CCIE Routing & Switching Advanced Technologies Class

Transcript

1	Introduction	0h 43m
2	Using the Cisco Documentation	0h 52m
3	Ethernet Overview, Layer 2 Switchports, Trunking, ISL, 802.1q, DTP	0h 47m
4	VTP, VTP Authentication, VTP Pruning	1h 02m
5	VTP Prune Eligible List, VTP Transparent, VTP Troubleshooting, Trunk Allowed List, Extended VLANs	0h 48m
6	VLAN and VTP Review	0h 19m
7	SVIs, Native Routed Interfaces, Router-on-a-Stick	0h 46m
8	Layer 2 EtherChannel, EtherChannel Load Balancing, Layer 3 EtherChannel	0h 57m
9	802.1q Tunneling, Layer 2 Protocol Tunneling, EtherChannel over 802.1q Tunneling	1h 03m
10	STP Root Bridge Election, STP Root Port Election, STP Designated Port Election, STP Priority, STP Cost, STP Port-Priority	1h 46m
11	STP Review	0h 12m
12	STP Timers, STP PortFast	0h 34m
13	STP UplinkFast	0h 11m
14	STP BackboneFast	0h 12m
15	STP BPDU Filter	0h 13m
16	STP BPDU Guard	0h 11m
17	STP Root Guard	0h 11m
18	STP Loop Guard, Unidirectional Link Detection (UDLD)	0h 11m
19	Multiple Spanning-Tree Protocol (MST)	0h 40m
20	Rapid Spanning-Tree Protocol (RSTP), Rapid-PVST	0h 18m
21	MST with Multiple Regions	0h 33m
22	Flex Links	0h 16m
23	Frame Relay	0h 39m
24	Frame Relay Configuration Part 1	0h 34m
25	Frame Relay Configuration Part 2	0h 41m
26	Frame Relay Switching	0h 27m
27	Back-to-Back Frame Relay	0h 08m
28	Frame-Relay End-to-End Keepalives	0h 18m
29	PPP, PPP PAP Authentication, PPP CHAP Authentication	0h 59m
30	PPPoFR, PPPoE	0h 40m
31	Transparent Bridging, IRB	0h 32m
32	Fallback Bridging	0h 14m
33	IP Routing Overview, Switching Paths, Static Routing	0h 42m
34	Static Routing Examples	0h 25m
35	IP Default-Gateway, IP Default-Network	0h 14m
36	On-Demand Routing (ODR)	0h 07m
37	Floating Static Routes	0h 10m
38	Backup Interface	0h 29m
39	Enhanced Object Tracking, IP SLA, Reliable Static Routing	0h 21m
40	Policy Routing	0h 43m
41	GRE Tunneling, GRE Recursive Routing Errors	0h 27m
42	Reliable Backup Interface with GRE	0h 25m
43	RIP Overview, RIP Versions, RIP Auto-Summary	0h 48m
44	RIP Split-Horizon, RIP Timers	0h 22m
45	RIP Broadcast Updates, IP Directed Broadcast, IP Broadcast-Address, Smurf Attacks, Fraggle Attacks	0h 16m
46	RIP Unicast Updates	0h 03m
47	RIP Offset-List	0h 18m
48	RIP Authentication	0h 11m
49	RIP Summarization	0h 10m
50	Prefix-Lists, RIP Distribute-List Filtering, RIP Administrative Distance Filtering	0h 48m
51	RIP Default Routing, RIP Conditional Default Routing	0h 18m
52	RIP Triggered, RIP Validate Update Source,	0h 12m
53	EIGRP Overview	0h 29m
54	EIGRP Auto-Summary	0h 07m
55	EIGRP Split-Horizon	0h 11m
56	EIGRP Update Types, EIGRP Neighbor, EIGRP Passive-Interface	0h 24m
57	EIGRP Hello-Interval, EIGRP Hold-Time	0h 05m
58	EIGRP Authentication	0h 11m
59	EIGRP Time Based Authentication	0h 25m
60	EIGRP Path Selection, EIGRP Metric Weights, EIGRP Traffic Engineering	0h 47m
61	EIGRP Unequal Cost Load Balancing, EIGRP Variance	0h 19m
62	EIGRP QUERY, EIGRP Summarization, EIGRP Leak-Map	0h 28m
63	EIGRP Stub Router Advertisement	0h 22m
64	EIGRP Default Routing	0h 13m
65	EIGRP Route Filtering	0h 11m
66	EIGRP Router-ID	0h 07m
67	Miscellaneous EIGRP Features	0h 02m
68	OSPF Overview	0h 27m
69	Establishing OSPF Adjacencies, Understanding the OSPF Database	0h 43m
70	OSPF Network Type Broadcast, OSPF DR/BDR Election, OSPF over NBMA, OSPF Network Type Non-Broadcast and Point-to-Multipoint	0h 56m
71	OSPF Network Type Point-to-Point, OSPF Network Type Mismatch	0h 13m
72	OSPF Network Type Point-to-Multipoint Non-Broadcast, OSPF Per Neighbor Cost	0h 17m
73	OSPF Network Type Loopback	0h 02m
74	OSPF Path Selection	0h 27m
75	OSPF Convergence Timers	0h 09m
76	OSPF Authentication	0h 12m
77	OSPF Summarization	0h 32m
78	OSPF Stub Areas, OSPF Totally Stubby Areas, OSPF NSSAs, OSPF Totally NSSAs	0h 40m
79	Controlling OSPF NSSA Redistribution	0h 02m
