Using MIB Browser for SNMP Walk/Query

At times you would need to quick easy way to do a SNMPwalk/query for specific OIDs of your managed devices for some troubleshooting purpose.

This could be done using open/free snmp tools available on the internet. I found the Ireasoning mib browser quick helpful and easy.

http://ireasoning.com/mibbrowser.shtml

Install the Mib Browser and add your managed device using v2/v3.

Configured the MIB browser as following: Tools > Options > Agent > Add > Add the managed device ip address and the community string.

Get the correct MIB file for your managed device. I am using Cisco WLC as the managed device and got the MIB downloaded from the Cisco support Site.

http://software.cisco.com/download/release.html?mdfid=284493532&flowid=34542&softwareid=280775088&release=8.0&relind=AVAILABLE&rellifecycle=&reltype=latest

Load the correct MIB file on the Mib Browser. File > Load Mibs > Choose the file location.

Browse and poll for the related OID.

I am polling for the AP native vlan Id as follows:

 

If you know the OID, you can directly use the OID and do get to get the related information:

 

Hope this would be helpful.

 

SNMPWALK from Prime Infrastructure

Many a times when information is not polled correctly on Cisco PI, from your WLC or any other added devices, you would like to check if the device is responding to SNMP queries send by the Cisco Prime or not.

SNMP walk would be good test to check if are getting any SNMP response from the managed devices. Following would be the syntax for the Snmpv2 and Snmpv3 for doing an snmp walk from your Cisco Prime.

You need to have root access to run the snmpwalk on the Cisco Prime.

SNMPWALK VERSION 2
nms-pi/admin#
root
Enter
root patch password :
Starting root bash shell …
ade # su – [root@nms-pi ~]# snmpwalk -v2c -c <community> <ip>

You can also follow this with the OID or the MIB identifier you want to query, like:

[root@nms-pi~]#snmpwalk -v2c -c bharath 10.10.10.10 1.3.6.1.4.1.9.9.513.1.2.10.1.2
[root@nms-pi~]#snmpwalk -v2c -c bharath 10.10.10.10 cLApDot11RadioRateStatsRxPackets

SNMPWALK VERSION 3

[root@nms-pi ~]#snmpwalk -v3 -l <noAuthNoPriv|authNoPriv|authPriv> -u <username> [-a <MD5|SHA>] [-A <authphrase>]  [-x DES|AES] [-X <privaphrase>] <ipaddress>[:<dest_port>]

[root@nms-pi ~]#snmpwalk -v3 -u piv3user -l authPriv -a SHA -A piv3user1234 -x AES -X piv3user1234 10.10.10.1 cLApDot11RadioRateStatsRxPackets

Hope this would be helpful..

CCIE Wireless v3.1 Written Topics

Cisco is changing the CCIE Wireless Exam from July 25th 2016. Following are the written exam topics.

 

Source: https://learningnetwork.cisco.com/community/certifications/ccie_wireless/written-exam-v3/exam-topics

 

https://learningcontent.cisco.com/cln_storage/text/cln/marketing/exam-topics/400-351-w-cciewireless-v31.pdf

 

Written Topics:
=============
 

 

 
 
11% 1.0 Planning & Designing WLAN Technologies
1.1 Describe WLAN organizations and regulations
1.2 Describe IEEE 802.11 standards and protocols
1.3 Plan & design wireless solutions requirements
1.3.a Translate customer requirements into services and design recommendations
1.3.b Identify ambiguity and/or information gaps
1.3.c Evaluate interoperability of proposed technologies against deployed IP network
infrastructure & technologies
1.3.d Select an appropriate deployment model
1.3.e Regulatory domains and country codes
1.4 RF planning, designing and validation
1.4.a RF Design / Site survey
1.4.a [i] Define the tasks/goals for a preliminary site survey
1.4.a [ii] Conduct the site survey
1.4.a [iii]Determine AP quantity, placement and antenna type
1.4.b Architect indoor and outdoor RF deployments
1.4.b [i] Coverage
1.4.b [ii] Throughput
1.4.b [iii]Voice
1.4.b [iv]Location
1.4.b [v] HD
1.4.c Construct an RF operational model that includes:
1.4.c [i] Radio resource management (Auto-RF, manual, hybrid, TPC and DCA)
1.4.c [ii] Channel use (radar, non-WiFi interference)
1.4.c [iii] Power level, overlap
1.4.c [iv] RF profiles
1.4.d Validate implemented RF deployment
10% 2.0 Configure and Troubleshoot the Network Infrastructure
2.1 Configure and troubleshoot wired infrastructure to support WLANs
2.1.a VLANs
2.1.b VTP
2.1.c STP
2.1.d Etherchannel
2.1.e HSRP
2.1.f VSS
2.1.g Stacking
2.2 Plan network infrastructure capacity
2.3 Configure and troubleshoot network connectivity for:
2.3.a WLAN clients
2.3.b WLCs
2.3.c Lightweight APs
2.3.d Autonomous Aps
2.4 Configure and troubleshoot PoE for Aps
2.5 Configure and troubleshoot QoS on the switching infrastructure
2.5.a MQC
2.5.b Mls qos
2.6 Configure and troubleshoot multicast on the switching infrastructure
2.6.a PIM-SM
2.6.b Auto-RP
2.6.c Static-RP
2.6.d IGMP
2.6.e IGMP snooping
2.6.f MLD
2.7 Configure and troubleshoot IPv4 connectivity
2.7.a Subnetting
2.7.b Static routing
2.7.c Basic OSPF
2.7.d Basic EIGRP
2.8 Configure and troubleshoot basic IPv6 connectivity
2.8.a Subnetting
2.8.b Static routing
2.8.c Basic OSPFv3
2.8.d Basic EIGRP address families
2.9 Configure and troubleshoot wired security
2.9.a ACLs (v4/v6)
2.9.b dot1X
2.9.c Port-security
2.9.d SXP, SGT
2.10 Configure and troubleshoot network services
2.10.a DNS
2.10.b DHCPv4 / DHCPv6
2.10.c NTP, SNTP
2.10.d SYSLOG
2.10.e SNMP
2.10.f CDP, LLDP
2.10.g SDG. mDNS
10% 3.0 Configure and Troubleshoot an Autonomous Deployment Model
3.1 Configuring and troubleshooting different modes and roles
3.1.a Root
3.1.b WGB
3.1.c Bridge
3.2 Configuring and troubleshooting SSID/MBSSID
3.3 Configuring and troubleshooting security
3.3.a L2 security policies
3.3.b Association filters
3.3.c PSPF
3.3.d Local radius
3.3.e dot1x profiles
3.3.f Guest
3.4 Configuring and troubleshooting radio settings
3.5 Configuring and troubleshooting multicast
3.6 Configuring and troubleshooting QoS
18% 4.0 Configure and Troubleshoot a Unified Deployment Model (Centralized)
4.1 Configuring and controlling management access
4.2 Configuring and troubleshooting interfaces
4.3 Configuring and troubleshooting lightweight APs
4.3.a dot1x
4.3.b LSC
4.3.c AP modes
4.3.d AP authentication / authorization
4.3.e Logging
4.3.f Local / global configuration
4.4 Configuring and troubleshooting high availability and redundancy
4.4.a Clients
4.4.b APs
4.4.c WLCs
4.5 Configuring and troubleshooting wireless segmentation
4.5.a RF profiles
4.5.b AP groups
4.5.c Flexconnect
4.6 Configuring and troubleshooting wireless security policies
4.6.a WLANs
4.6.b L2/L3 security
4.6.c Rogue policies
4.6.d Local EAP
4.6.e Local profiling
4.6.f ACLs
4.6.g Certificates
4.7 Configuring and troubleshooting Flexconnect and Office Extend
4.8 Configuring and troubleshooting Mesh
4.9 Implement RF management
4.9.a Static RF management
4.9.b Automatic RF management
4.9.c CleanAir
4.9.d Data rates
4.10 Configuring and troubleshooting WLC control plane security
4.10.a AAA
4.10.b CPU ACLs
4.10.c Management via wireless interface
4.10.d Management via dynamic interface
4.11 Configuring and troubleshooting mobility
4.11.a L2/L3 roaming
4.11.b Multicast optimization
4.11.c Mobility group scaling
4.11.d Inter-release controller mobility
4.11.e New mobility
4.11.f Mobility anchoring
4.12 Configuring and troubleshooting multicast
11% 5.0 Configure and Troubleshoot a Unified Deployment Model (Converged)
5.1 Configuring and controlling management access
5.2 Configuring and troubleshooting Interfaces
5.3 Configuring and troubleshooting lightweight APs
5.3.a dot1x
5.3.b AP authentication / authorization
5.3.c Logging
5.3.d Local / global configuration
5.4 Configuring and troubleshooting high availability and redundancy
5.4.a Clients
5.4.b APs
5.4.c WLCs
5.5 Configuring and troubleshooting wireless segmentation
5.5.a RF profiles
5.5.b AP groups
5.6 Configuring and Troubleshooting wireless security policies
5.6.a WLANs
5.6.b L2/L3 security
5.6.c Rogue policies
5.6.d Local EAP
5.6.e ACLs
5.6.f Certificates
5.7 Implement RF management
5.7.a Static RF management
5.7.b Automatic RF management
5.7.c CleanAir
5.7.d Data rates
5.8 Configuring and troubleshooting WLC control plane security
5.8.a AAA
5.8.b Basic control plane policing
5.9 Configuring and troubleshooting mobility
5.9.a L2/L3 roaming
5.9.b Multicast optimization
5.9.c Mobility group scaling
5.9.d Inter-release controller mobility
5.9.e Mobility anchoring
5.9.f SPG
5.9.g MC/MA
5.10 Configuring and troubleshooting multicast
10% 6.0 Configure and Troubleshoot Security & Identity Management
6.1 Configure and troubleshoot identity management
6.1.a Basic PKI for dot1x and webauth
6.1.b External identity sources (AD, LDAP)
6.2 Configure and troubleshoot AAA policies
6.2.a Client authentication and authorization
6.2.b Management authentication and authorization
6.2.c Client profiling and provisioning
6.2.d RADIUS attributes
6.2.e CoA
6.3 Configure and troubleshoot guest management
6.3.a Local web authentication
6.3.b Central web authentication
6.3.c Basic sponsor policy
10% 7.0 Configure and Troubleshoot Prime Infrastructure and MSE
7.1 Configure and troubleshoot management access
7.1.a AAA
7.1.b Virtual domain
7.2 Perform basic operations
7.2.a Create and deploy templates
7.2.b Operate maps
7.2.c Import infrastructure devices
7.2.d High availability
7.2.e Audits
7.2.f Client troubleshooting
7.2.g Notification receivers
7.2.h Reports
7.3 Perform maintenance operations
7.3.a Background tasks
7.3.b SW image management
7.4 Security management
7.4.a Understand rogue management
7.4.b Manage alarms and events
7.4.c Understand security index
7.5 Implement and troubleshoot MSE
7.5.a Management access
7.5.b Network services
7.5.b [i] Location
7.5.b [ii] CMX
7.5.b [iii]CleanAir
7.5.b [iv]WIPS
7.5.c NMSP
7.6 Integrate ISE
7.7 Integrate netflow
10% 8.0 Configure and Troubleshoot WLAN media and application services
8.1 Configure and troubleshoot voice over wireless
8.1.a QoS profiles
8.1.b EDCA
8.1.c WMM
8.1.d BDRL
8.1.e Admission control
8.1.f MQC
8.2 Configuring and troubleshooting video and media
8.2.a Mediastream
8.2.b Multicast-direct
8.2.c Admission control
8.3 Configuring and troubleshooting mDNS
8.3.a mDNS proxy
8.3.b Service discovery
8.3.c Service filtering
8.4 Configuring and troubleshooting AVC and netflow
10% 9.0 Evolving Technologies
9.1 Cloud
9.1.a Compare and contrast Cloud deployment models
9.1.a (i) Infrastructure, platform, and software services (XaaS)
9.1.a (ii) Performance and reliability
9.1.a (iii)Security and privacy
9.1.a (iv)Scalability and interoperability
9.1.b Describe Cloud implementations and operations
9.1.b (i) Automation and orchestration
9.1.b (ii) Workload mobility
9.1.b (iii)Troubleshooting and management
9.1.b (iv)OpenStack components
9.2 Network programmability (SDN)
9.2.a Describe functional elements of network programmability (SDN) and how they
interact
9.2.a (i) Controllers
9.2.a (ii) APIs
9.2.a (iii)Scripting
9.2.a (iv)Agents
9.2.a (v) Northbound vs. Southbound protocols
9.2.b Describe aspects of virtualization and automation in network environments
9.2.b (i) DevOps methodologies, tools and workflows
9.2.b (ii) Network/application function virtualization (NFV, AFV)
9.2.b (iii)Service function chaining
9.2.b (iv)Performance, availability, and scaling considerations
9.3 Internet of Things
9.3.a Describe architectural framework and deployment considerations for Internet of
Things (IoT)
9.3.a (i) Performance, reliability and scalability
9.3.a (ii) Mobility
9.3.a (iii)Security and privacy
9.3.a (iv)Standards and compliance
9.3.a (v) Migration
9.3.a (vi)Environmental impacts on the network

Thanks…

CCIE Wireless v3.0 Written and Lab Topics

With effect from July 26th 2016 Cisco is changing the CCIE Wireless Written Exam. Following is the list of existing topics for the 3.0 version. Next post will follow the 3.1 topics.

