Tài liệu Routing and Switching CCIE Lab Preparation Guide pptx
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (151.86 KB, 18 trang )
CertificationZone Page 1 of 18
/?Issue=37&IssueDate=05-01-2001&CP= 11/06/01
Date of Issue: 05-01-2001
Routing and Switching CCIE Lab
Preparation Guide
by David Wolsefer
Introduction
CCIE Test Nondisclosure Policy
CCIE Lab Preparation Blueprint
The Cisco Web Site
Exam Description
Further Recommendations
Find a Mentor
Develop Confidence and Self-Control
Time Management
Improving Your Speed
Base Configuration
The Network Diagram
Network Address Planning
Preparing for the Lab Exam
Books to Read
Obtaining a Home Lab
Lab 1 - The Budget Lab
Lab 2 - The Complete Lab
Training Classes
Skills Needed for the CCIE Lab
How to Configure a Router as a Frame Switch
Fully Meshed Frame Switch
Partially Meshed Frame Switch
Configuring a Terminal Server
Configuring A LightStream 1010 ATM Switch
Role of the Proctor
Preparing For Troubleshooting
Obtaining Access to the Routers and Switches
Check Layer 1
Check Layer 2
Check Layer 3
Stress Management
A Final Warning
References
CertificationZone Page 2 of 18
/?Issue=37&IssueDate=05-01-2001&CP= 11/06/01
Figure 1. The Halifax CCIE Lab
Introduction
When I first went to the CCIE lab, there weren't very many books available and little was known about the CCIE lab,
except that the labs had a reputation for being extremely difficult. Any regular reader of the Cisco mailing lists at
groupstudy.com will often see questions posed to the various lists about the best way to prepare for the CCIE lab
such as: "What are the best strategies to use?" "What is the lab like?" "Where should I go to take the lab?" and many
more. This Tutorial answers these questions within the bounds of Cisco's strong nondisclosure agreement. This paper
will discuss in detail how I prepared for the CCIE lab in routing and switching and give some lengthy advice about how
to prepare for the lab exam. With these thoughts in mind, let's get started!
CCIE Test Nondisclosure Policy
Each CCIE candidate must sign a very strict non-disclosure agreement (NDA) before attempting the exam. You can
view the non-disclosure agreement by examining the CCIE sections of Cisco's web site. It is very important that each
candidate adheres to this nondisclosure policy for several reasons. I have heard of very dire consequences for those
who violate the NDA including the revocation of CCIE status, prohibiting the candidate from attempting the exam
anywhere for a very lengthy time (a year or two), or never allowing the candidate to attempt the exam again. There is
a long-term effect of the NDA as well. If the CCIE certification is to maintain its reputation and integrity, then each
candidate must pass the exam using his/her own skills and abilities. The proven ability to perform under pressure is
what separates the CCIE from all other certifications and makes it so valuable. For these reasons, this paper adheres
strictly to this non-disclosure policy. Any direct references to the CCIE examination format and content are based on
Cisco's publicly available material including the Cisco web site , Networkers CCIE Power Sessions, and public
interviews with Jeff Buddemeier (Cisco's CCIE Program Manager). I will not disclose any material that will violate the
NDA that I signed. Cisco has a strict non-disclosure policy about all exams, but especially the CCIE lab exam. I will in
no way compromise the integrity of the exam or my own CCIE status, please don't you do it either.
CCIE Lab Preparation Blueprint
One of the questions I see a lot is whether you should first go for the CCNA or the CCNP before attempting the CCIE.
My answer is that it depends. I personally did not go the CCNP route. My company did not recognize it, so it was not
worth pursuing for me. If your company will give you a raise or if you prefer a methodical progression, then perhaps
CCNP is something you should consider. I know that if you work for a Cisco partner, they will love for you to get a
CCDP, which requires the CCNP, first, but don't feel that you must go this route. Please note that my recommended
lab preparation blueprint assumes that you have already passed the written exam and have subsequently scheduled
your lab exam, since the backlog is approaching something like six months. This works to your advantage because
you are going to need a good six months of preparation time. If you are going to embark on this quest, then you need
to be realistically prepared to put in 300-500 hours of preparation time. Your preparation needs to start by examining
Cisco's official CCIE web site.
The Cisco Web Site
One of the best sources of information about the lab exam is Cisco's web site itself. If you examine the CCIE section,
you will find a wealth of beneficial information. For example, if you examine the latest news, you will find that certain
topics have been removed from the lab exam including LAT, DECnet, Apollo, Banyan VINES, ISO CLNS, XNS, ATM
LANE, X.25, and AppleTalk. You can also find out that any IOS feature through IOS version 12.0 may be included in
the exam. You will also see that there is an equipment list, for which you are responsible:
• 2500 series routers
• 2600 series routers
• 3600 series routers
• 4000 and 4500 series routers
• 3900 series Token Ring switches
• Catalyst 5000 series switches
Why is this important? Have you ever configured a 3900 series Token Ring switch? If you haven't, you better find a
CertificationZone Page 3 of 18
/?Issue=37&IssueDate=05-01-2001&CP= 11/06/01
way to learn. Trying to do something for the first time during the lab is not a good idea. Ideally, you should have seen
every feature at least once prior to the lab. Here are some additional examples: do you know what the differences are
in password recovery procedures for the various routers and switches? Again, the lab is not the place to learn them.
The Cisco web site also includes other important topics such as how to book the exam, where the exams are held,
and how much the exam costs. You should frequently check the appropriate web sites because this is, after all, the
official source of information.
Exam Description
A lot of people wonder just what the exam is like since the strict NDA keeps you from learning much about the exam
until you experience it yourself. This same NDA prevents me from sharing much, but you can get some idea of what
the exam is like from the official web pages and from the 2001 CCIE Power Sessions at Networkers .
Networkers is Cisco's annual user conference held several times a year throughout the world. At networkers, you can
receive detailed technical information about virtually any Cisco product or technology at levels ranging from the most
basic to advanced beyond the CCIE level.