80	OSPF Type 7 to 5 Translator Election, OSPF LSA Type 3 Filter, OSPF Forwarding Address Suppression	0h 24m
81	Route Redistribution Overview	0h 36m
82	Route Redistribution Configuration & Verification, Connected Redistribution	0h 22m
83	OSPF External Path Selection, TCL PING Scripting	0h 33m
84	Routing Loops Overview, EIGRP Route Loop Prevention	0h 55m
85	Metric Based Routing Loops, Route Tagging	0h 46m
86	Administrative Distance Based Routing Loops, Debug IP Routing, IP Route Profile	0h 58m
87	BGP Overview, BGP Peering Types	0h 51m
88	Establishing BGP Peerings, EBGP Multihop, BGP Neighbor Disable Connected Check, BGP TTL Security	0h 49m
89	BGP 4-Byte ASNs	0h 20m
90	BGP Local AS, BGP Peer Groups	0h 30m
91	BGP Next-Hop Self, BGP Next-Hop Processing	0h 30m
92	BGP Route Reflectors	0h 37m
93	Large Scale BGP Route Reflectors with Clusters	0h 34m
94	BGP Confederation	0h 37m
95	BGP NLRI Advertisements, BGP Network Statement, BGP Redistribution	0h 43m
96	BGP Aggregation, BGP Aggregation & Summary-Only, BGP Aggregation & Unsuppress-Map	0h 46m
97	BGP Origin, BGP Aggregation & AS-Set, BGP Aggregation & Advertise-Map	0h 22m
98	BGP Conditional Route Injection	0h 21m
99	BGP Bestpath Selection, BGP Multipath, BGP Weight	0h 53m
100	BGP Local Preference, BGP Local Preference and Communities, BGP AS-Path Prepending,	0h 30m
101	BGP MED, BGP MED Missing As Worst, BGP Deterministic MED	0h 34m
102	BGP Communites, BGP Regular Expressions	0h 43m
103	BGP Filtering, BGP Convergence Timers, BGP Default Routing, Miscellaneous BGP Features	0h 24m
104	MPLS Overview, MPLS Label Distribution Protocol (LDP)	1h 05m
105	MPLS Tunnels, MPLS Penultimate Hop Popping (PHP)	0h 40m
106	MPLS Layer 3 VPNs Overview, VRF Lite	0h 36m
107	MPLS Layer 3 VPNs and VPNv4 BGP	1h 08m
108	MPLS Layer 3 VPN Verification & Troubleshooting	0h 49m
109	MPLS Layer 3 VPN OSPF PE-CE Routing Overview	0h 06m
110	MPLS Layer 3 VPN OSPF PE-CE Routing Path Selection & Sham-Links	2h 01m
111	MPLS Layer 3 VPN OSPF PE-CE Routing Loop Prevention & Down-Bit, OSPF Capability VRF-Lite	0h 40m
112	IPv6 Overview, IPv6 ICMPv6 ND, IPv6 over NBMA	0h 44m
113	IPv6 Routing Overview, IPv6 Static Routing	0h 28m
114	IPv6 RIPng	0h 20m
115	IPv6 EIGRPv6	0h 09m
116	IPv6 OSPFv3	0h 31m
117	MP-BGP for IPv6	0h 26m
118	IPv6 Tunneling	1h 13m
119	Multicast Overview, IGMP	0h 34m
120	PIM Overview	0h 18m
121	PIM Dense Mode	1h 03m
122	PIM Sparse Mode	0h 30m
123	PIM Sparse Mode Configuration	0h 36m
124	PIM Sparse Mode RPF & RP Troubleshooting	0h 27m
125	Auto-RP, Multicast over GRE Tunnels	0h 53m
126	Bootstrap Router (BSR), Bidirectional PIM, Source Specific Multicast (SSM)	0h 40m
127	MSDP, Anycast RP	0h 27m
128	IPv6 Multicast Routing	0h 24m
129	QoS Overview, IntServ QoS, DiffServ QoS, IP Precedence, DSCP, MQC, HQF	0h 41m
130	MQC Classification	0h 44m
131	FIFO, FQ, WFQ, CBWFQ, HQF	0h 50m
132	LLQ	0h 23m
133	WRED	0h 31m
134	Traffic Shaping, Traffic Policing	0h 40m
135	Frame Relay Traffic Shaping (FRTS)	0h 33m
136	RSVP	0h 07m
137	Catalyst 3560 QoS	1h 00m
138	IOS Security Overview, Access Lists (ACLs)	0h 58m
139	Time Based ACLs, Dynamic ACLs	0h 33m
140	Reflexive ACLs	0h 21m
141	TCP Intercept, Content Based Access Control (CBAC)	0h 34m
142	Zone Based Policy Firewall (ZBPF)	1h 09m
143	AAA, Local Authentication, Local Authorization, Role Based CLI Access	0h 43m
144	Port Security, Static CAM Entries, Storm Control, 802.1X Authentication, PACLs, RACLs, VLAN Access Maps (VACLs)	0h 48m
145	DHCP Snooping, Dynamic ARP Inspection (DAI), IP Source Guard	0h 12m
146	Protected Ports, Private VLANs	0h 25m
147	IP Services Overview, HSRP	1h 10m
148	VRRP, GLBP	0h 28m
149	NAT	0h 42m
150	DHCP, DNS	0h 30m
151	NetFlow	0h 09m
152	WCCP, Miscellaneous IP Services	0h 06m
153	System Management Overview, NTP, NTP Authentication	0h 24m
154	SNMP, RMON	0h 38m
155	Syslog, Telnet, SSH, Banners	0h 21m
156	EEM Scripting, Miscellaneous System Management	0h 26m
Total Duration		81h 59m

