto-summarization, use the no auto-summary command in if the bandwidth is configured artificially low for routing policy
EIGRP router configuration mode. Use the ip summary-address eigrp reasons.
interface command to manually create a summary route at an arbitrary
network boundary within an EIGRP domain.
EIGRP stub routing
Often used in a hub-and-spoke topology. Only routes you specify are
Unequal-cost load balancing
propagated from the stub router. The stub router responds to all queries
The degree to which EIGRP performs load balancing is controlled with with the message “inaccessible.” A router that is configured as a stub
the variance command. sends a special peer information packet to all neighboring routers to
report its status as a stub router. Nonstub routers do not query stub
routers. The stub routing feature by itself does not prevent routes from

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 74 Return to Table of Contents

[ 73 ]

CHAPTER 4 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

being advertised to the stub router. You must configure the summariza- Using a distribute list with redistribution helps prevent route feedback.
tion or default route behavior. To configure the stub router, use the Route feedback occurs when routes originally learned from one routing
following router configuration command: protocol get redistributed back into that protocol. Route feedback can
help lead to routing loops caused by redistribution.
eigrp stub [receive-only | connected | static | summary]

The optional keywords with this command control which routes the
router advertises to its nonstub peers. Route maps
Route maps are complex access lists that allow conditions to be tested
against a packet or route using the match commands. If the conditions
Route Filtering and Policy match, actions can be taken to modify attributes of the packet or route.
These actions are specified by set commands.
Routing
Several of the more common applications for route maps are as
follows:
Distribute lists
■ Route filtering during redistribution
You can filter routing update traffic for any protocol by defining an
access list and applying it to a specific routing protocol. You use the ■ Policy-based routing (PBR)
distribute-list command and link it to an access list to complete the ■ Network Address Translation (NAT)
filtering of routing update traffic.
■ Implementing BGP policies
For outbound traffic, the appropriate router configuration mode
command is as follows: To define the route map conditions and set the sequence number of
distribute-list {access-list-number | name} out [interface- route map lines, use the following global configuration mode
name | routing-process | [autonomous-system number]] commands:
route-map map-tag [permit | deny] [sequence-number]
For inbound traffic, the appropriate router configuration command is as
follows:
distribute-list {access-list-number | name} in [type number]]

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 75 Return to Table of Contents

[ 74 ]

CHAPTER 4 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

To define the conditions to match, use the following command: Redistribution
match {conditions} Although redistribution between certain protocols has unique concerns
and characteristics, the following generic steps apply to all routing
To define the actions to be taken, use the following command: protocol combinations:
set {actions}
Step 1. Locate the boundary router that requires configuration of
redistribution.
Step 2. Determine which routing protocol is the core or backbone
Policy routing
protocol.
PBR enables you to implement policies that selectively cause packets to
take different paths; this allows you to vary from the typical destination- Step 3. Determine which routing protocol is the edge or short-term
based approach of IP. For example, you can easily configure routes to protocol.
flow based on source address information. You can also mark traffic Step 4. Select a method for injecting the required edge protocol
with different type of service (ToS) configurations. You implement routes into the core.
PBR through the use of route maps to implement policy.
Use the following router configuration command to redistribute routes
To identify a route map to use for PBR on an interface, use the follow- into RIP:
ing command:
redistribute protocol [process-id] [match route-type]
ip policy route-map map-tag [metric metric-value] [route-map map-tag]

PBR must be configured before PBR fast switching can be enabled. Use the following command to redistribute routes into OSPF:
Fast switching of PBR is disabled by default. To configure fast- redistribute protocol [process-id] [metric metric-value]
switched PBR, use the ip route-cache policy command in interface [metric-type type-value] [route-map map-tag] [subnets]
configuration mode. [tag tag-value]

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 76 Return to Table of Contents

[ 75 ]

CHAPTER 4 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Use the following command to redistribute routes into EIGRP:
redistribute protocol [process-id] [match {internal | external
1 | external 2}] [metric metric-value] [route-map map-tag]

Use the following command to redistribute routes into IS-IS:
redistribute protocol [process-id] [level level-value] [metric
metric-value] [metric-type type-value] [route-map map-tag]

Route tagging
Various routing protocols support tag fields. This tag field provides a
location where additional information about a route can be stored. This
field is commonly used to identify the autonomous system from which
a route was obtained when a route is learned from a different
autonomous system.
Route tagging enables you to customize routing and maintain flexible
policy controls.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 77 Return to Table of Contents

[ 76 ]

CHAPTER 5 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

You have two categories of QoS tools: Integrated Services (IntServ)
Quality of Service (QoS) and Differentiated Services (DiffServ). IntServ provides QoS by guar-
anteeing treatment to a particular traffic flow. A commonly used
IntServ tool is RSVP (Resource Reservation Protocol).
Introduction As the name suggests, DiffServ differentiates (that is, classifies)
Voice, video, and data travel side by side over today’s converged between different types of traffic and provides different levels of
networks. Some of these traffic types (for example, VoIP) need better service based on those distinctions. Instead of forcing every network
treatment (that is, higher priority) than other types of traffic (for device to classify traffic, DiffServ can mark packets with a particular
example, FTP). Fortunately, Cisco offers a suite of QoS tools for priority marking that can be referenced by other network devices.
providing special treatment for special traffic.
In the absence of QoS, traffic might suffer from one or more of the
following symptoms: ToS and IP Precedence
Packet marking can be accomplished by altering bits in an IPv4
■ Delay (latency)—Excessive time required for a packet to traverse header’s ToS byte. Two common markings that use the ToS byte are IP
the network Precedence and Differentiated Services Code Point (DSCP).
■ Delay variation (jitter)—The uneven arrival of packets, which in
IP Precedence is an older approach than DSCP and uses the 3 leftmost
the case of VoIP can be interpreted by the listener as dropped
bits in the ToS byte. With 3 bits to use, IP Precedence values can range
voice packets
from 0 to 7. Cisco recommends that IP Precedence values 6 and 7
■ Packet loss—Dropping packets, especially problematic for User never be used because they are reserved for network use.
Datagram Protocol (UDP) traffic (for example, VoIP), which does
Cisco IOS Software accepts either an IP Precedence number or its
not retransmit dropped packets
equivalent name, as shown in the following table.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 78 Return to Table of Contents

[ 77 ]

CHAPTER 5 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

IP Precedence Value Name
ToS
byte
0 Routine
1 Priority Inside an IPv4 header is a Type of
Service (ToS) byte. The 3 left most
2 Immediate bits in that byte can be used to
mark the packet with an IP Precedence
value (0–7). Alternately, the 6 left-
3 Flash 1 2 3 4 5 6 7 8 most bits in the ToS byte can be used
to mark the packet with a DSCP
value (0–63).
4 Flash-override
5 Critical IP Precedence
6 Internet
7 Network
DSCP

FIGURE 5-1 Layer 3 packet markings

When configuring a router to mark or recognize a DSCP value, the
Differentiated Services decimal number itself can be used. However, a more convenient
Code Point method is to use the name of specific DSCP values. Assured
Differentiated Services Code Point (DSCP) uses the 6 leftmost bits in Forwarding (AF) PHBs are typically used to identify different levels of
an IPv4 header’s ToS byte. With 6 bits at its disposal, DSCP has up to priority for data applications. For latency-sensitive applications,
64 DSCP values (0 to 63) assigned to various classes of traffic. With so however, the Expedited Forwarded (EF) PHB can be used. A listing of
many values to select from, to maintain relative levels of priority commonly used PHB names and their corresponding DSCP values is
among routers, the IETF recommends selected DSCP values for use. shown in the following table.
These values, called Per-Hop Behaviors (PHB), determine how
packets are treated at each hop along the path from the source to
the destination.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 79 Return to Table of Contents

[ 78 ]

CHAPTER 5 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

PHB Low Drop Medium Drop High Drop
Preference Preference Preference Class of Service
Class 1 AF11 (10) AF12 (12) AF13 (14)
While an IP header’s ToS byte can be used for Layer 3 markings, a
class of service (CoS) marking can be used for Layer 2 markings.
Class 2 AF21 (18) AF22 (20) AF23 (22) Specifically, CoS markings are applied to frames crossing an IEEE
Class 3 AF31 (26) AF32 (28) AF33 (30) 802.1Q or an Inter-Switch Link (ISL) trunk. Regardless of the trunk
Class 4 AF41 (34) AF42 (36) AF43 (38) type, CoS markings use 3 bits. So, like IP Precedence, CoS values
EF (46) range from 0 through 7, and again, values 6 and 7 are reserved.

Notice that the AF PHBs are grouped into four classes. Examining
these DSCP values in binary reveals that the 3 leftmost bits of all the Network-Based Application
Class 1 AF PHBs are 001 (that is, a decimal value of 1), the 3 leftmost
bits of all the Class 2 AF PHBs are 010 (that is, a decimal value of 2),
Recognition
the 3 leftmost bits of all the Class 3 AF PHBs are 011 (that is, a Cisco offers multiple approaches to identify packets to mark. For
decimal value of 3), and the 3 leftmost bits of all the Class 4 AF PHBs example, packets could be classified and marked if they match a partic-
are 100 (that is, a decimal value of 4). Because IP Precedence examines ular access list or if they came into a router on a particular interface.
these 3 leftmost bits, all Class 1 DSCP values would be interpreted by However, one of the most powerful Cisco IOS tools for performing
an IP Precedence–aware router as an IP Precedence value of 1. The packet classification is Network-Based Application Recognition
same applies to the Class 2, 3, and 4 PHB values. (NBAR). NBAR can look beyond Layer 4 information, all the way up
to the application layer, where NBAR can recognize such packet attrib-
In a similar fashion, the 3 leftmost bits of the EF PHB are 101 (that is, utes as character strings in a URL.
a decimal value of 5). Therefore, the EF PHB would be interpreted by
an IP Precedence–aware router as an IP Precedence of 5, the highest IP NBAR is accomplished using the MQC, the Modular QoS (quality of
Precedence value that we should assign. Because of these associations service) CLI (command-line interface). This tool is shown later in this
that exist between DSCP markings and IP Precedence, DSCP is said to section. NBAR is used in a class map to identify traffic. The match
be “backward compatible” with IP Precedence. protocol keywords are used to trigger NBAR, as follows:
class-map IDENTIFY_HTTP
match protocol http

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 80 Return to Table of Contents

[ 79 ]

CHAPTER 5 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

■ Custom queuing—A legacy queuing approach that services up to
Queuing Techniques 16 queues in a round-robin fashion, emptying a specified number
Just marking a packet does not change its operation, unless QoS tools of bytes from each queue during each round-robin cycle
are enabled that can reference that marking. Fortunately, multiple QoS
tools can make forwarding or dropping decisions based on these mark- ■ Class-based weighted fair queuing (CBWFQ)—Very similar to
ings. Queuing techniques are often referred to as congestion manage- LLQ, with the exception of having no priority queuing mechanism
ment tools. ■ IP RTP priority—A legacy queuing approach for voice traffic
Queuing tools decide how packets are emptied from an interface’s that placed a range of UDP ports in a priority queue, with all other
output queue. Several queuing tools are available in the Cisco IOS packets treated with WFQ
Software:
Weighted fair queuing (WFQ) is enabled by default on slow-speed
■ First-In, First-Out (FIFO)—The default queuing mechanism on interfaces (that is, 2.048 Mbps and slower). WFQ allocates a queue for
high-speed interfaces (that is, greater than 2.048 Mbps), which each flow, for as many as 256 flows by default. WFQ uses IP
does not reorder packets Precedence values to provide a weighting to fair queuing (FQ). When
■ Weighted Fair Queuing (WFQ)—The default queuing mecha- emptying the queues, FQ, sometimes called “flow-based queuing,” does
nism on low-speed interfaces, which makes forwarding decisions “byte-by-byte” scheduling. Specifically, FQ looks 1 byte deep into each
based on a packet’s size and Layer 3 priority marking queue to determine whether an entire packet can be sent. FQ then looks
another byte deep into the queue to determine whether an entire packet
■ Low latency queuing (LLQ)—The preferred queuing method for can be sent. As a result, smaller traffic flows and smaller packet sizes
voice and video traffic, where traffic can be classified in up to 64 have priority over bandwidth-hungry flows with large packets.
different classes, with different amounts of bandwidth given to
each class; includes the ability to give priority treatment to one or In the following example, three flows simultaneously arrive at a queue.
more classes Flow A has three packets, which are 128 bytes each. Flow B has a
single 96-byte packet. Flow C has a single 70-byte packet. After 70
■ Priority queuing—A legacy queuing approach with four queues,
byte-by-byte rounds, FQ can transmit the packet from flow C. After an
where higher-priority queues must be emptied before forwarding
additional 26 rounds, FQ can transmit the packet from flow B. After an
traffic from any lower-priority queues
additional 32 rounds, FQ can transmit the first packet from flow A.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 81 Return to Table of Contents

[ 80 ]

CHAPTER 5 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Another 128 rounds are required to send the second packet from flow Cisco IOS Software, the formula for weight is WEIGHT = 32768/(IP
A. Finally, after a grand total of 384 rounds, the third packet from flow Prec. + 1). Using the pre-Cisco IOS Release 12.0(5)T formula, the
A is transmitted. sequence numbers are as follows:

128 Bytes 128 Bytes 128 Bytes
A1 = 4096 / (5 + 1) * 128 = 87,381
A3 A2 A1 A2 = 4096 / (5 + 1) * 128 + 87,381 = 174,762
96 Bytes
A3 = 4096 / (5 + 1) * 128 + 17,4762 = 262,144
B1 A3 A2 A1 B1 C1

70 Bytes
B1 = 4096 / (0 + 1) * 96 = 393,216
C1 C1 = 4096 / (0 + 1) * 70 = 286,720
Output Queue
IP Prec.
128 Bytes 128 Bytes 128 Bytes
FIGURE 5-2 Fair queuing A3 A2 A1
5