At Networkers, Mike Reid talked about the general makeup of the exam. The lab consists of a two-day practical exam
with the first day being devoted to building a network to meet a set of specifications. After the first day is completed,
the proctor grades the exam and reviews the results with the candidate. The exact time of the review varies
depending upon the location of the exam. The review could be the evening of the first day or the morning of the
second day. Day two begins by having the candidate build upon the first day's network until a break is taken at
lunchtime. The proctor will again grade this work over lunch and review the results with the candidate. Finally, the
candidate will troubleshoot a network in the afternoon. At each major break, the candidate must obtain enough points
to pass on to the next section. If the candidate does not score enough points, then the lab is over at that point. The
lab exam is particularly difficult because the candidate needs to score 80% in order to pass the exam.
The network specification is presented as a series of questions.
These questions can be completed in any order, but some later
parts may depend upon successful completion of earlier parts. The
point values for each question are shown on the exam paper. If you
view the presentations from the Networkers CCIE Power Session,
you will see a sample topology and question. It is worth noting that
there are no partial marks given. Each question is either 100%
correct or 100% wrong to standardize grading around the world.
You should also be aware that some questions can be solved
numerous ways, all of which are equally correct. As long as your
solution meets the requirements of the question, you should get
credit for it. You should also be aware of the lab rules so that you
can incorporate them into your practice and study sessions. For
example, during a recent Networkers CCIE Power Session, one of
the rules presented is that, unless a question explicitly states that you can, you may not use any static routes or
default routes. You need to be emotionally ready for restrictions such as this, which don't reflect the real world but are
what you need to do to pass Cisco's lab. One very distinguished consultant failed the lab because she immediately
began to argue with the proctor that some scenarios were unrealistic, and lost valuable time. The scenarios were
unrealistic. So?
A review of the groupstudy.com archives for the CCIE lab mailing list shows that a lot of people wonder about the
physical makeup of the lab. According to the above Networkers CCIE Lab Power Session, each candidate has his/her
own PC and rack of equipment. Physical connections may be made using RJ-45 and serial patch panels at the front
of the rack. Since you already have a list of the possible equipment in each rack, you must be prepared to work with
each different type of equipment. You will probably find that the exact equipment you will have in your rack during the
exam depends on where you are taking the exam and which rack you have. I would not get too wrapped up in
worrying about the exact rack equipment list. If you have any questions about particular equipment, you can ask the
proctors before or during the exam or you can ask the people at Cisco who schedule the exam.
For example, I called Cisco and asked if they could tell me if I would need to know how to configure the 3920 Token
Ring switch or if they would just have old-fashioned MAUs. At that time, a representative of the CCIE program told me
that, although they would have 3920 Token Ring switches present; they would only be used as MAUs. Please be
aware that this was over a year ago. You must check for yourself at your particular lab. Another example of how you
can get help is to ask the proctor how to use an RJ45 or serial patch panel. If you have ISDN present on your lab
exam, you might want to ask the proctor what the ISDN switch type is or similar questions. Now that you have a basic
understanding of what the lab exam is like within the bounds of the NDA, there are a number of further actions that I
recommend you take to prepare for the exam.
Further Recommendations
Lab Tip: An excellent tip to take with you into
the lab is that although the rules say you may
not use any static routes, if you are having
difficulty solving a particular problem, and later
questions depend on solving that problem, go
ahead and put in the static routes. Sure, you
will lose points for doing it, but you may save
more points by being able to make the rest of
your lab problems work. You can always go
back later and remove the static route to fix
things the correct way if you can figure that
way out.
CertificationZone Page 4 of 18
/?Issue=37&IssueDate=05-01-2001&CP= 11/06/01
I highly recommend that you join the CCIE mailing list at www.groupstudy.com as well as the general Cisco
Professional mailing list at the same site. By joining the mailing lists, you will become part of a community of other
people striving for the same goal, and you will learn from them by reading the day-to-day messages. The lists provide
an important benefit by letting you interact with a group of mentors who have already passed the exam. You may
have difficulty in finding a CCIE mentor for in-person help, but you can find any number of virtual mentors on the
mailing lists. The daily messages are also an excellent indicator of your own readiness for the lab exam. When you
can answer most of the problems other candidates are presenting in their messages without resorting to books,
documentation, etc., then you know you are close to being ready for the lab exam.
One of the greatest challenges you will face in preparing for the lab exam is building your hands-on experience by
developing or finding difficult, quality practice scenarios. You can find some excellent free labs at www.fatkid.com.
While I used these labs, I also paid for and highly recommend purchasing Mark Russell's labs at
www.ccbootcamp.com. I know that, at $650 per set, they are expensive, but they are definitely worth it. I highly
recommend that you make up some of your own scenarios to test every feature of IOS for a given topic. For example,
I would take the documentation CD, look at the IOS routing protocols section, and choose a topic such as OSPF. I
would then practice every possible OSPF command so that I at least know what each command does. This method
works particularly well for the Catalyst 5000 switch. Since the Catalyst 5000 is not nearly as complex as a router, I
studied for the exam by going through the Catalyst 5000 documentation and practicing with every feature until I felt
comfortable with each feature. Do you know how to configure a dynamic VLAN? Do you know how to make sure a
given switch is the root of the spanning tree? These are a few examples of the topics you can learn by reviewing the
documentation.
Find a Mentor
There is no substitute for finding a skilled mentor and/or study partner to help you focus your study efforts. No CCIE
should ever tell you the exact makeup of the exam because that would be a violation of the NDA, but what a CCIE
can do is help you focus your studies. For example, if I were mentoring someone and checked on a practice lab they
were doing, I might say something like, "you did an excellent job getting basic frame connectivity using point-to-point
sub-interfaces, but why don't you try it again using a multipoint sub-interface and again using physical interfaces." A
mentor is also very helpful when you just do not understand a given topic. For example, suppose that you are weak at
BGP. A mentor is going to be able to point you to additional study material as well as challenge you with a
progressive series of problems so that you learn BGP well by the time you take the lab exam.
Develop Confidence and Self-Control
You can know every IOS command, know every CatOS command and understand every possible protocol, yet fail the
exam because you mismanaged either your stress level or your time. This exam is not just about being able to
configure the equipment to specifications. It is about being able to configure the equipment to specifications, without
error, in a highly compressed time frame. My friend Bruce Caslow said it best, "I can pass any test if I have enough
time, and I can make a few phone calls." Unfortunately, the CCIE exam is not "Who Wants To Be A Millionaire." You
don't have any lifelines, and you can't phone a friend. All you have are your own wits, your ability to remain calm and
concentrate, and the official Cisco documentation in both printed form and CD form. So, you need to work on time
management and stress management. We'll take a detailed look at time management first.