Source: https://learningnetwork.cisco.com/community/certifications/ccie_wireless/written-exam-v3/exam-topics

 

Written Topics:
============

 

1.0 Planning & Designing WLAN Technologies (14%)
1.1 Describe WLAN organizations and regulations
1.2 Describe IEEE 802.11 standards and protocols
1.3 Plan & design wireless solutions requirements
1.3.a Translate customer requirements into services and design recommendations
1.3.b Identify ambiguity and/or information gaps
1.3.c Evaluate interoperability of proposed technologies against deployed IP network infrastructure &
technologies
1.3.d Select an appropriate deployment model
1.3.e Regulatory domains and country codes
1.4 RF planning, designing and validation
1.4.a RF Design / Site survey
1.4.a [i] Define the tasks/goals for a preliminary site survey
1.4.a [ii] Conduct the site survey
1.4.a [iii] Determine AP quantity, placement and antenna type
1.4.b Architect indoor and outdoor RF deployments
1.4.b [i] Coverage
1.4.b [ii] Throughput
1.4.b [iii] Voice
1.4.b [iv] Location
1.4.b [v] HD
1.4.c Construct an RF operational model that includes:
1.4.c [i] Radio resource management (Auto-RF, manual, hybrid, TPC and DCA)
1.4.c [ii] Channel use (radar, non-WiFi interference)
1.4.c [iii] Power level, overlap
1.4.c [iv] RF profiles
1.4.d Validate implemented RF deployment
2.0 Configure and Troubleshoot the Network Infrastructure (10%)
2.1 Configure and troubleshoot wired infrastructure to support WLANs
2.1.a VLANs
2.1.b VTP
2.1.c STP
2.1.d Etherchannel
2.1.e HSRP
2.1.f VSS
2.1.g Stacking
2.2 Plan network infrastructure capacity
2.3 Configure and troubleshoot network connectivity for:
2.3.a WLAN clients
2.3.b WLCs
2.3.c Lightweight APs
2.3.d Autonomous APs
2.4 Configure and troubleshoot PoE for APs
2.5 Configure and troubleshoot QoS on the switching infrastructure
2.5.a MQC
2.5.b Mls qos
2.6 Configure and troubleshoot multicast on the switching infrastructure
2.6.a PIM-SM
2.6.b Auto-RP
2.6.c Static-RP
2.6.d IGMP
2.6.e IGMP snooping
2.6.f MLD
2.7 Configure and troubleshoot IPv4 connectivity
2.7.a Subnetting
2.7.b Static routing
2.7.c Basic OSPF
2.7.d Basic EIGRP
2.8 Configure and troubleshoot basic IPv6 connectivity
2.8.a Subnetting
2.8.b Static routing
2.8.c Basic OSPFv3
2.8.d Basic EIGRP address families
2.9 Configure and troubleshoot wired security
2.9.a ACLs (v4/v6)
2.9.b dot1X
2.9.c Port-security
2.9.d SXP, SGT
2.10 Configure and troubleshoot network services
2.10.a DNS
2.10.b DHCPv4 / DHCPv6
2.10.c NTP, SNTP
2.10.d SYSLOG
2.10.e SNMP
2.10.f CDP, LLDP
2.10.g SDG. mDNS
3.0 Configure and Troubleshoot an Autonomous Deployment Model (10%)
3.1 Configuring and troubleshooting different modes and roles
3.1.a Root
3.1.b WGB
3.1.c Bridge
3.2 Configuring and troubleshooting SSID/MBSSID
3.3 Configuring and troubleshooting security
3.3.a L2 security policies
3.3.b Association filters
3.3.c PSPF
3.3.d Local radius
3.3.e dot1x profiles
3.3.f Guest
3.4 Configuring and troubleshooting radio settings
3.5 Configuring and troubleshooting multicast
3.6 Configuring and troubleshooting QoS
4.0 Configure and Troubleshoot a Unified Deployment Model (Centralized) (20%)
4.1 Configuring and controlling management access
4.2 Configuring and troubleshooting interfaces
4.3 Configuring and troubleshooting lightweight APs
4.3.a dot1x
4.3.b LSC
4.3.c AP modes
4.3.d AP authentication / authorization
4.3.e Logging
4.3.f Local / global configuration
4.4 Configuring and troubleshooting high availability and redundancy
4.4.a Clients
4.4.b APs
4.4.c WLCs
4.5 Configuring and troubleshooting wireless segmentation
4.5.a RF profiles
4.5.b AP groups
4.5.c Flexconnect
4.6 Configuring and troubleshooting wireless security policies
4.6.a WLANs
4.6.b L2/L3 security
4.6.c Rogue policies
4.6.d Local EAP
4.6.e Local profiling
4.6.f ACLs
4.6.g Certificates
4.7 Configuring and troubleshooting Flexconnect and Office Extend
4.8 Configuring and troubleshooting Mesh
4.9 Implement RF management
4.9.a Static RF management
4.9.b Automatic RF management
4.9.c CleanAir
4.9.d Data rates
4.10 Configuring and troubleshooting WLC control plane security
4.10.a AAA
4.10.b CPU ACLs
4.10.c Management via wireless interface
4.10.d Management via dynamic interface
4.11 Configuring and troubleshooting mobility
4.11.a L2/L3 roaming
4.11.b Multicast optimization
4.11.c Mobility group scaling
4.11.d Inter-release controller mobility
4.11.e New mobility
4.11.f Mobility anchoring
4.12 Configuring and troubleshooting multicast
5.0 Configure and Troubleshoot a Unified Deployment Model (Converged) (14%)
5.1 Configuring and controlling management access
5.2 Configuring and troubleshooting Interfaces
5.3 Configuring and troubleshooting lightweight APs
5.3.a dot1x
5.3.b AP authentication / authorization
5.3.c Logging
5.3.d Local / global configuration
5.4 Configuring and troubleshooting high availability and redundancy
5.4.a Clients
5.4.b APs
5.4.c WLCs
5.5 Configuring and troubleshooting wireless segmentation
5.5.a RF profiles
5.5.b AP groups
5.6 Configuring and Troubleshooting wireless security policies
5.6.a WLANs
5.6.b L2/L3 security
5.6.c Rogue policies
5.6.d Local EAP
5.6.e ACLs
5.6.f Certificates
5.7 Implement RF management
5.7.a Static RF management
5.7.b Automatic RF management
5.7.c CleanAir
5.7.d Data rates
5.8 Configuring and troubleshooting WLC control plane security
5.8.a AAA
5.8.b Basic control plane policing
5.9 Configuring and troubleshooting mobility
5.9.a L2/L3 roaming
5.9.b Multicast optimization
5.9.c Mobility group scaling
5.9.d Inter-release controller mobility
5.9.e Mobility anchoring
5.9.f SPG
5.9.g MC/MA
5.10 Configuring and troubleshooting multicast
6.0 Configure and Troubleshoot Security & Identity Management 12%)
6.1 Configure and troubleshoot identity management
6.1.a Basic PKI for dot1x and webauth
6.1.b External identity sources (AD, LDAP)
6.2 Configure and troubleshoot AAA policies
6.2.a Client authentication and authorization
6.2.b Management authentication and authorization
6.2.c Client profiling and provisioning
6.2.d RADIUS attributes
6.2.e CoA
6.3 Configure and troubleshoot guest management
6.3.a Local web authentication
6.3.b Central web authentication
6.3.c Basic sponsor policy
7.0 Configure and Troubleshoot Prime Infrastructure and MSE (10%)
7.1 Configure and troubleshoot management access
7.1.a AAA
7.1.b Virtual domain
7.2 Perform basic operations
7.2.a Create and deploy templates
7.2.b Operate maps
7.2.c Import infrastructure devices
7.2.d High availability
7.2.e Audits
7.2.f Client troubleshooting
7.2.g Notification receivers
7.2.h Reports
7.3 Perform maintenance operations
7.3.a Background tasks
7.3.b SW image management
7.4 Security management
7.4.a Understand rogue management
7.4.b Manage alarms and events
7.4.c Understand security index
7.5 Implement and troubleshoot MSE
7.5.a Management access
7.5.b Network services
7.5.b [i] Location
7.5.b [ii] CMX
7.5.b [iii] CleanAir
7.5.b [iv] WIPS
7.5.c NMSP
7.6 Integrate ISE
7.7 Integrate netflow
8.0 Configure and Troubleshoot WLAN media and application services (10%)
8.1 Configure and troubleshoot voice over wireless
8.1.a QoS profiles
8.1.b EDCA
8.1.c WMM
8.1.d BDRL
8.1.e Admission control
8.1.f MQC
8.2 Configuring and troubleshooting video and media
8.2.a Mediastream
8.2.b Multicast-direct
8.2.c Admission control
8.3 Configuring and troubleshooting mDNS
8.3.a mDNS proxy
8.3.b Service discovery
8.3.c Service filtering
8.4 Configuring and troubleshooting AVC and netflow

 

LAB Topics:
==========
 
 
 

 

1.0 Configure and Troubleshoot the Network Infrastructure (12%)
1.1 Configure and troubleshoot wired infrastructure to support WLANs
1.1.a VLANs
1.1.b VTP
1.1.c STP
1.1.d Etherchannel
1.1.e HSRP
1.1.f VSS
1.1.g Stacking
1.2 Plan network infrastructure capacity
1.3 Configure and troubleshoot network connectivity for:
1.3.a WLAN clients
1.3.b WLCs
1.3.c Lightweight APs
1.3.d Autonomous APs
1.4 Configure and troubleshoot PoE for APs
1.5 Configure and troubleshoot QoS on the switching infrastructure
1.5.a MQC
1.5.b Mls qos
1.6 Configure and troubleshoot multicast on the switching infrastructure
1.6.a PIM-SM
1.6.b Auto-RP
1.6.c Static-RP
1.6.d IGMP
1.6.e IGMP snooping
1.6.f MLD
1.7 Configure and troubleshoot IPv4 connectivity
1.7.a Subnetting
1.7.b Static routing
1.7.c Basic OSPF
1.7.d Basic EIGRP
1.8 Configure and troubleshoot basic IPv6 connectivity
1.8.a Subnetting
1.8.b Static routing
1.8.c Basic OSPFv3
1.8.d Basic EIGRP address families
1.9 Configure and troubleshoot wired security
1.9.a ACLs (v4/v6)
1.9.b dot1X
1.9.c Port-security
1.9.d SXP, SGT
1.10 Configure and troubleshoot network services
1.10.a DNS
1.10.b DHCPv4 / DHCPv6
1.10.c NTP, SNTP
1.10.d SYSLOG
1.10.e SNMP
1.10.f CDP, LLDP
1.10.g SDG. mDNS
2.0 Configure and Troubleshoot an Autonomous Deployment Model (10%)
2.1 Configuring and troubleshooting different modes and roles
2.1.a Root
2.1.b WGB
2.1.c Bridge
2.2 Configuring and troubleshooting SSID/MBSSID
2.3 Configuring and troubleshooting security
2.3.a L2 security policies
2.3.b Association filters
2.3.c PSPF
2.3.d Local radius
2.3.e dot1x profiles
2.3.f Guest
2.4 Configuring and troubleshooting radio settings
2.5 Configuring and troubleshooting multicast
2.6 Configuring and troubleshooting QoS
3.0 Configure and Troubleshoot a Unified Deployment Model (Centralized) (23%)
3.1 Configuring and controlling management access
3.2 Configuring and troubleshooting interfaces
3.3 Configuring and troubleshooting lightweight APs
3.3.a dot1x
3.3.b LSC
3.3.c AP modes
3.3.d AP authentication / authorization
3.3.e Logging
3.3.f Local / global configuration
3.4 Configuring and troubleshooting high availability and redundancy
3.4.a Clients
3.4.b APs
3.4.c WLCs
3.5 Configuring and troubleshooting wireless segmentation
3.5.a RF profiles
3.5.b AP groups
3.5.c Flexconnect
3.6 Configuring and troubleshooting wireless security policies
3.6.a WLANs
3.6.b L2/L3 security
3.6.c Rogue policies
3.6.d Local EAP
3.6.e Local profiling
3.6.f ACLs
3.6.g Certificates
3.7 Configuring and troubleshooting Flexconnect and Office Extend
3.8 Configuring and troubleshooting Mesh
3.9 Implement RF management
3.9.a Static RF management
3.9.b Automatic RF management
3.9.c CleanAir
3.9.d Data rates
3.10 Configuring and troubleshooting WLC control plane security
3.10.a AAA
3.10.b CPU ACLs
3.10.c Management via wireless interface
3.10.d Management via dynamic interface
3.11 Configuring and troubleshooting mobility
3.11.a L2/L3 roaming
3.11.b Multicast optimization
3.11.c Mobility group scaling
3.11.d Inter-release controller mobility
3.11.e New mobility
3.11.f Mobility anchoring
3.12 Configuring and troubleshooting multicast
4.0 Configure and Troubleshoot a Unified Deployment Model (Converged) (17%)
4.1 Configuring and controlling management access
4.2 Configuring and troubleshooting Interfaces
4.3 Configuring and troubleshooting lightweight APs
4.3.a dot1x
4.3.b AP authentication / authorization
4.3.c Logging
4.3.d Local / global configuration
4.4 Configuring and troubleshooting high availability and redundancy
4.4.a Clients
4.4.b APs
4.4.c WLCs
4.5 Configuring and troubleshooting wireless segmentation
4.5.a RF profiles
4.5.b AP groups
4.6 Configuring and Troubleshooting wireless security policies
4.6.a WLANs
4.6.b L2/L3 security
4.6.c Rogue policies
4.6.d Local EAP
4.6.e ACLs
4.6.f Certificates
4.7 Implement RF management
4.7.a Static RF management
4.7.b Automatic RF management
4.7.c CleanAir
4.7.d Data rates
4.8 Configuring and troubleshooting WLC control plane security
4.8.a AAA
4.8.b Basic control plane policing
4.9 Configuring and troubleshooting mobility
4.9.a L2/L3 roaming
4.9.b Multicast optimization
4.9.c Mobility group scaling
4.9.d Inter-release controller mobility
4.9.e Mobility anchoring
4.9.f SPG
4.9.g MC/MA
4.10 Configuring and troubleshooting multicast
5.0 Configure and Troubleshoot Security & Identity Management (15%)
5.1 Configure and troubleshoot identity management
5.1.a Basic PKI for dot1x and webauth
5.1.b External identity sources (AD, LDAP)
5.2 Configure and troubleshoot AAA policies
5.2.a Client authentication and authorization
5.2.b Management authentication and authorization
5.2.c Client profiling and provisioning
5.2.d RADIUS attributes
5.2.e CoA
5.3 Configure and troubleshoot guest management
5.3.a Local web authentication
5.3.b Central web authentication
5.3.c Basic sponsor policy
6.0 Configure and Troubleshoot Prime Infrastructure and MSE (10%)
6.1 Configure and troubleshoot management access
6.1.a AAA
6.1.b Virtual domain
6.2 Perform basic operations
6.2.a Create and deploy templates
6.2.b Operate maps
6.2.c Import infrastructure devices
6.2.d High availability
6.2.e Audits
6.2.f Client troubleshooting
6.2.g Notification receivers
6.2.h Reports
6.3 Perform maintenance operations
6.3.a Background tasks
6.3.b SW image management
6.4 Security management
6.4.a Understand rogue management
6.4.b Manage alarms and events
6.4.c Understand security index
6.5 Implement and troubleshoot MSE
6.5.a Management access
6.5.b Network services
6.5.b [i] Location
6.5.b [ii] CMX
6.5.b [iii] CleanAir
6.5.b [iv] WIPS
6.5.c NMSP
6.6 Integrate ISE
6.7 Integrate netflow
7.0 Configure and Troubleshoot WLAN media and application services (13%)
7.1 Configure and troubleshoot voice over wireless
7.1.a QoS profiles
7.1.b EDCA
7.1.c WMM
7.1.d BDRL
7.1.e Admission control
7.1.f MQC
7.2 Configuring and troubleshooting video and media
7.2.a Mediastream
7.2.b Multicast-direct
7.2.c Admission control
7.3 Configuring and troubleshooting mDNS
7.3.a mDNS proxy
7.3.b Service discovery
7.3.c Service filtering
7.4 Configuring and troubleshooting AVC and netflow