With WFQ, a packet’s IP Precedence influences the order in which it is 96 Bytes
0 B1 B1 C1 A3 A2 A1
emptied from a queue. Consider the previous scenario with the addition
70 Bytes
of IP Precedence markings. In this scenario, flow A’s packets are
0 C1
marked with an IP Precedence of 5, whereas flow B and flow C have
default IP Precedence markings of 0. The order of packet servicing Output Queue
Sequence Number* = 4096/(IP Prec. + 1)
with WFQ is based on “sequence numbers,” where packets with the * In IOS 12.0(5)T and later, the Sequence Number = 32768/(IP Prec. + 1).
lowest sequence numbers are emptied first.
FIGURE 5-3 Weighted fair queuing
The sequence number is the “weight” of the packet multiplied by the
number of byte-by-byte rounds that must be completed to service the Therefore, after the weighting is applied, WFQ empties packets from
packet (that is, just as in the FQ example). The Cisco IOS Software the queue in the following order: A1—A2—A3—C1—B1. With only
calculates a packet’s weight differently depending on the Cisco IOS FQ, packets are emptied from the queue in the following order: C1—
version. Before Cisco IOS Release 12.0(5)T, the formula for weight B1—A1—A2—A3.
was WEIGHT = 4096/(IP Prec. + 1). In more recent versions of the

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 82 Return to Table of Contents

[ 81 ]

CHAPTER 5 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Custom queuing (CQ) enhances some of the characteristics of WFQ by In the preceding example, 1500 bytes are emptied from queue 1 and
allowing the administrator to specify which traffic goes into a particular from queue 2 during each round-robin cycle, and 3000 bytes are
queue. Also, a “weight” can be assigned to each of the queues, which emptied from queue 3 during each round-robin cycle. Therefore, a
specifies how many bytes are emptied from a queue during each round- bandwidth percentage for each traffic type can be calculated as follows:
robin servicing of the queues. Consider the following custom queuing
Total number of bytes serviced during each round-robin cycle = 1500
example:
+ 1500 + 3000 = 6000
Router(config)#queue-list 1 protocol ip 1 tcp www
Percentage of bandwidth for World Wide Web traffic = 1500/6000 =
Router(config)#queue-list 1 protocol ip 2 tcp telnet
.25 = 25 percent
Router(config)#queue-list 1 default 3
Router(config)#queue-list 1 queue 1 byte-count 1500 limit 512 Percentage of bandwidth for Telnet traffic = 1500/6000 = .25 = 25
Router(config)#queue-list 1 queue 2 byte-count 1500 limit 512 percent
Router(config)#queue-list 1 queue 3 byte-count 3000 limit 512 Percentage of bandwidth for default traffic = 3000/6000 = .5 = 50
! percent
Router(config)#interface serial 0/1
Router(config-if)#bandwidth 128 CQ does, however, have a “deficit” issue. Specifically, when CQ is
Router(config-if)#custom-queue-list 1 emptying bytes from a queue, it cannot send a partial packet. Consider
a situation in which two packets are in queue 1, a 1499-byte packet and
In the preceding example, a queue list (numbered 1) is defined. The a 1500-byte packet. Queue 1 is configured to forward 1500 bytes per
queue list specifies that World Wide Web traffic goes in queue 1. Telnet round. After the 1499-byte packet is transmitted, the 1500-byte level
traffic goes in queue 2, and other traffic (that is, default traffic) goes in has not yet been reached. CQ therefore sends the following packet.
queue 3. CQ services these queues in a round-robin fashion. As CQ Because CQ cannot send a partial packet, it sends the entire 1500-byte
empties the queues, the number of bytes emptied from each queue is packet. As a result, even though queue 1 was configured to send only
influenced with the byte-count option seen in the example. The 1500 bytes per round, in this example, 2999 bytes were forwarded.
number of packets that can be placed in a particular queue can also be
specified with the limit option. In the preceding example, each queue On the Cisco 12000 series of routers, this deficit issue is overcome with
can accommodate 512 packets. Finally, the queue list is applied to MDRR (Modified Deficit Round Robin). MDRR keeps track of the
interface serial 0/1.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 83 Return to Table of Contents

[ 82 ]

CHAPTER 5 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

extra bytes sent and adjusts how many bytes can be sent in subsequent priority to specific traffic, it can lead to protocol starvation. Consider
rounds. MDRR can operate in either of two modes: the following PQ example:
■ Strict priority—Defines a priority queue that must be completely Router(config)#priority-list 1 protocol ip high tcp www

empty before any other traffic is sent. Router(config)#priority-list 1 protocol ip medium tcp telnet
Router(config)#priority-list 1 default low
■ Alternate priority—Is a “low-latency queue” that alternates with !
each of the other queues so that traffic is not “starved out.” For Router(config)#interface serial 0/1
example, consider queues 1, 2, and 3, where queue 1 is a low- Router(config-if)#priority-group 1
latency queue. With alternate priority mode, the queues would be
In the preceding example, a priority list (numbered 1) is created. The
serviced as follows: 1, 2, 1, 3, 1.
priority list specifies that World Wide Web traffic goes in the “high”
queue. Telnet traffic goes in the “medium” queue, and all other traffic
Also, with DRR queuing, the number of bytes transmitted in one round
(that is, default traffic) goes in the “low” queue.
is defined as maximum transmission unit (MTU) + (weight – 1) * 512.
This number of bytes is transmitted from a queue, or until the queue is The priority-list is then applied to interface Serial 0/1. The potential for
empty. If more than this number of bytes is sent, to finish servicing a protocol starvation exists, because if at any time you have World Wide
packet that had already started to be serviced, the DRR remembers this Web packets in the “high” queue, none of the packets from lower prior-
deficit, and in the next round, the deficit is subtracted from the number ity queues are forwarded until all of the World Wide Web packets have
of bytes to service from the queue. been forwarded.
Priority queuing (PQ) can give “strict” priority to latency-sensitive IP Real-time Transport Protocol (RTP) priority combines some of the
applications (for example, e-commerce applications). PQ gives priority best aspects of PQ and WFQ. Specifically, IP RTP priority allows a
to specific packets by placing those packets in a “high”-priority queue. range of UDP ports to be placed in a priority queue, while all other
Other packets are placed in a “medium,” “normal,” or “low” queue. packets are treated with WFQ. Therefore, VoIP packets, which use
However, if any packets are in the high queue, none of the packets in UDP ports, can be assigned to the priority queue. Fortunately, to
lower-priority queues are sent. Similarly, when packets are in the prevent protocol starvation, a bandwidth limit is set for the priority
“medium” queue, no packets are sent from the “normal” or “low”
queues. Although this approach does accomplish the goal of giving

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 84 Return to Table of Contents

[ 83 ]

CHAPTER 5 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

queue. IP RTP priority is configured using the following interface The first step of MQC is to create class maps, which categorize traffic
configuration mode command: types. The following command enters class map configuration mode:
Router(config-if)#ip rtp priority starting-udp-port Router(config)#class-map [match-any | match-all] class name
port-number-range bandwidth
Once in class map configuration mode, multiple match statements can
Note that the port-number-range is not the last port number in the be used to match traffic, and all traffic meeting the criteria specified by
range. Rather, it is the number of ports in the range. For example, the the match command is categorized under the class map. If multiple
following command specifies that 64 kbps of bandwidth should be match statements are specified, by default all match statements must
made available for packets using UDP ports in the range 16,384 be met before a packet is classified by the class map. However, by
through 32,767: using the match-any option, if any individual match condition is met,
Router(config-if)#ip rtp priority 16384 16383 64
the packet is classified by the class map.

After the class maps are defined, the first step of MQC is complete.
Notice that the sum of the starting-udp-port and the port-number-range
The second step is to create a policy map to assign characteristics (for
equals the last UDP port number in the range (that is, 16,384 + 16,383
example, marking) to the classified traffic.
= 32,767). The main drawback of IP RTP priority is its inability to
place TCP ports in the priority queue. As an example, H.323 call setup To enter policy map configuration mode, issue the following command:
uses TCP ports. These call setup packets, however, cannot be placed in
Router(config)#policy-map policy name
a priority queue using IP RTP priority.
From policy map configuration mode, enter policy-map-class configu-
ration mode with this command:
CBWFQ and LLQ Router(config-pmap)#class class name
With modern versions of the Cisco IOS Software, Cisco recommends
CBWFQ or LLQ approaches to queuing. Both methods are configured
using MQC.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 85 Return to Table of Contents

[ 84 ]

CHAPTER 5 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

From policy-map-class configuration mode, QoS policies can be command. Voice packets are placed in the VOICE class. The
assigned to traffic classified by the class map. Finally, in the third step, CCIESTUDY policy map gives 128 kbps of bandwidth to the HTTP
the policy map is applied to an interface, Frame Relay map class, or traffic while giving 256 kbps of priority bandwidth to voice traffic.
ATM virtual circuit with this command: The policy map is then applied outbound to interface serial 0/1.
Router(config-if)#service-policy {input | output} policy map
name
Weighted RED
Here is an LLQ example that illustrates the MQC approach: The purpose of Weighted Random Early Detection (WRED) is to
Router(config)#class-map SURFING prevent an interface’s output queue from filling to capacity, because if
Router(config-cmap)#match protocol http a queue is completely full, all newly arriving packets are discarded.
Router(config-cmap)#exit Some of those packets might be high priority, and some might be low
Router(config)#class-map VOICE priority. However, if the queue is full, no room exists for any packet.
Router(config-cmap)#match protocol rtp WRED is referred to as a congestion-avoidance QoS tool. It can also
Router(config-cmap)#exit prevent a problem called global synchronization, in which all TCP
Router(config)#policy-map CCIESTUDY
senders back off as packets at a full queue are dropped, and then all
Router(config-pmap)#class SURFING
senders begin to increase the amount of traffic sent, until another
Router(config-pmap-c)#bandwidth 128
synchronized back-off is triggered. Global synchronization results in
Router(config-pmap-c)#exit
Router(config-pmap)#class-map VOICE
poor utilization of interface bandwidth.
Router(config-pmap-c)#priority 256 With a congestion-avoidance tool, drop thresholds are defined for
Router(config-pmap-c)#exit
various markings (for example, DSCP markings). Therefore, as a queue
Router(config-pmap)#exit
begins to fill, lower-priority packets are dropped more aggressively
Router(config)#interface serial 0/1
than higher-priority packets, thus preventing the queue from ever filling
Router(config-if)#service-policy output CCIESTUDY
to capacity. The Cisco congestion-avoidance tool of choice is WRED.
In the preceding example, NBAR is being used to recognize HTTP WRED can be configured in interface configuration mode. However, an
traffic, and that traffic is placed in the SURFING class. Note that MQC approach is also supported. Three parameters that can be config-
NBAR is invoked with the Router(config-cmap)# match protocol ured for each IP Precedence value or DSCP value include the minimum

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 86 Return to Table of Contents

[ 85 ]

CHAPTER 5 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

threshold, maximum threshold, and mark probability denominator. The When configuring WRED, the Cisco IOS Software automatically
minimum threshold specifies the number of packets in a queue before assigns default values to these parameters. However, these parameters
the queue considers discarding packets having a particular marking. can be altered, and the marking WRED pays attention to (that is, IP
The probability of discard increases until the queue depth reaches the Precedence or DSCP) can be specified. Following is the syntax to
maximum threshold. After a queue depth exceeds the maximum thresh- enable WRED in interface configuration mode:
old, all other packets with a particular marking that attempt to enter the
random-detect [dscp-based | prec-based]
queue are discarded. However, the probability of packet discard when
the queue depth equals the maximum threshold is 1 / (mark probability If neither dscp-based nor prec-based is specified, WRED defaults to
denominator). For example, if the mark probability denominator were prec-based. Following is the syntax to specify WRED parameters for
set to 10, when the queue depth reached the maximum threshold, the both IP Precedence values and DSCP values:
probability of discard for the specified marking would be 1 / 10 (that is,
random-detect precedence
a 10 percent chance of discard).
random-detect dscp

To specify WRED parameters for a specific class of traffic, using the
MQC approach, the exact commands just shown can be entered in
Max. threshold for IP Prec. 0 and 3
policy-map-class configuration mode.
As an output queue begins
to fill to capacity, WRED can To reinforce this syntax, consider the following example, where the
discard lower-priority packets
more aggressively than higher- goal is to configure WRED on interface ethernet 0/0. After the output
priority packets.
Min. threshold for IP Prec. 3 queue depth reaches 25 packets, the possibility is introduced that a
Min. threshold for IP Prec. 0 DSCP value of AF13 be discarded. Packets marked with a DSCP value
of AF12 should not be discarded until the queue depth reaches 30
packets. Finally, packets marked with a DSCP value of AF11 should
Output queue not have any chance of discard until the queue depth reaches 35 packets.
If the queue depth exceeds 100 packets, there should be a 100 percent
FIGURE 5-4 Weighted Random Early Detection (WRED)
chance of discard for these three DSCP values. However, when the
queue depth is exactly 100 packets, the percent chance of discard for
these various packet types should be 25 percent.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 87 Return to Table of Contents

[ 86 ]

CHAPTER 5 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Router(config)#interface ethernet 0/0 ment to frames in that queue. Specifically, the expedite queue must be
Router(config-if)#random-detect dscp-based empty before any additional queues are serviced. This behavior can
Router(config-if)#random-detect dscp af13 25 100 4 lead to protocol starvation.
Router(config-if)#random-detect dscp af12 30 100 4
Router(config-if)#random-detect dscp af11 35 100 4 Following is an example of a WRR configuration:
Switch(config)#interface gig 0/5
Examine the solution, and notice that the mark probability denominator
Switch(config-if)#wrr-queue bandwidth 1 2 3 4
is 4. This value was chosen to meet the requirement that there be a 25
Switch(config-if)#wrr-queue cos-map 4 5
percent chance of discard when the queue depth equals the maximum
threshold (that is, 1 / 4 = .25). Also, notice that a DSCP value of AF13 In the preceding example, the wrr-queue command assigns the weights
is dropped before a DSCP value of AF12, which is dropped before a 1, 2, 3, and 4 to the switch’s four queues. The first queue, with a weight
DSCP value of AF11. This approach is consistent with the definition of of 1, gets only one-third the bandwidth given to the third queue, which
these PHBs, because the last digit in the AF DSCP name indicates its has a weight of 3. The wrr-queue cos-map command instructs frames
drop preference. For example, a value of AF13 would drop before a marked with a CoS of 5 to enter the fourth queue.
value of AF12.

