Archive for November, 2008


PLEASE NOTE: This is a partial list of potential configuration options for various hypothetical sections of the lab exam. Do not allow this list to constrain your own creative thinking when it is time to solve actual lab tasks! Please suggest additions using the comments feature.

Load Balancing with STP
Option 1 – STP cost – use on the downstream device
Option 2 – Port Priority – use on the upstream device

Advertising Masks for Loopbacks in OSPF
Option 1 – OSPF network command
Option 2 – Redistribute connected – Watch for Later Redistribution Issues
Option 3 – Area Range command

Troubleshooting Neighbor Relationships in OSPF over NBMA
Option 1 – OSPF network command
Option 2 – Hello timer manipulation

Connecting Area 0s in OSPF
Option 1 – Virtual link
Option 2 – GRE Tunnel – often needed when area between is a stub area
Option 3 – Redistr between different OSPF processes on the same router

Sending Unicast Updates in OSPF
Option 1 – neighbor command and change network type/hello interval

Load Balance in OSPF – change to equal cost
Option 1 – use the bandwidth command
Option 2 – ip ospf cost command

Introducing a Network into OSFP without Updating Neighbor’s LSDB
Option 1 – no-advertise
Option 2 – area filter-list

Continue Reading

Tags: , , ,


I expanded upon the awesome CCIE Lab Technology Outline found in the Resources section or our main Web Site. I am looking to add features to this list soon, and of course, please post any changes you feel I should make in our comments section. I plan on fixing the formatting as I add new features. Enjoy your studies.

I. Bridging and Switching

A. Frame Relay

I. L2/L3 Resolution – static vs dynamic
II. Broadcast/Multicast Support
IV. Full Mesh/Partial Mesh
V. Hub and Spoke using Point-to-Point
VI. Hub and Spoke using Multipoint
VIII. PPP over Frame
IX. End to End Keepalives
X. Broadcast Queue
XI. Load Interval
XII. PING local interface
XIII. Multilink Frame Relay

B. PPP/HDLC Continue Reading

Tags: , , , ,


Here is a small task that illustrates how combining a few technologies may result in interesting solution.


Configure R1 to send all logging messages to the remote server at the IP address “″. Ensure secure (non-cleartext) and reliable (acknowledged) information delivery.


1) TCP as the transport protocol.
2) IPsec for encryption.
3) Any tunneling technology.

Recent update: do not use BEEP. This seems to be ruled out by “don’t use TCP”, but worths being mentioned separately. The solutions is supposed to be a “bit” more complicated :)

For simplicity, assume the server to be directly connected to the router via Ethernet. Also, assume the server could be configured in any way to match the router’s configuration.

The first person to find the correct solution would win a 100$ gift card. Since tomorrow is a big holiday in the US, we will post the solution and announce the winner somewhere around the coming weekend.

Have a nice Thanksgiving!


OK, it looks like I’m getting old after all :) The solution has been found a few hours after I actually made the post! The Winner is: Carl Burkland. Congratulaitons! He was the first to post a working solution. I’m disclosing the comments right now, so you can see other people who came with correct solutions or bright ideas after Carl. Also, see some explanations and comments below.

Continue Reading

Tags: , , , , ,


Nothing is perfect in this world, and things like typos and missed solutions do happen in the workbooks. However, we’re constantly working to improve the quality of our products. If you think you found an issue with a workbook and want to report it, then go to:

and click on the “Submit ticket” link. Select “Quality Management” department and fill in the form that follows. Attach screenshots and other information that you find necessary with the report. As soon as you submit the ticket, you will receive an automated e-mail notification, and may continue to follow the discussion thread using regular e-mail.

The best part is – we’re going to launch a system of rewards for people that report valid issues (this is why the form asks for your membership account name). So in result, you’re not just helping others, you win something!

Tags: , , , ,


Tonight I’m posting some updates to the IEWB-RS Volume 1 Version 5.0 section of OSPF, along with an interesting teaser on how OSPF path selection works towards external routes originated in an NSSA. In my pursuit of networking Nirvana, I have a motto; learn something new every day. This topic for sure will fall into that category for many engineers.

We all (hopefully) know what an NSSA is in OSPF. It’s that cute little area that’s sort of stubby, but not completely, which allows us to cut down on the size of the OSPF database while still doing redistribution into an area. What is a little lesser known fact however, is how calculation towards an external route originated in an NSSA differs from a normal route redistributed into OSPF. Check the above link for the detailed walkthrough of how this works, along with the diagram and initial configs for those of you that don’t already have a subscription to the product, but the spirit of the situation is as follows… Continue Reading

Tags: , , , , ,



In this post we are going to discuss operations of the “traceroute” and “ping” command in MPLS environment. The reader is supposed to have solid understanding of MPLS VPN technologies, prior to read this document. Note the use of terms “MPLS ping/traceroute” which are interchangeable with “LSP ping/traceroute”

The following is the testbed topology we are going to use for simulations. All PE/P routers are 7206s running IOS version 12.0(33)S. Unfortunately, MPLS ping and traceroute commands are just a recent addition to IOS code, and thus you only see them in later 12.4T versions and recent 12.0S images. The IOS versions currently used in the CCIE SP lab do not support the MPLS ping/trace features.