Thanks….

BGP AD manipulation

Many a times there are situations wherein you are running two routing protocols in our case BGP and any IGP protocol and you would like to prefer the route learned by IGP over BGP. However the problem here is that by default eBGP has an AD of 20 which will take preference over the other IGP protocols (OSPF= 110, EIGRP = 90, IS-IS = 115, RIP = 120).

Lets discuss how we can make this work. There are couple of options to achieve this:

  • Changing the AD for the route learned from the specific BGP neighbor.

 

 

 

 

We will use the command: distance <AD> <neighbor> <wildcard> <optional ACL>

The ip route on the R1 :
====================


R1#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set
100.0.0.0/24 is subnetted, 1 subnets
B 100.171.106.0 [20/0] via 20.20.20.3, 00:08:29
20.0.0.0/24 is subnetted, 1 subnets
C 20.20.20.0 is directly connected, FastEthernet0/1
8.0.0.0/24 is subnetted, 1 subnets
B 8.8.8.0 [20/0] via 20.20.20.3, 00:09:10
10.0.0.0/24 is subnetted, 1 subnets
C 10.10.10.0 is directly connected, FastEthernet0/0

R1#show ip route 100.171.106.0
Routing entry for 100.171.106.0/24
Known via “bgp 65457”, distance 20, metric 0
Tag 65000, type external
Last update from 20.20.20.3 00:08:50 ago
Routing Descriptor Blocks:
* 20.20.20.3, from 20.20.20.3, 00:08:50 ago
Route metric is 0, traffic share count is 1
AS Hops 1

After adding the distance statement in BGP on R1 and rebuilding the peering:

R1(config)#access-list 1 permit 100.171.106.0 0.0.0.255
R1(config)#router bgp 65457
R1(config-router)#distance 200 20.20.20.3 255.255.255.255 1
R1#clear ip bgp 20.20.20.3

R1#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set100.0.0.0/24 is subnetted, 1 subnets
D 100.171.106.0 [90/30720] via 10.10.10.2, 00:00:38, FastEthernet0/0
20.0.0.0/24 is subnetted, 1 subnets
C 20.20.20.0 is directly connected, FastEthernet0/1
8.0.0.0/24 is subnetted, 1 subnets
B 8.8.8.0 [20/0] via 20.20.20.3, 00:00:10
10.0.0.0/24 is subnetted, 1 subnets
C 10.10.10.0 is directly connected, FastEthernet0/0

R1#show ip route 100.171.106.0
Routing entry for 100.171.106.0/24
Known via “eigrp 1”, distance 90, metric 30720, type internal
Redistributing via eigrp 1
Last update from 10.10.10.2 on FastEthernet0/0, 00:02:38 ago
Routing Descriptor Blocks:

* 10.10.10.2, from 10.10.10.2, 00:02:38 ago, via FastEthernet0/0
Route metric is 30720, traffic share count is 1
Total delay is 200 microseconds, minimum bandwidth is 100000 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 1

Please note that this can also cause asymmetric routing issues. Lets see the below example.

In the above topology we are modifying the AD at the R2 and thus following is the R2 configuration:

router ospf 1
log-adjacency-changes
summary-address 192.168.20.0 255.255.255.0
redistribute connected subnets
network 30.30.30.0 0.0.0.255 area 0
!
router bgp 2
no synchronization
bgp log-neighbor-changes
network 192.168.20.0
neighbor 20.20.20.1 remote-as 1
distance 200 0.0.0.0 255.255.255.255 1
no auto-summary

R2#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set

20.0.0.0/24 is subnetted, 1 subnets
C 20.20.20.0 is directly connected, FastEthernet0/0
O E2 192.168.10.0/24 [110/20] via 30.30.30.3, 01:22:57, FastEthernet0/1
C 192.168.20.0/24 is directly connected, Loopback0
10.0.0.0/24 is subnetted, 1 subnets
O E2 10.10.10.0 [110/20] via 30.30.30.3, 01:28:45, FastEthernet0/1
30.0.0.0/24 is subnetted, 1 subnets
C 30.30.30.0 is directly connected, FastEthernet0/1

R2#show ip bgp
BGP table version is 4, local router ID is 192.168.20.2
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
r> 192.168.10.0 20.20.20.1 0 1 3 i
*> 192.168.20.0 0.0.0.0 0 32768 i

R2#show ip bgp 192.168.10.0
BGP routing table entry for 192.168.10.0/24, version 4
Paths: (1 available, best #1, table Default-IP-Routing-Table, RIB-failure(17))
Not advertised to any peer
1 3
20.20.20.1 from 20.20.20.1 (20.20.20.1)
Origin IGP, localpref 100, valid, external, best

R2#traceroute 192.168.10.3
Type escape sequence to abort.
Tracing the route to 192.168.10.3

1 30.30.30.3 12 msec 28 msec 28 msec

On R3 we still see it preferring BGP route over IGP:

R3#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set

20.0.0.0/24 is subnetted, 1 subnets
O E2 20.20.20.0 [110/20] via 30.30.30.2, 01:33:45, FastEthernet0/1
C 192.168.10.0/24 is directly connected, Loopback0
B 192.168.20.0/24 [20/0] via 10.10.10.1, 01:27:13
10.0.0.0/24 is subnetted, 1 subnets
C 10.10.10.0 is directly connected, FastEthernet0/0
30.0.0.0/24 is subnetted, 1 subnets
C 30.30.30.0 is directly connected, FastEthernet0/1

R3#show ip bgp
BGP table version is 5, local router ID is 30.30.30.3
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*> 192.168.10.0 0.0.0.0 0 32768 i
*> 192.168.20.0 10.10.10.1 0 1 2 i

R3#show ip bgp
R3#show ip bgp 192.168.20.0
BGP routing table entry for 192.168.20.0/24, version 5
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Not advertised to any peer
1 2
10.10.10.1 from 10.10.10.1 (20.20.20.1)
Origin IGP, localpref 100, valid, external, best

R3#traceroute 192.168.20.2
Type escape sequence to abort.
Tracing the route to 192.168.20.2

1 10.10.10.1 28 msec 20 msec 16 msec
2 20.20.20.2 16 msec 20 msec 20 msec

You need to take care of asymmetric routing as this can be an issue for many applications.

  • Changing the BGP AD per address family.

 

By default, BGP has these distances:
External distance—20
Internal distance—200
Local distance—200

 

You can change the AD of all routes in the unicast, multicast or vrf address-family. This is done under the address-family section of the BGP process with the command, to change the default distance:

 

distance bgp <ebgp> <ibgp> <local routes>

 

This is not very scalable as all future BGP routes in that address-family will have their AD altered.
 Going back to our second topology, we see that the R2 router prefers BGP to reach to the network 192.168.10.0/24.

 

router bgp 2
no synchronization
bgp log-neighbor-changes
network 192.168.20.0
neighbor 20.20.20.1 remote-as 1
no auto-summary

 

R2#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set
20.0.0.0/24 is subnetted, 1 subnets
C 20.20.20.0 is directly connected, FastEthernet0/0
B 192.168.10.0/24 [20/0] via 20.20.20.1, 00:01:01
C 192.168.20.0/24 is directly connected, Loopback0
10.0.0.0/24 is subnetted, 1 subnets
O E2 10.10.10.0 [110/20] via 30.30.30.3, 17:41:21, FastEthernet0/1
30.0.0.0/24 is subnetted, 1 subnets
C 30.30.30.0 is directly connected, FastEthernet0/1

 

Lets modify the default ADs for the BGP routes.

 

R2(config-router)#distance bgp ?
<1-255> Distance for routes external to the AS
R2(config-router)#distance bgp 120 ?
<1-255> Distance for routes internal to the AS
R2(config-router)#distance bgp 120 220 ?
<1-255> Distance for local routes
R2(config-router)#distance bgp 120 220 210 ?
<cr>

R2(config-router)#distance bgp 120 220 210

 

router bgp 2
no synchronization
bgp log-neighbor-changes
network 192.168.20.0
neighbor 20.20.20.1 remote-as 1
distance bgp 120 220 210
no auto-summary
!

R2#show ip protocols
Routing Protocol is “bgp 2”
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
IGP synchronization is disabled
Automatic route summarization is disabled
Neighbor(s):
Address FiltIn FiltOut DistIn DistOut Weight RouteMap
20.20.20.1
Maximum path: 1
Routing Information Sources:
Gateway Distance Last Update
20.20.20.1 20 00:02:35
Distance: external 120 internal 220 local 210

R2#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set20.0.0.0/24 is subnetted, 1 subnets
C 20.20.20.0 is directly connected, FastEthernet0/0
O E2 192.168.10.0/24 [110/20] via 30.30.30.3, 00:04:55, FastEthernet0/1
C 192.168.20.0/24 is directly connected, Loopback0
10.0.0.0/24 is subnetted, 1 subnets
O E2 10.10.10.0 [110/20] via 30.30.30.3, 17:49:14, FastEthernet0/1
30.0.0.0/24 is subnetted, 1 subnets
C 30.30.30.0 is directly connected, FastEthernet0/1

 

R2#show ip bgp 192.168.10.0
BGP routing table entry for 192.168.10.0/24, version 3
Paths: (1 available, best #1, table Default-IP-Routing-Table, RIB-failure(17))
Not advertised to any peer
1 3
20.20.20.1 from 20.20.20.1 (20.20.20.1)
Origin IGP, localpref 100, valid, external, best

 

R2#show ip bgp rib-failure
Network Next Hop RIB-failure RIB-NH Matches
192.168.10.0 20.20.20.1 Higher admin distance n/a

 

  • Using the BGP Backdoor :

 

With BGP Backdoor, BGP treats that network as a locally assigned network and thus changes the AD from 20 to 200. However it does not advertise that specific network into the BGP updates.

 

network <network> mask <network mask> backdoor

 

Some useful information on the following link:

 

 

 

R2#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set
20.0.0.0/24 is subnetted, 1 subnets
C 20.20.20.0 is directly connected, FastEthernet0/0
192.168.10.0/32 is subnetted, 1 subnets
B 192.168.10.3 [20/0] via 20.20.20.1, 00:06:13
192.168.20.0/32 is subnetted, 1 subnets
C 192.168.20.2 is directly connected, Loopback0
30.0.0.0/24 is subnetted, 1 subnets
C 30.30.30.0 is directly connected, FastEthernet0/1

 

router bgp 2
no synchronization
bgp log-neighbor-changes
network 192.168.10.3 mask 255.255.255.255 backdoor
network 192.168.20.2 mask 255.255.255.255
neighbor 20.20.20.1 remote-as 1
no auto-summary

 

R2#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set20.0.0.0/24 is subnetted, 1 subnets
C 20.20.20.0 is directly connected, FastEthernet0/0
192.168.10.0/32 is subnetted, 1 subnets
O 192.168.10.3 [110/2] via 30.30.30.3, 00:00:32, FastEthernet0/1
192.168.20.0/32 is subnetted, 1 subnets
C 192.168.20.2 is directly connected, Loopback0
30.0.0.0/24 is subnetted, 1 subnets
C 30.30.30.0 is directly connected, FastEthernet0/1

 

R2#show ip bgp
BGP table version is 4, local router ID is 192.168.20.2
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
r> 192.168.10.3/32 20.20.20.1 0 1 3 i
*> 192.168.20.2/32 0.0.0.0 0 32768 i

 

R2#show ip bgp 192.168.10.3/32
BGP routing table entry for 192.168.10.3/32, version 4
Paths: (1 available, best #1, table Default-IP-Routing-Table, RIB-failure(17))
Not advertised to any peer
1 3
20.20.20.1 from 20.20.20.1 (20.20.20.1)
Origin IGP, localpref 100, valid, external, best

 

R2#show ip bgp rib-failure
Network Next Hop RIB-failure RIB-NH Matches
192.168.10.3/32 20.20.20.1 Higher admin distance n/a

 

  • Changing the AD of IGP :

 

We can also modify the AD of IGP to make it prefer  over BGP:

R2#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set
20.0.0.0/24 is subnetted, 1 subnets
C 20.20.20.0 is directly connected, FastEthernet0/0
192.168.10.0/32 is subnetted, 1 subnets
B 192.168.10.3 [20/0] via 20.20.20.1, 00:00:05
192.168.20.0/32 is subnetted, 1 subnets
C 192.168.20.2 is directly connected, Loopback0
30.0.0.0/24 is subnetted, 1 subnets
C 30.30.30.0 is directly connected, FastEthernet0/1

R2(config)#access-list 10 permit 192.168.10.0 0.0.0.255
R2(config)#router ospf 1
R2(config-router)#distan
R2(config-router)#distance 15 30.30.30.3 255.255.255.255 10

router ospf 1
log-adjacency-changes
redistribute connected
network 30.30.30.0 0.0.0.255 area 0
network 192.168.20.0 0.0.0.255 area 0
distance 15 0.0.0.0 255.255.255.255 10

R2#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set20.0.0.0/24 is subnetted, 1 subnets
C 20.20.20.0 is directly connected, FastEthernet0/0
192.168.10.0/32 is subnetted, 1 subnets
O 192.168.10.3 [15/2] via 30.30.30.3, 00:01:35, FastEthernet0/1
192.168.20.0/32 is subnetted, 1 subnets
C 192.168.20.2 is directly connected, Loopback0
30.0.0.0/24 is subnetted, 1 subnets
C 30.30.30.0 is directly connected, FastEthernet0/1

 

 

Thanks….