Time Management
I used a number of techniques for time management. These techniques were developed both from reading
recommendations on the groupstudy.com CCIE lab mailing list and in Mentor Technologies' ECP1 class. There is
nothing magical about these techniques, they are just good common sense.
Improving Your Speed
One of the great challenges of the CCIE lab is managing your time well. It is critical that you finish soon enough to
have an hour or more at the end of Day One and a half-hour or more after the morning of Day Two to check your
work. There are a number of techniques you can use to speed up your work, but here are the ones that I use:
1. Practice typing until you can type (accurately) fairly fast. The commands should be second nature to you.
2. Learn to use aliases. Practice frequently with the ones you like. I will include a few below.
3. Master the Documentation CD. Know where to find every topic listed in Bruce Caslow's book. You simply do
not have the time to search the CD for the topic during the exam. If you are constantly in the CD during the
exam, then you are not ready for it yet. You should only need to use the CD to check syntax, look up an
obscure command, check your work, or similar brief uses.
CertificationZone Page 5 of 18
/?Issue=37&IssueDate=05-01-2001&CP= 11/06/01
4. Learn not to spend too much time on something you do not know. Get the points for the things that you know
cold first, then come back and finish the things that you do not know later, if you can.
5. When you first start, use a base configuration and paste it into every router. Be sure to check that everything
is there on every router. Don't be fancy and try to name your routers things like parsley, sneezy, etc. Stick to
r1, r2, r3, etc. Here is the base configuration I used for all of my practice scenarios:
Base Configuration
ip tcp syn-wait 5
no ip domain-lookup
ip subnet-zero
ip classless
alias exec c conf t
alias exec br sho ip int brief
alias exec i sho ip ro
alias exec b sho ip bgp
alias exec bs show ip bgp summ
alias exec st show isdn status
line vty 0 4
no exec-timeout
no login
privilege level 15
password cisco
line con 0
no exec-timeout
no login
password cisco
line aux 0
no exec-timeout
no login
password cisco
Watch the spaces when you paste in the configurations. You wouldn't want to have to waste time doing a
password recovery because you had an unknown number of spaces after the password "cisco." I also draw a
nice neat network diagram before I practice any scenario or work on any customer network.
6. Know the IOS shortcut commands. Be able to use keyboard shortcuts such as control+A to move your cursor
to the beginning of the line, control+E, to move your cursor to the end of the line, and control+R to repaint
the present line. You can also use control+shift+6 to cancel a command such as a ping or traceroute.
Although you need to be prepared to use the newer style commands such as copy run start, I prefer to use
the older style commands such as wr for write to save the current running config to NVRAM instead of the
lengthier copy run start command. I also use wr t for write terminal instead of show run. Does this make a
difference? It will certainly improve your speed if you only have to type wr instead of copy run start 500 times
in a day, but there is a caveat. Cisco has been warning for years that they are going to remove the old style
commands from IOS, so make sure you are prepared to use both. If I know that I just saved a config, then I
would use the sh config instead of sh run or wr t because it shows the last saved running config and is faster
to display than using sh run since sh run spends some time computing the current running config. It doesn't
make too much difference with a fast router like a 3640, but it sure does with a slow router like a 2500. Finally,
I use un all to turn off debugging instead of the alternatives of turning off each debug command or typing in
the lengthier undebug all command.
The Network Diagram
When working on any routing and switching scenario, you should draw a neat network diagram with clear labeling for
each router, interface type and number, network and node addresses, routing protocols, area assignments, etc. I
have read on groupstudy.com that some people find it helpful to use colored pencils for each different protocol such
as black for IP, green for IPX, etc. I never did this myself. I am just careful not to draw a diagram that is too small. I
would like to caution you against spending too much time drawing a perfect diagram. Time is precious in the lab.
Don't waste your valuable time using templates to draw perfect circles, etc. Just hand draw neatly with lots of room for
adding detail. Since a network drawing only takes up one side of a piece of paper, I learned some very valuable tips
for both the CCIE lab and work in general from Bruce Caslow. On the reverse side of the drawing, I make a chart
listing each router by hostname, by model, what IOS image it is running, and how much current DRAM and Flash the
router has. I do the same for the switches. This information might be very valuable during troubleshooting whether in
the lab or in real life.
Network Address Planning
CertificationZone Page 6 of 18
/?Issue=37&IssueDate=05-01-2001&CP= 11/06/01
Address planning is a very important topic. I cannot emphasize enough that you need to read your entire test paper
twice, all the way through, before you ever configure any equipment or even plan anything. Suppose you did not do
this and only read one section of the exam and decided to use 10.0.1.0/24 to complete the current section. You would
hate life down the road if you needed to use that same address block somewhere else. I use several techniques
whenever I am planning IP addresses. Unfortunately, I can't remember where I learned them so I can't give proper
credit. Here is my first technique. By the way, I do this whether I am in the lab or working at a client site or on my own
practice scenarios. I take an 8.5 X 11 sheet of paper (or A4 in Europe), and draw a line from one side of the paper to
the other. I then put arrows on each end and label this line for every classful address block, but particularly /16s. I
then use this line to mark where I am using major subnets. Here is an example. Suppose that I am planning to use
the 172.16.0.0/16 address space to subnet for a lab scenario. I will make the first entry as in Figure 2.
Figure 2.
I will then mark off each chunk of address space I use so that I know what is remaining. Suppose I wanted to use
172.16.1.0/24, 172.16.2.0/24, and 172.16.3.0/24 for loopbacks and 172.16.16.0/20 for network addressing. My
diagram would then appear as in Figure 3.
Figure 3.
By using this type of method, I have a clear graphical representation of address space already used and address
space still available for future use. I also employ another method to keep track of my address space used, by router
and interface. What I do is make a simple table by router name with each interface filled in. Under each interface, I list
the IP address as well as the addresses for any other protocols. Here is an example. Suppose I had the network
depicted below.
Figure 4.
I would construct a table for this network by filling in addresses as I go, but also noting when an interface is unused or
nonexistent for a given router. I can also use this table to check that my addresses are entered correctly on each
router by using show ip route connected as well as to check basic IP connectivity. In most cases, I will know my IP
configuration is correct when I can ping every address from every router.
