Upload
techcw
View
220
Download
0
Embed Size (px)
Citation preview
7/31/2019 Preparing SP lab-part1 22Dec08 d-3927.pdf
1/29
Preparing for the Cisco CCIE Security Provider Lab Exam 1Posted to the Cisco Learning Network www.cisco.com/go/learningnetwork 2008 Cisco Systems, Inc. All rights reserved.
Preparing for theCisco CCIE Service Provider Lab Exam
Part I of III
7/31/2019 Preparing SP lab-part1 22Dec08 d-3927.pdf
2/29
Preparing for the Cisco CCIE Security Provider Lab Exam 2Posted to the Cisco Learning Network www.cisco.com/go/learningnetwork 2008 Cisco Systems, Inc. All rights reserved.
This presentation is the first of a three-partintroduction to the Cisco CCIE ServiceProvider lab exam.
Although this presentation is not to beconsidered a course, it will give you someuseful information and tips for preparing totake your lab exam.
Disclaimer
7/31/2019 Preparing SP lab-part1 22Dec08 d-3927.pdf
3/29
Preparing for the Cisco CCIE Security Provider Lab Exam 3Posted to the Cisco Learning Network www.cisco.com/go/learningnetwork 2008 Cisco Systems, Inc. All rights reserved.
Topics
PART III
PART II
PART I
Sample QuestionsSession 8
SP MulticastSession 6
Resources and Test-Taking TipsSession 9
MPLS, VPN, and TESession 5
QOS and SecuritySession 7
BGP ProtocolSession 4
IGP ProtocolSession 3
Layer 2 ProtocolSession 2
Lab OverviewSession 1
7/31/2019 Preparing SP lab-part1 22Dec08 d-3927.pdf
4/29
Preparing for the Cisco CCIE Security Provider Lab Exam 4Posted to the Cisco Learning Network www.cisco.com/go/learningnetwork 2008 Cisco Systems, Inc. All rights reserved.
Session 1CCIE ServiceProvider LabOverview
7/31/2019 Preparing SP lab-part1 22Dec08 d-3927.pdf
5/29
Preparing for the Cisco CCIE Security Provider Lab Exam 5Posted to the Cisco Learning Network www.cisco.com/go/learningnetwork 2008 Cisco Systems, Inc. All rights reserved.
CCIE Service Provider Lab Exam:
Locations
+
Sydney
Hong Kong
San Paulo
RTP Brussels
There are seven worldwide CCIE Service Provider lab locations.
Beijing
San Jose
7/31/2019 Preparing SP lab-part1 22Dec08 d-3927.pdf
6/29
Preparing for the Cisco CCIE Security Provider Lab Exam 6Posted to the Cisco Learning Network www.cisco.com/go/learningnetwork 2008 Cisco Systems, Inc. All rights reserved.
CCIE Service Provider Lab Exam:
Equipment and Cisco IOS Version The lab may test any feature that can be configured on the
equipment and Cisco IOS versions that are listed below and thatare on the CCIE website. More recent versions may be installed
in the lab, but you will not be tested on them.
Cisco 7200 series routers
Cisco IOS 12.2S (SERVICE PROVIDER/SECURE SHELL 3DES)
Cisco 3700 series routers
Cisco IOS 12.3T (ENTERPRISE PLUS/H323 MCM)
Cisco 3600 series routers
Cisco IOS 12.3T (ENTERPRISE PLUS/H323 MCM)
Cisco 2600 series routers
Cisco IOS 12.2T (ENTERPRISE PLUS/H323 MCM)
Catalyst 3550 series switches
Cisco IOS 12.2 (IP SERVICES)
7/31/2019 Preparing SP lab-part1 22Dec08 d-3927.pdf
7/29
Preparing for the Cisco CCIE Security Provider Lab Exam 7Posted to the Cisco Learning Network www.cisco.com/go/learningnetwork 2008 Cisco Systems, Inc. All rights reserved.
Cisco Service Provider Lab Exam:
Equipment in the Rack
The equipment on the rack assigned to you isphysically cabled, and you should NOT tamper withit. Before starting the exam, confirm the workingorder of all devices in your rack.
During the exam, if any device is locked or
inaccessible for any reason, you must recover it.
When finishing the exam, ensure that all devices areaccessible for the grading proctor. Any devices that
are not accessible for grading cannot be marked andmay cause you to lose substantial points.
