Listed here is some important information when taking the CCIE Lab Exam.

Before you start the LAB you have to read this book! It’s a pure necessity for the version 4 exam!
CCIE Routing and Switching Exam Certification Guide (4th Edition)

  1. When answering questions on the lab exam, make sure to read the whole question. Some common mistakes are to leave out important details like timers that are part of the solution.
  2. Check to see if you are allowed to use additional IP addressing to solve specific tasks. For ex. you may need to create Tunnel Interfaces to fix OSPF discontinuous area problems.
  3. If you are required to change the ospf timers on a frame-relay point-to-multipoint network link, make sure you change it on all links of the frame-relay network because OSPF requires hello & dead-interval timers to match.
  4. When configuring EIGRP on a frame-relay network, check to see if you need to disable split-horizon so it forwards updates out same interface.
  5. When working with multiple OSPF areas, check to see if Virtual-links are needed if route to area 0 fails.
  6. In OSPF, if you need to configure a stub area and have already redistributed a route as an external route or will in future, use NSSA as the stub.
  7. You can use the “bandwidth” command and “ip ospf cost” to modify the metric of OSPF routes.
  8. When enabling authentication in AREA 0, don’t forget to enable authentication on virtual-links as they are part of AREA 0.
  9. In OSPF, if needed, GRE tunnels can be used as a fix around for virtual links. For example, you cannot run a virtual link over a stub area.
  10. If you need to setup private-vlans, make sure all switches participating in private-vlans are set to vtp mode transparent.
  11. If you need to redistribute specific connected networks into an IGP, use the “match interface x/x” command rather than matching through prefix-list or access-list in a route-map. Its much faster.
  12. Its good practice to set the router-id for OSPF, EIGRP and BGP when configuring the protocol.
  13. When redistributing between IGPs, make sure you check if you are also redistributing connected interfaces and add interfaces into the connected redistribute process, for example if you are using a route-map to match “connected routes” that you want to redistribute. Because of the implicit deny on the route-map, even though the connected routes may be part of another IGP, they will not get redistributed properly because the route-map will deny those interfaces.
  14. When configuring BGP, on more than 2 iBGP Peers, check to see if you need to create route-reflectors.
  15. When asked to configure Multicasting, check ahead to see if you are requested to use Auto-rp, static rp or no rp. This way you will know to configure sparse-dense mode, sparse-mode or dense mode on the interfaces.
  16. Formula’s to use for Frame-Relay traffic shaping:
  17. Bc (burst conforming) = CIR * (Tc/1000) ***Cir in bits per second, not Kbps***
  18. Be (Burst exceeding) = (Max Transmission rate of Interface - CIR) * (Tc/1000) ***Use bits for all, not Kbps***
  19. When configuring NBAR, make sure that “IP CEF” is enabled.
  20. When configuring MQC QoS, double check to see if you are using correct format when asked to work with bits or bytes.
  21. When asked to create access-lists, make sure to check if there are any existing ACLs with same name you want to use and check if you need to “add to” an existing ACL instead of creating new.
  22. Unlike OSPF, when using the neighbor command with EIGRP, configure it on both ends of the peering.
  23. You can use an offset-list to filter routes from RIP by setting the metric to 16.
  24. Some redistribution strategies:
  25. Try using Distance command to change Administrative Distance for the protocol in question.
  26. With OSPF, try tagging routes and preventing them from re-entering the other IGP.
  27. Tagging is not supported on RIP v1. You can tag routes from RIPv2, EIGRP and OSPF.
  28. Try redistributing connected routes to fix IGP redistribtion problems.
  29. When aggregating a summary route into BGP, make sure you are either advertising a route part of the aggregate via network command or redistribution, otherwise aggregate will never be advertised to peer.
  30. Always check BGP advertisements using “show ip bgp neighbors x.x.x.x advertised-routes”
  31. When enabling PPP authentication, make sure your passwords are not setup with the “secret” command, PPP does not support md5 hash.
  32. When asked to configure different PPP authentication between interfaces/routers, check to see which authentication type is requested and enable that type of authentication on the router. Ex. R5 requests chap and R4 requests pap. Configure pap on R4 and chap on R5. Set username/password in conf t mode. Don’t use hostname/pass for chap unless necessary.