Slides - Diagrams

Slides - Introduction

Slides - Ethernet Switching

Slides - Advanced Ethernet Switching

Slides - Frame Relay

Slides - PPP

Slides - Transport Bridging

Slides - Redistribution

Slides - IOS Security

Slides - Layer 2 Security

Slides - IP Services

Slides - System Management

0:00:13	In our next section here, we're gonna look at
0:00:18	where with our previous examples,
0:00:20	we saw that all of the routing
0:00:23	So again, whenever the
0:00:26	it looks at the destination address.
0:00:29	It tries to find what is the longest match
0:00:34	versus the routes that are
0:00:37	So, whichever the routing entry
0:00:40	is gonna be chosen as the longest match.
0:00:43	Now, with policy routing,
0:00:45	we can override this normal
0:00:49	by matching on sources address,
0:00:53	protocol type, or the incoming interface.
0:00:56	So essentially, anything that we can classify
0:01:02	we can use this for policy base routing.
0:01:05	So, the key with this would be if that we
0:01:10	and route our voice over IP
0:01:14	we have the ability to do that.
0:01:16	Now, the disadvantage of using feature...
0:01:18	is that the configuration
0:01:21	So, it's not very scalable as compared
0:01:26	And also, most of the platforms do not
0:01:31	There are some particular cases where the higher level
0:01:37	Like on the 6500 or the 7600
0:01:40	depending on the particular
0:01:44	but for the lower level
0:01:48	those are not gonna support hardware
0:01:51	So, most of this is going to have to fall
0:01:57	So, if you are implementing this,
0:01:59	and you're looking at you device utilization,
0:02:05	policy routing could be one
0:02:08	Now, when we're defining PBR,
0:02:11	the first step would be
0:02:15	This is what defines what is the criteria for
0:02:21	So, we create a route map.
0:02:23	Specify either the permit or deny logic,
0:02:26	and then, use the match
0:02:31	Now, for anything that is a permit,
0:02:33	it means that policy routing will occur. Anything that
0:02:39	but instead simply that it
0:02:43	So, with the route map just
0:02:46	we do have an implicit deny at the end,
0:02:49	so, something is not explicitly permitted and
0:02:54	then, it's gonna fall back to the normal
0:02:59	The most common matches that we
0:03:03	to match where the packets came in,
0:03:07	And the IP address, which is going
0:03:11	It could be either a standard access list or we
0:03:16	or it could be an extended access list if we
0:03:21	or any type of Layer 4 information
0:03:26	Once we define what type of traffic
0:03:29	should be subject to the policy,
0:03:30	then we define where the
0:03:33	based on the set options.
0:03:36	Mainly, we're going to set either the next
0:03:42	Now, we do need to take into account what
0:03:47	If it is a multipoint broadcast
0:03:51	it means that the router would have
0:03:56	So, typically, the set interface should only
0:04:01	Either point-to-point
0:04:04	or point-to-point links
0:04:09	Now, we also have the option to set the
0:04:16	This would mean that if there is
0:04:20	that we would fall back
0:04:24	So, we can actually use a combination
0:04:29	Now, documentation wise, if we
0:04:37	this would be considered a Routing
0:04:41	So, if we look at the...
0:04:43	under IP, Routing Protocol
0:04:49	then, we see there's some options for
0:04:53	and multiple tracking options.
0:04:56	The normal configuration
0:04:58	the basic configurations though.
0:05:00	So, Enable Policy Base Routing.
0:05:03	We could see some versions support
0:05:06	So, it means that once you do
0:05:10	then, the router can use the route cache
0:05:12	to try to speed up the
0:05:15	There's two different
0:05:19	when we actually apply policy routing.
0:05:21	One of them is going to be
0:05:25	One of them would be for
0:05:28	Where when we apply the policy
0:05:32	that is going to be looking
0:05:36	So, policy routing is inbound
0:05:40	If we apply it with the IP
0:05:43	this is going to affect locally
0:05:47	So, ping or telnet anything that the
0:05:54	Now, I believe that the newer
0:05:57	but I have seen in the past some of the older IOS
0:06:02	against the local policy routing of
0:06:06	So, you need to watch out for this.
0:06:10	where you're trying to do policy
0:06:15	And we have a couple different outgoing
0:06:21	We have Fast Ethernet 0/0.
0:06:24	And Fast Ethernet 0/1.
0:06:28	And we want to apply some
0:06:31	based on criteria packets being
0:06:36	we either want to route
0:06:42	This would be for the
0:06:45	at the link level.
0:06:47	So, this is gonna control the transit traffic.
0:06:50	If we wanted to affect the locally generated traffic
0:06:56	The problem is here that if I set on router 1,
0:06:59	let's say that "For all ICMP traffic,
0:07:03	I want to send it out Fast Ethernet 0/0."
0:07:07	If I created a policy that says...
0:07:08	Route Map...
0:07:12	Default.
0:07:15	And Set Either Interface
0:07:20	and whatever is reachable
0:07:23	I'll say 1, 2, 3, 4,
0:07:25	and then, apply this as a local policy route.
0:07:29	In some of the older versions, this
0:07:33	So, this means that if we were
0:07:39	to exchange normal dynamic routes
0:07:42	it means that RIP updates that were
0:07:47	would actually get caught by the policy
0:07:52	The result of this is a break in the control plane.
0:07:56	It's essentially a configuration error on our part
0:08:00	where we would not exclude...
0:08:03	the packets that we do not
0:08:05	But I believe the newer versions have fixed this where
0:08:11	Because it doesn't make sense why
0:08:14	that is supposed to go out the serial
0:08:18	So, it should just be for...
0:08:20	like telnet, ping, traffic, SSH
0:08:23	that we would want to be
0:08:27	But the inbound policy routing should not be an issue,
0:08:33	So, let's take a look at this
0:08:38	where we want to decide
0:08:39	when a traffic is received in
0:08:45	do I want to route these packets out
0:08:48	the point-to-point link to router 4,
0:08:51	or do I wanna route it out to...
0:08:53	some destination on the frame relay.
0:08:57	Now, to make sure that the destinations,
0:09:01	that they are able to respond back,
0:09:04	I'm simply gonna enable some basic