Shaping Versus Policing
WRR/Queue Scheduling While some of the congestion-management techniques can guarantee
Some Cisco Catalyst switches also support their own queuing method, bandwidth amounts, you might want to limit bandwidth usage in some
called weighted round robin (WRR). For example, a Catalyst 2950 situations. For example, you might need to prevent oversubscription of
switch has four queues, and WRR can be configured to place frames a link. Two categories of traffic conditioning exist:
with specific CoS markings in certain queues (for example, CoS values
0 and 1 are placed in queue 1). ■ Policing—Limits traffic rates, with excess traffic being dropped

Weights can be assigned to the queues, influencing how much band- ■ Shaping—Limits traffic rates, with excess traffic being delayed
width the various markings receive. The queues are then serviced in a (that is, buffered)
round-robin fashion. On some platforms, one of the switch’s queues
can be designated as an “expedite” queue, which gives priority treat-

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 88 Return to Table of Contents

[ 87 ]

CHAPTER 5 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

As seen in the preceding description, shaping buffers excess traffic, (DLCI). Other queuing methods, such as PQ, CQ, or WFQ, can be
whereas policing drops excess traffic. These characteristics suggest that applied to traffic after GTS shapes it. However, GTS uses WFQ in its
policing is more appropriate on high-speed interfaces, whereas shaping shaping queue.
is more appropriate on low-speed interfaces.
A modern approach to policing is Class-Based Policing (CB-Policing),
For policing and shaping tools to limit bandwidth, they don’t transmit which uses the previously described MQC process. The goal of the
all the time. Specifically, they send a certain number of bits or bytes at following CB-Policing example is to limit outgoing web traffic to 100
line rate, and then they stop sending until a specific timing interval (for kbps and Telnet traffic to 50 kbps on interface ethernet 0/0.
example, one-eighth of a second) is reached. When the timing interval g
Router A Router B
is reached, the interface again sends a specific amount of traffic at line
E 0/0
rate, it stops, and it waits for the next timing interval. This process
repeats over and over, allowing an interface to send an average band- HTTP (100 kbps max)
width that might be below the physical speed of the interface. Telnet (50 kbps max)

Both policing and shaping configurations can specify a committed
FIGURE 5-5 CB-Policing
information rate (CIR), committed burst (Bc), and excess burst (Be).
RouterA(config)#class-map WEB
The CIR is the average number of bits sent during 1 second. The Bc RouterA(config-cmap)#match protocol http
indicates how many bits or bytes can be sent at line rate during a RouterA(config-cmap)#exit
timing interval. The Be allows more than Bc bits or bytes to be sent RouterA(config)#class-map TELNET
during a timing interval if some bits or bytes were unused during a RouterA(config-cmap)#match protocol telnet
previous timing interval. RouterA(config-cmap)#exit
RouterA(config)#policy-map POLICING_EXAMPLE
While policing and shaping can be configured using the MQC method RouterA(config-pmap)#class WEB
previously described, legacy methods include committed access rate RouterA(config-pmap-c)#police 100000
(CAR) for policing, Generic Traffic Shaping (GTS) for shaping, and RouterA(config-pmap-c)#exit
Frame Relay Traffic Shaping (FRTS) for shaping. GTS can be applied RouterA(config-pmap)#class-map TELNET
to an interface or a subinterface, and FRTS can be applied to an inter- RouterA(config-pmap-c)#police 50000
face, subinterface, or Frame Relay data-link connection identifier RouterA(config-pmap-c)#exit

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 89 Return to Table of Contents

[ 88 ]

CHAPTER 5 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

RouterA(config-pmap-c)#exit RouterA(config-pmap)#class HTTP
RouterA(config-pmap)#exit RouterA(config-pmap-c)#shape average 256000
RouterA(config)#interface ethernet 0/0 RouterA(config-pmap-c)#bandwidth 128
RouterA(config-if)#service-policy output POLICING_EXAMPLE RouterA(config-pmap-c)#exit
RouterA(config-pmap)#exit
Shaping can also be configured using this MQC approach. When RouterA(config)#interface serial 0/0
configuring CB-Shaping, traffic can be shaped to either “average” or RouterA(config-if)#service-policy output WEB
“peak.” If shape average is specified, traffic is sent at the CIR, with
bursting of Be bits per timing interval allowed. If shape peak is speci-
fied, the router attempts to forward traffic at the peak rate: Peak Rate =
CIR * (1 + Be/Bc). The shaping to peak method can result in occa-
Link-Efficiency Tools
sional packet loss, requiring retransmission. As a final category of QoS tools, consider how to make the most of the
often-limited bandwidth on WAN links. Data could be compressed
In the following CB-Shaping example, CBWFQ is combined with CB- before it is sent, or large payloads could be fragmented, so that smaller
Shaping to specify that HTTP traffic can have at least 128 kbps but no payloads could be interleaved among those fragments to prevent exces-
more than 256 kbps as the packets exit the serial 0/0 interface. Note sive serialization delay (the time it takes for packets to exit an interface).
that the units of measure for the CIR are in bits per second. This approach is referred to as link fragmentation and interleaving
(LFI). The category of tools under which compression and LFI fall is
Router A
called link-efficiency tools. First, consider header compression.
IP WAN s 0/0
One way to preserve bandwidth on the WAN is to compress the TCP
HTTP (128 kbps Min/256 kbps Max)
and UDP headers. However, this “compression” does not actually run
any sort of compression algorithm. Instead, header compression lever-
ages the fact that most of the information in a packet’s header does not
FIGURE 5-6 CB-Shaping and CB-WFQ
change during the session. For example, the source and destination IP
RouterA(config)#class-map HTTP
addresses usually remain the same during the session. Likewise, the
RouterA(config-cmap)#match protocol http
source and destination TCP/UDP port numbers typically do not vary
RouterA(config-cmap)#exit
during the session. Therefore, information that does not change during
RouterA(config)#policy-map WEB
the session is cached in the routers at each end of a link. A much

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 90 Return to Table of Contents

[ 89 ]

CHAPTER 5 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

slimmed-down header contains things such as the session context ID Notice the optional passive keyword in the preceding commands.
(CID), which identifies the particular flow that the packet is associated When the passive keyword is specified, these interfaces send
with, and perhaps a checksum is sent as a compressed header. The compressed headers only if they receive compressed headers.
routers at each end of the link combine the compressed header with the
cached header to generate a standard header, which is applied to a In the following configuration example, routers R1 and R2 are inter-
packet before sending the packet to the destination. connected using their serial 0/0 interfaces. The goal is to configure
cRTP between the routers.
Following is the syntax to configure TCP header compression in inter-
R1 R2
face configuration mode for both PPP or High-level Data Link Control s 0/0
s 0/0
(HDLC) links and Frame Relay circuits:
ip tcp header-compression [passive]—Enables TCP header
compression on a PPP or HDLC interface
frame-relay ip tcp header-compression [passive]—Enables TCP Passive cRTP

header compression on a Frame Relay interface FIGURE 5-7 RTP Header Compression
Voice is carried by the RTP, which is encapsulated inside UDP. When R1(config)#interface serial 0/0
combined, the IP, UDP, and RTP headers on voice packets total approx- R1(config-if)#ip rtp header-compression passive
imately 40 bytes in size. However, after enabling RTP Header
Compression (cRTP), the header size is reduced to approximately 2 to R2(config)#interface serial 0/0
4 bytes, thus permitting more voice calls on a WAN link. Following is R2(config-if)#ip rtp header-compression
the syntax to configure RTP header compression in interface configura-
tion mode for PPP, HDLC, or Frame Relay circuits: Note that only one side of the link uses the passive keyword. If both
sides are set to be passive, cRTP does not occur, because neither side of
ip rtp header-compression [passive]—Enables RTP header the link ever sends compressed headers.
compression on a PPP or HDLC interface
To reduce the latency experienced by a large packet exiting an interface
frame-relay ip rtp header-compression [passive]—Enables RTP
(that is, serialization delay), Multilink PPP (MLP) can be used in a PPP
header compression on a Frame Relay interface
environment, and FRF.12 can be used in a VoIP over Frame Relay envi-
ronment. First, consider MLP.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 91 Return to Table of Contents

[ 90 ]

CHAPTER 5 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Multilink PPP, by default, fragments traffic. This characteristic can be In the following example, the goal is to configure MLP on routers R1
leveraged for QoS purposes, and MLP can be run even over a single and R2 so that they have a serialization delay of 10 ms on their serial
link. The MLP configuration is performed under a virtual multilink 0/0 interfaces.
interface, and then one or more physical interfaces can be assigned to R1 R2
the multilink group. The physical interface does not have an IP address s 0/0
s 0/0
assigned. Instead, the virtual multilink interface has an IP address
assigned. For QoS purposes, a single interface is typically assigned as
the sole member of the multilink group. Following is the syntax to
configure MLP:
10 ms Serialization Delay

interface multilink [multilink_interface_number]—Creates a virtual
FIGURE 5-8 Multilink PPP
multilink interface
R1(config)#interface multilink 1
ip address ip_address subnet_mask—Assigns an IP address to the R1(config-if)#ip address 10.1.1.1 255.255.255.0
virtual multilink interface
R1(config-if)#ppp multilink
ppp multilink—Configures fragmentation on the multilink interface R1(config-if)#ppp multilink interleave
R1(config-if)#ppp fragment-delay 10
ppp multilink interleave—Shuffles the fragments
R1(config-if)#exit
ppp fragment-delay [serialization_delay]—Specifies how long it R1(config)#interface serial 0/0
takes for a fragment to exit the interface R1(config-if)#encapsulation ppp
encapsulation ppp—Enables PPP encapsulation on the physical R1(config-if)#no ip address
interface R1(config-if)#multilink-group 1

no ip address—Removes the IP address from the physical interface R2(config)#interface multilink 1
multilink-group [multilink_group_number]—Associates the physi- R2(config-if)#ip address 10.1.1.2 255.255.255.0
cal interface with the multilink group R2(config-if)#ppp multilink
R2(config-if)#ppp multilink interleave
R2(config-if)#ppp fragment-delay 10
R2(config-if)#exit

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 92 Return to Table of Contents

[ 91 ]

CHAPTER 5 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

R2(config)#interface serial 0/0
R2(config-if)#encapsulation ppp
R2(config-if)#no ip address R1

R2(config-if)#multilink-group 1 Frame Relay
Cloud

LFI can also be performed on a Frame Relay link using FRF.12. The s 0/1.1
DLCI 101
configuration for FRF.12 is based on an FRTS configuration. Only one CIR = 64 kbps
additional command is given, in map-class configuration mode, to
FIGURE 5-9 FRF.12
enable FRF.12. The syntax for that command is as follows:
R1(config)#map-class frame-relay FRF12-EXAMPLE
Router(config-map-class)#frame-relay fragment fragment-size— R1(config-map-class)#frame-relay cir 64000
Specifies the size of the fragments R1(config-map-class)#frame-relay bc 640
R1(config-map-class)#frame-relay fragment 80
As a rule of thumb, the packet size should be set to the line speed
R1(config-map-class)#exit
divided by 800. For example, if the line speed is 64 kbps, the fragment
R1(config)#interface serial 0/1
size can be calculated as follows:
R1(config-if)#frame-relay traffic-shaping
fragment size = 64,000 / 800 = 80 bytes R1(config-if)#interface serial 0/1.1 point-to-point
R1(config-subif)#frame-relay interface-dlci 101
This rule of thumb specifies a fragment size (80 bytes) that creates a R1(config-fr-dlci)#class FRF12-EXAMPLE
serialization delay of 10 ms.
The following example shows an FRF.12 configuration to create a seri-
alization delay of 10 ms on a link that is clocked at a rate of 64 kbps. AutoQoS
Because FRF.12 is configured as a part of FRTS, CIR and Bc values Optimizing a QoS configuration for VoIP can be a daunting task.
are also specified. Fortunately, Cisco added a feature called AutoQoS to many of its router
and switch platforms to automatically generate router-based or switch-
based VoIP QoS configurations.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 93 Return to Table of Contents

[ 92 ]

CHAPTER 5 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

The following router platforms support AutoQoS: Before enabling AutoQoS on a router interface, consider these prereq-
uisites:
■ 1700 series
■ CEF must be enabled.
■ 2600 series
■ A QoS policy must not be currently attached to the interface.
■ 3600 series
■ The correct bandwidth should be configured on the interface.
■ 3700 series
■ An IP address must be configured on an interface if its speed is
■ 7200 series
less than 768 kbps.
Cisco also supports the AutoQoS feature on the following Catalyst
switch series: Note that the interface’s bandwidth determines which AutoQoS features
are enabled. If an interface’s bandwidth is less than 768 kbps, it is
■ 2950 (EI) considered a low-speed interface. On a low-speed interface, AutoQoS
■ 3550 configures MLP, which requires an IP address on the physical interface.
AutoQoS takes that IP address from the physical interface and uses it
■ 4500 for the virtual multilink interface it creates.
■ 6500 To verify that AutoQoS is configured for a router interface, you can use
the following command:
On a router platform, the following command enables AutoQoS from
either interface configuration mode or DLCI configuration mode (for a show auto qos voip [interface interface-identifier]
Frame Relay circuit):
auto qos voip [trust] [fr-atm]

The trust option indicates that AutoQoS should classify voice traffic
based on DSCP markings, instead of using NBAR. The fr-atm option
enables the AutoQoS feature for Frame Relay-to-ATM links and is
issued from DLCI configuration mode.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 94 Return to Table of Contents

[ 93 ]