  33. For QoS, make sure you set the bandwidth for the interface when configuring queuing.
  34. When configuring Frame-relay traffic shaping, Be is not used by default. If a question asks to not set the burst excess, you don’t have to manually specify “frame-relay be 0″.
  35. When asked to configure SNMP, check to see if there will be a specific device polling the SNMP device and create an ACL for it followed after the community command.
  36. Configuring PPP encapsulation: PAP is clear text password. CHAP is hashed.
  37. When using “passive-interface default”, don’t enable “no passive-interface xx” on an interface that you are advertising into RIP. Use “no passive-interface xx” on interfaces used for peering neighbors.
  38. With BGP conditional advertising using advertise-map, if using non-exist-map or exist-map, make sure the network you are checking against is advertised by the router using “network” or “redistribute” command. Verify using “show ip bgp neighbors x.x.x.x advertised-routes”.
  39. If a host wants to listen for a multicast feed but does not support IGMP, you can enable “ip igmp static-group x.x.x.x”. Traffic will be fast switched to this group on the interface.
  40. In Frame-relay traffic-shaping, when asked to configure adaptive-shaping where FECNs are reflected as BECNs, configure “frame-relay fecn-adapt” in the map-class.
  41. When configuring RSVP Signaling on subinterfaces, make sure you also configure on the physical interface, if more than 1 subinterface is used, calculate the sum of the rsvp bandwidth for the physical interface.
  42. With RSVP, if you are using frame-relay traffic shaping, make sure to enable “fair-queue” in the frame-relay map-class when using RSVP on the interface.
  43. In OSPF, if you need to secure ospf connectivity between neighbors on point-to-point network, use the “neighbor” command. Neighbor command requires non-broadcast or point-to-multipoint network. To get around this, configure interface to “non-broadcast” and change the hello-interval to 10 to mirror the hello-interval on point-to-point networks.
  44. If you are going to run IPv6 on the switches, make sure to change the image to IPv6 capable by using “sdm prefer dual-ipv4-and-ipv6 routing”. This will enable IPv6 on the Layer 3 3560/3750 switches.
  45. When configuring IPv6 routing protocols over Frame-Relay, don’t forget to configure the map commands and link-local addresses.
  46. When working with BGP, check to see if you need to redistribute BGP into IGP to fix blackhole issues since synchronization is disabled by default in new IOS.
  47. Use “ip pim autorp listener” when tasked to use “sparse-mode” with Auto-RP on every device. Auto-RP should be used with “sparse-dense mode” for the dense mode flooding of the Auto-RP but not in this case.
  48. Using “sparse-mode”, enable “ip pim nbma-mode” on frame-relay networks so that multicasts can be forwarded back out same interface.
  49. Random-detect can be enabled both on the actual interface or in a policy-map. Make sure you enable random-detect before you attempt to change the threshold-values. Use “random-detect”
  50. If you want to limit that amount of CPU processing that your router undergoes, create a service-policy under the “control-plane”.
  51. When configuring BGP for IPv6, don’t forget to “activate” the neighbor under the “address-family”
  52. For syslog, use “logging origin-id hostname” to send the hostname of the router with messages.
  53. When tasked to have a mapping agent map specific multicast ranges to specific RP’s via Auto-rp, create an ACL on the RP’s with permit statements “only” in a group-list for send-rp-announce to announce which range/s the RP will be responsible for, create an ACL on the mapping agent used in the “rp-announce-filter group-list”, you can use deny statements if necessary on the mapping agent to filter.
  54. If you want to filter out specific multicast groups from a router, you can use the “ip multicast boundary” followed by an ACL.
  55. In order to prevent the change from RPT to SPT in sparse mode network for a specific group, create an ACL that matches this group and issue “ip pim spt-threshold infinity group-list ACL” on every router that this may concern.
  56. When enabling RTP header compression over frame-relay links, make sure you use “frame-relay ip rtp header-compression”.
  57. When configuring IPv6 on NBMA interfaces such as Frame-relay, don’t forget to enable the link-local addresses and map them accordingly. IPv6 routing protocols need these enable to properly route packets.
  58. In an ipv6 prefix-list, “::/0 le 128″ matches all routes. You can use a permit statement like this which follows other specific deny statements.