CCIE R&S v5.1 Written Topics

Cisco is changing the CCIE R&S Written Exam from July 25th 2016. Following is the related information and exam topics.

https://learningnetwork.cisco.com/community/certifications/ccie_routing_switching/written_exam_v5/exam-topics

Written Topics:
=============







10% 1.0 Network Principles
1.1 Network theory
1.1.a Describe basic software architecture differences between IOS and IOS XE
1.1.a (i) Control plane and Forwarding plane
1.1.a (ii) Impact to troubleshooting and performances
1.1.a (iii) Excluding specific platform’s architecture
1.1.b Identify Cisco express forwarding concepts
1.1.b (i) RIB, FIB, LFIB, Adjacency table
1.1.b (ii) Load balancing Hash
1.1.b (iii) Polarization concept and avoidance
1.1.c Explain general network challenges
1.1.c (i) Unicast flooding
1.1.c (ii) Out of order packets
1.1.c (iii) Asymmetric routing
1.1.c (iv) Impact of micro burst
1.1.d Explain IP operations
1.1.d (i) ICMP unreachable, redirect
1.1.d (ii) IPv4 options, IPv6 extension headers
1.1.d (iii) IPv4 and IPv6 fragmentation
1.1.d (iv) TTL
1.1.d (v) IP MTU
1.1.e Explain TCP operations
1.1.e (i) IPv4 and IPv6 PMTU
1.1.e (ii) MSS
1.1.e (iii) Latency
1.1.e (iv) Windowing
1.1.e (v) Bandwidth delay product
1.1.e (vi) Global synchronization
2015 Cisco Systems, Inc. This document is Cisco Public. Page 2
1.1.e (vii) Options
1.1.f Explain UDP operations
1.1.f (i) Starvation
1.1.f (ii) Latency
1.1.f (iii) RTP/RTCP concepts
1.2 Network implementation and operation
1.2.a Evaluate proposed changes to a network
1.2.a (i) Changes to routing protocol parameters
1.2.a (ii) Migrate parts of a network to IPv6
1.2.a (iii) Routing protocol migration
1.2.a (iv) Adding multicast support
1.2.a (v) Migrate spanning tree protocol
1.2.a (vi) Evaluate impact of new traffic on existing QoS design
1.3 Network troubleshooting
1.3.a Use IOS troubleshooting tools
1.3.a (i) debug, conditional debug
1.3.a (ii) ping, traceroute with extended options
1.3.a (iii) Embedded packet capture
1.3.a (iv) Performance monitor
1.3.b Apply troubleshooting methodologies
1.3.b (i) Diagnose the root cause of networking issue (analyze symptoms,
identify and describe root cause)
1.3.b (ii) Design and implement valid solutions according to constraints
1.3.b (iii) Verify and monitor resolution
1.3.c Interpret packet capture
1.3.c (i) Using Wireshark trace analyzer
1.3.c (ii) Using IOS embedded packet capture
13% 2.0 Layer 2 Technologies
2.1 LAN switching technologies
2.1.a Implement and troubleshoot switch administration
2.1.a (i) Managing MAC address table
2.1.a (ii) errdisable recovery
2.1.a (iii) L2 MTU
2.1.b Implement and troubleshoot layer 2 protocols
2.1.b (i) CDP, LLDP
2.1.b (ii) UDLD
2.1.c Implement and troubleshoot VLAN
2.1.c (i) Access ports
2.1.c (ii) VLAN database
2.1.c (iii) Normal, extended VLAN, voice VLAN
2.1.d Implement and troubleshoot trunking
2.1.d (i) VTPv1, VTPv2, VTPv3, VTP pruning
2.1.d (ii) dot1Q
2.1.d (iii) Native VLAN
2.1.d (iv) Manual pruning
2015 Cisco Systems, Inc. This document is Cisco Public. Page 3
2.1.e Implement and troubleshoot EtherChannel
2.1.e (i) LACP, PAgP, manual
2.1.e (ii) Layer 2, layer 3
2.1.e (iii) Load‐balancing
2.1.e (iv) Etherchannel misconfiguration guard
2.1.f Implement and troubleshoot spanning‐tree
2.1.f (i) PVST+/RPVST+/MST
2.1.f (ii) Switch priority, port priority, path cost, STP timers
2.1.f (iii) port fast, BPDUguard, BPDUfilter
2.1.f (iv) loopguard, rootguard
2.1.g Implement and troubleshoot other LAN switching technologies
2.1.g (i) SPAN, RSPAN, ERSPAN
2.1.h Describe chassis virtualization and aggregation technologies
2.1.h (i) Multichassis
2.1.h (ii) VSS concepts
2.1.h (iii) Alternative to STP
2.1.h (iv) Stackwise
2.1.h (v) Excluding specific platform implementation
2.1.i Describe spanning‐tree concepts
2.1.i (i) Compatibility between MST and RSTP
2.1.i (ii) STP dispute, STP bridge assurance
2.2 Layer 2 multicast
2.2.a Implement and troubleshoot IGMP
2.2.a (i) IGMPv1, IGMPv2, IGMPv3
2.2.a (ii) IGMP snooping
2.2.a (iii) IGMP querier
2.2.a (iv) IGMP filter
2.2.a (v) IGMP proxy
2.2.b Explain MLD
2.2.c Explain PIM snooping
2.3 Layer 2 WAN circuit technologies
2.3.a Implement and troubleshoot HDLC
2.3.b Implement and troubleshoot PPP
2.3.b (i) Authentication (PAP, CHAP)
2.3.b (ii) PPPoE
2.3.b (iii) MLPPP
2.3.c Describe WAN rate‐based ethernet circuits
2.3.c (i) Metro and WAN Ethernet topologies
2.3.c (ii) Use of rate‐limited WAN ethernet services
37% 3.0 Layer 3 Technologies
3.1 Addressing technologies
3.1.a Identify, implement and troubleshoot IPv4 addressing and subnetting
3.1.a (i) Address types, VLSM
3.1.a (ii) ARP
3.1.b Identify, implement and troubleshoot IPv6 addressing and subnetting
2015 Cisco Systems, Inc. This document is Cisco Public. Page 4
3.1.b (i) Unicast, multicast
3.1.b (ii) EUI‐64
3.1.b (iii) ND, RS/RA
3.1.b (iv) Autoconfig/SLAAC, temporary addresses (RFC4941)
3.1.b (v) Global prefix configuration feature
3.1.b (vi) DHCP protocol operations
3.1.b (vii) SLAAC/DHCPv6 interaction
3.1.b (viii) Stateful, stateless DHCPv6
3.1.b (ix) DHCPv6 prefix delegation
3.2 Layer 3 multicast
3.2.a Troubleshoot reverse path forwarding
3.2.a (i) RPF failure
3.2.a (ii) RPF failure with tunnel interface
3.2.b Implement and troubleshoot IPv4 protocol independent multicast
3.2.b (i) PIM dense mode, sparse mode, sparse‐dense mode
3.2.b (ii) Static RP, auto‐RP, BSR
3.2.b (iii) BiDirectional PIM
3.2.b (iv) Source‐specific multicast
3.2.b (v) Group to RP mapping
3.2.b (vi) Multicast boundary
3.2.c Implement and troubleshoot multicast source discovery protocol
3.2.c (i) Intra‐domain MSDP (anycast RP)
3.2.c (ii) SA filter
3.2.d Describe IPv6 multicast
3.2.d (i) IPv6 multicast addresses
3.2.d (ii) PIMv6
3.3 Fundamental routing concepts
3.3.a Implement and troubleshoot static routing
3.3.b Implement and troubleshoot default routing
3.3.c Compare routing protocol types
3.3.c (i) Distance vector
3.3.c (ii) Link state
3.3.c (iii) Path vector
3.3.d Implement, optimize and troubleshoot administrative distance
3.3.e Implement and troubleshoot passive interface
3.3.f Implement and troubleshoot VRF lite
3.3.g Implement, optimize and troubleshoot filtering with any routing protocol
3.3.h Implement, optimize and troubleshoot redistribution between any routing
protocol
3.3.i Implement, optimize and troubleshoot manual and auto summarization with
any routing protocol
3.3.j Implement, optimize and troubleshoot policy‐based routing
3.3.k Identify and troubleshoot sub‐optimal routing
3.3.l Implement and troubleshoot bidirectional forwarding detection
3.3.m Implement and troubleshoot loop prevention mechanisms
3.3.m (i) Route tagging, filtering
2015 Cisco Systems, Inc. This document is Cisco Public. Page 5
3.3.m (ii) Split horizon
3.3.m (iii) Route poisoning
3.3.n Implement and troubleshoot routing protocol authentication
3.3.n (i) MD5
3.3.n (ii) Key‐chain
3.3.n (iii) EIGRP HMAC SHA2‐256bit
3.3.n (iv) OSPFv2 SHA1‐196bit
3.3.n (v) OSPFv3 IPsec authentication
3.4 RIP (v2 and v6)
3.4.a Implement and troubleshoot RIPv2
3.4.b Describe RIPv6 (RIPng)
3.5 EIGRP (for IPv4 and IPv6)
3.5.a Describe packet types
3.5.a (i) Packet types (hello, query, update, and such)
3.5.a (ii) Route types (internal, external)
3.5.b Implement and troubleshoot neighbor relationship
3.5.b (i) Multicast, unicast EIGRP peering
3.5.b (ii) OTP point‐to‐point peering
3.5.b (iii) OTP route‐reflector peering
3.5.b (iv) OTP multiple service providers scenario
3.5.c Implement and troubleshoot loop free path selection
3.5.c (i) RD, FD, FC, successor, feasible successor
3.5.c (ii) Classic metric
3.5.c (iii) Wide metric
3.5.d Implement and troubleshoot operations
3.5.d (i) General operations
3.5.d (ii) Topology table, update, query, active, passive
3.5.d (iii) Stuck in active
3.5.d (iv) Graceful shutdown
3.5.e Implement and troubleshoot EIGRP stub
3.5.e (i) Stub
3.5.e (ii) Leak‐map
3.5.f Implement and troubleshoot load‐balancing
3.5.f (i) equal‐cost
3.5.f (ii) unequal‐cost
3.5.f (iii) add‐path
3.5.g Implement EIGRP (multi‐address) named mode
3.5.g (i) Types of families
3.5.g (ii) IPv4 address‐family
3.5.g (iii) IPv6 address‐family
3.5.h Implement, troubleshoot and optimize EIGRP convergence and scalability
3.5.h (i) Describe fast convergence requirements
3.5.h (ii) Control query boundaries
3.5.h (iii) IP FRR/fast reroute (single hop)
3.5.8 (iv) Summary leak‐map
3.5.h (v) Summary metric
2015 Cisco Systems, Inc. This document is Cisco Public. Page 6
3.6 OSPF (v2 and v3)
3.6.a Describe packet types
3.6.a (i) LSA yypes (1, 2, 3, 4, 5, 7, 9)
3.6.a (ii) Route types (N1, N2, E1, E2)
3.6.b Implement and troubleshoot neighbor relationship
3.6.c Implement and troubleshoot OSPFv3 address‐family support
3.6.c (i) IPv4 address‐family
3.6.c (ii) IPv6 address‐family