CHAPTER 5 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

(EI) and 3550 switches, and their AutoQoS feature recognizes a Cisco
s 0/0 IP WAN IP Phone. To configure AutoQoS on these platforms, issue the follow-
ing commands from interface configuration mode:
auto qos voip trust—Configures the interface to trust CoS markings
interface serial 0/0
auto QoS voip for classifying VoIP traffic
auto qos voip cisco-phone—Detects the presence of a Cisco IP
FIGURE 5-10 AutoQos Phone, using CDP
The Catalyst 6500 running in Hybrid mode (that is, using the CatOS To troubleshoot and verify AutoQoS on a Catalyst switch, you can use
for switch functions) also supports AutoQoS. To enable AutoQoS on a the following commands:
Hybrid mode Catalyst 6500, you must first enable AutoQoS globally
and then for a specific port. Following are the required commands: show auto qos [interface interface-identifier]—Displays the config-
uration applied by AutoQoS
set qos autoqos—Globally enables AutoQoS
show mls qos interface [interface-identifier]—Displays interface-
set port qos <mod/port> autoqos trust [cos | dscp]—Enables level QoS statistics
AutoQoS for a specific port
This section has broadly addressed the features enabled by AutoQoS.
Note that the Catalyst 6500 can trust either CoS or DSCP values for its The specific features are shown in the following table.
queuing decision. If the port trusts DSCP markings, you can add the
following command, which recognizes that the port is connected to a QoS Mechanism Router Feature Switch Feature
Cisco IP Phone or a Cisco SoftPhone, which is software that runs on a
Classification NBAR and DSCP Port trust states
PC:
Marking CB-Marking CoS to DSCP re-marking
set port qos <mod/port> autoqos voip
[ciscosoftphone | ciscoipphone] Congestion LLQ WRR
management
The port must have CDP (Cisco Discovery Protocol) Version 2 enabled Shaping CB-Shaping or FRTS
to recognize an attached Cisco IP Phone. Although they do not recog- Link efficiency Header compression
nize a Cisco SoftPhone, AutoQoS can be configured on Catalyst 2950 and LFI

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 95 Return to Table of Contents

[ 94 ]

CHAPTER 6 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

.2

WAN .1 DLCI 200
DLCI 300

DLCI 100
Frame Relay 172.16.23.0/24
DLCI 400
.3

Local Management Interface (LMI) FIGURE 6-1 Frame Relay
Connection between customer (data terminal equipment, DTE) and
LMI provides signaling and status updates between the DTE and DCE.
service provider (data communications equipment, DCE) is known as
It also provides the DTE with its DLCI. The LMI can be autosensed on
User-Network Interface (UNI). It is in this area where Frame Relay
Cisco IOS Release 11.2 or later. One of three types is used: Cisco,
operates. The Network-to-Network Interface (NNI) is used to describe
American National Standards Institute (ANSI), or Q.933. Possible LMI
how different Frame Relay provider networks interconnect. Providers
status indications include the following:
often use ATM in the cloud to carry the Frame Relay data.
■ Active—Connection is active, and the routers can exchange data.
Frame Relay multiplexes many virtual circuits (VC) over a single phys-
ical transmission link. It uses data-link connection identifiers (DLCI) ■ Inactive—Local connection is functioning, but the remote connec-
on each DTE to identify the different virtual circuits. The DLCI is typi- tion is not.
cally only locally significant between the DTE and the frame switch.
■ Deleted—No LMI received from switch, DLCI removed from
Some providers allow the customers to choose the DLCI. DLCIs 0–15
switch, or no service from DTE to DCE.
and 1008–1023 are reserved. The specific range of DLCIs available is
dependent upon the Local Management Interface (LMI) type in use.
DLCIs must be mapped to a remote IP address to direct traffic over the
correct VC. Cisco routers support dynamic (Inverse Address Resolution Nonbroadcast multiaccess (NBMA) networks
Protocol, IARP) and manual mappings of DLCIs to remote IP NBMA capability allows the customer to communicate with any
addresses. remote site provided the provider has established a VC. A hub and
spoke is often used because of the per-VC charge that typically exists.
Permanent virtual circuit (PVC) or switched virtual circuit (SVC) can
be used—typically PVC.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 96 Return to Table of Contents

[ 95 ]

CHAPTER 6 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Configuring basic Frame Relay Subinterfaces
To set the encapsulation to Frame Relay, use the following command: Subinterfaces can solve split-horizon issues that arise with distance
Router(config-if)# encapsulation frame-relay [cisco | ietf] vector protocols and hub-and-spoke topologies. Subinterfaces might be
configured as point-to-point or multipoint. Split horizon can still be an
If you must specify the LMI type, use this command: issue in the multipoint environment. Multipoint does offer an advantage
in that a single subnet is needed as opposed to multiple subnet
Router(config-if)# frame-relay lmi-type {ansi | cisco | q933a}
addresses. The steps for a Frame Relay subinterface configuration
For dynamic address mapping (IARP), no further configuration is include the following:
required. If IARP has been disabled on an interface, you can enable it Step 1. Remove any network layer addressing assigned at the
with the following command: physical interface level.
Router(config-if)# frame-relay inverse-arp Step 2. Configure Frame Relay encapsulation at the physical inter-
face level.
To configure a static mapping, use the following interface configuration
command: Step 3. Create the subinterface using the following command:
Router(config)# interface serial number.subinterface-
frame-relay map protocol protocol-address dlci [broadcast]
number
[ietf | cisco]
{multipoint | point-to-point}

The keywords indicate the following: Step 4. Assign the subinterface a network address; you can use the
ip unnumbered command if you want to reference an
■ protocol-address—Specifies the destination protocol address address from another interface—such as a loopback
■ dlci—The DLCI number needed to connect to the remote protocol interface.
address Step 5. If you configured a point-to-point subinterface—or if you
■ broadcast—Specifies that broadcasts/multicasts should be configured multipoint and are not using IARP—you must
forwarded; often used to ensure that routing protocol traffic should configure the local DLCI using the following command:
be sent across the PVC Router(config-subif)# frame-relay interface-dlci
dlci-number
■ ietf/cisco—Used to specify the Frame Relay encapsulation type

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 97 Return to Table of Contents

[ 96 ]

CHAPTER 6 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Boston(config-if)# frame-relay map ip 10.10.10.2 100 broadcast
NOTE
Boston(config-if)# frame-relay map ip 10.10.10.3 110 broadcast
You cannot assign a subinterface to point-to-point communi- Boston(config-if)# interface serial 0.2 point-to-point
cations and then reassign to multipoint without rebooting the Boston(config-if)# ip address 172.16.10.1 255.255.255.0
router. To work around this, just select a new subinterface
Boston(config-if)# frame-relay interface-dlci 200
number.
New York(config)# interface serial 0
Boston
New York(config-if)# encapsulation frame-relay
New York(config-if)# ip address 10.10.10.2 255.255.255.0
.1 .1 New York(config-if)# frame-relay map ip 10.10.10.1 120 broadcast
s0.1 s0.2 New York(config-if)# frame-relay map ip 10.10.10.3 120 broadcast
200 New York(config-if)# no shutdown
172.16.10.0/24
100 110

Providence(config)# interface serial 0
Providence(config-if)# encapsulation frame-relay
120 130 210 Providence(config-if)# ip address 10.10.10.3 255.255.255.0
.2 .3 .2 Providence(config-if)# frame-relay map ip 10.10.10.1 130 broadcast
10.10.10.0/24 Providence(config-if)# frame-relay map ip 10.10.10.2 130 broadcast

New York Providence Newark Providence(config-if)# no shutdown

FIGURE 6-2 Frame Relay example Newark(config)# interface serial 0
Newark(config-if)# encapsulation frame-relay
Here is an example:
Newark(config-if)# ip address 172.16.10.2 255.255.255.0
Boston(config)# interface serial 0 Newark(config-if)# frame-relay interface-dlci 210
Boston(config-if)# encapsulation frame-relay Newark(config-if)# no shutdown
Boston(config-if)# no ip address
Boston(config-if)# no shutdown
Boston(config-if)# interface serial 0.1 multipoint
Boston(config-if)# ip address 10.10.10.1 255.255.255.0

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 98 Return to Table of Contents

[ 97 ]

CHAPTER 6 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Frame Relay traffic shaping is often used when a speed mismatch
Traffic Shaping exists between sites or you notice that Frame Relay connections are
occasionally congested.
Flow terminology Configuring traffic shaping involves the following steps:
■ Local Access Rate—Clock speed of the connection to the Frame
Relay cloud; rate at which data flows into or out of the network. Step 1. Specify a map class with the following command:
■ Committed Information Rate (CIR)—Rate in bits per second Router(config)# map-class frame-relay map-class-
name
(bps) at which the Frame switch agrees to transfer data; usually
averaged over time called committed rate measurement interval
Step 2. Configure the options for traffic shaping; the following
(Tc).
options are available:
■ Oversubscription—The sum of all the CIRs of the VCs coming
■ Define the average and peak rates on the VC associ-
into the device exceeds the access line speed.
ated with the map class; use the following command:
■ Committed Burst (Bc)—Maximum data in bits that the Frame Router(config-map-class)# frame-relay traffic-
switch agrees to transfer during any Tc; CIR/Tc = Bc. rate average [peak]
■ Excess Burst (Be)—Maximum number of bits the Frame switch
■ Specify that the router dynamically fluctuates the rate
attempts to transfer beyond the CIR for the first time interval only.
based on BECNs; use the following command:
■ Forward Explicit Congestion Notification (FECN)—Frame
Router(config-map-class)# frame-relay
switch sets this bit to indicate congestion is being experienced. adaptive-shaping
■ Backward Explicit Congestion Notification (BECN)—Another
bit that can be set to indicate congestion on the switch; Cisco IOS ■ Specify a queuing strategy for the virtual circuit; see
Release 11.2 and later allow a router to respond to this bit setting. the QoS section configurations.

■ Discard Eligibility (DE) indicator—The DE bit is set on the Step 3. Map the map class to virtual circuits on the interface; use
the following command:
oversubscribed traffic.
Router(config-if)# frame-relay class map-class-
name

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 99 Return to Table of Contents

[ 98 ]

CHAPTER 6 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Step 4. Enable traffic shaping with the following command:
Verifying Frame Relay
Router(config-if)# frame-relay traffic-shaping
■ show interface—Encapsulation verification
■ show frame-relay pvc—Status and traffic statistics; BECN and
FECN data
Dynamic Multipoint VPN
■ show frame-relay map—View DLCI mappings
Dynamic Multipoint VPN (DMVPN) uses generic routing encapsula-
tion (GRE) tunnels, IPsec encryption, and the Next-Hop Resolution ■ show frame-relay lmi—LMI traffic statistics
Protocol (NHRP) to better scale IPsec virtual private networks (VPN). ■ debug frame-relay lmi—Displays LMI information
Specifically, these protocols combine to provide much easier configura-
tions of VPNs and the dynamic discovery of tunnel endpoints. Ease of ■ clear frame-relay-inarp—Clears dynamically created mappings
configuration is provided thanks to crypto profiles. These crypto ■ show traffic-shape—Displays the current traffic shaping configu-
profiles replace the need for defining static crypto maps. ration
Remember that DMVPN relies on two Cisco-enhanced standards-based ■ show traffic-shape statistics—Displays the current traffic shaping
technologies. NHRP is a client/server protocol with the hub as the statistics
server and the spokes as clients. This protocol allows the hub to main- ■ debug frame-relay lmi—Displays information on the LMI packet
tain a database of the public IP addresses used on the spokes. Clients exchange
can query the database for the address of endpoint spoke systems for
the creation of tunnels between them. ■ debug frame-relay packet—Displays packet level of Frame
Relay activities
mGRE Tunnel Interface allows a single GRE interface to support multi-
ple IPsec tunnels.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 100 Return to Table of Contents

[ 99 ]

CHAPTER 7 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

IP Multicasting Multicast Group:224.1.1.1

Receiver
10.1.1.1
Introduction
Consider a video stream that needs to be sent to multiple recipients in a Receiver
Destination
company. One approach is to unicast the traffic. The source server Multicast
Address: 224.1.1 10.1.1.2

sends a copy of every packet to every receiver. Obviously, this Server Non-Receiver
10.1.1.3
approach has serious scalability limitations.
With multicast transmission, the server sends a single
copy of each packet addressed to the Class D multicast
An alternative approach is to broadcast the video stream so that the IP address. Packets are only forwarded to receivers.

source server has to send each packet only one time. However, every-
one in the network receives the packet in that scenario, even if they do FIGURE 7-1 IP multicast
not want it.
IP multicast technologies provide the best of both worlds. With IP
multicast, the source server sends only one copy of each packet, and
Internet Group Management
packets are sent only to intended recipients. Protocol / Cisco Group
Specifically, receivers join a multicast group, denoted by a Class D IP Management Protocol
address (that is, in the range 224.0.0.0 through 239.255.255.255). The The protocol used between clients (PCs) and routers to let routers know
source sends traffic to the Class D address, and through switch and which of their interfaces have multicast receivers attached is Internet
router protocols, packets are forwarded only to intended stations. These Group Management Protocol (IGMP). There are three versions of
multicast packets are sent via User Datagram Protocol (UDP) (that is, IGMP. However, only two versions are in widescale deployment:
best effort). Therefore, congestion-avoidance mechanisms such as
■ IGMP Version 1—When a PC wants to join a multicast group, it
weighted random early detection (WRED), which causes TCP flows to
sends an IGMP Report message (often called a Join message) to
go into TCP slow start, are not effective for multicast. When doing a
the router, letting the router know it wants to receive traffic for a
multicast design, also be aware of the potential for duplicate packets
specific group. Every 60 seconds, by default, the router sends an
being received and the potential for packets to arrive out of order.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 101 Return to Table of Contents

[ 100 ]

CHAPTER 7 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

IGMP Query message to determine whether the PC still wants to group-specific query, which would not be correctly interpreted by an
belong to the group. There can be up to a 3-minute delay before IGMPv1 receiver.
the router realizes that the receiver left the group. The destination
address of this router query is 224.0.0.1, which addresses all IP IGMPv2 Router
The IGMPv2 router suppresses its
normal group-specific query, since
multicast hosts. the IGMPv1 receiver would not be
able to respond to the v2 query.

