I may cut out the daily updates here toward the end. I am basically just beating up INE's full scale labs and doing the ATC reviews as well as my configuration flash cards.
Configuration Flash Cards
Tricky ACL
Telnet
SSH
DHCP Server w/ specific host
LDP Autoconfig
DHCP Relay
Basic QoS Policer
BGP Summarization
IPv6 over IP GRE w/ OSPFv3
L3VPN Single Peering
EIGRP Named Mode w/ Options
DHCPv6 Server
Tricky ACL
NTP
L3VPN MULTI-Peering
OSPF for a DMVPN (Phase 3)
BGP Confederation
MPLS LDP Configuration
IPv6 Prefix-list
OSPF Sham-Link
L3VPN PE-PE BGP
Multicast sender/receiver
Lab cards completed
Traffic Filtering with Policy-Based Routing
Preventing Packet Spoofing with uRPF
Authenticating BGP Peerings
Using NBAR for Content-Based Matching
SNMPv3
NTP Access Control
IOS ACL Selective IP Option Drop
Controlling the ICMP Messages Rate
RIPng Summarization
Configuration Archive and Rollback
Traffic Filtering Using Standard Access-Lists
I started to go through Advanced Foundation 3 and got frustrated. I think I will need to use INE rack rentals for these. I spent wayyy too much time troubleshooting issues with versions and/or virtualization issues that weren't part of the lab...
Completed INE Advanced Foundation Lab 2
I am exhausted so I will grade it tomorrow, but I believe the score would/will be "pass" based on the configs alone. However, it took me almost 9 hours to complete... so... ouch
Configuration Flash Cards
MPLS LDP Auto
DMVPN Phase 3
VRRP
QoS Single Rate Two Color Policer
IPSec for DMVPN with transport VRF
HSRP
IPv6 Prefix-List
SSH
Multicast
uRPF
Lab cards completed
Local Preference
OSPF Filtering with Administrative Distance
Static NAT and IP Aliasing
BGP Generic TTL Security Mechanism
GRE over IPsec with Crypto Profiles
OSPF Stub Areas with Multiple Exit Points
TCP Load Distribution with NAT
Static Policy NAT
Tuesday, 11 June 2019
June 11, 2019
Looks like I missed yesterday but it was about a dozen labs and 100 flash cards...
Completed the first INE Advanced Foundations lab! Got a passing score I would suppose, but it took over 3 hours and the topology only included 14 devices...
Configuration Flash Cards
I will start tracking these since they are taking up a good chunk of my time. Basically I have a deck of "configuration drills" that I do for speed/accuracy.
Lab cards completed
IP Event Dampening
Filtering Traffic with Time-Based Access Lists
DHCP Snooping
IOS Small Services and Finger
TCP Keepalives
IPv6 Link-Local Addressing
Reversible NAT
VLAN Filtering for IP Traffic
Syslog Logging
Static Extendable NAT
Logging to Flash Memory
Static PAT
OSPF Flooding Reduction
IOS DNS Spoofing
Static NAT
Saturday, 8 June 2019
June 8, 2019
Flash Card Knowledge Review
Completed 139 flash card reviews
Added 3 new cards Lab cards completed
IP Source Guard
Tuning Packet Buffers
Packet Logging with Access-Lists
Terminal Line Settings
BGP Peer Groups
Reversible NAT
SNMPv3
SNMP Traps and Informs
AAA Local Command Authorization
AAA Authentication Lists
EIGRPv6 Prefix Filtering
CDP
Static Policy NAT
HSRP and Port Security
NAT Default Interface
NTP
NTP Authentication
DHCP Snooping and the Information Option
Discontiguous OSPF Areas with Virtual-Links
MQC Classification and Marking
CPU and Memory Thresholds
# R3
hostname R3
int l0
ip add 150.1.3.3 255.255.255.255
!
int g1.34
encap dot 34
ip add 155.1.34.3 255.255.255.0
int g1.13
encap dot 13
ip add 155.1.13.3 255.255.255.0
!
router eigrp 100
network 0.0.0.0
!
router bgp 100
bgp router-id 150.1.3.3
bgp log-neighbor-changes
network 150.1.3.3 mask 255.255.255.255
neighbor 150.1.2.2 remote-as 100
neighbor 150.1.2.2 update-source Loopback0
# R4
hostname R4
int l0
ip add 150.1.4.4 255.255.255.255
!
int g1.34
encap dot 34
ip add 155.1.34.4 255.255.255.0
int g1.24
encap dot 24
ip add 155.1.24.4 255.255.255.0
!
router eigrp 100
network 0.0.0.0
!