  59. Unlike in IPv6 OSPF, if you choose to use the “neighbor” statement to exchange in unicast, you need to enable the neighbor statement on both routers of the adjacency.
  60. In IPv6 when redistributing between protocols, the locally connected interface which has been advertised into the IPv6 protocol on the router from which you are redistributing on will not be included by default, you need to add the “include-connected” keyword to the redistribute statement.
  61. For IPv6 Automatic 6to4 tunnels, preferably derive the IPv6 address from an IPv4 loopback by converting it to IPv6 with a 2002::/16 prefix to make it a /64 interface. There is no destination address in the ipv6ip 6to4 tunnel due to the nature of this type of configuration. Static routing is only permitted so create a 2002::/16 tunnel static route on each router.
  62. When configuring ISATAP tunnels, use eui-64 and this will convert the IPv4 address of the tunnel source xxx into ipv6. Use static routes pointing to each ipv6 network via these ipv6 tunnel interfaces.
  63. When troubleshooting PIM Dense-mode, similar to other modes, make sure the source is reached by the same path that it came in on for the multicast. This validates the RPF check. Redistribution can mess up these rpf checks.
  64. When configuring the spt-threshold, configure it on the leaf routers connecting to the receivers. Once the receiver leaf router receives traffic from the RP with an (S,G) it will want to send a Pim join toward the source and try to change over to the Shortest Path Tree(SPT), you would configure the spt-threshold here to either prevent it (infinity) or set it after a certain limit (kbps).
  65. Use interface command “ip pim dr-priority x” to change the DR elected router on a segment where “x” is a high number, or rely on the highest IP address.
  66. When configuring ALL vlans on a particular switch to be the root switch, make sure you add the extended vlans as well, “spanning-tree root 2-4094 root primary”
  67. When configuring dot1q tunnels, don’t forget to set the system mtu to 1504.
  68. If you need to make sure a portfast enabled port goes into normal forwarding mode if it hears a bpdu, then use “spanning-tree portfast bpdufilter default”
  69. Make sure you check the OSPF virtual-links because they can affect the OSPF cost of interfaces.
  70. When redistributing on a router between 2 protocols, you may have to redistribute connected interfaces for full reachability.
  71. Default values if not specified for BGP dampening are “15 750 2000 60″. Set these in a route-map.
  72. When configuring SNMP traps, configure “snmp-server enable traps” only if a specific trap is not mentioned. This command will enable all traps sent to the management station.
  73. When configuring RMON, use delta when you want to “additive” counts like bytes on interface and absolute when you want things like CPU%. Don’t forget to add the “log” command after the rmon event so it gets logged to syslog server.
  74. While configuring udp-small-servers, Useful Ports: discard=9 Chargen=19 Echo=7 Daytime=13
  75. In dense-mode you can easily configure multicast stub routing by putting in a “ip pim neighbor-filter x” where x is the acl preventing access to the receiver router. Then on the receiver router enable “ip igmp-helper x.x.x.x” where x.x.x.x is the router pim join boundary between the receiver. IGMP joins will be relayed and because of dense-mode (S,G) will be properly routed and clients on stub router will receive the feed.
  76. In QoS, the “match not protocol xxx” can be used in a class map to match everything except for “xxx” and therefore frees up the class-default for specific traffic manipulation using the class “class-default”.
  77. Using Lock and Key dynamic access-lists, make sure you apply acl before the router in the “inbound” direction so the ACL can be hit first before traffic enters router to make Telnet session.
  78. By default, the switch overwrites cos frames to 0. You enable “mls qos trust cos” to allow the switch to accept these frames received by an IP phone and trust them. The IP Phone also re-tags all frames from the attached PC with a value of 0. If you want to allow the cos value of x for the attached PC, then enable “switchport priority extended cos x”.
  79. When filtering in RIP, if you want to only allow rip advertisements from a specific host, create a prefix-list matching this host and use the “distribute-list gateway prefix-list in”.
  80. If you need to summarize area 0 routes and create a virtual link, check to see if using a tunnel interface is a better option because area 0 summarization may leak into undesiredĀ  areas.
  81. You can setup an “unsuppress-map” to inject specific prefixes to neighbors in a given AS if you are currently aggregating “summary-only” routes and set the community “no-export” so that they don’t advertise these specific prefixes out of their AS. This is a simple way to perform BGP Traffic engineering.