0:09:09	Okay, we'll say that we'll run Just
0:09:12	So first, let's go to...
0:09:16	the command line.
0:09:17	And on all of the routers,
0:09:20	I'll do a shortcut for this by
0:09:23	access server down to all of
0:09:28	So, I'll say, Send Star (*),
0:09:31	which means all lines, all TTY, VTY, console
0:09:38	I'll say, "Go to global config.
0:09:41	Make sure that the routing process is on."
0:09:44	Run EIGRP Process 1
0:09:47	with No Auto-Summary,
0:09:49	and then run the process everywhere.
0:09:56	So, a pretty simple config
0:09:59	If you really don't care about what's
0:10:02	and you just wanna test other features,
0:10:05	you could do this for RIP or EIGRP.
0:10:08	Then, once everyone accepts these commands,
0:10:10	we should be able to get basic IP
0:10:16	If we were to look at switch...
0:10:20	4 for example,
0:10:22	we should be learning now
0:10:28	and this should be about the entire topology.
0:10:30	So, if we go to switch 4,
0:10:32	and look at the Show IP Route EIRGP,
0:10:38	we see essentially that every prefix
0:10:43	So, I should not have any trouble trying to ping...
0:10:44	Let's say, switch 3's loopback 150.10.7.7.
0:10:53	Now, if I trace the path to this,
0:10:56	this is gonna show us how most of
0:11:00	So, from switch 4 to switch 3,
0:11:04	first, the packets are routed to switch 2.
0:11:09	From switch 2 to router 5.
0:11:12	Then, from router 5 to router 3.
0:11:17	So, over this way.
0:11:19	Then, the switch 1, and then
0:11:25	So, with policy routing,
0:11:26	typically, what we would use this for
0:11:32	forwarding result.
0:11:33	So, we know what the default is now that if
0:11:38	the traffic is gonna be routed
0:11:42	But I wanna change this,
0:11:46	We're gonna redirect these packets.
0:11:47	So that when router 5 receives them.
0:11:49	they go this direction up to router 4
0:11:52	as opposed to directly to router 3.
0:11:56	So, the first thing we need to do
0:12:00	that we want to redirect.
0:12:03	Let's say that we'll do this for pings.
0:12:06	So, I'm gonna match on ICMP traffic.
0:12:10	I could say that it's coming from
0:12:14	I could define whatever granularity that I want.
0:12:20	you can use that as the
0:12:24	In this case, just for simplicity sake,
0:12:29	So first on router 5,
0:12:31	we then need to define what is this criteria.
0:12:35	We'll start with an access list.
0:12:38	Access list 100 says "Permit...
0:12:40	ICMP from any source to
0:12:46	So, these are gonna be our pings.
0:12:48	Next, we have our route
0:12:54	And the default sequence will be Permit 10.
0:12:57	So, if I said Just Route Map PBR and hit enter,
0:13:02	then, it's going to be Permit 10 by default.
0:13:06	Next, I need to match this
0:13:10	IP Address 100. So, that's the
0:13:15	And then, what are we gonna do with the traffic?
0:13:21	or set the IP next hop.
0:13:26	Now, technically, you could also use
0:13:30	For QoS classification, I could say
0:13:36	Typically, you don't do this though. It would
0:13:42	but technically, you can.
0:13:46	So, I'll say, what is the
0:13:48	In this case, I'm gonna go to
0:13:55	Then, last step, we're going to apply this to the
0:14:01	we'll say, IP Policy.
0:14:03	The route map's name is PBR.
0:14:09	Now, there's a couple different
0:14:12	First and foremost would be just
0:14:16	to see did any matches occur on the list,
0:14:22	The next would be
0:14:26	So, this will show for
0:14:30	that is now received in on
0:14:34	was it subject to the route map match,
0:14:41	As you can imagine then, you would not
0:14:45	or even in the lab exam if you have
0:14:48	because you could potentially overrun
0:14:54	So, you technically can do it this way, it's probably
0:14:58	In this case, we will look at the debug,
0:15:01	because there's really no other control
0:15:04	The only thing we have is just the pings.
0:15:08	Another way to check this would be
0:15:13	to see if they are actually
0:15:17	So, one thing that we could do
0:15:21	and configure in on this interface either an access
0:15:31	that is gonna be used for packet accounting.
0:15:35	So, we could create an ACL that says, "Look for
0:15:42	In the MQC, we could do the same thing.
0:15:47	in a class map and then apply
0:15:53	So, with this accounting on router 4, we would
0:15:58	or to apply any type of actual queueing.
0:16:02	We're using it just basically
0:16:04	For some sort of IP accounting.
0:16:06	We could also so net flow for this, but then, it would
0:16:12	that we could actually look at the result.
0:16:15	So, when you look at net flow on the router,
0:16:17	there's really not that much detailed information you can
0:16:23	So, in our case, we will...
0:16:26	just look at the Debug Output on router 5,
0:16:32	and then we could see the ACL
0:16:38	So, on router 4, let's create an extended access list.
0:16:42	Access List 100, that says Permit...
0:16:45	ICMP Any Any Log Input.
0:16:50	Then Access List 100, Permit Any Any.
0:16:55	We're using it just for accounting.
0:16:57	Then, this would be applied in...
0:17:00	IP Access Group 100 In.
0:17:03	On the point-to-point link that goes to router 5.
0:17:10	So now, let's send the pings. Let's ping...
0:17:12	150.10.7.7. Okay, this is switch 1's address.
0:17:19	We see, we have reachability.
0:17:22	If we look at router 5,
0:17:25	it says that there was a policy match.
0:17:30	The packet is policy routed.
0:17:32	And it was modified. So now,
0:17:38	If we look at the Show Route Map,
0:17:41	we can see that five policy
0:17:46	If we look at router 4,
0:17:49	we see the output from the log. It says,
0:17:56	port channel interface on switch 4."
0:17:59	So, that's the link that is going...
0:18:00	from switch 4 to switch 2 stat interface.
0:18:07	So, the key with this feature is that
0:18:11	for whatever criteria that is
0:18:14	The problem though is that there
0:18:19	to make sure that we're not
0:18:23	So, this means that if for some reason, router 4
0:18:33	then, we've caused a data plane
0:18:38	So, EIGRP would agree on what the
0:18:42	but the policy routing is overriding
0:18:50	So, if we were to go to router 4, and basically
0:18:57	the Ethernet link to VLAN 146
0:19:01	and the frame relay interface,
0:19:02	then, there would only be one