CertificationZone Page 7 of 18
/?Issue=37&IssueDate=05-01-2001&CP= 11/06/01
Preparing for the Lab Exam
This section will give you tips on just how you should go about preparing for the lab exam. These tips are a result of
my own preparation experiences as well as those of numerous other members of groupstudy.com. Let's begin by
taking a detailed look at the books that I suggest for your library. Yes, there are many more books out there; these are
the ones I recommend and use on a daily basis.
Books to Read
Do you have to read every page of every book? No, but you do need to read certain key sections. Obviously, if a book
has sections about topics that are no longer on the exam, then you do not need to read those sections. Here are the
books that I feel you must read and absorb:
CCIE Certification Bridges, Routers, and Switches for CCIEs - Bruce Caslow (Don't walk, RUN and get it,
memorize it! Be sure to get the Second Edition.)
Internet Routing Architectures - Sam Halabi (The BGP material in this book is essential and difficult to find
elsewhere. Be sure to get the Second Edition.)
CCIE Professional Development Routing TCP/IP Volume I - Jeff Doyle (The best book for the routing protocols.)
CCIE Professional Development LAN Switching - Kennedy Clark (The best book on the Catalyst.)
All-In-One CCIE Lab Study Guide - Stephen Hutnik & Michael Satterlee (Although this book is not a true all-in-one
guide, it does present some topics well, such as NTP, HSRP, and configuring a router as a TFTP server. It provides a
good basic start for lab work.)
Developing IP Multicast Networks: The Definitive Guide to Designing and Deploying CISCO IP Multi-cast
Networks - Beau Williamson (Although this book may be overkill, it is excellent.)
Cisco Multicasting Routing & Switching - William Parkhurst (This is the multicast book I used. Beau's book was
not available yet.)
Cisco Routing Illustrated: A Workbook for CCIEs and CCNPs - Bruce Caslow (Keep an eye out for this book. It
should be an excellent source for lab scenarios.)
Now that we have sufficient reading material, let's look at the next important ingredient: a home lab.
Obtaining a Home Lab
You cannot hope to pass the CCIE lab without mastering IOS, and this is only possible if you have extensive hands-
on router and switch time. The best way to get this experience and I believe this is an absolute requirement is to
assemble your own lab. You can assemble a lab at home or at work several ways, but you must have access to a
quality lab. Your home lab doesn't need to have every piece of equipment on the published equipment list, but more
is definitely better. I would strive to obtain 6-8 routers with a Catalyst 5000 and ISDN simulator. I think you can obtain
enough experience with ATM and voice in the ECP-1 class I am going to recommend or by renting a remote rack with
this equipment.
All of your routers, except for maybe the frame switch, should have at least 11.2 Enterprise Plus. You should probably
have 12.0, since the official web site says you need to be prepared for IOS through 12.0. This may require you to
upgrade the DRAM and Flash on the routers you acquire. Make sure that one of your routers has at least four serial
ports to act as a frame switch. Don't worry too much about obtaining Token Ring gear. If you have IOS version 11.3 or
better, you can use virtual token-ring interfaces, which simulate the real thing. Preparing for the CCIE lab may sound
like an expensive endeavor and it is but you can get away with buying used equipment on ebay.com and resell it
Router Serial 0 Serial 1 Ethernet 0 Token Ring 0 BRI 0 Loopback 0
R1 2503 172.16.32.1/30 172.16.16.1/20 Unused N/A 172.16.32.5/30 172.16.1.1/24
R2 2504 172.16.16.2/20 Unused N/A 172.16.80.1/24 172.16.32.6/30 172.16.2.2/24
R3 2501 172.16.32.2/30 Unused 172.16.64.1/24 N/A N/A 172.16.3.3/24
CertificationZone Page 8 of 18
/?Issue=37&IssueDate=05-01-2001&CP= 11/06/01
later; or borrow it from work or perhaps even from your friendly Cisco rep. It would cost you about $10,000 to acquire
the equipment you need to practice for the lab so you may consider sharing the cost with a few friends.
Here are my two recommendations for lab equipment. The first lab is the bare bones "get the most lab for your buck."
The second lab is the no-expense-spared, totally complete lab.
Lab 1 - The Budget Lab
Cisco 2521/2522 - Use as a frame switch.
Cisco 2509/2511 - Use as a terminal server.
Cisco 2513 has 1 Token Ring / 1 Ethernet / 2 Serial Ports
Cisco 2514 has 2 Ethernet / 2 Serial Ports
Cisco 2503(2) has 1 Ethernet / 1 ISDN BRI / 2 Serial Ports
Cisco 2504 has 1 Token Ring / 2 ISDN BRI / Serial Ports
ISDN Simulator
Catalyst 2901 / 5002 / 5005 with a Supervisor 1 module and an Ethernet blade
Lab 2 - The Complete Lab
Cisco 2521/2522 - Use as a frame switch.
Cisco 2509/2511 - Use as a terminal server.
ISDN Simulator
Catalyst 2901 / 5002 / 5005 with a Supervisor 1 module and an Ethernet blade
LightStream 1010 ATM Switch with 4 X OC3 MM interfaces
Cisco 2503(2) has 1 Ethernet / 1 ISDN BRI / 2 Serial Ports
Cisco 2504 has 1 Token Ring / 2 ISDN BRI / Serial Ports
Cisco 4500 with ATM OC-3 MM Module, Ethernet Module, and Serial Port Module
Cisco 3640 with ATM OC-3 MM Module, FXS Voice, FE Module
Cisco 2600/ Cisco 3620 with FXS Voice, Serial Module
Two analog phones
Catalyst 3920 Token Ring Switch
Now that you know what books to buy and what equipment to use to build your lab, you should take a look at your
training requirements. Do you need to take any classes? It depends on your individual skills, but I highly recommend
taking at least one class.
Training Classes
One of the questions that I see frequently is about which class to take, especially which boot camp to take. I cannot
comment on every boot camp out there because I have only taken one class. I highly recommend Mentor
Technologies' ECP1 class.