Classic Ping and Traceroute

Continue Reading

Tags: , , , , , ,


Part 3 – A Chapter Closes

Andrew Spruce arrived his usual 15 minutes early to the lab building at the Research Triangle Park Cisco location. He sat in the car with the heater running.

Is this North Carolina or Siberia? thought Andrew as he looked over the building where he would soon be configuring a rack of equipment at near super human speeds. The temperature on this January morning had to be about one degree.

Another car pulled along side and Andrew glanced at another candidate. They shared a moment’s eye contact that seemed to acknowledge volumes in a single instant.

I am going to pass today. Yes, I am going to pass today.

Twenty minutes later Andrew was greeting the RTP proctor, Hubert.

I should add this guy to my Christmas Card List, thought Andrew as he sat at his cube with his 15 inch CRT and scratch paper.  Andrew had seen him more in the last year than he had seen most of his relatives.

There it was, the lab booklet; so plain, so in descript; so potentially full of brain-busting fun!

I am going to pass today. Yes, I am going to pass today.

Andrew smiled confidentially and immediately engaged his tried and true lab strategy. He quickly confirmed the configurations on his pod were correct and examined the lab sections he would face that day.

Ten minutes later Andrew made his first verification (a very happy 802.1Q trunk), collected two points, and smiled even wider.

I am going to pass today. Yes, I am going to pass today.

From the cube next door, Andrew suddenly heard a loud slap of a palm against the cheap plastic monitor. Obscenities followed that would have made Andrew Dice Clay sound like Mr. Rodgers.

Andrew reached for some of the lightly salted peanuts he had brought to his desk, smiled at the photo of his daughter wearing her Cisco Kid T-shirt, and went back to his Layer 2 configurations.

I am going to pass today. Yes, I am going to pass today.

Tags: , , ,


Hello to all our faithful blog readers, I hope this post find you very well, and enjoying your studies!

Access list tasks are a common CCIE Lab Exam feature, and I wanted to take a moment to show how easy it can be for a candidate to miss one thing or many things in such a task.

Here is the task topology and the task itself. Following that we have the proposed solution by a Mock Student :-)

Can you find the errors in his or her ways?

The Topology

The Task


Traffic Filtering

8.1 Configure a security filter on R3 that will accomplish the following for traffic entering the router from the direction of R2:

  • Allow Telnet from R2 (S0/1) to R1 (Lo1)
  • Allow BGP traffic through the router
  • Allow ICMP ping traffic between R1 (Lo1) and R2 (Lo1)
  • Block any traffic sourced from RFC 1918 addresses – log these violations and include Layer 2 address information

4 points

The Proposed Solution

access-list 100 permit tcp host eq telnet host eq telnet
access-list 100 permit tcp any any eq bgp
access-list 100 permit icmp host host
access-list 100 permit icmp host host
access-list 100 deny ip any log
access-list 100 deny ip any log
access-list 100 deny ip any log
interface Serial1/2
ip access-group 100 in

NOTE: I have posted a solution to this blog in the comments. The solution post date is November 20th, 2008.



I saw a CCENT student ask a pretty common question on a Cisco forum the other day…they wanted to know tips for making all the theory really “stick” when studying.

A great tip in this regard is to practice as much as possible as you study. Get your hands on your home network and investigate as much as possible to drive the theory home.

For example, in the Operation of Data Networks portion of the course, why not download the free protocol analyzer, Wireshark, and start examining the packets that are generated by common network events?

Here is a simulation that I pulled from our course to demonstrate just how valuable this can be. Enjoy:


Tags: , , ,


Today’s Open Lecture Series topic, Understanding the OSPF Database, will be open for guest access.  All users, customers and guests alike, are welcome to attend.  Simply open the link and login with your classroom account or use the guest access field to attend.  Class starts at 1pm Pacific time (GMT -8)

Today’s session explores in detail how OSPF route selection occurs in the database, and how features such as network types, stub areas, and virtual-links affect the database view.

For customers of the Open Lecture Series, and the CCIE 2.0 Program, the Class-on-Demands from the previous sessions last week will be made available later tonight.  More information will be made available once the Class-on-Demands are posted.

Hope to see you in class!

Tags: , , , , , ,


CCIE Bloggers