0:19:08	So, we go to router 4.
0:19:11	We'll say, on serial 0/0/0, we'll shut this down.
0:19:23	If we look at the Show Access List on router 4,
0:19:28	we see that right now, there have been five pings
0:19:31	that we've permitted.
0:19:35	So, it was the five pings that
0:19:39	If we try this again,
0:19:42	and we look at...
0:19:47	router 4. Let's say, Show Access List
0:19:52	The packets came in.
0:19:59	And if we look at 5,
0:20:03	we're actually not causing a loop here,
0:20:06	but it's gonna be a kind
0:20:09	What's actually happening now is that...
0:20:13	So, these two interfaces on 4 are shutdown.
0:20:18	So, the packets are going
0:20:21	Switch 2 to router 5.
0:20:23	Normally, they would go this direction.
0:20:26	So, router 5 is overriding this with the route map.
0:20:32	When 4 gets them, the only possible route to
0:20:38	So, it's gonna come in and then
0:20:42	So, technically, it is gonna make it.
0:20:46	but we wouldn't want a traffic pattern that looks
0:20:53	You might see cases where this doesn't work.
0:20:56	If router 4 has some sort of security policy
0:21:01	or they come in and go out the same interface."
0:21:05	If we were to look at the...
0:21:09	the Debug IP ICMP on router 4,
0:21:21	and we look at our log here.
0:21:28	Router 4 may be generating ICMP redirects.
0:21:33	It depends on whether they
0:21:38	Let's see, are we debugging here?
0:21:39	We are debugging to the console. Let's look
0:21:49	It says that "ICMP redirects are always sent."
0:21:57	And let's look at this. Let's go to the
0:22:02	Which then if we say,
0:22:12	this should then tell us now
0:22:17	So, CEF switching and fast switching,
0:22:22	all of those are off now.
0:22:25	So, this means now on router 4, if we
0:22:29	we would see the transit traffic as well.
0:22:34	Because remember, normally,
0:22:36	it's only gonna tell you about
0:22:41	or the locally destined traffic.
0:22:43	Because those two
0:22:47	So, if we look at our Show Debug,
0:22:51	we're debugging ICMP. Let's say Debug...
0:22:55	IP Packet as well.
0:22:58	We'll say Debug IP Packet Detail.
0:23:00	The problem with this though
0:23:02	is that depending on what's
0:23:05	we could potentially get a lot of
0:23:10	Now, in the lab exam, this may or may not matter.
0:23:15	or whether you're sending it to the log buffer.
0:23:18	If it goes to the log buffer, you can eventually
0:23:22	If it goes to the console, like it did in this case,
0:23:24	a lot of the times, it's just too confusing to
0:23:30	So, what you can do with the debug,
0:23:32	and we'll be doing this for a lot of examples
0:23:36	is to filter the debug output
0:23:41	that permits the specific
0:23:46	So, in this case, I only wanna see
0:23:51	or I could say the output that is not EIGRP.
0:23:55	Because most of these stuffs here,
0:23:59	that's the EIGRP control plane.
0:24:02	I don't wanna see that
0:24:04	because it doesn't have anything to do
0:24:08	So, there's two ways I could do this. I could
0:24:12	Or I could Deny what I do not want to
0:24:18	So, on router 4, we'll say,
0:24:24	Because EIGRP has its own IP protocol
0:24:28	And then we'll say, Access List
0:24:34	Then, this Access List will use it for the
0:24:39	So, Debug IP Packet Detail 101.
0:24:45	Now, when switch 4 sends its pings,
0:24:49	router 4 should see the output for this,
0:24:52	because of two reasons.
0:24:54	First, we have CEF disabled, which means
0:25:03	And that the access list
0:25:07	So, the ICMP is falling down
0:25:12	which was the Permit IP Any Any.
0:25:16	So, if we look at the result of this,
0:25:21	router 4 says that, "I received...
0:25:25	a packet that is coming
0:25:30	Let's undebug now.
0:25:41	So 4 says, "I received a packet that came
0:25:46	It came in on serial 0/1/0.
0:25:50	It's going to this particular destination.
0:25:55	Then, we should see our routing lookup occur.
0:25:58	It says, "We're routing the packet...
0:26:02	from that particular source
0:26:06	And the destination happens
0:26:12	which means that the incoming interface,
0:26:15	and the outgoing interface is the same.
0:26:19	A lot of times, this should not
0:26:23	Because it can be used for
0:26:28	So, it's possible that someone
0:26:32	to get traffic to forward in and
0:26:37	which really is not valid in
0:26:40	There's no reason that our actual
0:26:45	from...
0:26:49	from switch 4 to router 4,
0:26:52	then out and back in the same link.
0:26:55	It's only because we are overriding the
0:27:00	that we have this misconfiguration.
0:27:04	Now, if router 4 had
0:27:07	or router 5 has a policy coming in,
0:27:11	that say, "Maybe ICMP traffic coming in from
0:27:16	Then, we could break the connectivity.
0:27:20	So, the idea behind this is that you need to have full
0:27:26	before you change the policy
0:27:28	to override the routing table.
0:27:30	Because we can assume that if
0:27:33	they have built a loop-free topology.
0:27:35	But if we're doing it manually, like if we
0:27:39	we would have to manually do that calculation.
0:27:44	So, this would be one option then. Our...
0:27:47	policy routing that is for the inbound traffic.
0:27:51	Again, if we look at the...
0:27:54	the route map here.
0:27:58	It says, "If access list 100 is true,
0:28:02	where access list 100 is ICMP echoes, then,
0:28:11	Now, the next option would be to...
0:28:14	either set the traffic based on the interface.
0:28:19	So, instead of saying, Set IP Next Hop towards router 4,
0:28:30	This of course would not be valid
0:28:36	because then, we would have a
0:28:42	So, it would be fine in this
0:28:46	Instead on setting the next
0:28:51	we could just say, Set Interface Serial 0/1/0.
0:28:57	Then, if we send out pings again,
0:29:01	router 5, "The policy match...
0:29:04	and the traffic was routed
0:29:07	towards serial 0/1/0, that's fine.
0:29:10	But if we were to do the same route map,
0:29:16	and say, instead of setting the interface to
0:29:27	It says, "Warning: Use point-to-point interface
0:29:31	Let's see if it actually took this though.
0:29:34	So, the parse is giving us an error message
0:29:39	But if we Show Run Section Route Map,
0:29:44	it did allow us to do it,
0:29:47	but now, when we try to send the packets,
