IPexpert Volume 3 Mock Lab 9 Review

This lab was actually pretty fun, though I made a lot of mistakes. I was short on time so I did not have any time to verify. I had a previous conflict in schedule so I had to take an hour+ off in the middle of the lab. There was a little bit of everything here from IPv6 redistribution, routing loops (if your not careful), mls qos, hierarchical MQC, and some interesting multicast stuff.

Here's a summary of what I missed:

IGP

Forgot to add "no-summary" to an NSSA ABR. The task said "no intra-area" routes, and I guess I saw "no inter-area" instead.

I needed to traffic engineer OSPF to influence path selection in two directions, and I only did one way. I was going to come back after all the redistribution tasks, and I did not have time.

R1 was to only accept RIP routes from BB1. Without using authentication, the way to do this would be to make RIP AD 255, then use another neighbor-specific distance command for BB1. I missed this.

BGP

I had to prevent BB1/BB2 routes from being exchange to each other. Usually you would use an as-path filter, but the task did not allow this. I used community no-export, which I knew was over-filtering but for some reason I still used it. I should have just used community values like a tag, and then drop them on the way to each BBR.

I also had to find out what timers BB1 was using without looking at the config. I thought if I debugged keepalives I could tell. This does not work if your router has lower configured timer values. The peers use the lower value. The answer was to make your timers really high and then see what is negotiated. This is something I have read before but for some reason it didn't stick. I shall never forget again.

Multicast

I missed all 3 multicast tasks which was surprising because I am usually strong in this area. We need to make R6 an RP for the GLOP address ending with a 1. I used 233.0.0.1 but the middle octets are supposed to be the AS number (5051). Also, my multicast rate limiting statement wasn't specific enough because I didn't use a source list. And then I forget "filter-autorp" at the end of my multicast boundary statement. There was a lot more than this to configure but these items cost me the points.

Services

On DHCP, I forgot to disable dhcp conflict logging which I need to start remembering to do. I never disable it and I never have any problems, but the PG always has it disabled.

Security

Finally I missed a VTY security task to limit "telnet" access to only certain hosts. I made the ACL but forgot the transport input telnet.

One more volume 3 lab to go, which I start in a few hours. Next weekend I plan on doing Lab 1 again. This is the one I bombed on back in July when I was a wee little CCIE wannabe. It's been long enough for me to forget the details of that lab, so I want to see how much I have improved.