7/31/2019 Preparing SP lab-part1 22Dec08 d-3927.pdf
8/29
Preparing for the Cisco CCIE Security Provider Lab Exam 8Posted to the Cisco Learning Network www.cisco.com/go/learningnetwork 2008 Cisco Systems, Inc. All rights reserved.
CCIE Service Provider Lab:Logical Layout
Access Net
SP Core
ATM/Eth BB
High-end routers formmultiple AS SP core.
Low-end routers andswitches run as access
routers.
Backbone routers providediverse information
injection.
7/31/2019 Preparing SP lab-part1 22Dec08 d-3927.pdf
9/29
Preparing for the Cisco CCIE Security Provider Lab Exam 9Posted to the Cisco Learning Network www.cisco.com/go/learningnetwork 2008 Cisco Systems, Inc. All rights reserved.
CCIE Service Provider Lab Exam:
Rack Access
Comm Server
Candidate PC
Exam
Routers
Ethernet
Candidate Workstation Candidate Rack
Corp Network
7/31/2019 Preparing SP lab-part1 22Dec08 d-3927.pdf
10/29
Preparing for the Cisco CCIE Security Provider Lab Exam 10Posted to the Cisco Learning Network www.cisco.com/go/learningnetwork 2008 Cisco Systems, Inc. All rights reserved.
Session 2CCIE ServiceProvider Lab Exam:Layer 2 Protocol
7/31/2019 Preparing SP lab-part1 22Dec08 d-3927.pdf
11/29
Preparing for the Cisco CCIE Security Provider Lab Exam 11Posted to the Cisco Learning Network www.cisco.com/go/learningnetwork 2008 Cisco Systems, Inc. All rights reserved.
CCIE Service Provider Lab Exam:
Preconfiguration
The CCIE Service Provider lab exam is preconfigured with
basic Layer 2 protocol on the devices, giving the candidatemore exam time to work on service provider-specifictechnologies.
The routers and switches in your topology have these
preconfigurations: Basic IP addressing, hostname, and passwords Switching: trunk, VLAN Trunking Protocol (VTP), and VLANs
Frame Relay: data-link connection identifier (DLCI) mapping(static and dynamic)
All preconfigured passwords are 'cisco'
Do NOT change any preconfiguration on any device(s)unless explicitly stated in a question.
7/31/2019 Preparing SP lab-part1 22Dec08 d-3927.pdf
12/29
Preparing for the Cisco CCIE Security Provider Lab Exam 12Posted to the Cisco Learning Network www.cisco.com/go/learningnetwork 2008 Cisco Systems, Inc. All rights reserved.
CCIE Service Provider Lab Exam:
Layer 2 Preconfiguration Verification
Candidate is responsible for making sure that the
preconfiguration is working properly. Here are useful commands to verify pre-configuration:
show vtp domain
show vtp status
show vlans
show interface trunk
show frame-relay map
show frame-relay pvc show interface (type) (s/p.x)
7/31/2019 Preparing SP lab-part1 22Dec08 d-3927.pdf
13/29
Preparing for the Cisco CCIE Security Provider Lab Exam 13Posted to the Cisco Learning Network www.cisco.com/go/learningnetwork 2008 Cisco Systems, Inc. All rights reserved.
CCIE Service Provider Lab Exam:
Frame Relay
Terms to know:
DLCI: data-link connection identifier LMI: Local Management Interface
FECN: forward explicit congestion notification
BECN: backward explicit congestion notification DE: discard eligible
Bc: committed burst size
Be: excess burst
CIR: committed information rate
MinCIR: minimum committed information rate
Tc: committed rate measurement interval
7/31/2019 Preparing SP lab-part1 22Dec08 d-3927.pdf
14/29
Preparing for the Cisco CCIE Security Provider Lab Exam 14Posted to the Cisco Learning Network www.cisco.com/go/learningnetwork 2008 Cisco Systems, Inc. All rights reserved.
CCIE Service Provider Lab Exam:
Frame Relay (Cont.)
Features to practice:
Traffic shaping Multilink
Fragmentation
FRFR
7/31/2019 Preparing SP lab-part1 22Dec08 d-3927.pdf
15/29
Preparing for the Cisco CCIE Security Provider Lab Exam 15Posted to the Cisco Learning Network www.cisco.com/go/learningnetwork 2008 Cisco Systems, Inc. All rights reserved.