  82. LAM “Local Area Mobility” can be used as a quick fix to moving a network host to another vlan without changing the IP. Then redistribute this Mobile IP into your routing protocol for reachability.
  83. When performing frame-relay traffic shaping, if tasked to apply a policy for a specific VC, then apply it using the “frame-relay interface-dlci xxx” and enter it in the sub config. This way it will only affect that particular DLCI and no other.
  84. When needing to fragment frame-relay traffic, use the “frame-relay fragment” command under the physical interface for all VCs or use map-class to define for specific DLCIs.
  85. “Frame-relay fragment 900″ will fragment all packets 900 bytes or greater.
  86. When needed to match url strings in a class-map, us the format “match protocol http url “*filename.txt*”
  87. When creating a multilink over frame-relay, first create the multilink interface with the IP address and enable it for the group. Then create a virtual-template, any authentication if required, and attach the multilink group to the virtual-template. Lastly, apply the virtual-template to the “frame-relay interface-dlci xxx ppp”.
  88. If you need to load balance traffic over EIGRP links and there is no feasible successor, use delay to modify the costs so that advertised distance is less than feasible distance of successor.
  89. Other than next-hop-self, another way to alter the next hop is in a route-map “set ip next-hop peer-address”.
  90. Process for converting Broadcast to Multicast at source, using Multicast Network as Transit, then converting back to Broadcast from Multicast at destination is: Create ACL at source Router to match any udp traffic equaling the port used in broadcast. Choose a Multicast IP address to use. Use “ip multicast helper-map broadcast [chosen multicast address] [created acl]” to convert from Broadcast->Multicast and enable process switching using “ip forward-protocol udp [port from acl]. Then on Destination (receiver) enable “ip directed-broadcast” on the interface and enable process switching using “ip forward-protocol [port from acl]. Now create an acl matching any udp equaling the port used in the broadcast. Use “ip multicast helper-map [multicast address used] [broadcast address of interface] [created acl] to convert from Multicast->Broadcast.
  91. When tasked to increase security for router interfaces, find out if return traffic needs to be blocked.
  92. Another way to filter traffic on an interface is using a class-map/policy-map and dropping the traffic.
  93. Use the “match not” command in a class-map to add exclusions to a class.
  94. You can create a 2 or more link Etherchannel through a dot1q tunnel by assigning a separate vlan to the link on the non-etherchannel participating switch. For example SwitchA->SwitchB->SwitchC with Switch B running the dot1q tunnel and Switch A & B being part of etherchannel.
  95. Disable OSPF authentication on an interface using “ip ospf authentication null”.
  96. For EIGRP/RIP authentication keys, use military time.
  97. You can send both RIP version 1 & 2 updates configured on the interface level. “ip rip send version 1 2″.
  98. Change the RIP metric on redistribution to 15 or use off-set list set to 15 to prevent routes from being re-advertised by RIP speaking devices.
  99. With NTP, the client performs authentication.
  100. Point-to-Multipoint NBMA netwrks causes problems for dense mode multicasting so use a tunnel interface over the frame-relay network as a fix for dense-mode. For Sparse-mode use “ip nbma-mode” if needed.
  101. If you created a QoS policy using class-default to affect all traffic, you can create an additional policy-map for furthur QoS policies and nest it under the class-default.
  102. UDLD aggressive mode disables the port if there is a bidirectional problem.
  103. Point-to-multipoint OSPF interfaces have higher timers than point-to-point OSPF interfaces.
  104. IP Precedence Values: Routine-0 Priority-1 Immediate-2 Flash-3 Flash Override-4 Critical-5 Internetwork Control-6 Network Control-7
  105. DHCP Options: Option 12 - Hostname / Option 55 - Lease
  106. Use “ip multicast boundary” to prevent all/specific multicasts from entering and “ip igmp access-group” to prevent hosts from joining a multicast group.
  107. VOIP range: udp 16384 - 32767
  108. When configuring LOCK and KEY (dynamic) ACLs, don’t forget to issue the “autocommand access-enable host” on the vty line or after the “username”. This will enable all dynamic entries to be inserted into the access-list.
  109. “Rotary xx” command allows a router to listen to higher ranges for telnet 30xx,50xx,70xx,100xx. You need an ACL permitting this port and telnet.