3.6.d Implement and troubleshoot network types, area types and router types
3.6.d (i) Point‐to‐point, multipoint, broadcast, non‐broadcast
3.6.d (ii) LSA types, area type: backbone, normal, transit, stub, NSSA, totally
stub
3.6.d (iii) Internal router, ABR, ASBR
3.6.d (iv) Virtual link
3.6.e Implement and troubleshoot path preference
3.6.f Implement and troubleshoot operations
3.6.f (i) General operations
3.6.f (ii) Graceful shutdown
3.6.f (iii) GTSM (Generic TTL Security Mechanism)
3.6.g Implement, troubleshoot and optimize OSPF convergence and scalability
3.6.g (i) Metrics
3.6.g (ii) LSA throttling, SPF tuning, fast hello
3.6.g (iii) LSA propagation control (area types, ISPF)
3.6.g (iv) IP FRR/fast reroute (single hop)
3.6.g (v) LFA/loop‐free alternative (multi hop)
3.6.g (vi) OSPFv3 prefix suppression
3.7 BGP
3.7.a Describe, implement and troubleshoot peer relationships
3.7.a (i) Peer‐group, template
3.7.a (ii) Active, passive
3.7.a (iii) States, timers
3.7.a (iv) Dynamic neighbors
3.7.b Implement and troubleshoot IBGP and EBGP
3.7.b (i) EBGP, IBGP
3.7.b (ii) 4 bytes AS number
3.7.b (iii) Private AS
3.7.c Explain attributes and best‐path selection
3.7.d Implement, optimize and troubleshoot routing policies
3.7.d (i) Attribute manipulation
3.7.d (ii) Conditional advertisement
3.7.d (iii) Outbound route filtering
3.7.d (iv) Communities, extended communities
3.7.d (v) Multi‐homing
3.7.e Implement and troubleshoot scalability
3.7.e (i) Route‐reflector, cluster
3.7.e (ii) Confederations
2015 Cisco Systems, Inc. This document is Cisco Public. Page 7
3.7.e (iii) Aggregation, AS set
3.7.f Implement and troubleshoot multiproctocol BGP
3.7.f (i) IPv4, IPv6, VPN address‐family
3.7.g Implement and troubleshoot AS path manipulations
3.7.g (i) Local AS, allow AS in, remove private AS
3.7.g (ii) Prepend
3.7.g (iii) Regexp
3.7.h Implement and troubleshoot other features
3.7.h (i) Multipath
3.7.h (ii) BGP synchronization
3.7.h (iii) Soft reconfiguration, route refresh
3.7.i Describe BGP fast convergence features
3.7.i (i) Prefix independent convergence
3.7.i (ii) Add‐path
3.7.i (iii) Next‐hop address tracking
3.8 ISIS (for IPv4 and IPv6)
3.8.a Describe basic ISIS network
3.8.a (i) Single area, single topology
3.8.b Describe neighbor relationship
3.8.c Describe network types, levels and router types
3.8.c (i) NSAP addressing
3.8.c (ii) Point‐to‐point, broadcast
3.8.d Describe operations
3.8.e Describe optimization features
3.8.e (i) Metrics, wide metric
13% 4.0 VPN Technologies
4.1 Tunneling
4.1.a Implement and troubleshoot MPLS operations
4.1.a (i) Label stack, LSR, LSP
4.1.a (ii) LDP
4.1.a (iii) MPLS ping, MPLS traceroute
4.1.b Implement and troubleshoot basic MPLS L3VPN
4.1.b (i) L3VPN, CE, PE, P
4.1.b (ii) Extranet (route leaking)
4.1.c Implement and troubleshoot encapsulation
4.1.c (i) GRE
4.1.c (ii) Dynamic GRE
4.1.c (iii) LISP encapsulation principles supporting EIGRP OTP
4.1.d Implement and troubleshoot DMVPN (single hub)
4.1.d (i) NHRP
4.1.d (ii) DMVPN with IPsec using preshared key
4.1.d (iii) QoS profile
4.1.d (iv) Pre‐classify
4.1.e Describe IPv6 tunneling techniques
4.1.e (i) 6in4, 6to4
4.1.e (ii) ISATAP
2015 Cisco Systems, Inc. This document is Cisco Public. Page 8
4.1.e (iii) 6RD
4.1.e (iv) 6PE/6VPE
4.1.g Describe basic layer 2 VPN —wireline
4.1.g (i) L2TPv3 general principals
4.1.g (ii) ATOM general principals
4.1.h Describe basic L2VPN — LAN services
4.1.h (i) MPLS‐VPLS general principals
4.1.h (ii) OTV general principals
4.2 Encryption
4.2.a Implement and troubleshoot IPsec with preshared key
4.2.a (i) IPv4 site to IPv4 site
4.2.a (ii) IPv6 in IPv4 tunnels
4.2.a (iii) Virtual tunneling Interface (VTI)
4.2.b Describe GET VPN
5% 5.0 Infrastructure Security
5.1 Device security
5.1.a Implement and troubleshoot IOS AAA using local database
5.1.b Implement and troubleshoot device access control
5.1.b (i) Lines (VTY, AUX, console)
5.1.b (ii) SNMP
5.1.b (iii) Management plane protection
5.1.b (iv) Password encryption
5.1.c Implement and troubleshoot control plane policing
5.1.d Describe device security using IOS AAA with TACACS+ and RADIUS
5.1.d (i) AAA with TACACS+ and RADIUS
5.1.d (ii) Local privilege authorization fallback
5.2 Network security
5.2.a Implement and troubleshoot switch security features
5.2.a (i) VACL, PACL
5.2.a (ii) Stormcontrol
5.2.a (iii) DHCP snooping
5.2.a (iv) IP source‐guard
5.2.a (v) Dynamic ARP inspection
5.2.a (vi) port‐security
5.2.a (vii) Private VLAN
5.2.b Implement and troubleshoot router security features
5.2.b (i) IPv4 access control lists (standard, extended, time‐based)
5.2.b (ii) IPv6 traffic filter
5.2.b (iii) Unicast reverse path forwarding
5.2.c Implement and troubleshoot IPv6 first hop security
5.2.c (i) RA guard
5.2.c (ii) DHCP guard
5.2.c (iii) Binding table
5.2.c (iv) Device tracking
5.2.c (v) ND inspection/snooping
2015 Cisco Systems, Inc. This document is Cisco Public. Page 9
5.2.c (vii) Source guard
5.2.c (viii) PACL
5.2.d Describe 802.1x
5.2.d (i) 802.1x, EAP, RADIUS
5.2.d (ii) MAC authentication bypass
12% 6.0 Infrastructure Services
6.1 System management
6.1.a Implement and troubleshoot device management
6.1.a (i) Console and VTY
6.1.a (ii) telnet, HTTP, HTTPS, SSH, SCP
6.1.a (iii) (T)FTP
6.1.b Implement and troubleshoot SNMP
6.1.b (i) v2c, v3
6.1.c Implement and troubleshoot logging
6.1.c (i) Local logging, syslog, debug, conditional debug
6.1.c (ii) Timestamp
6.2 Quality of service
6.2.a Implement and troubleshoot end‐to‐end QoS
6.2.a (i) CoS and DSCP mapping
6.2.b Implement, optimize and troubleshoot QoS using MQC
6.2.b (i) Classification
6.2.b (ii) Network based application recognition (NBAR)
6.2.b (iii) Marking using IP precedence, DSCP, CoS, ECN
6.2.b (iv) Policing, shaping
6.2.b (v) Congestion management (queuing)
6.2.b (vi) HQoS, sub‐rate ethernet link
6.2.b (vii) Congestion avoidance (WRED)
6.2.c Describe layer 2 QoS
6.2.c (i) Queuing, scheduling
6.2.c (ii) Classification, marking
6.3 Network services
6.3.a Implement and troubleshoot first‐hop redundancy protocols
6.3.a (i) HSRP, GLBP, VRRP
6.3.a (ii) Redundancy using IPv6 RS/RA
6.3.b Implement and troubleshoot network time protocol
6.3.b (i) NTP master, client, version 3, version 4
6.3.b (ii) NTP Authentication
6.3.c Implement and troubleshoot IPv4 and IPv6 DHCP
6.3.c (i) DHCP client, IOS DHCP server, DHCP relay
6.3.c (ii) DHCP options
6.3.c (iii) DHCP protocol operations
6.3.c (iv) SLAAC/DHCPv6 interaction
6.3.c (v) Stateful, stateless DHCPv6
6.3.c (vi) DHCPv6 prefix delegation
6.3.d Implement and troubleshoot IPv4 network address translation
2015 Cisco Systems, Inc. This document is Cisco Public. Page 10
6.3.d (i) Static NAT, dynamic NAT, policy‐based NAT, PAT
6.3.d (ii) NAT ALG
6.3.e Describe IPv6 network address translation
6.3.e (i) NAT64
6.3.e (ii) NPTv6
6.4 Network optimization
6.4.a Implement and troubleshoot IP SLA
6.4.a (i) ICMP, UDP, Jitter, VoIP
6.4.b Implement and troubleshoot tracking object
6.4.b (i) Tracking object, tracking list
6.4.b (ii) Tracking different entities (e.g. interfaces, routes, IPSLA, and such)
6.4.c Implement and troubleshoot netflow
6.4.c (i) Netflow v5, v9
6.4.c (ii) Local retrieval
6.4.c (iii) Export (configuration only)
6.4.d Implement and troubleshoot embedded event manager
6.4.d (i) EEM policy using applet
6.4.e Identify performance routing (PfR)
6.4.e (i) Basic load balancing
6.4.e (ii) Voice optimization
10% 7.0 Evolving Technologies
7.1 Cloud
7.1.a Compare and contrast Cloud deployment models
7.1.a (i) Infrastructure, platform, and software services (XaaS)
7.1.a (ii) Performance and reliability
7.1.a (iii) Security and privacy
7.1.a (iv) Scalability and interoperability
7.1.b Describe Cloud implementations and operations
7.1.b (i) Automation and orchestration
7.1.b (ii) Workload mobility
7.1.b (iii) Troubleshooting and management
7.1.b (iv) OpenStack components
7.2 Network programmability (SDN)
7.2.a Describe functional elements of network programmability (SDN) and how they
interact
7.2.a (i) Controllers
7.2.a (ii) APIs
7.2.a (iii) Scripting
7.2.a (iv) Agents
7.2.a (v) Northbound vs. Southbound protocols
7.2.b Describe aspects of virtualization and automation in network environments
7.2.b (i) DevOps methodologies, tools and workflows
7.2.b (ii) Network/application function virtualization (NFV, AFV)
2015 Cisco Systems, Inc. This document is Cisco Public. Page 11
7.2.b (iii) Service function chaining
7.2.b (iv) Performance, availability, and scaling considerations
7.3 Internet of Things
7.3.a Describe architectural framework and deployment considerations for Internet of
Things (IoT)
7.3.a (i) Performance, reliability and scalability
7.3.a (ii) Mobility
7.3.a (iii) Security and privacy
7.3.a (iv) Standards and compliance
7.3.a (v) Migration
7.3.a (vi) Environmental impacts on the network