■ IGMP Version 2—Similar to IGMP Version 1, except that IGMP Leave Message X

Version 2 can send queries to a specific group, and a “Leave”
message is supported. Specifically, a receiver can proactively send
a Leave message when it no longer wants to participate in a multi-
cast group, allowing the router to prune its interface earlier.
IGMPv2 Receiver IGMPv1 Receiver
■ IGMP Version 3—Introduces Source-Specific Multicast (SSM)
capabilities to the protocol. This allows hosts to signal group FIGURE 7-2 IGMP V2 router with V1 and V2 receivers
membership with filtering capabilities for possible sources. A host As mentioned earlier, multicast routers can periodically send queries
can signal either that it wants to receive traffic from all sources or out of an interface to determine whether any multicast receivers still
that it wants to receive traffic from only specific sources. exist off that interface. However, you might have a situation in which
more than one multicast router exists on a broadcast media segment
IGMP Version 1 and Version 2 hosts and routers do have some interop- (for instance, Ethernet). Therefore, one router must be designated as the
erability. When an IGMPv2 hosts sends an IGMPv2 report to an “querier” for that segment. This IGMP-designated querier is the router
IGMPv1 router, the IGMP message type appears to be invalid, and it is that has the lowest unicast IP address.
ignored. Therefore, an IGMPv2 host must send IGMPv1 reports to an
IGMPv1 router. To determine which router on a multiaccess network is the querier,
issue the following command:
In an environment with an IGMPv2 router and a mixture of IGMPv1
show ip igmp interface [interface-id]
and IGMPv2 receivers, the Version 1 receivers respond normally to
IGMPv1 or IGMPv2 queries. However, the Version 2 router must
ignore any Leave message while IGMP receivers are present, because if
the router processed the IGMPv2 Leave message, it would send a

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 102 Return to Table of Contents

[ 101 ]

CHAPTER 7 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

The output from the preceding command identifies the IP address of
the IGMP querier. In addition, the following command displays the IP
Addressing
multicast groups that a router is aware of: In a multicast network, the source sends multicast packets with a Class
D destination address. The 224.0.0.0 through 239.255.255.255 address
show ip igmp group range is the Class D address range, because the first 4 bits in the first
octet of a Class D address are 1110.
When a Layer 2 switch receives a multicast frame on an interface, by
default the switch floods the frame out all other interfaces. To prevent Some ranges of addresses in the Class D address space are dedicated
this behavior, the switch needs awareness of what interfaces are for special purposes:
connected to receivers for specific multicast groups. Approaches for
224.0.0.0–224.0.0.255 (Reserved link-local addresses)
training the switch include the following:
224.0.1.0–238.255.255.255 (Globally scoped addresses)
■ Cisco Group Management Protocol (CGMP)—A Cisco-
proprietary approach used on lower-end switches that allows a 232.0.0.0–232.255.255.255 (Source-specific multicast addresses)
Cisco router to tell a Cisco switch which of its interfaces are 233.0.0.0–233.255.255.255 (GLOP addresses)
connected to multicast receivers for specific multicast groups 239.0.0.0–239.255.255.255 (Limited-scope addresses)
■ IGMP snooping—Used on higher-end switches; allows a switch ■ Reserved link-local addresses—Used, for example, by many
to autonomously determine which interfaces are connected to network protocols. Open Shortest Path First (OSPF) uses
receivers for specific multicast groups by eavesdropping on the 224.0.0.5 and 224.0.0.6. RIPv2 uses 224.0.0.9, and Enhanced
IGMP traffic being exchanged between clients and routers Interior Gateway Routing Protocol (EIGRP) uses 224.0.0.10.
■ GARP Multicast Registration Protocol (GMRP)—A standards- Other “well-known” addresses in this range include 224.0.0.1,
based approach for letting a receiver proactively inform its which addresses all multicast hosts, and 224.0.0.2, which
upstream switch that the receiver wants to belong to a specific addresses all multicast routers.
multicast group ■ Globally scoped addresses—Used for general-purpose multicast
■ Router-Port Group Management Protocol (RGMP)—A propri- applications. Can extend beyond the local autonomous system.
etary approach that allows a switch to send IP multicast packets to
only multicast-enabled routers that want to receive traffic for
specific IP multicast groups

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 103 Return to Table of Contents

[ 102 ]

CHAPTER 7 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

■ Source-specific multicast (SSM) addresses—Used in conjunc- bits) of a multicast MAC address (in hex) is 01-00-5e. The twenty-fifth
tion with IGMPv3 to allow a multicast receiver request, not only bit is always 0. The last 23 bits of the multicast MAC address come
for membership in a group, but also to request specific sources to directly from the last 23 bits of the multicast IP address. Consider the
receive traffic from. Therefore, in an SSM environment, multiple following examples:
sources with different content can all be sending to the same
■ Given a multicast IP address of 224.1.10.10, calculate the corre-
multicast destination address.
sponding multicast MAC address. First, convert the last three
■ GLOP addresses—Provide a globally unique multicast address octets to binary:
range based on autonomous system numbers. For example, if a
0000.0001.0000.1010.0000.1010
company had an autonomous system number of 65000, its glob-
ally unique range of multicast IP addresses would be If the leftmost bit is not already 0, it should be changed to 0,
233.253.232.0 to 233.253.232.255. The autonomous system because the twenty-fifth bit of a multicast MAC address is
number is used to calculate the second and third octets in this always 0:
address range. First, convert the autonomous system number to
0000.0001.0000.1010.0000.1010
hexadecimal (that is, 65000 in decimal equals FD-E8 in hexadeci-
mal). FD in hexadecimal equals 253 in decimal, and E8 in hexa- Convert each nibble (that is, 4-bit section) into its hexadecimal
decimal equals 232 in decimal. The first octet of a GLOP address equivalent:
is always 233. 01-0a-0a
■ Limited-scope addresses—Used for internal multicast applica- Prepend 01-00-5e to the calculated address to produce the multi-
tions (that is, traffic that doesn’t leave the autonomous system), cast MAC address:
much like the RFC 1918 address space is a “private” address
01-00-5e-01-0a-0a
space.
■ Given a multicast IP address of 224.129.10.10, calculate the corre-
In addition to Layer 3 addresses, multicast applications must also have sponding multicast MAC address. First, convert the last three
Layer 2 addresses (that is, MAC addresses). Fortunately, these Layer 2 octets to binary:
addresses can be constructed directly from the Layer 3 multicast 1000.0001.0000.1010.0000.1010
addresses. A MAC address is a 48-bit address, and the first half (24

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 104 Return to Table of Contents

[ 103 ]

CHAPTER 7 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

If the leftmost bit isn’t already 0, it should be changed to a 0, forwarded. If the multicast packet is coming in a different interface, the
because the twenty-fifth bit of a multicast MAC address is RPF check fails, and the packet is discarded.
always 0:
0000.0001.0000.1010.0000.1010
RPF Check—PASS
Convert each nibble (that is, 4-bit section) into its hexadecimal 10.1.1.1
Network Interface s 0/0
equivalent:
10.0.0.0/8 s 0/0
01-0a-0a Unicast Routing
Video Table s 0/1 Receiver
Prepend 01-00-5e to the calculated address to produce the multi- Server
cast MAC address: RPF Check—FAIL

01-00-5e-01-0a-0a
The RPF check compares incoming
packets with the unicast routing table to
determine if a packet is arriving on the
Notice that both Layer 3 IP addresses translate into the same Layer 2 correct interface.

MAC address. This overlap permits 32 Layer 3 multicast addresses to
FIGURE 7-3 RPF check
map to the same Layer 2 multicast MAC address. So, care must be
taken when selecting Layer 3 multicast addresses to avoid this overlap. Only members of a multicast group receive packets destined for that
group. However, the sender does not need to be a member of the group.

Multicast traffic flows from a source to a destination over a “distribu-
Distribution Trees tion tree,” which is a loop-free path. The two types of distribution trees
To combat the issue of receiving duplicate packets, Cisco routers are as follows:
perform a Reverse Path Forwarding (RPF) check to determine whether
a multicast packet is entering a router on the correct interface. An RPF ■ Source distribution tree—A source distribution tree creates an
check examines the source address of an incoming packet and checks it optimal path between each source router and each last-hop router
against the router’s unicast routing table to see what interface should be (that is, a router connected to a receiver) at the expense of
used to get back to the source network. If the incoming multicast increased memory usage. Source distributions trees place (S, G)
packet is using that interface, the RPF check passes, and the packet is states in a router’s multicast routing table to indicate the address
of the source (S) and the address of the group (G).

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 105 Return to Table of Contents

[ 104 ]

CHAPTER 7 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Source Source
Router Router Source Rendezvous Source
Router Point (RP) Router

Source 1 Source 2
Source 1 Source 2
Sending to Sending to
225.1.2.3 225.1.2.3 Sending to Sending to
225.1.2.3 225.1.2.3

Last-Hop
Router Last-Hop
With a Source Distribution Tree, each source Router
router for a multicast group forms a shortest- With a Shared Distribution Tree, each source
path tree to each last-hop router for that group, router for a multicast group forms a shortest-
creating additional multicast routing entries in path tree to the RP. The RP then sends the
the routers. However, there is an optimal path Receiver multicast data to the last-hop routers. The
between each source router and each last-hop Member of Shared Distribution Tree approach results in Receiver
router. fewer routing entries in the routers. However, Member of
225.1.2.3 suboptimal paths often result.
225.1.2.3
FIGURE 7-4 Source distribution tree
FIGURE 7-5 Shared distribution tree
■ Shared distribution tree—A shared distribution tree creates a
tree from a central “rendezvous point” (RP) router to all last-hop
routers, with source distribution trees being created from all PIM-DM Mechanics
sources to the RP, at the expense of increased delay. Shared distri- Cisco routers use the Protocol-Independent Multicast (PIM) protocol to
bution trees place (*, G) states in a router’s multicast routing table construct IP multicast distribution trees. PIM’s protocol independence
to indicate that any device could be the source (that is, using the suggests that it can run over an IP network, regardless of the underlying
wildcard [*] character) for the group (G). This (*, G) state is unicast routing protocol, such as OSPF or EIGRP. The two varieties of
created in routers along the shared tree from the RP to the last-hop PIM are PIM-Dense Mode (PIM-DM) and PIM-Sparse Mode (PIM-
routers. Because each source for a group does not require its own SM). PIM-DM uses a source distribution tree, whereas PIM-SM uses a
(S, G), the memory requirement is less for a shared tree compared shared distribution tree.
to a source tree.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 106 Return to Table of Contents

[ 105 ]

CHAPTER 7 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

A router is globally enabled for multicast routing with the following pruned. However, if another router is on the same broad-
global configuration mode command: cast medium as the router that sent the prune, and if that
other router has IP multicast receivers attached, the Prune
Router(config)#ip multicast-routing
message is ignored. The Prune message is ignored because
After IP multicast has been globally enabled, individual interfaces need the router that is attached to IP multicast receivers sends a
to be configured for PIM support. To configure an interface to partici- “Join Override” message.
pate in an IP multicast network using PIM, issue the following interface Step 4. If a receiver comes up on a router that was previously
configuration mode command: pruned from the tree, that router can rejoin the tree by
Router(config-if)#ip pim {dense-mode | sparse-mode | sparse-
sending a “Graft” packet.
dense-mode} A major consideration for PIM-DM, however, is that this “flood-and-
prune” behavior repeats every 3 minutes. Therefore, PIM-DM does not
Cisco recommends sparse-dense-mode, which uses Dense Mode to
scale well. A better alternative is PIM-SM.
automatically learn the location of an RP, after which the interface runs
in Sparse Mode. First, consider the formation of a PIM-Dense Mode
distribution tree:
PIM-SM Mechanics
Step 1. A multicast source comes up and begins flooding multicast Next, consider the formation of a PIM-SM distribution tree:
traffic throughout the network.
Step 1. A receiver sends an IGMP Report message to its router
Step 2. If more than one router is forwarding over a common
indicating that it wants to participate in a particular multi-
broadcast medium (for example, an Ethernet link), “Assert”
cast group. The receiver’s router (that is, the “last-hop
messages are used to determine the PIM forwarder. The
router”) sends a Join message to the RP, creating (*, G)
router with the better metric or (by default) the highest IP
state along a shared tree between the RP and the last-hop
address wins the election.
router.
Step 3. Some routers might not have multicast receivers for the
Step 2. A source comes up and creates a source tree between its
group whose traffic is currently being flooded. Those
router (that is, the “first-hop router”) and the RP. (S, G)
routers send a “Prune” message to their upstream router,
state is created in routers along this path. However, before
requesting that their branch of the distribution tree be

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 107 Return to Table of Contents

[ 106 ]

CHAPTER 7 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

the source tree is completely established, the source sends Comparing PIM-DM to PIM-SM suggests that PIM-SM offers the
its multicast packets to the RP encapsulated inside unicast benefits of PIM-DM (that is, optimal pathing) without PIM-DM’s
Register messages. flood-and-prune behavior.
Step 3. After the RP receives the first multicast packet over the A distribution tree’s topology can be determined by examining the
source tree, it sends a Register Stop message to the source, multicast routing table of multicast routers in the topology. The show
telling the source to stop sending the multicast traffic ip mroute command displays a router’s multicast routing table:
inside Register messages. Two trees now exist: a source
Router#show ip mroute
tree from the first-hop router to the RP, and a shared tree
IP Multicast Routing Table
from the RP to the last-hop router. However, this might not
Flags: D - Dense, S - Sparse, B - Bidir Group,
be the optimal path.
s - SSM Group, C - Connected, L - Local,
Step 4. The last-hop router observes from where the multicast P - Pruned, R - RP-bit set, F - Register flag,
traffic is arriving, and the last-hop router sends a Join T - SPT-bit set, J - Join SPT,
message directly to the first-hop router to form an optimal M - MSDP created entry,
path (that is, a source path tree) between the source and the X - Proxy Join Timer Running,
A - Candidate for MSDP Advertisement,
receiver.
U - URD,
Step 5. Because the last-hop router no longer needs multicast I - Received Source Specific Host Report,
traffic from the RP, because it is receiving the multicast Z - Multicast Tunnel,
traffic directly from the first-hop router, it sends an (S, G) Y - Joined MDT-data group,
RP-bit prune message to the RP, asking the RP to stop y - Sending to MDT-data group
sending multicast traffic. Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD,
Step 6. With the shared tree to the last-hop router pruned, the RP State/Mode
no longer needs to receive multicast traffic from the first-
hop router. So the RP sends an (S, G) Prune message to the (*, 224.0.100.4), 02:37:12, RP is 192.168.47.14,
first-hop router. At this point, traffic flows in an optimal flags: S
path from the first-hop router to the last-hop router. The Incoming interface: Serial0, RPF neighbor
process of cutting over from the path via the RP to the
direct path is called shortest path tree (SPT) switchover.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 108 Return to Table of Contents

[ 107 ]