  110. When enabling QoS for a voice port, make sure you enable “mls qos” globally.
  111. You don’t need to perform rp multicast group filtering using bsr such as you do using auto-rp. You create the rp-candidate followed by the ACL. This ACL states what groups this rp will be responsible for. Bsr-candidate will take the ACL from rp-candidate and use these specified groups.
  112. When tasked to perform traffic shaping on frame-relay where there is a port speed of x, if asked to only allow burst of up to y, Be = cir-y (not x) / interval. This can be tricky.
  113. Two-rate policer (CIR/PIR) is used when you want to perform custom traffic marking/classification. If you want to set DSCP for conforming traffic (500Kb) to AF31, exceeding traffic to DSCP 0 and drop traffic over 1Mbps. # police cir 500000 pir 1000000 conform-action set-dscp-transmit af31 exceed-action set-dscp-transmit default violate-action drop. This is a perfect example of using a Two-rate policer.
  114. In CBAC, the “audit-trail on” command following the “ip inspect name FW tcp” command turns audit-trail for only this instance of tcp. If you want to enable for all inspections, use “ip inspect audit-trail” by itself.
  115. In CBAC, if you need to originate certain traffic like H323 from the router itself, use “router-traffic” command following the inspect command.
  116. Use a dscp-mutation map to convert inbound DSCP value to specific DSCP value in mutation map. “mls qos” must be enabled globally or you can use “mls qos cos 3″ followed by “mls qos cos override” to change the dscp value to cos value of 3.
  117. “no mls qos rewrite ip dscp” prevents the default QoS overwrite the switch performs if “mls qos” is enabled and no interfaces are trusted.
  118. On VLAN based Qos, you cannot enable a policer on the first level, it has to match the input interface and be nested as a second level. You can only mark traffic on the first level and only police on second level.
  119. When calculating queue rates, shaped rates apply to the port physical speed not the bandwidth limit command “srr-queue bandwidth limit x”.
  120. When a output queue is configured with a non-zero shape value, then scheduler uses shaped mode for this queue. If the queue has a zero, then the scheduler uses shared mode.
  121. On 3560s, output queue 1 is the priority queue when “priority-queue out” is configured on the interface.
  122. Using OER, if the only external interface on the border router is down then the border router is “INACTIVE”.
  123. If you want to prevent a specific mac address from connecting on your network for a specific port, use a “mac address” static entry and have it be dropped instead of using a mac access-list since hosts will communicate on layer 3 anyway.
  124. If you run etherchannel in between a dot1q tunnel, each pair of links must be in a dot1q vlan.
  125. Removing vlan1 from a trunk does not prevent cdp, pagp, lacp, dtp, vtp management traffic.
  126. Troubleshooting BGP: If one side is showing Minimum incoming TTL 254 and Outgoing 255, you need to set neighbor x.x.x.x ttl-security hops 1
  127. Troubleshooting EIGRP: Check the router ID to make sure it is unique in network. If two routers share the same router-id, they will not install routes from eachother.
  128. Troubleshooting BGP: After debug of BGP updates received from peer, check for denial due to reflection from the same cluster, error has to do with duplicate cluster-id.
  129. When a packet hits the inside NAT interface, it is first routed and then translated. If a packet enters the outside NAT interface, it is first untranslated and then routed.
  130. VTP domain names must match when use DTP to negotiate trunks, otherwise hard code for “switchport mode trunk”
  131. If you need to bridge over frame-relay, create the bvi, add the bridge-group to serial interface and create a “frame-relay map bridge”.
  132. If you can’t use the broadcast command for Frame-relay and you run OSPF over a hub/spoke, use ospf point-to-multipoint nonbroadcast. Use the neighbor command on HUB. If you need to account for different metric on each pvc from Hub, set the bandwidth command and “show ip route”, record the metric and set it using “neighbor x.x.x.x cost [metric]. Do the same for other pvc.
  133. Use “area x filter-list prefix [prefixes]” if you want to prevent prefixes from entering certain areas at area border router.
  134. In a Multicast design over a Frame-relay which prevents broadcasts (no broadcast command in frame map), you will need to create ip unnumbered tunnels over these links to transport multicast.
  135. When have 2 RPs configured for same group, highest RP IP address is elected as RP. Use physical IP vs loopback to influence RP assignment.