CCIE Service Provider Lab Exam:
PPP
Terms to know:
LCP: Link Control Protocol NCP: network control point
PAP: Password Authentication Protocol
CHAP: Challenge Handshake Authentication Protocol
7/31/2019 Preparing SP lab-part1 22Dec08 d-3927.pdf
16/29
Preparing for the Cisco CCIE Security Provider Lab Exam 16Posted to the Cisco Learning Network www.cisco.com/go/learningnetwork 2008 Cisco Systems, Inc. All rights reserved.
CCIE Service Provider Lab Exam:
PPP (Cont.)
Features to practice:
Authentication PPP multilink
Fragmentation and interleaving
Compression
PPPoE
7/31/2019 Preparing SP lab-part1 22Dec08 d-3927.pdf
17/29
Preparing for the Cisco CCIE Security Provider Lab Exam 17Posted to the Cisco Learning Network www.cisco.com/go/learningnetwork 2008 Cisco Systems, Inc. All rights reserved.
CCIE Service Provider Lab Exam:
ATM
Terms to know:
PVC: permanent virtual circuit
SVC: switched virtual circuit
VPI: virtual path identifier
VCI: virtual circuit identifier
ILMI: Integrated Local Management Interface
AAL: ATM adaptation layer
7/31/2019 Preparing SP lab-part1 22Dec08 d-3927.pdf
18/29
Preparing for the Cisco CCIE Security Provider Lab Exam 18Posted to the Cisco Learning Network www.cisco.com/go/learningnetwork 2008 Cisco Systems, Inc. All rights reserved.
CCIE Service Provider Lab Exam:
ATM (Cont.)
Features to practice:
PVC and SVC RFC 1577
PPP over ATM
Traffic shaping and policing
Frame Relay ATM Interworking
7/31/2019 Preparing SP lab-part1 22Dec08 d-3927.pdf
19/29
Preparing for the Cisco CCIE Security Provider Lab Exam 19Posted to the Cisco Learning Network www.cisco.com/go/learningnetwork 2008 Cisco Systems, Inc. All rights reserved.
Session 3CCIE ServiceProvider Lab Exam:
IGP Protocol
7/31/2019 Preparing SP lab-part1 22Dec08 d-3927.pdf
20/29
Preparing for the Cisco CCIE Security Provider Lab Exam 20Posted to the Cisco Learning Network www.cisco.com/go/learningnetwork 2008 Cisco Systems, Inc. All rights reserved.
CCIE Service Provider Lab Exam:
IS-IS Addressing
Area address: Variable-length field composed of high-orderoctets of the NSAP, excluding the SystemID and NSEL fields.
SystemID: Defines an ES or IS in an area; Cisco implementsa fixed length of 6 octets for the SystemID.
NSEL: Selector, also designated as N-selector; it is the lastbyte of the NSAP and identifies a network service user (transport
entity or the IS network entity itself). Example:
49.0002.0000.0000.5555.00Area = 49.0002, SysID = 0000.0000.5555, Nsel = 00
IDP
AFI IDI
DSP
High-Order DSP System ID NSELVariable Length Area Address 6 Bytes 1 Byte
7/31/2019 Preparing SP lab-part1 22Dec08 d-3927.pdf
21/29
Preparing for the Cisco CCIE Security Provider Lab Exam 21Posted to the Cisco Learning Network www.cisco.com/go/learningnetwork 2008 Cisco Systems, Inc. All rights reserved.
Intermediate System-to-Intermediate System (IS-IS) has a 2-layerhierarchy: Backbone and Area
An intermediate system can be:
Level 1 router (intra-area routing) Level 2 router (inter-area routing)
Level 1-2 router (intra and inter-area routing)
Level 1 router Has neighbors only on the same area
Has the Level 1 link-state database (LSDB) with all routing information forthe area
Use the closest Level 2 router to exit the area
Level 2 router May have neighbors in other areas
Has a Level 2 LSDB with all information about inter-area routing
Level 12 router
May have neighbors on any area
Has two LSDBs: Level 1 and Level 2
CCIE Service Provider Lab Exam:
IS-IS Router Level
7/31/2019 Preparing SP lab-part1 22Dec08 d-3927.pdf
22/29
Preparing for the Cisco CCIE Security Provider Lab Exam 22Posted to the Cisco Learning Network www.cisco.com/go/learningnetwork 2008 Cisco Systems, Inc. All rights reserved.
CCIE Service Provider Lab Exam:
IS-IS Backbone
Backbone must be Layer 2 contiguous.