CertificationZone Page 9 of 18
/?Issue=37&IssueDate=05-01-2001&CP= 11/06/01
You can count on five twelve-hour days covering Bruce Caslow's CCIE Certification Bridges, Routers, and Switches
for CCIEs book combined with extensive hands-on lab exercises. The class is often taught by Bruce, but is also
taught by Val Pavlichenko and Fred Ingham. All three are outstanding instructors. I am certain that you will not be
disappointed with this class. It is important to know that ECP1 is not meant to be a boot camp, rather, ECP1 is meant
to be a strong refresher class to let you know just where you stand in your preparation so that you can assess your
strong points and weak points. It is most definitely not a brain dump of the lab exam. It is a very valuable chance to
spend something like 60 hours in one week eating, breathing, and living high-level internetworking with a master
instructor.
Do you need to take all the recommended classes as listed on the CCIE web site or the sites of Cisco's training
partners? No, you don't. Sure, some classes can be helpful, but you do not have to take them. I personally took the
ACRC and ECP1 classes. One class that I think would be helpful is the CVOICE class, but I don't think it is an
absolute necessity.
I would like to offer some tips for any course of this nature to maximize your learning experience.
1. Come prepared. If you do not understand most of the material in "Bridges, Routers, and Switches," then you
are not ready for the class, so reschedule.
2. Bring your laptop with you, and save all your sessions to log files. This way you can go back later and review
the setups with which you are not familiar, such as ATM or Voice over IP.
3. Stay the entire time. This time is precious, so don't leave at 6:00 pm just to go watch TV.
4. Network with your classmates. You can learn valuable techniques and get ideas for areas in which you need
to improve.
5. Be sure you come away from the class with a clear picture of where you are strong and where you are weak.
Work hard on the weak points, not the strong points. Concentrate on the material with which you are
uncomfortable.
6. When you finish the class, go home and rework all the labs until you understand them thoroughly.
7. Take the class 4-6 weeks before the lab so that you have enough time to practice what you learn in the class.
8. Remember the debugging techniques you will learn in the class. Learn how to prove to yourself that every
configuration is correct by using the appropriate debug or show commands.
Skills Needed for the CCIE Lab
Although there are many direct skills you need to learn for the CCIE lab exam, there are some indirect skills as well.
Some of the indirect skills you need to learn are how to configure a router to act as a frame-relay switch and how to
configure a terminal server. You may want to know how to configure an ATM switch to practice with.
How to Configure a Router as a Frame Switch
One of the skills that you need to learn for the CCIE lab is how to configure a router as a frame-relay switch. It isn't so
much that you need to be able to configure a router as a frame-relay switch for the lab itself (although if a given
configuration is in IOS, it is still fair game). Rather, it is the fact that you need to be able to configure a router as a
frame-relay switch to practice your own scenarios since you will want to study frame-relay heavily. The commands
you need to configure a router as a frame switch are relatively simple. In this example, we are assuming that you
have a router with at least four serial ports, although you could easily have more, e.g. a 2522 has 10 serial ports.
Here is a step-by-step example:
You need to use the global command frame-relay switching to enable frame-relay switching. This is the only global
command you need. All the rest are interface commands.
The next command you need to enter is an interface command to define the frame-relay interface type as a DCE.
Remember that, in general, the DCE side of the circuit is on the telco side, and the DTE side is on the Customer
Premises Equipment (CPE) side. The next command defines the routing between the DLCIs, so it is very important
that you understand the syntax of the frame-relay route command. Here is a practical example:
Frame-switch#config t
CertificationZone Page 10 of 18
/?Issue=37&IssueDate=05-01-2001&CP= 11/06/01
Frame-switch(config)#frame-relay switching
Frame-switch(config)#interface s 0
Frame-switch(config-if)#encapsulation frame-relay ietf
Frame-switch(config-if)#frame-relay intf-type dce
Frame-switch(config-if)#frame-relay route 102 interface serial1 201
Frame-switch(config-if)#frame-relay lmi-type q933a
Note that the encapsulation frame-relay command actually specifies which of the two frame-relay encapsulation
types the circuit will use: cisco (the default), or ietf (the standard for connecting to other manufacturer's equipment).
You can also set which of the three lmi-types you want to use here: cisco (the default), CCITT (q933a), or ANSI.
Finally, look at the syntax of the frame-relay route command itself. This is where you set the DLCI for each interface.
The example above is saying that all data from interface s 0 will use DLCI 102 to reach interface s 1 using DLCI 201.
It should be obvious that interface s 1 needs a similar configuration. Here is what it looks like:
Frame-switch(config)#interface s 1
Frame-switch(config-if)#encapsulation frame-relay ietf
Frame-switch(config-if)#frame-relay intf-type dce
Frame-switch(config-if)#frame-relay route 201 interface serial0 102
Frame-switch(config-if)#frame-relay lmi-type q933a
From your reading, you should be aware that significant differences exist between a fully meshed network and a
partially meshed network. For frame-relay, a partial mesh presents many difficulties. It is imperative that you
understand the differences between the two types of meshed networks.
More detailed information about Frame Relay can be found in the CertificationZone Frame Relay Study Guide.
Fully Meshed Frame Switch
Figure 5. A Fully Meshed Frame-relay Network
In this simple example of a fully meshed network of three routers, notice how each interface has two frame-relay route
statements associated with it. You should see that each frame-relay route statement has a complement under its
paired interface.
Frame-switch#show run
Building configuration
Current configuration:
!
version 11.3
!
hostname Frame-switch
!
frame-relay switching
!
interface Serial0
no ip address
encapsulation frame-relay
CertificationZone Page 11 of 18
/?Issue=37&IssueDate=05-01-2001&CP= 11/06/01
clockrate 56000
frame-relay intf-type dce
frame-relay route 102 interface Serial1 201
frame-relay route 103 interface Serial2 301
!
interface Serial1
no ip address
encapsulation frame-relay
clockrate 56000
frame-relay intf-type dce
frame-relay route 201 interface Serial0 102
frame-relay route 203 interface Serial2 302
!
interface Serial2
no ip address
encapsulation frame-relay
clockrate 56000
frame-relay intf-type dce
frame-relay route 301 interface Serial0 103
frame-relay route 302 interface Serial1 203
!
no ip classless
!
line con0
line aux0
line vty 0 4
login
!
end
Partially Meshed Frame Switch
Figure 6. A Partially Meshed Frame Switch
In our next example, R1 is serving as the hub router with R2 and R3 as the spokes. Notice how on the frame-switch
the serial0 interface, connected to the hub, has two frame-relay route statements, but the other serial interfaces,
connected to the spokes, only have a single statement each.