CHAPTER 7 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

10.4.53.4
Outgoing interface list:
Auto-RP
Ethernet1, Forward/Sparse, 02:37:12/0:03:42 Cisco routers support two methods for automatically configuring an
Ethernet2, Forward/Sparse, 02:52:12/0:01:23 RP: Auto-RP and Bootstrap Router (BSR). Routers willing to serve as
an RP are called candidate RPs, and they make their candidacy known
(192.168.46.0/24, 224.0.100.4), 02:37:12, to other routers called mapping agents using the multicast address
flags: RT 224.0.1.39. A mapping agent then makes the location of an RP known
Incoming interface: Ethernet1, RPF neighbor to other multicast routers in the network using the multicast address
10.4.53.4
224.0.1.40. By default, the mapping agent advertises the candidate RP
Outgoing interface list:
with the highest IP address.
Ethernet2, Forward/Sparse, 02:44:21/0:01:47
The global configuration command ip pim send-rp-announce
Notice the (*, G) and (S, G) entries. Other valuable information interface scope ttl [group-list acl] is issued on candidate RPs. To
contained in the mroute table includes the Incoming Interface List identify a router as a mapping agent, use the global configuration mode
(IIF), which shows on which interface traffic is entering the router, and command ip pim send-rp-discovery scope ttl.
the Outgoing Interface List (OIL), which shows the router interfaces
over which the multicast traffic is being forwarded. Whereas Auto-RP is a Cisco approach, PIMv2 added a standards-based
approach to make the location of RPs known throughout the multicast
network. Specifically, PIMv2, which uses protocol 103, supports a
feature called BSR, which performs a similar function to Auto-RP.
Rendezvous Points Routers that are candidates to become the RP can be configured with
In a PIM-SM network, one or more routers need to be designated as the global configuration mode command ip pim rp-candidate interface
RPs. These routers are the “central point” to which multicast servers ttl group-list acl. Routers that are candidates to become the bootstrap
send traffic that is to be dispersed to clients who want to receive it. router (similar to an Auto-RP mapping agent) can be configured with
Non-RPs can be configured to point to a statically defined RP with the the global configuration mode command ip pim bsr-candidate inter-
global configuration mode command ip pim rp-address ip-address. face hash-mask-length [priority]. Because BSR leverages PIM
However, in larger topologies, Cisco recommends that RPs be automat- messages, reserved multicast group addresses (for example, 224.0.1.40,
ically configured. used by Auto-RP) are not required for RP advertisement.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 109 Return to Table of Contents

[ 108 ]

CHAPTER 7 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Anycast RP
Anycast RP provides load sharing and redundancy in PIM-SM
networks. This technology allows multiple RPs to load-share and act as
hot backup routers for each other. Multicast Source Discovery Protocol
(MSDP) makes Anycast RP possible.

In Anycast RP, two or more RPs are configured with the same IP
address and 32-bit mask on loopback interfaces. All the downstream
routers are configured with this address as the RP address. IP routing
automatically selects the topologically closest RP for each source and
receiver.
Because sources may register with one RP and receivers may join a
different RP, a method is needed for the RPs to exchange information
about active sources. This information exchange is done using MSDP.
In Anycast RP, all the RPs are configured to be MSDP peers with each
other. When a source registers with one RP, an SA message is sent to
the other RPs, informing them that an active source exists for a particu-
lar multicast group. The result is that each RP knows about the active
sources in the area of the other RPs. If any of the RPs were to fail, IP
routing would converge, and one of the RPs would become the active
RP in more than one area.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 110 Return to Table of Contents

[ 109 ]

CHAPTER 8 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Protocol Range
Security Extended IPX 900–999
IPX SAP 1000–1099
Standard Virtual Integrated Network Service (VINES) 1–100
Access Lists / Extended IP
Extended VINES 101–200
Access Lists Simple VINES 201–300
Many types of access lists are available in Cisco IOS Software for
many different protocols. Here is a complete list.
You are permitted one access list per protocol, per interface, per direction.
Protocol Range One access list per protocol,
per direction, per interface
IP 1–99, 1300–1999
Extended IP 100–199, 2000–2699
fa 0/0
Ethernet type code 200–299
Ethernet address 700–799 Server
Inbound access list filters traffic before
entering the router; an outbound access
Transparent bridging (protocol type) 200–299 list filters traffic before it exits the router
Transparent bridging (vendor code) 700–799
FIGURE 8-1 Access control lists
Extended transparent bridging 1100–1199
DECnet and extended DECnet 300–399 At the end of every access list is an implied “deny all traffic” access
control entry (ACE). Therefore, if a packet does not match any of your
Xerox Network Systems (XNS) 400–499
criteria statements, it is blocked.
Extended XNS 500–599
Remember that the order of access list statements is important! For
AppleTalk 600–699
example, if you create a criteria statement that explicitly permits all
Source-route bridging (protocol type) 200–299 traffic, no statements added later are ever checked.
Source-route bridging (vendor code) 700–799
IPX 800–899

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 111 Return to Table of Contents

[ 110 ]

CHAPTER 8 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

When you are editing an access list and need to reorder entries, you command to set the number of packets that cause the system to gener-
should first delete the old list with the no access-list command. If you ate a log message. If you enable Cisco Express Forwarding (CEF) and
do not first delete the previous version of the access list, when you then create an access list that uses the log keyword, the packets that
copy or type commands on your router, you append additional access match the access list are not CEF switched.
control list (ACL) statements to the end of the existing access list.
To create an extended access list, use the following global configura-
The following ACLs are supported for IP: tion mode command:

■ Standard access lists for filtering based on source address access-list access-list-number {deny | permit} protocol
source source-wildcard destination destination-wildcard
■ Extended access lists for filtering on source or destination address [precedence precedence] [tos tos] [established] [log | log-
or port numbers input] [time-range time-range-name] [fragments]

■ Dynamic extended IP access lists that grant access per user to a
You can identify IP access lists with a name rather than a number. To
specific source or destination host basis through a user authentica-
create a standard access list, use the following command:
tion process
ip access-list standard name
■ Reflexive access lists that allow IP packets to be filtered based on
session information To create an extended access list, use the following command:

To create a standard access list, use the following global configuration ip access-list extended name
mode syntax:
You can specify whether the system examines noninitial IP fragments
access-list access-list-number {deny | permit} source of packets when applying an IP extended access list. Before this option
[source-wildcard] [log] was added, nonfragmented packets and the initial fragment of a packet
were processed by IP extended access lists, but noninitial fragments
The Cisco IOS Software can provide logging messages about packets were permitted by default. The IP Extended Access Lists with
permitted or denied by a standard IP access list. The first packet that Fragment Control feature allows more granularity of control over
triggers the access list causes an immediate logging message, and noninitial packets.
subsequent packets are collected over 5-minute intervals before they are
displayed or logged. You can use the ip access-list log-update

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 112 Return to Table of Contents

[ 111 ]

CHAPTER 8 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

The optional fragments keyword is available with four IP access list
commands (access-list [IP extended], deny [IP], dynamic, and permit
Unicast Reverse Path
[IP]). By specifying the fragments keyword in an access list entry, that Forwarding
particular access list entry applies only to noninitial fragments of The Unicast Reverse Path Forwarding feature (Unicast RPF) helps the
packets; the fragment is either permitted or denied accordingly. network guard against malformed or “spoofed” IP packets passing
through a router. A spoofed IP address is one that is manipulated to
The Turbo Access Control Lists (Turbo ACL) feature processes access
have a forged IP source address. Unicast RPF allows the administrator
lists more expediently than conventional access lists.
to drop packets that lack a verifiable source IP address at the router.
To enable the Turbo ACL feature, use the following command: Note how similar this is to the Reverse Path Forwarding check with
multicast traffic. In that case, traffic was dropped to avoid loops.
access-list compiled
Unicast RPF is enabled on a router interface. When this feature is
Use the show access-list compiled EXEC command to verify that the enabled, the router checks packets that arrive inbound on the interface
Turbo ACL feature has been successfully configured on your router. to see whether the source address matches the receiving interface.
You can implement access lists based on the time of day and week Cisco Express Forwarding (CEF) is required on the router because the
using the time-range global configuration command. To do so, first Forwarding Information Base (FIB) is the mechanism checked for the
define the name and times of the day and week of the time range and interface match.
then reference the time range by name in an access list to apply restric- Administrators can decide to drop packets that arrive on an interface
tions to the access list. without a return path to the source in the FIB, or they can just have
To restrict access to a vty and the addresses in an access list, use the counters increment in the global IP traffic statistics for Unicast RPF
following command: drops and in the interface statistics for Unicast RPF.

access-class access-list-number {in | out} Whether packets that fail the Unicast RPF check are dropped is
controlled by the use of an ACL with the ip verify unicast reverse-
To restrict access to an interface, use the following command: path command. If an ACL is specified in the command and a packet
fails the Unicast RPF check, the ACL is checked to see whether the
ip access-group {access-list-number | access-list-name}
{in | out} packet should be dropped or forwarded. If no ACL is specified in the

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 113 Return to Table of Contents

[ 112 ]

CHAPTER 8 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Unicast RPF command, the router drops the unverifiable packet, and Inspected TCP Connection
the counters are updated. Note that you can use ACL logging to obtain
Internet
the source address information. Just be sure to specify the log option in
the ACL used with the ip verify unicast reverse-path command. Permitted TCP Return Traffic

To implement Unicast RPF, ensure that CEF is enabled on the router, FIGURE 8-2 CBAC
and use the ip verify unicast reverse-path list interface configuration CBAC functions on a router as follows:
command.
■ Control traffic is inspected by an administrator-configured CBAC
rule (for example, ip inspect name MYCBACRULE tcp).
Context-Based Access Control ■ CBAC creates a dynamic ACL allowing return traffic through the
Context-Based Access Control (CBAC) makes firewall-like stateful router.
packet filtering a possibility on your Cisco IOS router (see Figure 8-2). ■ Inspection continues with dynamic ACLs being created and
This capability makes the Cisco IOS router act much like a Cisco PIX removed as needed; application-specific attacks are also monitored
or Adaptive Security Appliance. Using CBAC, the router can permit for.
TCP and User Datagram Protocol (UDP) connections from the
■ Application termination is detected, or timeouts occur and
“trusted” inside interface of the network to “untrusted” outside inter-
dynamic ACLs are removed.
faces (for example, an Internet connection to an Internet service
provider). The router then creates a stateful session table to monitor for
CBAC can be configured to support all TCP connections or all UDP
the appropriate return traffic for these TCP and UDP sessions. Stateful
sessions. You can also configure CBAC to inspect certain application-
packet filtering is much more powerful than traditional firewall packet
layer protocols:
filtering in that it can examine application layer information to ensure
traffic is safe for entrance into the network. Traditional filtering was ■ FTP
often limited to source address inspection, for example.
■ Simple Mail Transport Protocol (SMTP)
■ HTTP
■ ICMP
■ Session Initiation Protocol (SIP)

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 114 Return to Table of Contents

[ 113 ]

CHAPTER 8 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Configuring CBAC on a router involves the following tasks: For TCP and UDP inspection:
ip inspect name inspection-name tcp [alert {on | off}]
■ Determine whether CBAC will be configured on an “internal” or
[audit-trail {on | off}] [timeout seconds]
“external” interface.
■ Ensure access lists configured for outbound traffic permit the ip inspect name inspection-name udp [alert {on | off}]
[audit-trail {on | off}] [timeout seconds]
CBAC-analyzed traffic, and ensure access lists configured for
inbound traffic deny the CBAC-analyzed traffic.
■ Apply the inspection rule to an interface:
■ Configure global timeouts and thresholds: ip inspect inspection-name {in | out}
ip inspect tcp synwait-time seconds
ip inspect tcp finwait-time seconds ■ Configure audit trail messages:
ip inspect audit-trail
■ Define an inspection rule.
For an application layer protocol:
ip inspect name inspection-name protocol [alert {on |
off}] [audit-trail {on | off}] [timeout seconds]
LAN Security
For an RPC application layer protocol: Switch port security
ip inspect name inspection-name rpc program-number number You can use the port security feature to restrict input to an interface by
[wait-time minutes] [alert {on | off}] [audit-trail {on | limiting and identifying MAC addresses of the stations allowed to
off}] [timeout seconds]
access the port.
For Java blocking: You can configure these types of secure MAC addresses:
ip inspect name inspection-name http [java-list access-
list] [alert {on | off}] [audit-trail {on | off}] [timeout ■ Static secure MAC addresses—Manually configured by using
seconds] the switchport port-security mac-address MAC address inter-
face configuration command.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 115 Return to Table of Contents

[ 114 ]

CHAPTER 8 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

■ Dynamic secure MAC addresses—Dynamically learned, stored The following interface configuration commands are used to enable and
only in the address table and removed when the switch restarts. configure port security:
■ Sticky secure MAC addresses—Dynamically learned or manu- switchport port-security
ally configured, stored in the address table, and added to the switchport port-security maximum value [vlan [vlan-list]]
switchport port-security violation {protect | restrict | shutdown}
running configuration. These addresses can be saved in the config-
switchport port-security mac-address mac-address [vlan vlan-id]
uration file.
switchport port-security mac-address sticky

To enable sticky learning, enter the switchport port-security mac- You can use port security aging to set the aging time for static and
address sticky interface configuration command. dynamic secure addresses on a port. Two types of aging are supported
You can configure the interface for one of three violation modes, based per port:
on the action to be taken if a violation occurs: ■ Absolute—The secure addresses on the port are deleted after the
■ Protect—Packets with unknown source addresses are dropped specified aging time.
until you remove a sufficient number of secure MAC addresses or ■ Inactivity—The secure addresses on the port are deleted only if
increase the number of maximum allowable addresses. the secure addresses are inactive for the specified aging time.
■ Restrict—Packets with unknown source addresses are dropped switchport port-security aging {static | time time | type
until you remove a sufficient number of secure MAC addresses or {absolute | inactivity}}
increase the number of maximum allowable addresses; you are
notified.
■ Shutdown—Port security violation causes the interface to imme-
IP Source Guard
diately become error-disabled and turns off the port LED; it also IP Source Guard is a Catalyst security feature related to DHCP snoop-
sends a Simple Network Management Protocol (SNMP) trap, logs ing. IP source guard helps prevent IP spoofing by allowing only the IP
addresses that are obtained through DHCP snooping on a particular
a syslog message, and increments the violation counter.
port. When a client receives an IP address from the authorized DHCP
server, a port access control list (PACL) is installed on the port. This
PACL allows traffic in the interface as long as it is sourced from the
DHCP provided IP address.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 116 Return to Table of Contents