Thanks…

CCIE R&S v5.0 Written and Lab Topics

With effect from July 26th 2016 Cisco is changing the CCIE R&S Exam.

Following is the list of existing topics for the 5.0 version. Next post will follow the 5.1 topics.

 

https://learningnetwork.cisco.com/community/certifications/ccie_routing_switching/written_exam_v5/exam-topics

https://learningnetwork.cisco.com/community/certifications/ccie_routing_switching/lab_exam_v5/exam-topics

 

Written Topics:
============





10% 1.0 Network Principles
1.1 Network theory
1.1.a Describe basic software architecture differences between IOS and IOS XE
1.1.a (i) Control plane and Forwarding plane
1.1.a (ii) Impact to troubleshooting and performances
1.1.a (iii) Excluding specific platform’s architecture
1.1.b Identify Cisco express forwarding concepts
1.1.b (i) RIB, FIB, LFIB, Adjacency table
1.1.b (ii) Load balancing Hash
1.1.b (iii) Polarization concept and avoidance
1.1.c Explain general network challenges
1.1.c (i) Unicast flooding
1.1.c (ii) Out of order packets
1.1.c (iii) Asymmetric routing
1.1.c (iv) Impact of micro burst
1.1.d Explain IP operations
1.1.d (i) ICMP unreachable, redirect
1.1.d (ii) IPv4 options, IPv6 extension headers
1.1.d (iii) IPv4 and IPv6 fragmentation
1.1.d (iv) TTL
1.1.d (v) IP MTU
1.1.e Explain TCP operations
1.1.e (i) IPv4 and IPv6 PMTU
1.1.e (ii) MSS
2013 Cisco Systems, Inc. This document is Cisco Public. Page 2
1.1.e (iii) Latency
1.1.e (iv) Windowing
1.1.e (v) Bandwidth delay product
1.1.e (vi) Global synchronization
1.1.e (vii) Options
1.1.f Explain UDP operations
1.1.f (i) Starvation
1.1.f (ii) Latency
1.1.f (iii) RTP/RTCP concepts
1.2 Network implementation and operation
1.2.a Evaluate proposed changes to a network
1.2.a (i) Changes to routing protocol parameters
1.2.a (ii) Migrate parts of a network to IPv6
1.2.a (iii) Routing protocol migration
1.2.a (iv) Adding multicast support
1.2.a (v) Migrate spanning tree protocol
1.2.a (vi) Evaluate impact of new traffic on existing QoS design
1.3 Network troubleshooting
1.3.a Use IOS troubleshooting tools
1.3.a (i) debug, conditional debug
1.3.a (ii) ping, traceroute with extended options
1.3.a (iii) Embedded packet capture
1.3.a (iv) Performance monitor
1.3.b Apply troubleshooting methodologies
1.3.b (i) Diagnose the root cause of networking issue (analyze symptoms, identify and describe root cause)
1.3.b (ii) Design and implement valid solutions according to constraints
1.3.b (iii) Verify and monitor resolution
1.3.c Interpret packet capture
1.3.c (i) Using Wireshark trace analyzer
1.3.c (ii) Using IOS embedded packet capture
15% 2.0 Layer 2 Technologies
2.1 LAN switching technologies
2.1.a Implement and troubleshoot switch administration
2.1.a (i) Managing MAC address table
2.1.a (ii) errdisable recovery
2.1.a (iii) L2 MTU
2.1.b Implement and troubleshoot layer 2 protocols
2.1.b (i) CDP, LLDP
2.1.b (ii) UDLD
2013 Cisco Systems, Inc. This document is Cisco Public. Page 3
2.1.c Implement and troubleshoot VLAN
2.1.c (i) Access ports
2.1.c (ii) VLAN database
2.1.c (iii) Normal, extended VLAN, voice VLAN
2.1.d Implement and troubleshoot trunking
2.1.d (i) VTPv1, VTPv2, VTPv3, VTP pruning
2.1.d (ii) dot1Q
2.1.d (iii) Native VLAN
2.1.d (iv) Manual pruning
2.1.e Implement and troubleshoot EtherChannel
2.1.e (i) LACP, PAgP, manual
2.1.e (ii) Layer 2, layer 3
2.1.e (iii) Load-balancing
2.1.e (iv) Etherchannel misconfiguration guard
2.1.f Implement and troubleshoot spanning-tree
2.1.f (i) PVST+/RPVST+/MST
2.1.f (ii) Switch priority, port priority, path cost, STP timers
2.1.f (iii) port fast, BPDUguard, BPDUfilter
2.1.f (iv) loopguard, rootguard
2.1.g Implement and troubleshoot other LAN switching technologies
2.1.g (i) SPAN, RSPAN, ERSPAN
2.1.h Describe chassis virtualization and aggregation technologies
2.1.h (i) Multichassis
2.1.h (ii) VSS concepts
2.1.h (iii) Alternative to STP
2.1.h (iv) Stackwise
2.1.h (v) Excluding specific platform implementation
2.1.i Describe spanning-tree concepts
2.1.i (i) Compatibility between MST and RSTP
2.1.i (ii) STP dispute, STP bridge assurance
2.2 Layer 2 multicast
2.2.a Implement and troubleshoot IGMP
2.2.a (i) IGMPv1, IGMPv2, IGMPv3
2.2.a (ii) IGMP snooping
2.2.a (iii) IGMP querier
2.2.a (iv) IGMP filter
2.2.a (v) IGMP proxy
2.2.b Explain MLD
2.2.c Explain PIM snooping
2013 Cisco Systems, Inc. This document is Cisco Public. Page 4
2.3 Layer 2 WAN circuit technologies
2.3.a Implement and troubleshoot HDLC
2.3.b Implement and troubleshoot PPP
2.3.b (i) Authentication (PAP, CHAP)
2.3.b (ii) PPPoE
2.3.b (iii) MLPPP
2.3.c Describe WAN rate-based ethernet circuits
2.3.c (i) Metro and WAN Ethernet topologies
2.3.c (ii) Use of rate-limited WAN ethernet services
40% 3.0 Layer 3 Technologies
3.1 Addressing technologies
3.1.a Identify, implement and troubleshoot IPv4 addressing and subnetting
3.1.a (i) Address types, VLSM
3.1.a (ii) ARP
3.1.b Identify, implement and troubleshoot IPv6 addressing and subnetting
3.1.b (i) Unicast, multicast
3.1.b (ii) EUI-64
3.1.b (iii) ND, RS/RA
3.1.b (iv) Autoconfig/SLAAC, temporary addresses (RFC4941)
3.1.b (v) Global prefix configuration feature
3.1.b (vi) DHCP protocol operations
3.1.b (vii) SLAAC/DHCPv6 interaction
3.1.b (viii) Stateful, stateless DHCPv6
3.1.b (ix) DHCPv6 prefix delegation
3.2 Layer 3 multicast
3.2.a Troubleshoot reverse path forwarding
3.2.a (i) RPF failure
3.2.a (ii) RPF failure with tunnel interface
3.2.b Implement and troubleshoot IPv4 protocol independent multicast
3.2.b (i) PIM dense mode, sparse mode, sparse-dense mode
3.2.b (ii) Static RP, auto-RP, BSR
3.2.b (iii) BiDirectional PIM
3.2.b (iv) Source-specific multicast
3.2.b (v) Group to RP mapping
3.2.b (vi) Multicast boundary
3.2.c Implement and troubleshoot multicast source discovery protocol
3.2.c (i) Intra-domain MSDP (anycast RP)
3.2.c (ii) SA filter
3.2.d Describe IPv6 multicast
3.2.d (i) IPv6 multicast addresses
2013 Cisco Systems, Inc. This document is Cisco Public. Page 5
3.2.d (ii) PIMv6
3.3 Fundamental routing concepts
3.3.a Implement and troubleshoot static routing
3.3.b Implement and troubleshoot default routing
3.3.c Compare routing protocol types
3.3.c (i) Distance vector
3.3.c (ii) Link state
3.3.c (iii) Path vector
3.3.d Implement, optimize and troubleshoot administrative distance
3.3.e Implement and troubleshoot passive interface
3.3.f Implement and troubleshoot VRF lite
3.3.g Implement, optimize and troubleshoot filtering with any routing protocol
3.3.h Implement, optimize and troubleshoot redistribution between any routing protocol
3.3.i Implement, optimize and troubleshoot manual and auto summarization with any routing protocol
3.3.j Implement, optimize and troubleshoot policy-based routing
3.3.k Identify and troubleshoot sub-optimal routing
3.3.l Implement and troubleshoot bidirectional forwarding detection
3.3.m Implement and troubleshoot loop prevention mechanisms
3.3.m (i) Route tagging, filtering
3.3.m (ii) Split horizon
3.3.m (iii) Route poisoning
3.3.n Implement and troubleshoot routing protocol authentication
3.3.n (i) MD5
3.3.n (ii) Key-chain
3.3.n (iii) EIGRP HMAC SHA2-256bit
3.3.n (iv) OSPFv2 SHA1-196bit
3.3.n (v) OSPFv3 IPsec authentication
3.4 RIP (v2 and v6)
3.4.a Implement and troubleshoot RIPv2
3.4.b Describe RIPv6 (RIPng)
2013 Cisco Systems, Inc. This document is Cisco Public. Page 6
3.5 EIGRP (for IPv4 and IPv6)
3.5.a Describe packet types
3.5.a (i) Packet types (hello, query, update, and such)
3.5.a (ii) Route types (internal, external)
3.5.b Implement and troubleshoot neighbor relationship
3.5.b (i) Multicast, unicast EIGRP peering
3.5.b (ii) OTP point-to-point peering
3.5.b (iii) OTP route-reflector peering
3.5.b (iv) OTP multiple service providers scenario
3.5.c Implement and troubleshoot loop free path selection
3.5.c (i) RD, FD, FC, successor, feasible successor
3.5.c (ii) Classic metric
3.5.c (iii) Wide metric
3.5.d Implement and troubleshoot operations
3.5.d (i) General operations
3.5.d (ii) Topology table, update, query, active, passive
3.5.d (iii) Stuck in active
3.5.d (iv) Graceful shutdown
3.5.e Implement and troubleshoot EIGRP stub
3.5.e (i) Stub
3.5.e (ii) Leak-map
3.5.f Implement and troubleshoot load-balancing
3.5.f (i) equal-cost
3.5.f (ii) unequal-cost
3.5.f (iii) add-path
3.5.g Implement EIGRP (multi-address) named mode
3.5.g (i) Types of families
3.5.g (ii) IPv4 address-family
3.5.g (iii) IPv6 address-family
3.5.h Implement, troubleshoot and optimize EIGRP convergence and scalability
3.5.h (i) Describe fast convergence requirements
3.5.h (ii) Control query boundaries
3.5.h (iii) IP FRR/fast reroute (single hop)
3.5.8 (iv) Summary leak-map
3.5.h (v) Summary metric
3.6 OSPF (v2 and v3)
3.6.a Describe packet types
3.6.a (i) LSA yypes (1, 2, 3, 4, 5, 7, 9)
3.6.a (ii) Route types (N1, N2, E1, E2)
2013 Cisco Systems, Inc. This document is Cisco Public. Page 7
3.6.b Implement and troubleshoot neighbor relationship
3.6.c Implement and troubleshoot OSPFv3 address-family support
3.6.c (i) IPv4 address-family
3.6.c (ii) IPv6 address-family
3.6.d Implement and troubleshoot network types, area types and router types
3.6.d (i) Point-to-point, multipoint, broadcast, non-broadcast
3.6.d (ii) LSA types, area type: backbone, normal, transit, stub, NSSA, totally stub
3.6.d (iii) Internal router, ABR, ASBR
3.6.d (iv) Virtual link
3.6.e Implement and troubleshoot path preference
3.6.f Implement and troubleshoot operations
3.6.f (i) General operations
3.6.f (ii) Graceful shutdown
3.6.f (iii) GTSM (Generic TTL Security Mechanism)
3.6.g Implement, troubleshoot and optimize OSPF convergence and scalability
3.6.g (i) Metrics
3.6.g (ii) LSA throttling, SPF tuning, fast hello
3.6.g (iii) LSA propagation control (area types, ISPF)
3.6.g (iv) IP FRR/fast reroute (single hop)
3.6.g (v) LFA/loop-free alternative (multi hop)
3.6.g (vi) OSPFv3 prefix suppression
3.7 BGP
3.7.a Describe, implement and troubleshoot peer relationships
3.7.a (i) Peer-group, template
3.7.a (ii) Active, passive
3.7.a (iii) States, timers
3.7.a (iv) Dynamic neighbors
3.7.b Implement and troubleshoot IBGP and EBGP
3.7.b (i) EBGP, IBGP
3.7.b (ii) 4 bytes AS number
3.7.b (iii) Private AS
3.7.c Explain attributes and best-path selection
3.7.d Implement, optimize and troubleshoot routing policies
3.7.d (i) Attribute manipulation
3.7.d (ii) Conditional advertisement
3.7.d (iii) Outbound route filtering
3.7.d (iv) Communities, extended communities
3.7.d (v) Multi-homing
2013 Cisco Systems, Inc. This document is Cisco Public. Page 8
3.7.e Implement and troubleshoot scalability
3.7.e (i) Route-reflector, cluster
3.7.e (ii) Confederations
3.7.e (iii) Aggregation, AS set
3.7.f Implement and troubleshoot multiprotocol BGP
3.7.f (i) IPv4, IPv6, VPN address-family
3.7.g Implement and troubleshoot AS path manipulations
3.7.g (i) Local AS, allow AS in, remove private AS
3.7.g (ii) Prepend
3.7.g (iii) Regexp
3.7.h Implement and troubleshoot other features
3.7.h (i) Multipath
3.7.h (ii) BGP synchronization
3.7.h (iii) Soft reconfiguration, route refresh
3.7.i Describe BGP fast convergence features
3.7.i (i) Prefix independent convergence
3.7.i (ii) Add-path
3.7.i (iii) Next-hop address tracking
3.8 ISIS (for IPv4 and IPv6)
3.8.a Describe basic ISIS network
3.8.a (i) Single area, single topology
3.8.b Describe neighbor relationship
3.8.c Describe network types, levels and router types
3.8.c (i) NSAP addressing
3.8.c (ii) Point-to-point, broadcast
3.8.d Describe operations
3.8.e Describe optimization features
3.8.e (i) Metrics, wide metric
15% 4.0 VPN Technologies
4.1 Tunneling
4.1.a Implement and troubleshoot MPLS operations
4.1.a (i) Label stack, LSR, LSP
4.1.a (ii) LDP
4.1.a (iii) MPLS ping, MPLS traceroute
4.1.b Implement and troubleshoot basic MPLS L3VPN
4.1.b (i) L3VPN, CE, PE, P
2013 Cisco Systems, Inc. This document is Cisco Public. Page 9
4.1.b (ii) Extranet (route leaking)
4.1.c Implement and troubleshoot encapsulation
4.1.c (i) GRE
4.1.c (ii) Dynamic GRE
4.1.c (iii) LISP encapsulation principles supporting EIGRP OTP
4.1.d Implement and troubleshoot DMVPN (single hub)
4.1.d (i) NHRP
4.1.d (ii) DMVPN with IPsec using pre-shared key
4.1.d (iii) QoS profile
4.1.d (iv) Pre-classify
4.1.e Describe IPv6 tunneling techniques
4.1.e (i) 6in4, 6to4
4.1.e (ii) ISATAP
4.1.e (iii) 6RD
4.1.e (iv) 6PE/6VPE
4.1.g Describe basic layer 2 VPN —wireline
4.1.g (i) L2TPv3 general principals
4.1.g (ii) ATOM general principals
4.1.h Describe basic L2VPN — LAN services
4.1.h (i) MPLS-VPLS general principals
4.1.h (ii) OTV general principals
4.2 Encryption
4.2.a Implement and troubleshoot IPsec with pre-shared key
4.2.a (i) IPv4 site to IPv4 site
4.2.a (ii) IPv6 in IPv4 tunnels
4.2.a (iii) Virtual tunneling Interface (VTI)
4.2.b Describe GET VPN
5% 5.0 Infrastructure Security
5.1 Device security
5.1.a Implement and troubleshoot IOS AAA using local database
5.1.b Implement and troubleshoot device access control
5.1.b (i) Lines (VTY, AUX, console)
5.1.b (ii) SNMP
5.1.b (iii) Management plane protection
5.1.b (iv) Password encryption
5.1.c Implement and troubleshoot control plane policing
5.1.d Describe device security using IOS AAA with TACACS+ and RADIUS
2013 Cisco Systems, Inc. This document is Cisco Public. Page 10
5.1.d (i) AAA with TACACS+ and RADIUS
5.1.d (ii) Local privilege authorization fallback
5.2 Network security
5.2.a Implement and troubleshoot switch security features
5.2.a (i) VACL, PACL
5.2.a (ii) Stormcontrol
5.2.a (iii) DHCP snooping
5.2.a (iv) IP source-guard
5.2.a (v) Dynamic ARP inspection
5.2.a (vi) port-security
5.2.a (vii) Private VLAN
5.2.b Implement and troubleshoot router security features
5.2.b (i) IPv4 access control lists (standard, extended, time-based)
5.2.b (ii) IPv6 traffic filter
5.2.b (iii) Unicast reverse path forwarding
5.2.c Implement and troubleshoot IPv6 first hop security
5.2.c (i) RA guard
5.2.c (ii) DHCP guard
5.2.c (iii) Binding table
5.2.c (iv) Device tracking
5.2.c (v) ND inspection/snooping
5.2.c (vii) Source guard
5.2.c (viii) PACL
5.2.d Describe 802.1x
5.2.d (i) 802.1x, EAP, RADIUS
5.2.d (ii) MAC authentication bypass
15% 6.0 Infrastructure Services
6.1 System management
6.1.a Implement and troubleshoot device management
6.1.a (i) Console and VTY
6.1.a (ii) telnet, HTTP, HTTPS, SSH, SCP
6.1.a (iii) (T)FTP
6.1.b Implement and troubleshoot SNMP
6.1.b (i) v2c, v3
6.1.c Implement and troubleshoot logging
6.1.c (i) Local logging, syslog, debug, conditional debug
6.1.c (ii) Timestamp
6.2 Quality of service
6.2.a Implement and troubleshoot end-to-end QoS
6.2.a (i) CoS and DSCP mapping
2013 Cisco Systems, Inc. This document is Cisco Public. Page 11
6.2.b Implement, optimize and troubleshoot QoS using MQC
6.2.b (i) Classification
6.2.b (ii) Network based application recognition (NBAR)
6.2.b (iii) Marking using IP precedence, DSCP, CoS, ECN
6.2.b (iv) Policing, shaping
6.2.b (v) Congestion management (queuing)
6.2.b (vi) HQoS, sub-rate ethernet link
6.2.b (vii) Congestion avoidance (WRED)
6.2.c Describe layer 2 QoS
6.2.c (i) Queuing, scheduling
6.2.c (ii) Classification, marking
6.3 Network services
6.3.a Implement and troubleshoot first-hop redundancy protocols
6.3.a (i) HSRP, GLBP, VRRP
6.3.a (ii) Redundancy using IPv6 RS/RA
6.3.b Implement and troubleshoot network time protocol
6.3.b (i) NTP master, client, version 3, version 4
6.3.b (ii) NTP Authentication
6.3.c Implement and troubleshoot IPv4 and IPv6 DHCP
6.3.c (i) DHCP client, IOS DHCP server, DHCP relay
6.3.c (ii) DHCP options
6.3.c (iii) DHCP protocol operations
6.3.c (iv) SLAAC/DHCPv6 interaction
6.3.c (v) Stateful, stateless DHCPv6
6.3.c (vi) DHCPv6 prefix delegation
6.3.d Implement and troubleshoot IPv4 network address translation
6.3.d (i) Static NAT, dynamic NAT, policy-based NAT, PAT
6.3.d (ii) NAT ALG
6.3.e Describe IPv6 network address translation
6.3.e (i) NAT64
6.3.e (ii) NPTv6
6.4 Network optimization
6.4.a Implement and troubleshoot IP SLA
6.4.a (i) ICMP, UDP, Jitter, VoIP
6.4.b Implement and troubleshoot tracking object
6.4.b (i) Tracking object, tracking list
6.4.b (ii) Tracking different entities (e.g. interfaces, routes, IPSLA, and such)
6.4.c Implement and troubleshoot netflow
2013 Cisco Systems, Inc. This document is Cisco Public. Page 12
6.4.c (i) Netflow v5, v9
6.4.c (ii) Local retrieval
6.4.c (iii) Export (configuration only)
6.4.d Implement and troubleshoot embedded event manager
6.4.d (i) EEM policy using applet
6.4.e Identify performance routing (PfR)
6.4.e (i) Basic load balancing
6.4.e (ii) Voice optimization