  136. Tunnel mode ipv6ip uses protocol 41 if you need to match it in ACL.
  137. When calculating burst speed for QoS traffic shaping, if it does not state it in the task, read ahead and look for clues. Default Tc is 125msec but if traffic needs to be prioritized to the max, consider using minimum Tc of 10msec.
  138. When tasked to enabled only industry standard negotiation and trunking on Cisco switches, don’t forget to disable DTP.
  139. In order to allow legacy applications like NetBeui to run between 2 different vlans, create a vlan-based bridge and add the SVI’s to this bridge-group.
  140. When configuring port-security and tasked to add aging for inactive clients, make sure to add “switchport port-security aging type inactivity
  141. You can enable frame-relay interface-dlci x on a point-to-multipoint interface with inverse arp.
  142. When tasked to configure backup interface in the event frame-relay circuit goes down, consider using end-to-end keepalives to check other side of connection.
  143. Configuring OSPF over frame-relay in Hub/spoke, you can leave spokes as default non-broadcast and set HUB as broadcast. Change the hello timers to 30 to mimic non-broadcast. Set priority to 255. This will establish adjacency without using the neighbor command. (If you set HUB as point to multipoint, adjacency will form but routes will not transfer)
  144. When using an offset-list in RIP for filtering routes make sure to specify the interface for filtering!
  145. In BGP, you can change the next hop with “set ip next-hop x.x.x.x” in a route-map for updates coming in from a peer.
  146. If you need to log console debugging messages to syslog, use “logging trap debugging”
  147. Nat extendable option allows more than 1 translation for same inside source IP address.
  148. If needed to match on multiple DSCP values in class-map on 3560 switch, use “class-map match-any DSCP” followed by “match ip dscp [ef] [cs5]“. Put them on 1 line.
  149. When configuring DNS, use “ip domain-name” with dash for the commands.
  150. Traffic class field in IPv6 replaces ToS field in IPv4.
  151. In IPv6, Hosts are responsible for fragmentation.
  152. When configuring a SPAN session, don;t forget to enable “remote span” under the vlan to make this a span only vlan.
  153. With PPP, if you need to have RouterA authenticate first before you authenticate then RouterA needs to “ppp direction callout” while other router needs “ppp direction callin”
  154. Use the atomic-aggregate “aggregate-address x.x.x.x x.x.x.x as-set” when there is possibility of black-holing specific traffic to a Router that has route part of this aggregate. This will prevent the router from accepting this traffic because it will see its own AS in the route thanks to atomic-aggregate.
  155. Use “ip helper-address x.x.x.x redundancy [groupname]” where group name is the HSRP name string so that the active interface forwards DHCP requests.
  156. Use OSPF filtering to influence routing by creating a route-map to match next-hop of neighbor and the route in question.
  157. Without using weight or local-preference, you can set an undesirable origin to manipulate best paths in BGP.
  158. Another method of filtering BGP routes to a Peer is prepending the Peers AS to a route so that when the Peer router receives the route, it will discard it due to seeing its own AS in the path.
  159. Easy way to set ToS on telnet is by using “ip telnet tos x”.
  160. If the client and web-cache are located on the same interface, then use “ip route-cache same-interface”. Packets will make a U turn and go back to same interface.
  161. When latency needs to be guaranteed and no requirements are asked, use tc of 10 msec and fragment the packets, bc/8.
  162. “mls qos cos 1″ will assign cos of 1 to untagged frames. If the frames are tagged and you want them to be cos of 1, then do mls qos cos override.
  163. Use “snmp-server enable traps tty” to send trap when there is a tcp connection with the server.
  164. If you need to advertise specific subnets via RIP, use a prefix-list such as “permit x.x.0.0/16 le 32″. This will advertise any x.x.0.0/16 routes.
  165. When tasked to log to buffer, enable logging by issuing “logging on”.
  166. Securing DHCP arp, enable “update arp” in DHCP config. On the interface enable “arp authorized”
  167. RIP triggered updates are for point to point interfaces only and must be configured on both ends.
  168. If tasked to configure BGP with minimal configuration, use a peer group.
  169. Filtering IGMP on a switch, use igmp filter (igmp profile globally) and igmp access-group on router.
  170. Example: If mentioned that ISP will mark traffic over 48k as DE on FR, use adaptive traffic shaping and set that as mincir.
