Monday, July 5, 2010

INE Workbook Vol 2 Lab 9, 10, 11

 By default, the EIGRP hello interface is 60 seconds for low speed NBMA interfaces and 5 seconds for all other media. So if you change the hold timer on a NBMA interface to less than 60 seconds, you better change the hello interval as well - to 1/3 the hold timer.

Also, EIGRP hold-time is transmitted in the hello packets and locally configured EIGRP hold-time actually specifies the hold-time for the remote side. So you only need to configure one side.

I believe I would have still gotten the points, BUT Narbik teaches something very important. BE VERY SPECIFIC and don't do more than what is needed. Not only is there not a discrepency in your solution, but the proctor will know that you really know the protocol/feature/etc inside and out.

When doing key accept/send lifetimes and you need to specify the start time as the present or in the past - set it to Jan 1 1993. This way there is no discrepancy since the router will always understand this date regardless of configured time/ntp parameters. I took the long way of setting the start lifetime for now, and then manually setting the clock.

'show ip eigrp interface detail fastEthernet 1/5' will show you the interface details for EIGRP. Not 'show ip eigrp interface fa1/15 det' like you would expect.

You can use the cli command 'renew dhcp FastE0/0' to renew an IP address. Subsequently, you can schedule this using Kron.

MQC uses the mincir value in the frame-relay map-class to determine the available bandwidth on a vc. Since mincir defaults to half the configured CIR, it may be required to adjust the MINCIR values higher if the reserved bandwidth exceeds half of the configured CIR.

When implementing IOS Firewall, it will only inspect after an access-group entry. So if you are permitting all TCP traffic on an access list, and then impement IOS firewall to inspect TCP traffic - it will never be inspected because the router will process the access-list before the inspection rules. Oversight like this can lose you 3 points. Also, be weary of the 'router-traffic option'. If you need to originate traffic from the router itself, you will need to add router-traffic to the inspection rule. IE; initiate H.323 call from R6 to BB1. To allow the return traffic to come in from BB1 to R6, you must add 'router-traffic'.

Here is a pretty interesting way of only allowing IP traffic...

bridge 56 route ip
bridge 56 route ipx
!

interface FastEthernet0/0
 ip address 187.1.56.6 255.255.255.0
 speed 100
 full-duplex
 ipv6 address FE80::6 link-local
 ipv6 address 2001:187:1:56::6/64
 ipv6 ospf 6 area 1 instance 99
 bridge-group 56
 bridge-group 56 input-lsap-list 201
!
access-list 201 permit 0x0800 0x0000

INE leads me to believe that if you use a rate-limit access-list to police traffic for a specified precedence, it will treat all other traffic differently, so you need to 'catch' the remaining traffic with precedence values accordingly.

access-list rate-limit 3 3
access-list rate-limit 1 mask FF

The first line just matches prec 3. The 2nd line matches any precedence value (mask FF). Now just configure CAR accordingly. I would have assumed you could have just done a standard rate-limit command without matching on any traffic. I will need to lab this up to verify.

Overall, these labs were not too difficult again. These were a difficulty level 8 or 9. I don't believe these labs to be hard at all - just very intense and time consuming. You would need to be very fast and efficient to complete these labs in 6 hours. And no I didn't do all these labs in a day - I've just been accumulating notes for multiple labs.

Man...only one more week and I'll be sitting in RTP.....

No comments:

Post a Comment