 

LAB Topics:
==========
 
 
 
20% 1.0 Layer 2 Technologies
1.1 LAN switching technologies
1.1.a Implement and troubleshoot switch administration
1.1.a (i) Managing MAC address table
1.1.a (ii) errdisable recovery
1.1.a (iii) L2 MTU
1.1.b Implement and troubleshoot layer 2 protocols
1.1.b (i) CDP, LLDP
1.1.b (ii) UDLD
1.1.c Implement and troubleshoot VLAN
1.1.c (i) access ports
1.1.c (ii) VLAN database
1.1.c (iii) normal, extended VLAN, voice VLAN
1.1.d Implement and troubleshoot trunking
1.1.d (i) VTPv1, VTPv2, VTPv3, VTP pruning
1.1.d (ii) dot1Q
1.1.d (iii) Native VLAN
1.1.d (iv) Manual pruning
1.1.e Implement and troubleshoot etherchannel
1.1.e (i) LACP, PAgP, manual
1.1.e (ii) layer 2, layer 3
1.1.e (iii) load-balancing
1.1.e (iv) etherchannel misconfiguration guard
1.1.f Implement and troubleshoot spanning-tree
1.1.f (i) PVST+/RPVST+/MST
1.1.f (ii) switch priority, port priority, path cost, STP timers
1.1.f (iii) port fast, BPDUguard, BPDUfilter
1.1.f (iv) loopguard, rootguard
1.1.g Implement and troubleshoot other LAN switching technologies
2013 Cisco Systems, Inc. This document is Cisco Public. Page 2
1.1.g (i) SPAN, RSPAN, ERSPAN
1.2 Layer 2 Multicast
1.2.a Implement and troubleshoot IGMP
1.2.a (I) IGMPv1, IGMPv2, IGMPv3
1.2.a (ii) IGMP snooping
1.2.a (iii) IGMP querier
1.2.a (iv) IGMP filter
1.2.a (v) IGMP proxy
1.3 Layer 2 WAN circuit technologies
1.3.a Implement and troubleshoot HDLC
1.3.b Implement and troubleshoot PPP
1.3.b (i) authentication (PAP, CHAP)
1.3.b (ii) PPPoE
1.3.b (iii) MLPPP
1.4 Troubleshooting layer 2 technologies
1.4.a Use IOS troubleshooting tools
1.4.a (i) debug, conditional debug
1.4.a (ii) ping, traceroute with extended options
1.4.a (iii) Embedded packet capture
1.4.b Apply troubleshooting methodologies
1.4.b (i) Diagnose the root cause of networking issue (analyze symptoms, identify and describe root cause)
1.4.b (ii) Design and implement valid solutions according to constraints
1.4.b (iii) Verify and monitor resolution
1.4.c Interpret packet capture
1.4.c (i) Using wireshark trace analyzer
1.4.c (ii) Using IOS embedded packet capture
40% 2.0 Layer 3 Technologies
2.1 Addressing technologies
2.1.a Identify, implement and troubleshoot IPv4 addressing and sub-netting
2.1.a (i) Address types, VLSM
2.1.a (ii) ARP
2.1.b Identify, implement and troubleshoot IPv6 addressing and sub-netting
2.1.b (i) Unicast, multicast
2.1.b (ii) EUI-64
2.1.b (iii) ND, RS/RA
2.1.b (iv) Autoconfig/SLAAC temporary addresses (RFC4941)
2.1.b (v) Global prefix configuration feature
2.2 Layer 3 Multicast
2.2.a Troubleshoot reverse path forwarding
2.2.a (i) RPF failure
2.2.a(ii) RPF failure with tunnel interface
2013 Cisco Systems, Inc. This document is Cisco Public. Page 3
2.2.b Implement and troubleshoot IPv4 protocol independent multicast
2.2.b (i) PIM dense mode, sparse mode, sparse-dense mode
2.2.b (ii) Static RP, auto-RP, BSR
2.2.b (iii) Bidirectional PIM
2.2.b (iv) Source-specific multicast
2.2.b (v) Group to RP mapping
2.2.b (vi) Multicast boundary
2.2.c Implement and troubleshoot multicast source discovery protocol
2.2.c.(i) Intra-domain MSDP (anycast RP)
2.2.c.(ii) SA filter
2.3 Fundamental routing concepts
2.3.a Implement and troubleshoot static routing
2.3.b Implement and troubleshoot default routing
2.3.c Compare routing protocol types
2.3.c (i) distance vector
2.3.c (ii) link state
2.3.c (iii) path vector
2.3.d Implement, optimize and troubleshoot administrative distance
2.3.e Implement and troubleshoot passive interface
2.3.f Implement and troubleshoot VRF lite
2.3.g Implement, optimize and troubleshoot filtering with any routing protocol
2.3.h Implement, optimize and troubleshoot redistribution between any routing protocol
2.3.i Implement, optimize and troubleshoot manual and auto summarization with any routing protocol
2.3.j Implement, optimize and troubleshoot policy-based routing
2.3.k Identify and troubleshoot sub-optimal routing
2.3.l Implement and troubleshoot bidirectional forwarding detection
2.3.m Implement and troubleshoot loop prevention mechanisms
2.3.m (i) Route tagging, filtering
2.3.m (ii) Split horizon
2.3.m (iii) Route poisoning
2.3.n Implement and troubleshoot routing protocol authentication
2.3.n (i) MD5
2.3.n (ii) key-chain
2.3.n (iii) EIGRP HMAC SHA2-256bit
2.3.n (iv) OSPFv2 SHA1-196bit
2.3.n (v) OSPFv3 IPsec authentication
2.4 RIP v2
2.4.a Implement and troubleshoot RIPv2
2.5 EIGRP (for IPv4 and IPv6)
2.5.a Describe packet types
2.5.a (i) Packet types (hello, query, update, and such)
2.5.a (ii) Route types (internal, external)
2.5.b Implement and troubleshoot neighbor relationship
2013 Cisco Systems, Inc. This document is Cisco Public. Page 4
2.5.b (i) Multicast, unicast EIGRP peering
2.5.c Implement and Troubleshoot Loop free path selection
2.5.c (i) RD, FD, FC, successor, feasible successor
2.5.c (ii) Classic metric
2.5.c (iii) Wide metric
2.5.d Implement and troubleshoot operations
2.5.d (i) General operations
2.5.d (ii) Topology table, update, query, active, passive
2.5.d (iii) Stuck in active
2.5.d (iv) Graceful shutdown
2.5.e Implement and troubleshoot EIGRP stub
2.5.e (i) stub
2.5.e (ii) leak-map
2.5.f Implement and troubleshoot load-balancing
2.5.f (i) equal-cost
2.5.f (ii) unequal-cost
2.5.f (iii) add-path
2.5.g Implement EIGRP (multi-address) named mode
2.5.g (i) Types of families
2.5.g (ii) IPv4 address-family
2.5.g (iii) IPv6 address-family
2.5.h Implement, troubleshoot and optimize EIGRP convergence and scalability
2.5.h (i) Describe fast convergence requirements
2.5.h (ii) Control query boundaries
2.5.h (iii) IP FRR/fast reroute (single hop)
2.5.h (iv) Summary leak-map
2.5.h (v) Summary metric
2.6 OSPF (v2 and v3)
2.6.a Describe packet types
2.6.a (i) LSA types (1, 2, 3, 4, 5, 7, 9)
2.6.a (ii) Route types (N1, N2, E1, E2)
2.6.b Implement and troubleshoot neighbor relationship
2.6.c Implement and troubleshoot OSPFv3 address-family support
2.6.c (i) IPv4 address-family
2.6.c (ii) IPv6 address-family
2.6.d Implement and troubleshoot network types, area types and router types
2.6.d (i) Point-to-point, multipoint, broadcast, non-broadcast
2.6.d (ii) LSA types, area type: backbone, normal, transit, stub, NSSA, totally stub
2.6.d (iii) Internal router, ABR, ASBR
2.6.d (iv) Virtual link
2.6.e Implement and troubleshoot path preference
2.6.f Implement and troubleshoot operations
2.6.f (i) General operations
2.6.f (ii) Graceful shutdown
2.6.f (iii) GTSM (generic TTL security mechanism)
2013 Cisco Systems, Inc. This document is Cisco Public. Page 5
2.6.g Implement, troubleshoot and optimize OSPF convergence and scalability
2.6.g (i) Metrics
2.6.g (ii) LSA throttling, SPF tuning, fast hello
2.6.g (iii) LSA propagation control (area types, ISPF)
2.6.g (iv) IP FR/fast reroute (single hop)
2.6.g (v) LFA/loop-free alternative (multi hop)
2.6.g (vi) OSPFv3 prefix suppression
2.7 BGP
2.7.a Describe, implement and troubleshoot peer relationships
2.7.a (i) Peer-group, template
2.7.a (ii) Active, passive
2.7.a (iii) States, timers
2.7.a (iv) Dynamic neighbors
2.7.b Implement and troubleshoot IBGP and EBGP
2.7.b (i) EBGP, IBGP
2.7.b (ii) 4 bytes AS number
2.7.b (iii) Private AS
2.7.c Explain attributes and best-path selection
2.7.d Implement, optimize and troubleshoot routing policies
2.7.d (i) Attribute manipulation
2.7.d (ii) Conditional advertisement
2.7.d (iii) Outbound route filtering
2.7.d (iv) Communities, extended communities
2.7.d (v) Multi-homing
2.7.e Implement and troubleshoot scalability
2.7.e (i) Route-reflector, cluster
2.7.e (ii) Confederations
2.7.e (iii) Aggregation, AS set
2.7.f Implement and troubleshoot multi-protocol BGP
2.7.f (i) IPv4, IPv6, VPN address-family
2.7.g Implement and troubleshoot AS path manipulations
2.7.g (i) Local AS, allow AS in, remove private AS
2.7.g (ii) Prepend
2.7.g (iii) Regexp
2.7.h Implement and Troubleshoot Other Features
2.7.h (i) Multipath
2.7.h (ii) BGP synchronization
2.7.h (iii) Soft reconfiguration, route refresh
2.8 Troubleshooting layer 3 technologies
2.8.a Use IOS troubleshooting tools
2.8.a (i) debug, conditional debug
2.8.a (ii) ping, traceroute with extended options
2.8.a (iii) Embedded packet capture
2.8.b Apply troubleshooting methodologies
2.8.b (i) Diagnose the root cause of networking issue (analyze symptoms, identify and describe root cause)
2013 Cisco Systems, Inc. This document is Cisco Public. Page 6
2.8.b (ii) Design and implement valid solutions according to constraints
2.8.b (iii) Verify and monitor resolution
2.8.c Interpret packet capture
2.8.c (i) Using wireshark trace analyzer
2.8.c (ii) Using IOS embedded packet capture
20% 3.0 VPN Technologies
3.1 Tunneling
3.1.a Implement and troubleshoot MPLS operations
3.1.a (i) Label stack, LSR, LSP
3.1.a (ii) LDP
3.1.a (iii) MPLS ping, MPLS traceroute
3.1.b Implement and troubleshoot basic MPLS L3VPN
3.1.b (i) L3VPN, CE, PE, P
3.1.b (ii) Extranet (route leaking)
3.1.c Implement and troubleshoot encapsulation
3.1.c (i) GRE
3.1.c (ii) Dynamic GRE
3.1.d Implement and troubleshoot DMVPN (single hub)
3.1.d (i) NHRP
3.1.d (ii) DMVPN with IPsec using preshared key
3.1.d (iii) QoS profile
3.1.d (iv) Pre-classify
3.2 Encryption
3.2.a Implement and troubleshoot IPsec with preshared key
3.2.a (i) IPv4 site to IPv4 site
3.2.a (ii) IPv6 in IPv4 tunnels
3.2.a (iii) Virtual tunneling interface (VTI)
3.3 Troubleshooting VPN technologies
3.3.a Use IOS troubleshooting tools
3.3.a (i) debug, conditional debug
3.3.a (ii) ping, traceroute with extended options
3.3.a (iii) Embedded packet capture
3.3.b Apply troubleshooting methodologies
3.3.b (i) Diagnose the root cause of networking issue (analyze symptoms, identify and describe root cause)
3.3.b (ii) Design and implement valid solutions according to constraints
3.3.b (iii) Verify and monitor resolution
3.3.c Interpret packet capture
3.3.c (i) Using wireshark trace analyzer
3.3.c (ii) Using IOS embedded packet capture
5% 4.0 Infrastructure Security
4.1 Device security
4.1.a Implement and troubleshoot IOS AAA using local database
4.1.b Implement and troubleshoot device access control
2013 Cisco Systems, Inc. This document is Cisco Public. Page 7
4.1.b (i) Lines (VTY, AUX, console)
4.1.b (ii) SNMP
4.1.b (iii) Management plane protection
4.1.b (iv) Password encryption
4.1.c Implement and troubleshoot control plane policing
4.2 Network security
4.2.a Implement and troubleshoot switch security features
4.2.a (i) VACL, PACL
4.2.a (ii) Stormcontrol
4.2.a (iii) DHCP snooping
4.2.a (iv) IP source-guard
4.2.a (v) Dynamic ARP inspection
4.2.a (vi) Port-security
4.2.a (vii) Private VLAN
4.2.b Implement and troubleshoot router security features
4.2.b (i) IPv4 access control lists (standard, extended, time-based)
4.2.b (ii) IPv6 traffic filter
4.2.b (iii) Unicast reverse path forwarding
4.2.c Implement and troubleshoot IPv6 first hop security
4.2.c (i) RA guard
4.2.c (ii) DHCP guard
4.2.c (iii) Binding table
4.2.c (iv) Device tracking
4.2.c (v) ND inspection/snooping
4.2.c (vi) Source guard
4.2.c (vii) PACL
4.3 Troubleshooting infrastructure security
4.3.a Use IOS troubleshooting tools
4.3.a (i) debug, conditional debug
4.3.a (ii) ping, traceroute with extended options
4.3.a (iii) Embedded packet capture
4.3.b Apply troubleshooting methodologies
4.3.b (i) Diagnose the root cause of networking issue (analyze symptoms, identify and describe root cause)
4.3.b (ii) Design and implement valid solutions according to constraints
4.3.b (iii) Verify and monitor resolution
4.3.c Interpret packet capture
4.3.c (i) Using wireshark trace analyzer
4.3.c (ii) Using IOS embedded packet capture
15% 5.0 Infrastructure Services
5.1 System management
5.1.a Implement and troubleshoot device management
5.1.a (i) Console and VTY
5.1.a (ii) telnet, HTTP, HTTPS, SSH, SCP
5.1.a (iii) (T)FTP
2013 Cisco Systems, Inc. This document is Cisco Public. Page 8
5.1.b Implement and troubleshoot SNMP
5.1.b (i) v2c, v3
5.1.c Implement and troubleshoot logging
5.1.c (i) Local logging, syslog, debug, conditional debug
5.1.c (ii) Timestamp
5.2 Quality of service
5.2.a Implement and troubleshoot end to end QoS
5.2.a (i) CoS and DSCP mapping
5.2.b Implement, optimize and troubleshoot QoS using MQC
5.2.b (i) Classification
5.2.b (ii) Network based application recognition (NBAR)
5.2.b (iii) Marking using IP precedence, DSCP, CoS, ECN
5.2.b (iv) Policing, shaping
5.2.b (v) Congestion management (queuing)
5.2.b (vi) HQoS, sub-rate ethernet link
5.2.b (vii) Congestion avoidance (WRED)
5.3 Network services
5.3.a Implement and troubleshoot first-hop redundancy protocols
5.3.a (i) HSRP, GLBP, VRRP
5.3.a (ii) Redundancy using IPv6 RS/RA
5.3.b Implement and troubleshoot network time protocol
5.3.b (i) NTP master, client, version 3, version 4
5.3.b (ii) NTP authentication
5.3.c Implement and troubleshoot IPv4 and IPv6 DHCP
5.3.c (i) DHCP client, IOS DHCP server, DHCP relay
5.3.c (ii) DHCP options
5.3.c (iii) DHCP protocol operations
5.3.c (iv) SLAAC/DHCPv6 interaction
5.3.c (v) Stateful, stateless DHCPv6
5.3.c (vi) DHCPv6 prefix delegation
5.3.d Implement and troubleshoot IPv4 network address translation
5.3.d (i) Static NAT, dynamic NAT, policy-based NAT, PAT
5.3.d (ii) NAT ALG
5.4 Network optimization
5.4.a Implement and troubleshoot IP SLA
5.4.a (i) ICMP, UDP, jitter, VoIP
5.4.b Implement and troubleshoot tracking object
5.4.b (i) Tracking object, tracking list
5.4.b (ii) Tracking different entities (e.g. interfaces, routes, IPSLA, and such)
5.4.c Implement and troubleshoot netflow
5.4.c (i) Netflow v5, v9
5.4.c (ii) Local retrieval
5.4.c (iii) Export (configuration only)
5.4.d Implement and troubleshoot embedded event manager
5.4.d (i) EEM policy using applet
2013 Cisco Systems, Inc. This document is Cisco Public. Page 9
5.5 Troubleshooting infrastructure services
5.5.a Use IOS troubleshooting tools
5.5.a (i) debug, conditional debug
5.5.a (ii) ping, traceroute with extended options
5.5.a (iii) Embedded packet capture
5.5.b Apply troubleshooting methodologies
5.5.b (i) Diagnose the root cause of networking issue (analyze symptoms, identify and describe root cause)
5.5.b (ii) Design and implement valid solutions according to constraints
5.5.b (iii) Verify and monitor resolution
5.5.c Interpret packet capture
5.5.c (i) Using wireshark trace analyzer
5.5.c (ii) Using IOS embedded packet capture