Frame-switch#show run
Building configuration
Current configuration:
!
version 11.3
!
hostname Frame-switch
!
frame-relay switching
!
interface Serial0
no ip address
CertificationZone Page 12 of 18
/?Issue=37&IssueDate=05-01-2001&CP= 11/06/01
encapsulation frame-relay
clockrate 56000
frame-relay intf-type dce
frame-relay route 102 interface Serial1 201
frame-relay route 103 interface Serial2 301
!
interface Serial1
no ip address
encapsulation frame-relay
clockrate 56000
frame-relay intf-type dce
frame-relay route 201 interface Serial0 102
!
interface Serial2
no ip address
encapsulation frame-relay
clockrate 56000
frame-relay intf-type dce
frame-relay route 301 interface Serial0 103
!
no ip classless
!
line con0
line aux0
line vty 0 4
login
!
end
By now you probably are wondering whether the best way to practice for the lab is to configure your frame-relay
switch as a fully meshed switch or as a partially meshed switch. I personally prefer to configure the frame-switch as a
fully meshed switch because this gives me the best flexibility. If I want to practice scenarios using a full mesh, I can. If
I want to practice scenarios using a partial mesh, I can do that too by simply disabling inverse-arp on the routers in
question for any DLCIs that I don't want to use. I suggest that you practice with both scenarios so that you are
completely familiar with the limitations of partial mesh topologies compared to fully meshed topologies. Before we
move on to configuring terminal servers, let's take a quick look at how to verify that the frame-relay switch is working
correctly. All you need to do is use the show frame route command. You should then see a display that looks similar
to this:
Frame-switch#show frame route
Input Intf Input Dlci Output Intf Output Dlci Status
Serial0 102 Serial 1 201 active
Serial0 103 Serial 2 301 active
Serial1 201 Serial 0 102 active
Serial1 203 Serial2 302 active
Serial1 301 Serial0 103 active
Serial2 302 Serial1 203 active
All PVCs should show active. If they do not show active then troubleshoot as follows:
1. Check the configuration of the frame-switch for incorrect frame-relay route statements corresponding with the
inactive status listing.
2. Check the interface configurations of both interfaces related to the inactive status listing.
3. Finally, check the configurations of the routers connected to the interfaces listed as inactive.
Although learning to configure a router as a frame-relay switch is important to your lab preparation, there are several
more skills you need. You need to learn to configure and use a terminal server and a LightStream 1010 ATM switch.
Configuring a Terminal Server
It is very important that you know how to configure a terminal server rapidly and correctly because it will make life
much easier for you. If you haven't worked with a terminal server before, then you should make sure you understand
exactly what the terminal server is doing for you. A terminal server is a means of giving you a console connection into
every router and switch without having to constantly move your console cable to each piece of equipment. What the
terminal server does is use an octopus cable to plug into each console port so that you can reverse telnet to each
router or switch. To return to the terminal server, all you have to do is enter the magic command <ctrl-shift-6> x
when you are finished working in a given router or switch. Let's examine the basic configuration of a terminal server,
and then I will show you how to use the terminal server in the most efficient manner.
CertificationZone Page 13 of 18
/?Issue=37&IssueDate=05-01-2001&CP= 11/06/01
To configure a terminal server, you need to perform three basic steps:
1. Configure one IP address in interface configuration mode, usually a loopback interface.
2. Configure an IP host table in global configuration mode.
3. Configure the line transport in line command configuration.
To configure an IP address, I usually just create a loopback interface. I like to use a loopback interface because the
loopback interface will never go down as long as some other interface is up on the router. This step might appear as
follows:
Ts#conf t
Ts(config)#interface loopback 0
Ts(config-if)#ip address 1.1.1.1 255.255.255.255
For the next step, we need to create an IP host table for each router or switch to which the terminal server is
connected. We will assign each router a reverse Telnet port corresponding to the cable number plugged into each
router's console port marked on the octopus cable. Since a 2509 only has eight console plugs, the corresponding
reverse Telnet ports are numbered 2001-2008. A 2511 would use ports 2001-2016. We will use this information in
constructing the IP host table. Here is a sample table:
ip host r1 2001 1.1.1.1
ip host r2 2002 1.1.1.1
ip host r3 2003 1.1.1.1
ip host r4 2004 1.1.1.1
ip host cat5000 2005 1.1.1.1
Notice how each router or switch is listed in the host table with a reference to the host name, the reverse telnet port,
and the IP address of the loopback interface. Our final step is to enter line configuration mode and enter the transport
for all 8 or 16 lines. It is very important that you use the command transport input all, or the reverse telnet will not
work. Here is an example:
Ts#conf t
Ts(config)#line 1 8
Ts(config)#transport input all
Once these steps are complete, it is time to try out the terminal server. Just enter the hostname of a router listed in
the IP host table at the prompt and press enter. Here is an example of what you will see:
Ts#r1
Trying r1 (1.1.1.1, 2001) Open
Router>
As previously discussed, once you have reverse telnetted into another router, enter <ctrl+shift+6> x to return to the
terminal server. If you see a message similar to the one below, then you will need to check the status of the lines of
the terminal server using the show line command.
Ts#r1
Trying r1 (1.1.1.1, 2001)
% Connection refused by remote host.