0:29:53	let's see what router 5 says.
0:29:59	This is the source.
0:30:01	The destination is on serial 0/0/0.
0:30:13	the packets are being routed.
0:30:15	Let's look at it on 5. Let's look at
0:30:20	Let's see what DLCI number
0:30:25	the routing.
0:30:27	So, let's send these pings.
0:30:30	Then, on router 5,
0:30:41	hmmm... 5 doesn't show it here.
0:30:45	So, what the issue is now is that
0:30:50	5 is saying in the route map,
0:30:54	But it doesn't know what the next
0:30:58	So, how is it gonna choose between which of
0:31:05	Normally, we would just set
0:31:08	Like if we say that the next
0:31:11	then, router 5 should know, to get
0:31:16	That's what our Layer 3 to
0:31:19	But in this case, we're saying, "Just to use
0:31:24	it's the same type of problem we saw before when
0:31:31	So, it may be in this case that it's using the
0:31:38	Let's take a look on router 3,
0:31:41	and see if router 3 is the one
0:31:45	So, on router 3, let's say...
0:31:49	"On serial 1/0.1", this is out point-to-point
0:31:57	we'll do accounting on the interface.
0:31:59	So, I need an access list.
0:32:04	Permit ICMP Any Any. Log..
0:32:09	Access List 100 Permit IP Any Any.
0:32:15	Then, at the link level,
0:32:22	Let's see if switch 4...
0:32:25	Or actually router 3, let's see
0:32:28	Okay, so 3 is getting it.
0:32:29	Probably, what this means then...
0:32:31	is that when 5 goes to
0:32:38	if we say, Show...
0:32:43	Let's undebug here first.
0:32:44	Show IP Route 150.10.7.7.
0:32:56	Router 5 says the next hop is 3.
0:33:00	So, even though when we look
0:33:06	the policy routing says, "Set the
0:33:12	Probably what's happening is that it's also
0:33:19	If we were to...
0:33:22	not to have EIGRP adjacencies
0:33:27	so, let's say...
0:33:30	Let's say on router 5, let's change
0:33:32	Let's turn EIRGP off on this link.
0:33:40	And instead, we'll have EIGRP just
0:33:45	So, on router 4, I'm gonna
0:33:54	So, on 4, let's say...
0:33:56	On f0/1,
0:34:05	No Shut. And then on serial 0/0/0, No Shut.
0:34:11	Then, on router 5, under the EIGRP process,
0:34:18	0/0/0.
0:34:19	So, this is gonna stop us from
0:34:32	So now, on router 5, let's look at what
0:34:37	It should be via router 4, which it is.
0:34:41	So, from 5's perspective, we shouldn't have
0:34:47	So, we now wanna know what happens if
0:34:52	Now, it's gonna get dropped.
0:34:56	So, the issue here is that...
0:34:58	And let's make sure the policy is actually
0:35:02	And then, Debug Frame Relay Packets.
0:35:09	So, 5 is receiving...
0:35:12	the packet in. It says "It's coming from...
0:35:16	switch 4. It's going to switch 1."
0:35:20	It is ICMP, so the policy matches.
0:35:23	We route it towards the
0:35:27	Now, the routing process is done.
0:35:31	The very last statement is an
0:35:36	It says, "Encapsulation is failing,
0:35:42	I don't know what frame relay DLCI to use."
0:35:47	So, you can do this implementation.
0:35:50	It is okay when you look at the
0:35:53	It is okay to say Set
0:35:57	as long as you take into account any type
0:36:03	Now, I could do kind of a hack on this.
0:36:08	and say, Frame Relay Map
0:36:14	and let's say I send this
0:36:18	We'll say, out 502.
0:36:24	This should then mean that when
0:36:31	then, 5 is gonna send them towards 2.
0:36:35	So, let's Debug...
0:36:38	Frame Relay Packets, and Debug...
0:36:45	IP Policy.
0:36:49	Let's see if we get the hits there.
0:36:51	So, 5 gets the packets.
0:36:55	But it says, "Encapsulation failed.
0:37:00	Okay, so that means that frame
0:37:03	If we look at the interface level,
0:37:07	the mapping is there, but the process
0:37:15	So, this example I showed before where...
0:37:17	we could do a hack on the routing process that if the
0:37:23	technically, you could do this to get around
0:37:28	But there's really no reason why
0:37:32	So, what I really should change here if I want to
0:37:39	what would I need to change in the policy?
0:37:47	Because again, the problem is...
0:37:50	when router 5 goes to send the
0:37:54	it doesn't know what DLCI value to use.
0:37:57	That's what the encapsulation failed message
0:38:02	and the Debug IP Packet.
0:38:08	So, what we would need to change is that...
0:38:11	we should not be policy routing
0:38:16	So, in this policy if I said, instead of Set
0:38:24	then, based on that, router 5 could infer...
0:38:27	what's the Layer 2 neighbor that we're
0:38:32	Okay, there's a question here,
0:38:35	such that it falls back to the routing
0:38:42	so let's look at that on router 5.
0:38:46	the policy routing. So that we go back to the...
0:38:53	we go back to the point-to-point link to router 4.
0:38:58	So, let's say, Do Show Run Section Route Map.
0:39:07	So, under the policy, I do not want to
0:39:13	Or, I don't wanna set the interface to the frame relay,
0:39:21	Then, under our EIGRP process,
0:39:25	we'll say No Passive Interface Serial 0/0/0.
0:39:28	So, this is refering the routing
0:39:37	So now, if we were to look at the
0:39:39	it's gonna say, "To get to switch 1,
0:39:46	We now have the policy routing say that,
0:39:55	But if we were to look at
0:39:59	let's say a traceroute from switch 4,
0:40:02	when I ping the destination
0:40:07	this is gonna use two different paths.
0:40:16	So, the pings are policy routed,
0:40:19	Because the outbound packets and the traceroute,
0:40:25	So now, let's see on router 5,
0:40:32	We should see that when we send pings,
0:40:35	let's just send one packet.
0:40:39	5 says, "This is policy routed
0:40:43	When 4 gets it, we see that
0:40:45	Okay, the packets came in...
0:40:47	going towards 150.10.7.7.
0:40:52	But now, what happens if that link is down?
0:41:03	So now, the link is down, we have
0:41:07	The policy route by default...
0:41:10	is gonna figure this out.
0:41:13	So, if we use a set criteria
0:41:17	that points to a next hop value or an interface
0:41:24	then, the policy is gonna be rejected.
0:41:28	So, in this case, when we look at the
0:41:33	It says, "When packets come in matching access
0:41:41	If we Show IP Route Connected,
0:41:44	serial 0/1/0 is not there, because the
0:41:50	So, it means that even though
0:41:53	the router figures out that