Thanks….

 

Accessing Raspberry Pi from your laptop

This is a small post on how to access the Pi with your laptop, in case you don’t have an external monitor and keyboard. One of my friend got this new Raspberry Pi 2 Model B and we tested it.

 

This model comes with 4 USB ports, 1 ethernet port, 1 HDMI port, audio port, SD card slot, GPIO Header. This models comes with the mini USB wifi adapter, micro SD card with pre-installed OS (NOOBS).

pi@raspberrypi ~ $ uname -a
Linux raspberrypi 3.18.11-v7+ #781 SMP PREEMPT Tue Apr 21 18:07:59 BST 2015 armv7l GNU/Linux

pi@raspberrypi ~ $ cat /proc/version
Linux version 3.18.11-v7+ (dc4@dc4-XPS13-9333) (gcc version 4.8.3 20140303 (prerelease) (crosstool-NG linaro-1.13.1+bzr2650 – Linaro GCC 2014.03) ) #781 SMP PREEMPT Tue Apr 21 18:07:59 BST 2015

pi@raspberrypi ~ $ uname -r
3.18.11-v7+

Either you would need an monitor supporting HDMI with a keyboard to see it boot and configure it accordingly. For us we did had any external monitor so we got it working by connecting it to our laptop and configuring dhcp server on my laptop.

We used tftpd32: http://tftpd32.jounin.net , which also can be configured for dhcp and connected our Pi to my laptop.

 

The Pi got an ip and we were good to go.

 

Finally you can use putty to ssh to your Pi.
If you have a wireless network available you can also configure the Pi to connect to the wireless ssid. First of all make sure that the wireless adapter is getting detected.
pi@raspberrypi ~ $ lsusb
Bus 001 Device 002: ID 0424:9514 Standard Microsystems Corp.
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 003: ID 0424:ec00 Standard Microsystems Corp.
Bus 001 Device 007: ID 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter

 

Do iwconfig to check if the wireless interface shows here. You can also do, sudo ifdown wlan0/sudo ifup wlan0 to bounce the interface.

 

Use the command : sudo iwlist wlan0 scan  to scan the wifi network available, to make sure the network you are about to configure is seen in this list.

 

Now open the wpa-supplicant.conf file using nano or vi and edit it to add you desirable network to the list. Goto the bottom of the file and add:

 

network={
    ssid=”My-SSID”
    psk=”My-Password”
}

 

Save and exit and the Pi should connect to your wifi if configured correctly.

 

For me the Pi was getting an ip however was not able to go out to the internet for which I had to configure the default gateway as the gateway was not configured for my device:

 

pi@raspberrypi / $ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     *               255.255.255.0   U     0      0        0 wlan0

 

sudo route add default gw 192.168.1.1 wlan0

 

pi@raspberrypi / $ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.1.1     0.0.0.0         UG    0      0        0 wlan0
192.168.1.0     *               255.255.255.0   U     0      0        0 wlan0

 

Once the Pi has an ip address you can access the Pi GUI using couple of methods:

 

1. Using X11 Forwarding /Xming:

 

You can also use X11 forwarding and Xming to access the Graphic Interface of the Pi.
Open putty, specify the ip address of the Pi, use ssh/port 22. Goto X11 on putty window and enable X11 Forwarding and connect to your Pi.

 

 

On the Pi terminal type startlxde or lxsession and you should see the Pi desktop on Xming.

 

2.Using Xrdp :

 

You can install xrdp on Pi and rdp to it using the windows laptop.

 

pi@raspberrypi ~ $ sudo apt-get install xrdp
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following NEW packages will be installed:
  xrdp
0 upgraded, 1 newly installed, 0 to remove and 1 not upgraded.
Need to get 252 kB of archives.
After this operation, 1,499 kB of additional disk space will be used.
Get:1 http://mirrordirector.raspbian.org/raspbian/ wheezy/main xrdp armhf 0.5.0-2 [252 kB]
Fetched 252 kB in 1s (135 kB/s)
Selecting previously unselected package xrdp.
(Reading database … 79469 files and directories currently installed.)
Unpacking xrdp (from …/xrdp_0.5.0-2_armhf.deb) …
Processing triggers for man-db …
Setting up xrdp (0.5.0-2) …
[….] Generating xrdp RSA keys……
Generating 512 bit rsa key…
ssl_gen_key_xrdp1 ok
saving to /etc/xrdp/rsakeys.ini
done (done).
[ ok ] Starting Remote Desktop Protocol server : xrdp sesman.

 

Open remote desktop (mstsc.exe) and connect to you Pi ip. You will be presented with the login screen, feed the Pi credentials and there you go.

 

 

Hope this would be helpful.

Some Fun

It was this lonely weekend.. I was reading some Linux blogs to add to my Linux skills when was stuck with a though to try out some hack as I saw in some movie/real life (You will know as you start reading ;)) 

So the company I work for holds a directory listing of employees (U got it where I am heading towards). You can access each employees detail along with their pic doing a search with their id (Active Directory Account).

 

The first challenge I faced was how to get the id of the people. I found that their id is also their email address so if the id is : abcd   then their email address is  abcd@XYZ.com.

 

So I could easily get the id of the people if I can somehow download all the email addresses in the organisation. But how to do that..
Doing some search I found that i can install Microsoft xchange management tool on my laptop/windows 7 and get connected to my exchange server. I can then use the exchange shell and cmdlets to connect to my exchange server and download all the email accounts.

 

How to install the Exchange management tool:
==================================

 

 

How to use the exchange shell to get the email accounts:
===========================================

 

 

Once I was able to get the email accounts. I just had to do some data formatting. Couple of Linux tools helped me with this.
virtual-machine:~$ grep -E -o “b[a-zA-Z0-9.-]+@[a-zA-Z0-9.-]+.[a-zA-Z0-9.-]+b” addr.txt > hello.txt
 
 
addr.txt is the file I got from the exchange tool with all the email addresses. With the above script I got a hello.txt file which only contained the email addresses.
virtual-machine:~$ more hello.txt | awk -F”@” ‘{print $1}’ > hella.txt
I further modified it to only contain the username (Active Directory id). I also did a filter to remove duplicate entries.
virtual-machine:~$ sort -u hella.txt > final.txt
I have the final file now which contains the user accounts/ids.

 

I now basically wanted to see if I can download the images/pic for the associated ids. Working with the company portal directory listing I found a common place from where the images are being pulled.
It was something like:
http://www.xyzcompany.com/dir/abcd/zoom/userid
 
 
So my next task was to find a tool which could take the ids as feed and use the above url to download the pics associated with the ids.
Here wget was very useful for me which served the purpose.
wget -i final.txt
 

 

This was some fun…