Now check the status of the lines on the terminal server. You should see something similar to this:
Ts#show line
Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int
-
* 0 CTY - - - - - 7 0 0/0 -
* 1 TTY 9600/9600 - - - - - 0 0 0/2 -
* 2 TTY 9600/9600 - - - - - 1 1 0/0 -
* 3 TTY 9600/9600 - - - - - 1 0 0/0 -
* 4 TTY 9600/9600 - - - - - 1 0 0/0 -
* 5 TTY 9600/9600 - - - - - 1 0 0/0 -
* 6 TTY 9600/9600 - - - - - 1 0 0/0 -
* 7 TTY 9600/9600 - - - - - 1 0 0/0 -
CertificationZone Page 14 of 18
/?Issue=37&IssueDate=05-01-2001&CP= 11/06/01
* 8 TTY 9600/9600 - - - - - 1 1 0/0 -
9 AUX 9600/9600 - - - - - 0 0 0/0 -
10 VTY - - - - - 0 0 0/0 -
11 VTY - - - - - 0 0 0/0 -
12 VTY - - - - - 0 0 0/0 -
13 VTY - - - - - 0 0 0/0 -
14 VTY - - - - - 0 0 0/0 -
An asterisk for each line indicates that this particular line is in use. If a line is shown to be in use, and you know it
should not be, then just use the clear line n command. If you want to rapidly clear all lines at once, you can just exit
from the terminal server using the exit command. Another command you may want to use is the show sessions
command. This command shows you a connection number for each host. This provides you with a shortcut because,
supposing we used the terminal server to connect to r1-r4 and the Catalyst 5000, instead of typing the host name
every time, we could just use the session number to move between sessions. The table should look something like
this:
Ts#show sessions
Conn Host Address Byte Idle Conn Name
1 r1 1.1.1.1 0 0 r1
2 r2 1.1.1.1 0 0 r2
3 r3 1.1.1.1 0 0 r3
4 r4 1.1.1.1 0 0 r4
5 cat 1.1.1.1 0 0 cat
This is where the time saving part comes in. When I initially connect to routers from a terminal server, I reverse telnet
to them in order so that 1 = r1, 2 = r2, etc. In this case, if I wanted to connect to the Catalyst, I would just enter a 5
instead of typing cat. If I wanted to disconnect a single session, I could use the disconnect session-# command. If I
want to exit all sessions at once, then just use the exit command as we discussed above.
Configuring A LightStream 1010 ATM Switch
CCIE candidates will not be required to configure the LightStream 1010 during the CCIE exam because it is not on
the list of equipment. However, according to the Cisco FAQ for ATM on the Routing and Switching CCIE Exam,
candidates may be required to connect to a switch external to their rack. I am including a sample PVC configuration
for the LightStream so that you will know how to configure it for your own practice lab. Please note that the
LightStream does not need any configuration for Classical IP, only for PVCs. Here is a sample PVC configuration for
the LightStream 1010:
interface ATM0/1/1
no ip address
no ip directed-broadcast
no atm ilmi-keepalive
atm pvc 4 40 interface ATM0/1/0 5 50
The important part of the LightStream configuration is knowing how to interpret the last line. The idea here is similar to
PVCs on a frame-relay switch. What we are saying is that we want to construct an ATM PVC where one side of the
PVC is using a VPI/VCI pair of 4 and 40, and the other side of the PVC is using a VPI/VCI pair of 5 and 50. This is all
you really need to know to configure the LightStream for PVCs.
Role of the Proctor
You may think of the proctor as the bad guy wearing a black hat, but in reality, the proctor is there to help. I found the
proctors that I met extremely knowledgeable and professional. Don't overlook the role of the proctor in the exam. The
proctor also grades the exam and is responsible for the equipment. Let's suppose that during the course of the exam,
you are 100% positive that there is a physical fault with your equipment e.g. a faulty cable. Don't spend an eternity
trying to fix it. If you know there is a failure unrelated to the exam, tell the proctor immediately. The proctor will check
on it for you and stop your running time while doing so. If it is truly a problem, then going to the proctor right away will
help make sure you don't waste any time. The proctor's role in clarifying questions is important as well. You can't just
go ask the proctor how to configure a feature (or at least the proctor will not tell you how to), but there are certain
situations that can arise where a given problem can be solved using several different methods. If you go speak to the
proctor and show that you can solve the problem using method a, method b, and method c, the proctor may very well
indicate to you in some fashion the preferred method. Don't overlook the proctor's role after the exam either. For
example, have you always wondered about just what the best way to debug your AppleTalk filtering is? Ask! The
proctor may be able to show you a good way. (Yes, I intentionally chose a topic not on the exam anymore, but you get
the point). I certainly learned from my debriefings with the proctor after my exam. I still use several techniques I
learned that day.
CertificationZone Page 15 of 18
/?Issue=37&IssueDate=05-01-2001&CP= 11/06/01
Preparing For Troubleshooting
I see a lot of people asking about how to prepare for the troubleshooting portion of the CCIE lab on groupstudy.com.
A lot of people want to know what troubleshooting is like. If you didn't attend the Networkers CCIE Lab Power
Session, then you missed Mike Reid's coverage of this topic. According to Mike, the troubleshooting section of the
exam requires candidates to diagnose, fix, and document faults in a network. He went on to say that there are two
different procedures used in the CCIE lab to test a candidate's troubleshooting skills. In the first method, the proctor
inserts faults into the candidate's existing network. In the second method, the candidate must download the
configurations for a network and troubleshoot the new configurations. I think that the key to troubleshooting is to have
a plan of attack.
In formulating a plan of attack, it might be helpful to think of the steps that you would take if you had to walk into
Company X and fix an unknown problem. How would you go about it? Make sure you troubleshoot layer by layer
using the OSI model. Here are the steps I use:
1. Document each fault as you go, but be very brief. You don't have time to write a book about each fault.
2. Obtain physical access to the routers. Be prepared to do a password recovery for any piece of equipment on
the list of possible lab equipment.
3. Fix any configuration register problems.
4. Check layer 1; make sure everything is cabled correctly. Check your physical interfaces.
5. Restore layer 2 next. Don't move on to any layer 3 problems until you restore layer 2 connectivity.
6. For layer 3, fix basic IP routing first. Remove access lists and filters and fix them only after everything else is
complete.
7. After you have fixed IP routing, fix other protocols as necessary.
8. Only after you have basic routing working for all protocols should you fix access lists and other filters.
In preparing for the lab, I put together a list of possible troubleshooting topics for which to prepare. I used a number of
sources for this list including various books I read, personal experience, classes I attended, and things I dreamed up.
This is by no means a comprehensive list, but it is my list. These topics can range from the most simple and obvious
to the downright devious (I can thank Bruce Caslow for giving me the most devious one in his ECP1 class).
Obtaining Access to the Routers and Switches
1. Password recovery for 2500s, 2600s, 4000s, 3600s, Catalyst 5000s, and the Catalyst 3920.
2. Are any cables attached to the router, switch, or the patch panel loose?
3. Are any of the serial cables attached to the router upside down?
4. Do you know how to recover when the exec-timeout on the console gets set to 0 1, giving you a timeout of 1
s? Hint: type fast or use the up arrow to keep from timing out.