[ 115 ]

CHAPTER 8 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

The steps to configuring IP source guard are as follows:
Step 1. Configure DHCP snooping in global configuration mode:
Workstation Switch Running Authentication
ip dhcp snooping 802.1X Port-based Server
Authentication
Step 2. Enable DHCP snooping for the appropriate VLANs: FIGURE 8-3 802.1X port-based authentication
ip dhcp snooping vlan number You control the port authorization state by using the dot1x port-
control interface configuration command and these keywords:
Step 3. Configure the trust state of the interface:
no ip dhcp snooping trust ■ force-authorized—Disables 802.1X authentication and causes the
port to transition to the authorized state without any authentication
Step 4. Configure the IP Source Guard feature: exchange required
ip verify source vlan dhcp-snooping port-security ■ force-unauthorized—Causes the port to remain in the unautho-
rized state, ignoring all attempts by the client to authenticate
■ auto—Enables 802.1X authentication and causes the port to begin
802.1X Port-Based in the unauthorized state
Authentication
802.1X port-based authentication is supported in two topologies:
The IEEE 802.1X standard defines a client/server-based access control
and authentication protocol that restricts unauthorized clients from ■ Point-to-point
connecting to a LAN through publicly accessible ports (see Figure 8-3).
■ Wireless LAN
The authentication server authenticates each client connected to a
switch port before making available any services offered by the switch
Use the following commands to enable 802.1X authentication:
or the LAN.
Switch(config)# aaa new-model
Switch(config)# aaa authentication dot1x {default} method1 [i...]
Switch(config)# dot1x system-auth-control
Switch(config-if)# dot1x port-control auto

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 117 Return to Table of Contents

[ 116 ]

CHAPTER 8 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Device Security / Access Note
Remember, you will find no substitute for physical security of your The preceding passwords are stored in the configuration in
Cisco devices. Not only can the devices be easily stolen, but access to plain text. To ensure that they are encrypted—along with all
other plain-text passwords that might exist—use the service
the console port allows passwords to be reset and security into the password-encryption command.
network to be breached. After ensuring your devices are physically
secured, you should place passwords on the various operating modes of
your device. For enacting local security, you can configure 16 different privilege
levels, numbered 0 through 15. To configure a privilege level for users
It is simple to set local passwords and security on your router or switch and associate commands with that privilege level, use the privilege
to help protect the operating modes and line access. command in global configuration mode. For example, to set the use of
the configure command to level 14, use the following command:
Use the following syntax to protect access to the console port with a
local password: privilege exec level 14 configure

CiscoDevice(config)# line console 0
To protect access to privileged mode, you can use the enable password
CiscoDevice(config-line)# login
global configuration command. You can specify a privilege level if you
CiscoDevice(config-line)# password cisco
are using various levels in your local security model. If no level is spec-
Notice that the preceding command login permits the use of local pass- ified, the default level 15 is assumed. This privilege level provides full
word checking on the line. You can use the no login command to access to the privileged mode commands by default.
disable password checking. For additional protection, use the enable secret command to set an
The sample syntax is used to protect the Telnet lines with a local pass- encrypted privileged mode password. Again, you can use the level
word as follows: argument to assign the password to a particular privilege level.

CiscoDevice(config)# line vty 0 4 It is a best practice to set both versions of the privileged mode pass-
CiscoDevice(config-line)# login word (enable password and enable secret), but you should set them to
CiscoDevice(config-line)# password cisco different values. If you attempt to set the passwords the same, you get a
warning, but the password is still accepted. After you set a password

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 118 Return to Table of Contents

[ 117 ]

CHAPTER 8 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

using the enable secret command, a password set using the enable You can and should configure multiple authentication sources. For
password command works only if the enable secret is disabled or an example, if your TACACS+ servers are unavailable (an error is returned
older version of Cisco IOS Software is being used, such as when when access fails), you should have authentication seamlessly fail over
running an older rxboot image. to some other method—perhaps the local username and password data-
base on the device.
Also part of the local security model is the username command. It
provides username and password authentication for login purposes
only. Add a username entry for each remote system that the local router
communicates with and requires authentication from (for example, Workstation Access Server Cisco Secure ACS
Providing TACACS+
Challenge Handshake Authentication Protocol [CHAP], used with Authentication
PPP). The remote device must have a username entry for the local
FIGURE 8-4 TACACS+
router. This entry must have the same password as the local router’s
entry for that remote device. You can also use this command to define To configure authentication on a router or switch, complete the follow-
usernames that get special treatment. For example, you can use this ing steps:
command to define a “guest” username that does not require a pass-
word but connects the user to a general-purpose information service. Step 1. Enable AAA on the device using the aaa new-model
command. This command permits the use of modern secu-
rity protocols such as TACACS+, RADIUS, and Kerberos.
Authentication, authorization, and Step 2. Define the source of authentication. For example, you can
accounting use the tacacs-server host command to define the
You can also ensure security in the network through the use of AAA— TACACS+ servers you are using for authentication. You
authentication, authorization, and accounting. can then use the aaa group server tacacs+ command to
group these servers.

Authentication Step 3. Define a list of authentication methods to try using the aaa
authentication login command. If you specify TACACS+
Authentication can be accomplished using usernames and passwords
servers first and you get no response from them (an error is
configured locally on the switch, one or more RADIUS servers, or one
returned), the next listed method is tried.
or more TACACS+ servers.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 119 Return to Table of Contents

[ 118 ]

CHAPTER 8 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Step 4. Apply a method list to router or switch line using the login exec—The server must return permission for the user to
authentication command. run an EXEC session.
network—The server must return permission to use
Authorization network-related services.
Once authenticated, a user is placed in user EXEC mode by default.
reverse-access—The server must return permission for a
Configure authorization with the following steps:
reverse Telnet session.
Step 1. Configure the RADIUS or TACACS+ servers that contain Step 3. Apply the authorization method list to a specific line on
the authorization database. These are typically already the device using the authorization command.
defined for you using Step 1 from the configuration of
authentication. Accounting
Step 2. Define a method list of authorization methods that are to The RADIUS and TACACS+ servers can also collect usage information
be tried in sequence using the aaa authorization for auditing or even billing purposes.
command. In this command, you not only specify the
authorization sources (for example, a group of TACACS+ Step 1. Define the accounting servers; typically this is completed
servers), but you also specify the function or service in Step 1 of the authentication process.
needing authorization. This is done with one of the follow- Step 2. Define a method list providing a sequence of accounting
ing keywords: methods using the command aaa accounting. In this
commands—The authorization server must return permis- command, you specify functions that trigger accounting—
sion to use any command at any level. for example:

config-commands—The server must return permission to system—Major events such as reload
use a configuration command. exec—User authentication into an EXEC session
configuration—The server must return permission to enter commands—Information about any executed commands
configuration mode.
You can also specify that certain types of accounting
records be sent:

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 120 Return to Table of Contents

[ 119 ]

CHAPTER 8 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

start-stop—Events are recorded when they start and stop.
stop-only—Events are recorded when they stop.
none—No events are recorded.
Step 3. Apply the accounting method to a line on the device using
the accounting command.

RADIUS versus TACACS
Be aware of the differences between these two security protocols, as
outlined here.

RADIUS TACACS+
Transport protocol User Datagram TCP
Protocol (UDP)
Encryption Encrypts only Encrypts entire body
the password
AAA Combines authentication Separates AAA functions
and authorization
Standards-based Industry standard Cisco-proprietary

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 121 Return to Table of Contents

[ 120 ]

CHAPTER 9 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Label Switch Router
MPLS A Label Switch Router (LSR) is the device that makes MPLS possible.
These devices can be grouped into two categories:

Multiprotocol Label Switching ■ Edge LSR—This device resides at the edge of the MPLS network
and has many functions it is responsible for as a result. These
Overview functions include the following:
Multiprotocol Label Switching (MPLS) leverages the efficiency of
Label distribution
Cisco Express Forwarding (CEF) and the intelligence provided by IP
routing. Remember that CEF allows for the creation of a copy of the Packet forwarding based on labels
routing information base in memory in the Cisco router or switch. This Label imposition (insertion)
memory-based structure is called the Forwarding Information Base
(FIB), and it allows for remarkable packet forwarding times through Label disposition (removal)
what traditionally had been much slower devices. ■ LSR—This device does not reside at the edge of the MPLS
network, and therefore it is only typically responsible for the
MPLS appends a label to packets. This label can be used for efficient
following:
forwarding decisions through an MPLS network. Using MPLS, the
Layer 3 header information can be analyzed once as the packet enters Label distribution
the MPLS domain. After this single Layer 3 examination, a label can be Packet forwarding based on labels
appended that will allow the subsequent MPLS devices to skip the
traditional Layer 3 routing process. Although labels typically corre- Note that service providers typically refer to an Edge LSR as a PE
spond to Layer 3 destination addresses, it is important to note that the (Provider Edge) router and an LSR as a P (Provider) router, as shown
labels could also correspond to QoS requirements, source address, or a in Figure 9-1.
variety of other criteria.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 122 Return to Table of Contents

[ 121 ]

CHAPTER 9 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Label format
Dest. 10.10.10.1 Label = 21 Label = 25 Dest. 10.10.10.1
The MPLS label is a 4-byte identifier used in the MPLS process. The
label identifies the destination and the services the packet will receive.
This is called the Forwarding Equivalence Class (FEC). Labels are
MPLS Domain locally significant. Each LSR independently maps a label to a FEC.
FIGURE 9-1 LSRs The LSRs then exchange these label bindings.
Examine the architecture of the LSR shown in Figure 9-2. Notice how The 32-bit label field used by MPLS is shown in Figure 9-3.
the Label Forwarding Information Base (LFIB) in the data plane is
used to forward labeled packets, and the control plane mechanisms are Label EXP S TTL

used to build this LFIB. 0 19 20 22 23 24 31

LSR
FIGURE 9-3 MPLS label format
Control Plane Notice this label contains the following fields:
Routing Protocol
1. 20-bit label
IP Routing Table
2. 3-bit experimental field—typically used to carry IP precedence or
Label Exchange Protocol
class of service
3. Bottom-of-Stack bit—used to determine whether the label is the
Data Plane last in the stack of labels
Label Forwarding Table (LFIB)
4. 8-bit TTL field—used to prevent looping of packets
With Frame Mode MPLS, the label is inserted between the Layer 2 and
FIGURE 9-2 Architecture of the LSR Layer 3 header. With Cell Mode MPLS, the fields in the ATM header
are used as the label.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 123 Return to Table of Contents

[ 122 ]

CHAPTER 9 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Note the Bottom-of-Stack bit is required because some packets can
have multiple labels. This can happen for the following reasons: Dest. 10.10.10.1 Label = 21 Label = 25 Dest. 10.10.10.1

■ MPLS virtual private networks (VPN) (two labels)—One label
is used to locate the egress router, and the second is used to iden-
tify the VPN. MPLS Domain

■ MPLS traffic engineering (two or more labels)—One label IP Lookup LFIB LFIB
10.10.10/24 -> Label 21 Label Swap Label Popped
points to the endpoint of the tunnel, and the other label points to Label 21 -> Label 25 IP Lookup
10.10.10/24 -> Next Hop
the destination.
FIGURE 9-4 Label imposition/disposition
■ MPLS VPNs used in conjunction with MPLS traffic engineer-
ing (three or more labels).
Label distribution
Label Distribution Protocol (LDP) is used to exchange labels between
Label imposition/disposition adjacent routers. LDP is session-based based and has the following
The LSR (or Edge LSR) performs one or more of the following func- characteristics:
tions:
■ Hello messages are sent periodically on MPLS-enabled interfaces;
■ Ingress Edge LSR—Inserts (imposes) the label or stack of labels. these messages initiate session establishment.
■ Core (Interior) LSR—Top label is swapped with the next-hop ■ Hello messages are UDP (port 646) sent to multicast 224.0.0.2 (all
label or stack of labels. routers).
■ Egress Edge LSR—The label is removed (popped). ■ TCP is used to actually establish the session (port 646).
Figure 9-4 shows this process.

Label-Switched Path
The Label-Switched Path (LSP) is simply the sequence of LSRs that
make up the Forwarding Equivalence Class (FEC) path. LSPs are

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 124 Return to Table of Contents

[ 123 ]

CHAPTER 9 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

unidirectional, which means that the return path might be different. Figure 9-6 shows the use of PHP to increase efficiency.
However, routing protocols typically provide symmetric paths, so if
MPLS is based on the routing table output, it is often symmetric too. Dest. 10.10.10.1 Label = 21 Label = 30 Label Pop Dest. 10.10.10.1

Penultimate Hop Popping (PHP) is used in the LSP to improve effi-
ciency in the MPLS operations. Figure 9-5 shows the issue if PHP is
not used in the MPLS network. MPLS Domain

FIB Consulted for LFIB Used for LFIB Used and FIB Consulted
Dest. 10.10.10.1 Label = 21 Label = 30 Label = 25 Dest. 10.10.10.1 Label Imposition Label Swap Label Popped for Next Hop

FIGURE 9-6 PHP

MPLS Domain
Route Descriptor
FIB Consulted for
Label Imposition
LFIB Used for
Label Swap
Both FIB and
LFIB Needed
The Route Descriptor (RD) is a key MPLS element that allows service
providers to implement MPLS VPNs for customers. The following
FIGURE 9-5 No PHP
discussion is based on the sample MPLS VPN topology shown in
Notice that both a FIB and LFIB lookup are required on the egress Figure 9-7.
router. This is because the LFIB must be consulted to learn that the Service Provider
Network
label should be removed (popped) and the FIB needs to be used to
forward the packet to the next-hop IP address.
Customer A Customer A
10.100.10.0/24

PE Router 1

Customer B Customer B
10.100.10.0/24

FIGURE 9-7 MPLS VPN topology

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 125 Return to Table of Contents

[ 124 ]