router bgp 100
bgp router-id 150.1.4.4
network 150.1.4.4 mask 255.255.255.255
neighbor 150.1.1.1 remote-as 100
neighbor 150.1.1.1 update-source Loopback0
# R10
hostname R5
int l0
ip add 150.1.10.10 255.255.255.255
!
int g1.101
encap dot 101
ip add 155.1.101.10 255.255.255.0
int g1.102
encap dot 102
ip add 155.1.102.10 255.255.255.0
!
router bgp 10
bgp router-id 150.1.10.10
bgp log-neighbor-changes
network 150.1.10.10 mask 255.255.255.255
neighbor 155.1.101.1 remote-as 100
neighbor 155.1.102.2 remote-as 100
Solution
1) Explain why it is happening
R1 and R2 are the route reflectors, and both routers are going to choose the directly connected External route as the "best path". They pass this information on to routers 4 and 3, respectively. Now each of these routers sees the best path as being through their own Route reflector, but they must forward to each other to get there. This causes the packets to "bounce back and forth" forever.
2) Fix it (no tunnels/static routes)
On all interfaces facing other routers in AS 100: "mpls ip"
That's it!
3) Explain your fix
After MPLS has been enabled, R3 and R4 will use the labels to label-switch to the next hop instead of looking up the destination in their respective RIBs. This causes a tunnel-like effect, since R3 and R4 will only look at the labels as the packet passes through them.
Lab cards completed
Auto-RP and RP/MA Placement
DHCP Snooping
DMVPN Phase 2 with OSPF
Catalyst Multicast VLAN Registration
Still pushing through services/management Lab cards added
Static Extendable NAT
TCP Optimization
IOS Small Services and Finger
Directed Broadcasts and UDP Forwarding
NBAR Protocol Discovery
IOS DNS Spoofing
IP Event Dampening
Exec Aliases
System Message Logging
Syslog Logging
Logging Counting and Timestamps
Logging to Flash Memory
Configuration Change Notification and Logging
Configuration Archive and Rollback
Logging with Access-Lists
TCP Keepalives
Pushing through services... Lab cards completed
Controlling the ICMP Messages Rate
Port Security
MPLS LDP
BGP Aggregation - Unsuppress Map
VLAN Filtering for IP Traffic
IPv6 SSM
Lab cards added
Telnet Service Options
Tuning Packet Buffers
Terminal Line Settings
SNMPv2 Server
SNMPv2c Access Control
SNMP Traps and Informs
CPU and Memory Thresholds
SNMPv3
SNMP MAC Address Notifications
Just pushing through the Systems management stuff... Lab cards completed
EIGRP Stub Routing
Using Catalyst Ingress Access-Lists
DMVPN with IPsec
OSPF SHA Authentication
IOS ACL Selective IP Option Drop
Lab cards added
SNMP Notifications of Syslog Messages
CDP
HTTP Server and Client
FTP Client
TFTP Server and Client
Remote Shell
NTP
NTP Authentication
NTP Access Control
Pushed forward on security stuff and took a sneak-peek at the FHRP stuff that I hope to cover tomorrow Lab cards completed
VRF Aware DMVPN
Filtering Fragmented Packets
IPv6 Auto-Configuration
Anycast RP
Traffic Filtering with Policy-Based Routing
Traffic Filtering Using Standard Access-Lists
EIGRP Traffic Engineering with Metric
Using NBAR for Content-Based Matching
PE-CE Routing with RIP
AAA Exec Authorization
BGP Conditional Route Injection
Filtering Traffic with Time-Based Access Lists
BGP Generic TTL Security Mechanism
Preventing Packet Spoofing with uRPF
RIPv2 Filtering with Standard Access-Lists
Lab cards added
HSRP and Port Security
DHCP Snooping
DHCP Snooping and the Information Option
Dynamic ARP Inspection
IP Source Guard
Watched/Study - Finished up the security section of the INE videos, and did some additional reading on Networklessons.com and Cisco.com. I still have a few more security labs to do but just about ready to move on to services!
Lab cards completed
Control Plane Policing
VLAN Filtering for Non-IP Traffic
MQC Bandwidth Reservations and CBWFQ
IPsec Virtual Tunnel Interfaces (VTIs)
Controlling Terminal Line Access
Traffic Filtering Using Extended Access-Lists
BGP Bestpath Selection - Router-IDs
OSPF over DMVPN
EIGRPv6 Default Routing
BGP Conditional Advertisement
VLAN Filtering for IP Traffic
AAA Local Command Authorization
IOS Login Enhancements
DMVPN Phase 2 with EIGRP
Auto-RP Listener
IPv6 Tunneling
Controlling the ICMP Messages Rate
Packet Logging with Access-Lists
DMVPN Phase 2 with OSPF
GRE over IPsec with Crypto Maps
AAA Authentication Lists
OSPFv3