5. Do you know how to recognize when the console port speed has been set to something other than 9600?
Hint: You need to change your HyperTerminal setting to the slower speed until you can change the
configuration-register setting back to something normal.
6. Check your terminal server configuration. Has the loopback changed? Has the IP host table changed? Is
transport input all still under line 1 8?
7. Are the configuration registers changed?
8. Is the hostname correct? (An evil trick is to rename the router from say "r1" to "r1(boot)>". )
9. Is the prompt set to a space?
CertificationZone Page 16 of 18
/?Issue=37&IssueDate=05-01-2001&CP= 11/06/01
10. Have your aliases changed?
Check Layer 1
1. Are any interfaces shut down?
2. Is the ring-speed, Ethernet-speed, or media-type correct? Is the duplex correct?
3. Is the ISDN switch type correct? Are the SPIDs correct?
4. Is the clock rate command removed from any interfaces?
Check Layer 2
1. Are any frame routes or frame-relay switch parameters changed?
2. Are any DLCI numbers in your configuration changed?
3. Is inverse-arp enabled or disabled?
4. Is the frame-relay LMI type or interface type changed?
5. Is the frame relay encapsulation type changed?
6. Are any bridge-group numbers and/or bridge protocol changed?
7. Is the BIA MAC address changed?
8. Are the ISDN phone numbers, encapsulation, passwords, broadcast, speed, dialer-group, and dialer-list
correct?
9. Are any Catalyst ports disabled?
10. Are any VLANs changed?
11. Are any trunks changed?
12. Is the ATM encapsulation correct?
13. Is the VPI/VCI information correct?
14. Is the ATM arp server configured correctly for Classical IP?
15. If ATM, are you receiving ILMI for SVCs or Classical IP?
Check Layer 3
1. Are the AS numbers for various protocols correct?
2. Are any IP addresses or masks changed?
3. Are any access-lists changed or added to?
4. Are any hello timers, authentication passwords, dead timers, etc. changed?
5. Is the MAC address portion of IPX routing changed?
6. Did you remember to reload the routers after changing loopback addresses?
CertificationZone Page 17 of 18
/?Issue=37&IssueDate=05-01-2001&CP= 11/06/01
Get together with another person preparing for the CCIE lab and give each other troubleshooting scenarios.
Alternatively, you could try getting another engineer to break your lab or teach your significant other a list of
commands to enter to mess with your setup and then practice restoring to a fully configured state.
Stress Management
The CCIE lab exam doesn't test just your knowledge. This test is truly grueling for most people. Half of the test is
being able to work fast under intense pressure without panic. I think that the biggest mistakes I see people make
occur during the final few days before the test. Don't cram right up until the last minute! It is okay to study a couple
of hours about three days prior to the test, but don't pull any marathons. If you don't know the material by then, it is
simply too late. Plan your trip to the exam site carefully. Don't take a chance on last-minute travel snafus. Go at least
two days prior to the exam. I went three days prior to my exam because I had to fly from the US to Brussels and
needed the extra days to adjust to European time and shake off my jet lag. Try to relax, eat well, and get lots of sleep
if you can during the days prior to the exam because it may be quite difficult to sleep well after the first night of the
exam.
Don't be afraid to buy an over-the-counter sleeping aid or get a prescription from your doctor for medication to make
sure you sleep. If you have never taken a particular drug before, however, the night before the lab is not the best time
to find out how it reacts on your body. Most physicians believe that the newer prescription drugs are safer and more
reliable than the over-the-counter products, but, of course, you need to see a physician to get them.
I have seen candidate after candidate cram to the last minute, not get any sleep, fly across three or more time zones,
not be comfortable, get into the test and be unable to think due to fatigue. Many people fail the test because they
cannot think due to improper rest, improper nutrition, or too much alcohol. This is not the time to go have too much to
drink because you are nervous about the test. The alcohol will only make it worse. Prepare yourself mentally and
physically as if you were going into combat. This test is just as hard on the nerves and body as the brain. The best
thing I did was take a few days vacation prior to the test and see the sights in Europe. My mind was on all the new
experiences rather than worrying about the test. As a result, I went in refreshed, well rested, and in the optimum
mental and physical states of preparation. Your significant other may very well appreciate the vacation as well.
A Final Warning
Passing can be hazardous to your health. After I received my number, I was walking on cloud nine so much so that I
almost stepped out into traffic three or four times just walking the few hundred yards from the Lab to the Holiday Inn in
Brussels, so be careful out there!
References
Caslow, Bruce. CCIE Certification Bridges, Routers, and Switches for CCIEs, Second Edition. Prentice Hall Computer
Books. December, 2000. ISBN: 0-130903-89-2.
Caslow, Bruce. Cisco Routing Illustrated: A Workbook for CCIEs and CCNPs - 1st edition. Prentice Hall. November,
2001. ISBN 0-130852-66-X.
Clark, Kennedy. CCIE Professional Development LAN Switching, Cisco Press. August, 1999. ISBN 1-578700-94-9.
Doyle, Jeff. CCIE Professional Development Routing TCP/IP - Volume I. Cisco Press. October, 1998. ISBN: 1-
578700-41-8.
Halabi, Sam. Internet Routing Architectures, Second Edition. Cisco Press. January, 2000. ISBN 1-578702-33-X.
Hutnik , Stephen and Michael Satterlee. All-In-One CCIE Lab Study Guide, Second Edition. McGraw-Hill Higher
Education. May, 2001. ISBN 0-072127-60-0.
Parkhurst, William. Cisco Multicasting Routing & Switching. McGraw-Hill. April, 1999. ISBN 0-071346-47-3.
Williamson, Beau. Developing IP Multicast Networks: The Definitive Guide to Designing and Deploying CISCO IP
Multi-cast Networks. 1st edition, Vol. 1. Cisco Press. January, 2000. ISBN 1-578700-77-9.
[IE-LabS-WP1-F04]
CertificationZone Page 18 of 18
/?Issue=37&IssueDate=05-01-2001&CP= 11/06/01
[2001-04-30-03]
Copyright © 2001 Genium Publishing Corporation