CHAPTER 9 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

On PE Router 1, a VPN Routing and Forwarding (VRF) table is config- 2. Enable label switching on a frame-mode interface:
ured for each customer (Customer A and Customer B). These VRF mpls ip
tables contain the routes advertised by each customer. What if each
customer has the same prefix to advertise? In this example, notice that 3. Start the appropriate label distribution protocol on the interface:
each customer wants to advertise the 10.100.10.0/24 prefix. The PE mpls label protocol [tdp | ldp | both]
Router 1 handles this situation by prepending an RD to the IPv4 prefix
to uniquely identify the prefixes as belonging to particular VPN Optional:
customers. The combination of the IPv4 and RD is called the VPN-
IPv4 address. 1. Configure the MPLS ID on a router:
mpls ldp router-id interface
The PE Router 1 device can propagate the prefix information to the
other provider routers using Multiprotocol BGP. Multiprotocol BGP is 2. Configure a label-switching MTU:
an option because it supports an extended community attribute field.
mpls mtu bytes
This field can carry the VPN-IPv4 address.
The VRF tables on PE Router 1 also contain what is called an Export 3. Configure IP TTL propagation:
Target. This attribute determines which target PE routers will receive mpls ip propagate-tll
the VPN-IPv4 address information. On the receiving PE routers, an
Import Target value is set. 4. Configure conditional label distribution:
mpls ldp advertise-labels [for prefix-access-list [to
peer-access-list]]
Basic MPLS configuration
Monitoring MPLS is possible thanks to the following commands:
Basic MPLS configuration consists of three mandatory and several
optional tasks: ■ show mpls ldp parameters—Displays LDP parameters
Mandatory: ■ show mpls interfaces—Displays MPLS status on interfaces

1. Use the appropriate command for your platform to enable CEF. ■ show mpls ldp discovery—Displays all discovered LDP neighbors

Examples include the global configuration command ip cef or the ■ show mpls ldp neighbor—Displays individual LDP neighbors
interface command ip route-cache cef.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 126 Return to Table of Contents

[ 125 ]

CHAPTER 9 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

■ show mpls ldp neighbor detail—Displays more details about an
LDP neighbor
■ show mpls ldp bindings—Displays the Label Information Base
■ show mpls forwarding-table—Displays the contents of the LFIB
■ show ip cef detail—Displays labels attached to a packet by the
Edge LSR
■ debug mpls ldp—Debugs LDP adjacencies
■ debug mpls lfib—Debugs LFIB events
■ debug mpls packets —Debugs labeled packets

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 127 Return to Table of Contents

[ 126 ]

CHAPTER 10 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

IPv6 IPv4 Address 32-bit

10.100.34.123

IPv6 Address 128-bit
Address Structure 2031:0000:130F:0000:0000:09C0:876A:130B
An IPv6 address is 128 bits long, a much larger address space than the or
address space in IPv4. It can provide approximately 3.4 * 10 ^ 38 2031:0:130F::9C0:876A:130B

addresses. FIGURE 10-1 IP addresses

IPv6 addresses are represented as a series of 16-bit fields presented as a
hexadecimal number and separated by colons (:). The format used is
x:x:x:x:x:x:x:x.
Benefits
The main benefits of IPv6 include the following:
To shorten the writing of IPv6 addresses, you can use the following
■ Has a larger IP address space.
techniques:
■ Eliminates the need for Network Address Translation (NAT).
■ The leading 0s in a field are optional.
■ Allows hosts to have multiple IPv6 addresses and networks to
■ You can use two colons (::) to compress successive hexadecimal have multiple IPv6 prefixes (site multihoming).
fields of 0s at the beginning, middle, or end of an IPv6 address;
this can be done one time in an address (see Figure 10-1). ■ A fixed header size makes processing more efficient.
■ Optional security headers.
■ Has increased mobility and multicast capabilities.
■ A new capability enables packet labeling to belong to particular
traffic “flows” so that the sender can request special handling.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 128 Return to Table of Contents

[ 127 ]

CHAPTER 10 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Datagram Structure Address types
The header has eight fields: Scope types under version 6 include the following:

■ Version—A 4-bit field that indicates the IP version. ■ Unicast

■ Traffic Class—An 8-bit field that tags packets with a traffic class ■ Anycast—An identifier for a set of interfaces that typically belong
used in differentiated services. to different nodes. A packet sent to an anycast address is delivered
to the closest interface, as defined by the routing protocols in use,
■ Flow Label—A 20-bit field that a source uses to label sequences identified by the anycast address.
of packets for which the source requests special handling by the
IPv6 routers. ■ Multicast

■ Payload Length—A 16-bit field similar to the Total Length field
in the IPv4 packet header. Address scopes
■ Next Header—An 8-bit field similar to the Protocol field in the ■ Link-local address—A link-local address is an IPv6 unicast
IPv4 packet header. This field differs from IPv4 because there can address that you can manually configure or have automatically
be a stack of multiple headers within one IPv6 header, unlike configured on an IPv6 interface. When configured automatically,
IPv4. the address uses the link-local prefix FE80::/10 (1111 111010) and
the interface identifier. Link-local addresses are used in the neigh-
■ Hop Limit—This 8-bit field specifies the maximum number of
bor discovery protocol, the stateless autoconfiguration process,
hops an IP packet can traverse and is similar to the Time To Live
and many other control operations such as routing protocols them-
(TTL) field in the IPv4 packet header.
selves.
■ Source Address—This 128-bit (16-octet) field contains the
■ Site-local address—Site-local addresses are IPv6 unicast
packet’s source address.
addresses that use the prefix FEC0::/10 (1111 111011) and
■ Destination Address—This 128-bit (16-octet) field contains the concatenate the subnet identifier (the 16-bit field) with the inter-
destination address. face identifier. These addresses are similar to RFC 1918 private
addresses in IPv4—they are not advertised beyond the local site.
This feature has been deprecated in the standards.

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 129 Return to Table of Contents

[ 128 ]

CHAPTER 10 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

■ Global aggregatable address—Aggregatable global unicast
addresses enable strict aggregation of routing prefixes that limits
IPv6 Multicast
the number of routing table entries in the global routing table. It is important to realize that IPv6 multicast is based on the same basic
These are the unique addresses assigned by service providers or principles as IPv4 multicast. One big difference, however, is that IPv6
regional registries for participation in the public network. relies on multicast for many more functions. For example, neighbor
discovery, node autoconfiguration, and Mobile IPv6 all rely heavily on
IPv6 multicast for their operations. Also realize that Internet Group
IPv6 neighbor discovery Management Protocol (IGMP) is dropped in IPv6 multicast. Multicast
IPv6 neighbor discovery allows for the following functions: Listener Discovery (MLD) now replaces IGMP.

■ Determine the link-layer address of a device on the same local You should immediately recognize a multicast address in IPv6. The
link—note this is similar to the function of ARP in IPv4 address starts with FF, as shown in Figure 10-2.

■ Find neighbor routers 11111111 Flags Scope Group ID

■ Track neighbor routers
FF
The IPv6 neighbor discovery process is the solicited-node multicast
address. Any node must join the multicast group corresponding to each FIGURE 10-2 IPv6 multicast addresses
of its unicast and anycast addresses. The solicited-node address is Also note that the scope portion of the IPv6 multicast address controls
composed of the FF02:0:0:0:0:1:FF/104 prefix concatenated with the how far the multicast traffic can flow through the network. Figure 10-3
rightmost 24 bits of the corresponding unicast or anycast address. The provides some examples.
solicited-node addresses are used for neighbor solicitation messages.
11111111 Flags Scope Group ID
The source node takes the rightmost 24 bits of the IPv6 address of the
destination node and sends a neighbor solicitation message to the
Examples:
multicast group on the link-local address. The corresponding node 2 – link local scope
responds with its link-layer address. 5 – site local
E – global scope
FF05::2 – all routers in the site local scope

FIGURE 10-3 IPv6 multicast addresses—scope

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 130 Return to Table of Contents

[ 129 ]

CHAPTER 10 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

Deployment strategies ■ Both versions recognize the same network types—and both treat
these network types in a similar manner.
Three primary mechanisms help with the transition from IPv4 to IPv6:
■ The link-state advertisement (LSA) flooding and aging mecha-
■ Dual stack—Both the IPv4 and the IPv6 stacks run on a system; nisms are identical in the two protocols and the timers.
this system can communicate with both IPv6 and IPv4 devices.
Although there are many similarities, some differences do exist. Note,
■ Tunneling—IPv6 packets are encapsulated to traverse IPv4 for instance, the following:
networks and vice versa.
■ Link-local addresses are used for the formation of adjacencies.
■ Translation—This mechanism translates one protocol to the other
to facilitate communication between the two networks. ■ Multiple IPv6 subnets can be assigned to a single link; OSPFv3 is
per interface, not per network.
■ Two nodes can communicate over a link even if they do not share
Open Shortest Path First Version 3 a common subnet.
Open Shortest Path First Version 3 (OSPFv3) has more similarities to
the previous version of the routing protocol than it does differences. Here is a sample OSPFv3 configuration. This configuration is based on
You should leverage your existing knowledge of OSPFv2 while you Figure 10-4.
study this protocol. Here are just some of the similarities between the OSPFv3
two protocols: for IPv6
12::12:1/64 A0 12::12:2/64

■ The two are so similar in nature that they can run concurrently in R1
S1/0 S1/0
R2
S1/1 S1/1
the network without problems.
13::13:1/64 24::24:2/64

■ OSPFv3 uses the same basic packet types as the previous version;
A13 A24
for example, a Database Description Packet is still used to check
for database synchronization. 13::13:3/64 24::24:4/64
S1/0 S1/0
■ The neighbor discovery process and the adjacency formation
R3 R4
process between two OSPFv3 speakers is identical to that of the
previous version. FIGURE 10-4 OSPFv3 sample configuration

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 131 Return to Table of Contents

[ 130 ]

CHAPTER 10 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

R1
Enhanced Interior Gateway Routing
R1(config)# ipv6 unicast-routing
R1(config)# ipv6 router ospf 1 Protocol Version 6
R1(config-router)# router-id 0.0.0.1 Like OSPFv3, EIGRPv6 can coexist with the previous version of the
R1(config-router)# interface serial 1/0 protocol. Also, EIGRPv6 is configured using interface configuration
R1(config-if)# ipv6 ospf 1 area 0 commands rather than the network command. Once again, link-local
R1(config-if)# interface serial 1/1 addressing is used for adjacencies. Like OSPFv3, a router ID value is
R1(config-if)# ipv6 ospf 1 area 13 required. This value is automatically taken from an interface with an
R2
IPv4 address. If there is no such interface, you must provide the router
R2(config)# ipv6 unicast-routing
ID. Also, note that the routing process has a shutdown feature and
R2(config)# ipv6 router ospf 1
defaults to the shutdown state. Finally, it is worth noting that there is no
R2(config-router)# router-id 0.0.0.2
longer any auto-summarization behavior, as in the previous version of
R2(config-router)# interface serial 1/0
R2(config-if)# ipv6 ospf 1 area 0
the protocol.
R2(config-if)# interface serial 1/1
The following configuration is based on Figure 10-5.
R2(config-if)# ipv6 ospf 1 area 24
R3 S0/0/0 S0/0/0
12::/64
R3(config)# ipv6 unicast-routing S0/0/1 S0/0/1
R1 R2
R3(config)# ipv6 router ospf 1
FA0/0 FA0/0
R3(config-router)# router-id 0.0.0.3
R3(config-router)# interface serial 1/0 13::/64 IPv6 EIGRP 100 24::/64

R3(config-if)# ipv6 ospf 1 area 13 FA0/0 FA0/0
3:1::3/64
R4 3:2::3/64
R4(config)# ipv6 unicast-routing 3:3::3/64 R3 R4
R4(config)# ipv6 router ospf 1
R4(config-router)# router-id 0.0.0.4 FIGURE 10-5 Sample EIGRPv6 configuration
R4(config-router)# interface serial 1/0 R1
R4(config-if)# ipv6 ospf 1 area 24 R1(config)# ipv6 unicast-routing
R1(config)# ipv6 router eigrp 100

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.
CCIE Routing and Switching Exam Quick Reference Sheets Page 132 Return to Table of Contents

[ 131 ]

CHAPTER 10 CCIE Routing and Switching Exam Quick Reference Sheets by Anthony Sequeira

R1(config-router)# router-id 0.0.0.1 R4
R1(config-router)# no shutdown R4(config)# ipv6 unicast-routing
R1(config-router)# interface serial 0/0/1 R4(config)# ipv6 router eigrp 100
R1(config-if)# ipv6 eigrp 100 R4(config-router)# router-id 0.0.0.4
R1(config-if)# interface fastethernet 0/0 R4(config-router)# no shutdown
R1(config-if)# ipv6 eigrp 100 R4(config-if)# interface fastethernet 0/0
R2 R4(config-if)# ipv6 eigrp 100
R2(config)# ipv6 unicast-routing
R2(config)# ipv6 router eigrp 100
R2(config-router)# router-id 0.0.0.2
R2(config-router)# no shutdown
R2(config-router)# interface serial 0/0/1
R2(config-if)# ipv6 eigrp 100
R2(config-if)# interface fastethernet 0/0
R2(config-if)# ipv6 eigrp 100
R3
R3(config)# ipv6 unicast-routing
R3(config)# ipv6 router eigrp 100
R3(config-router)# router-id 0.0.0.3
R3(config-router)# no shutdown
R3(config-router)# interface fastethernet 0/0
R3(config-if)# ipv6 eigrp 100
R3(config-if)# interface loopback 301
R3(config-if)# ipv6 eigrp 100
R3(config-if)# interface loopback 302
R3(config-if)# ipv6 eigrp 100
R3(config-if)# interface loopback 303

© 2007 Cisco Systems Inc. All rights reserved. This publication is protected by copyright. Please see page 132 for more details.

CCIE Routing and Switching Exam Quick Reference Sheets
CCIE Routing and Switching Exam Quick Reference Sheets By Anthony Sequeira ISBN: Prepared for Minh Dang, Safari ID: mindang@CISCO.COM
9781587053375 Publisher: Cisco Press Licensed by Minh Dang
Print Publication Date: 2007/05/01 User number: 927500 Copyright 2007, Safari Books Online, LLC.
This PDF is exclusively for your use in accordance with the Safari Terms of Service. No part of it may be reproduced or transmitted in any form by any means without the prior
written permission for reprints and excerpts from the publisher. Redistribution or other use that violates the fair use priviledge under U.S. copyright laws (see 17 USC107) or that
otherwise violates the Safari Terms of Service is strictly prohibited.