L1L2
L1L2
L1L2
L1L2
L1L2
L1-Only
L2-Only
L1-Only
Area-2
Area-1
Area-3
Area-4L1-Only
L1-Only
7/31/2019 Preparing SP lab-part1 22Dec08 d-3927.pdf
23/29
Preparing for the Cisco CCIE Security Provider Lab Exam 23Posted to the Cisco Learning Network www.cisco.com/go/learningnetwork 2008 Cisco Systems, Inc. All rights reserved.
CCIE Service Provider Lab Exam:
IS-IS Circuit Types
Circuit type
Level 1 only Level 2 only
Level 12 (default)
Link type
Point-to-point
LAN
Designated router or Designated Intermediate System (DIS) is
elected based on interface priority, with the highest MAC addressbeing the tie-breaker.
7/31/2019 Preparing SP lab-part1 22Dec08 d-3927.pdf
24/29
Preparing for the Cisco CCIE Security Provider Lab Exam 24Posted to the Cisco Learning Network www.cisco.com/go/learningnetwork 2008 Cisco Systems, Inc. All rights reserved.
CCIE Service Provider Lab Exam:
IS-IS Commands
Router commands
router isis (tag) net XX.XXXX. ... .XXX.XX
is-type level (X)
redistribute (routing protocol)
Interface commands
ip router isis (tag)
frame-relay map clns (dlci) broadcast
isis circuit-type level (x) isis priority (value)
7/31/2019 Preparing SP lab-part1 22Dec08 d-3927.pdf
25/29
Preparing for the Cisco CCIE Security Provider Lab Exam 25Posted to the Cisco Learning Network www.cisco.com/go/learningnetwork 2008 Cisco Systems, Inc. All rights reserved.
CCIE Service Provider Lab Exam:
IS-IS Commands (Cont.)
Verify and Troubleshooting Commands
show clns protocol show clns neighbor
show clns interface
show isis database detail
show isis topology
debug isis adj-packets
debug isis spf-events
debug isis authentication information
7/31/2019 Preparing SP lab-part1 22Dec08 d-3927.pdf
26/29
Preparing for the Cisco CCIE Security Provider Lab Exam 26Posted to the Cisco Learning Network www.cisco.com/go/learningnetwork 2008 Cisco Systems, Inc. All rights reserved.
CCIE Service Provider Lab Exam:
IS-IS Practice
Features to practice:
Multiple network entity titles (NETs)
Metric adjustment
Node or link level
Fast hello Authentication
Layer 2 to Layer 1 routes leaking
Overload bit signalling
7/31/2019 Preparing SP lab-part1 22Dec08 d-3927.pdf
27/29
Preparing for the Cisco CCIE Security Provider Lab Exam 27Posted to the Cisco Learning Network www.cisco.com/go/learningnetwork 2008 Cisco Systems, Inc. All rights reserved.
CCIE Service Provider Lab Exam:
Open Shortest Path First (OSPF) Terminology
Link-state advertisement (LSA) Type: router LSA,network LSA, summary LSA, external LSA, andopaque LSA
Area, backbone, Area Border Router (ABR), andAutonomous System Boundary Router (ASBR)
Media type: point-to-point, broadcast, and non-broadcast
Cost and router ID
Hello, flooding, and SPF calculation
Note: Advanced OSPF features such as stub, not-so-stubby area (NSSA), virtuallink, and demand circuit are not tested in the CCIE Service Provider lab exam.
7/31/2019 Preparing SP lab-part1 22Dec08 d-3927.pdf
28/29
Preparing for the Cisco CCIE Security Provider Lab Exam 28Posted to the Cisco Learning Network www.cisco.com/go/learningnetwork 2008 Cisco Systems, Inc. All rights reserved.
CCIE Service Provider Lab Exam:
OPSF Commands Router commands
router ospf (process ID)
network x.x.x.x area y.y.y.y
neighbor x.x.x.x
Interface commands
ip ospf network ip ospf priority
ip ospf hello-interval
Show commands
show ip ospf interface
show ip ospf neighbor
show ip ospf database
7/31/2019 Preparing SP lab-part1 22Dec08 d-3927.pdf
29/29
Preparing for the Cisco CCIE Security Provider Lab Exam 29Posted to the Cisco Learning Network www.cisco.com/go/learningnetwork 2008 Cisco Systems, Inc. All rights reserved.
This presentation will be continued in Part II