0:41:56	If the link status is down, there's no way
0:42:01	Now, the problem with this...
0:42:03	is what if you try to policy route over an interface
0:42:06	that you can't tell based on the line protocol status
0:42:11	whether the neighbor is actually there or not.
0:42:14	So, it's the same type of problem we have before
0:42:17	when we're looking at the static routing
0:42:23	where the physical link status is not a good
0:42:30	So, this type of case would be if...
0:42:37	let's say that from router 1's perspective,
0:42:42	we want packets that come in this direction
0:42:45	that are going towards switch 1.
0:42:50	We want them to route to router 6
0:42:58	Where the normal forwarding path would be...
0:43:01	Once they get to 5, 5 send them to 1.
0:43:10	Now, we could do this by...
0:43:12	Let's say on router 3, we disable...
0:43:19	Let's see, let's disable these two interfaces.
0:43:23	So, it should be shorter,
0:43:25	and this is gonna depend on what the routing metric is.
0:43:29	We want it to be shorter to go
0:43:35	But router 1 is gonna make us go the long way.
0:43:37	So, we're gonna policy route the packets over to 6.
0:43:41	Then, 6 will send them back around this direction.
0:43:45	So first, let's see, is this even gonna be
0:43:51	What I would need to validate...
0:43:52	is on this portion of the network,
0:43:56	between router 6, switch 1 and router 3,
0:43:59	do they all agree that form 6 to 3,
0:44:07	If 6 says that I should go this direction to router 1,
0:44:11	again, we don't wanna route the traffic
0:44:15	It doesn't make sense.
0:44:18	But since policy routing is only locally significant,
0:44:21	we have to validate that the control
0:44:29	So, there's no protection mechanisms built in for us
0:44:31	to make sure that we're not
0:44:36	So, on router 6, let's say...
0:44:39	When I trace to...
0:44:42	the loopback of router 3, which way do I go?
0:44:45	Okay, I go to switch 1, and then I go to router 3.
0:44:47	So, that's following the path that I want.
0:44:51	Now, let's see what does router 1 do.
0:44:55	If we trace 150.10.3.3,
0:45:04	The reason why, if we look at the
0:45:15	It's gonna be based on the very low bandwidth
0:45:19	of that serial link that's between 1 and 3.
0:45:25	So, we see that if we were to go
0:45:29	it says, "The minimum bandwidth
0:45:32	but if we go over to the point-to-point
0:45:39	So, what I could do to change this,
0:45:43	On this interface, it will be really, really high.
0:45:49	So, on router 1, let's go
0:45:52	And we'll say the delay is...
0:46:00	Then, we'll Clear IP EIRGP Neighbors.
0:46:03	That's gonna cause us to recalculate.
0:46:07	Now, if we look at our route to router 3,
0:46:13	now, we're going directly to 3.
0:46:14	Okay, which is what we want.
0:46:20	Then, on router 3, Im gonna shut those other two
0:46:26	and the one that goes to router 2.
0:46:29	Let's go to serial 1/0, that goes to the
0:46:34	And then, serial 1/2. We'll shut this down.
0:46:39	So now, the final result is if I were to go
0:46:47	it should be going from switch 4 to
0:46:55	Then, from 1 directly to 3.
0:47:04	So, 5 is sending this to router 4.
0:47:07	Which is what I do not want.
0:47:10	I want this to go...
0:47:14	from 5 to 1,
0:47:17	why would it go to 4? Because
0:47:23	Or actually, high bandwidth on the Ethernet.
0:47:29	Same thing on router 4 that I did on 1.
0:47:31	I'm gonna set the delay of this
0:47:42	So, the key is that when
0:47:46	you need to make sure that you understand
0:47:50	Because if you don't know where
0:47:53	then, you really can't verify whether your
0:47:59	There's a question here, "Can we change
0:48:02	We could do that.
0:48:04	But remember with EIGRP,
0:48:09	on a hop by hop basis, like it is with OSPF.
0:48:11	You're looking at the lowest
0:48:15	So, if I change the bandwidth, I'd really have
0:48:21	and then, go to that link and raise it.
0:48:27	So, normally, when we do
0:48:30	it's easier just to change the delay.
0:48:35	So now, let's again...
0:48:38	Check this final result.
0:48:44	to 2? I though I disabled
0:48:47	Oh, I shut the wrong interface down
0:48:52	This should be s1/3.
0:49:01	Okay. So now, I'm getting the path that I want.
0:49:04	So, it's going from switch 4,
0:49:08	switch 4 to switch 2 to router 5
0:49:12	That's what we see in the red here.
0:49:15	What we're gonna do next is on router 1,
0:49:20	redirect the traffic to router 6.
0:49:28	We are gonna change the decision
0:49:33	let's make it go to 6.
0:49:34	And go this direction.
0:49:39	So next thing on router 5, I'm going
0:49:45	So, we'll say on Fast Ethernet 0/0,
0:49:49	No IP Policy Route Map PBR.
0:50:04	Capital PBR.
0:50:16	So now, router 5 is doing
0:50:18	Okay, next on router 1,
0:50:22	we're going to classify the traffic,
0:50:28	We'll say, and actually,
0:50:31	becuase then we can see the
0:50:35	So, let's say access list 100
0:50:40	And it's gonna be all ICMP.
0:50:46	Permit ICMP Any Any.
0:50:47	Then we have our route
0:50:55	That by default is permit 10.
0:51:00	We'll say "Set IP next hop"
0:51:09	Then this is gonna be applied in
0:51:13	on the link to the frame relay network.
0:51:23	This is the point-to-point link
0:51:27	So, on this link, let's say IP policy
0:51:31	route map is... then the name,
0:51:37	Now, you'll see in a lot of my examples
0:51:42	for user defined options like route
0:51:48	I try to keep everything for the
0:51:54	because when you look
0:51:56	you can then tell what was a user
0:52:01	versus a keyword in the parser.
0:52:05	Because if you look at all the syntax
0:52:10	But here, I'm saying that the route
0:52:17	So, it makes it a little bit easier to
0:52:20	and then whatis just a
0:52:27	Okay, so on 1, let's
0:52:31	So, is this traffic actually
0:52:35	We see, we have the
0:52:40	switch 4 to switch 2...
0:52:44	to router 5...
0:52:47	to router 1...
0:52:50	to router 3.
0:52:53	So, if this is working,
0:52:56	they should be redirected to 6
0:52:58	then from 6 to switch 1
0:53:04	and then from switch 1
0:53:15	Which they did.
0:53:18	So we see, after router 1,
0:53:25	Which is fine, this is what we would expect,
0:53:29	If we look at the Show route map,
0:53:31	it just says that if this access list...