  171. For DE bit set, use frame-relay de-list with ACL or specifics.
  172. When configuring IP SLA, make sure to configure “ip sla responder” on the receiving host.
  173. When configuring DHCP, the first default-router specified will be used and the second specified router will be used if there if the first one can’t be reached.
  174. Use ip-helper to forward mobile ip broadcasts. make sure to enable “ip forward-protocol udp mobile-ip”
  175. Granting access levels: privilege exec level 6 , privilege configure level 6 , privilege interface level 6. These would allow configuration for exec, configure terminal and interface level commands.
  176. Configure fallback bridging on switch by enabling bridge x protocol vlan-bridge and enabling this bridge x on each participating interface.
  177. To make efficient use of etherchannels, try modifying spanning root bridges.
  178. If needed, you can prepend AS #’s to inbound routes through route-map.
  179. Enabling “dampening” on an interface to maintain stability in routing.
  180. If you are rate-limiting on an interface, make sure you enable pim sparse/dense on this interface.
  181. If you need to log denied uRPF entries, create an acl to deny any any with log-input and apply it to uRPF command.
  182. If you need to change the metric for a totally stubby default route, consider using the “area x default cost x” command.
  183. When tasked with creating fault-tolerance in ospf areas, consider adding additional virtual links.
  184. You can enable SSH logging with the “ip ssh logging events” command.
  185. Use “no ip pim dm-fallback” to prevent dense mode fallback in case RP fails and sparse-dense mode is configured.
  186. Frame-relay autoinstall, setup ip-helper to forward to broadcast ip if tftp is unknown, configure new dlci “frame-relay interface-dlci [dlci] protocol ip [desired ip]
  187. To prevent specific multicast groups from entering shortest path source tree in spare-mode network, use spt-threshold infinity with a group-list ACL.
  188. Disable fast-external-fallover if you want to drop a peering session based on the holdtime.
  189. Instead of the next-hop-self cmmand, you can use “set ip next-hop” in a route map.
  190. IPv6 deny all prefix is “deny ::/0 le 128″
  191. Using BGP inject-map, create a prefix-list matching networks you need unaggregated, create route-map and “set ip address prefix-list [list]“. Use set ip instead of match ip!
  192. Use NLRI when configuring ORF.
  193. Setup NTP Peer when wanting to configure redundant source of time inside network. For example, setup ntp server to public source and peer to inside router.
  194. In order for MPLS OSPF routers to translate type-3 LSAs properly, use the same domain-id under the vrf ospf process on the PE.
  195. Use Auto-install on point-to-point interfaces.
  196. Configuring RSVP on frame-relay interfaces, you need to configure same on both physical and sub-interfaces and/or sum of sub-interfaces on physical. Also enable fair-queuing, on FRTS config if needed.
  197. CHECK ALL OSPF ADJACENCIES WHEN FINISHED WITH A ROUTING SECTION!
  198. Use as-override in MPLS BGP VPN so CE devices do not reject BGP updates, this will sub the AS for ISP router AS and CE peer will accept the route.
  199. Random-detect requires bandwidth statement or enable it in default-class with WFQ. Use match-not command to filter out specific traffic and apply random-detect to class-default targeting everything other than the match not.
  200. You need to telnet into the router with privilege 15 to create a view. Enable view and then parser view [name]. Use aaa authentication and authorization under line.
  201. When aggregating prefixes, if you need to prevent a certain AS’s prefixes from being aggregated, use the advertise-map command and don’t include the specific AS.
  202. RSVP requires fair-queue to be enabled on the interface! If you need only specific pvc to change to WFQ then setup fair-queue under map-class and configure “ip rsvp resource-provider wfq pvc” under the interface.
  203. Filtering Extended Access-listsĀ in IGP are a lot different. Use the source field for advertising HOST and the destination field as Destination Prefix using host command. “permit ip host [advertising host] host [destination network]
  204. Unlike EIGRP, if you need to totally change RIP to only send unicast updates to neighboring router, use the neighbor x.x.x.x command along with the passive-interface command. Without passive, RIP will still send broadcast/multicast out interface in addition to unicast.
  205. If the exceed-action is set to transmit then you need to put in the violate-action so that packets are dropped for the rate-limit policy or marked differently.