0:53:33	actually, it didn't even call the access
0:53:36	I siaid, "Set the next hop to router 6."
0:53:40	Which is fine, it just means that all
0:53:44	Now, the problem though is what
0:53:53	This is not gonna signal the line
0:54:00	So, router 1 does not know that the Layer 3 neighbor
0:54:09	So, if we go to router 6,
0:54:12	and on this Ethernet, we just
0:54:20	Router 1 is not automatically going to
0:54:25	When we look at the debug IP policy,
0:54:29	it says that this traffic is
0:54:33	we're forwarding it towards router 6.
0:54:37	The problem though is that when we try to
0:54:56	So now, we need to figure
0:54:59	the policy routing with some
0:55:05	to make sure that the next hop were forwarding
0:55:13	We saw what the point-to-point link
0:55:17	that if router 4 shuts this link down,
0:55:21	router 5 knows it's not supposed
0:55:25	because if the link is
0:55:26	it means that route
0:55:29	So router 5 says, "Eventhough the
0:55:33	the policy route is rejected," and we
0:55:39	But the problem now is that
0:55:41	there's nothing wrong
0:55:44	It's the remote sites problem and we
0:55:53	This is where the reliable policy
0:55:58	So, if we look at the configuration guide for
0:56:04	there used to be a way to do this,
0:56:09	But through CDP, there was,
0:56:16	QoS, let's just search for CDP.
0:56:22	Which is the set IP next
0:56:31	So, on router 1,
0:56:37	Show Run Section Route Map.
0:56:44	And in this route map,
0:56:50	we'll say, "Set IP next hop but also
0:56:57	So, these versions do still support this.
0:56:59	What this means is that router 1 is now
0:57:04	to see on Fast Ethernet 0/0,
0:57:10	is router 6 actually a neighbor?
0:57:13	So, not really router 6,
0:57:16	So, is there a neighbor on that
0:57:22	The problem with this though, even if
0:57:28	on this interface, which is router 1's
0:57:40	who is the CDP neighbor here?
0:57:43	Router 1 CDP neighbor is not
0:57:47	it's gonna be whatever the
0:57:50	So in this case, it's switch 1.
0:57:54	So, if we were to do the verify
0:57:58	that's not gonna work in the first place.
0:58:00	Where that would work is if you're
0:58:07	So, let's say that on router 5, we say
0:58:11	I'm forwarding it out towards router 4.
0:58:14	But I'm going to verify that on this link.
0:58:19	there's a CDP neighbor that
0:58:22	That would be fine.
0:58:24	For Ethernet, it doesn't make sense though
0:58:29	It would only work if the switch
0:58:34	So, we could kinda do a stupid router
0:58:41	for CDP, when it comes in,
0:58:44	I wanna froward this out towards router 6
0:58:52	To say that as CDP comes in,
0:58:56	And then 6 on the way back.
0:58:59	So, you could get it to work. It's kinda going
0:59:03	What the best way to do this would be
0:59:09	So, like we saw before
0:59:14	That the enhanced object tracking, since
0:59:20	or the embeded event manager,
0:59:22	which will give us application
0:59:27	So not only is the link up that
0:59:30	Can I connect to a TCP server?
0:59:33	For voice over IP, what's the
0:59:37	So, there's a lot of more
0:59:42	So, for policy routing, we could
0:59:47	to say that for this route map,
0:59:55	Set the next hop towards
0:59:58	But I wanna verify availability
1:00:04	or IP SLA then IP SLA agreement,
1:00:06	with IP SLA feature,
1:00:10	I'm gonna assume
1:00:13	So, we'll say IP SLA 1,
1:00:19	IP SLA monitor 1.
1:00:22	The type is...
1:00:31	The type is echo
1:00:35	So, you could see on router 1,
1:00:37	the syntax is different
1:00:41	So, it depends on the individual
1:00:45	So, the protocols ICMP,
1:00:51	It'll come from the source IP
1:01:00	The frequency is every 5 seconds.
1:01:05	The timeout is 2000
1:01:11	Okay, in the meantime on router 6,
1:01:14	So that the pings
1:01:19	Next, router 1 is gonna
1:01:21	we'll say "IP SLA monitor 1...
1:01:27	IP SLA...
1:01:31	IP SLA monitor schedule.
1:01:34	So you can see the order of command
1:01:38	IP SLA monitor schedule one,
1:01:40	start now, I want the
1:01:47	If we show IP SLA,
1:01:54	monitor collection statistics,
1:01:59	or statistics here. There's a lot of different
1:02:05	The key that I'm looking for
1:02:11	So, this means the
1:02:19	ping between router 1
1:02:30	Next, we're going to track
1:02:36	So, I now need to define...
1:02:39	a tracked object.
1:02:41	We'll say "Track object number 10
1:02:48	So, you can see now the syntax of the
1:02:53	Where the entry number is 1,
1:02:57	So, track 10 rtr 1.
1:03:00	That's all I need to say here.
1:03:01	Then we're gonna call it
1:03:03	So if we Show Run Route or
1:03:19	under the verify availability...
1:03:25	re-issue this command.
1:03:26	But now, I'm gonna verify this with...
1:03:34	and you could see, you can do
1:03:37	And I'm gonna do this
1:03:43	So then I should remove the first statement.
1:03:51	Show Run Section Route Map.
1:04:00	So now, we're verifying the availability.
1:04:01	If we look at the Show track 10,
1:04:07	This should then mean that the traffic
1:04:15	If router 6 goes down, depending on
1:04:21	So, do we base on how often
1:04:25	what is the time out? And then what
1:04:31	So once this changes to down,
1:04:36	it should then mean that the
1:04:43	So, if we do the trace, 1 says, "Policy is
1:04:54	So, the key with this configuration now is that
1:05:03	Because prevously it was
1:05:06	where we're just blindly forwarding
1:05:09	if the Layer 3 neighbor isn't there,
1:05:17	But with this configuration, since we're
1:05:21	which could then in turn call either the IP SLA
1:05:28	It's giving us more application

Now Viewing

CCIE Routing & Switching Advanced Technologies Class
Title:	CCIE Routing & Switching Advanced Technologies Class
Duration:	81h 59m
The CCIE Routing & Switching Advanced Technologies Class is the first step in understanding CCIE level technologies and is a companion to the Advanced Technologies Lab Workbook. Each technology you need to know for the CCIE Routing & Switching lab will be described in detail using an instructor led hands on demonstration. The class consists of over 80 hours of in depth explanations and examples.
Get instant access to our entire library!
$159/month	Add to Cart
Download this Course
$299.00	Add to Cart

Policy Routing

Create Bookmark