0% found this document useful (0 votes)
2K views70 pages

CCIE Enterprise Infrastructure Foundation

Uploaded by

Mazango
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
2K views70 pages

CCIE Enterprise Infrastructure Foundation

Uploaded by

Mazango
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 70

CCIE Enterprise

Infrastructure Foundation
Narbik Kocharians

Cisco Press

A01_Kocharians_FM_p00i-000.indd 1 13/05/22 3:14 PM


ii CCIE Enterprise Infrastructure Foundation

CCIE Enterprise Infrastructure Foundation


Narbik Kocharians

Copyright© 2023 Pearson Education, Inc.

Published by: Cisco Press

All rights reserved. This publication is protected by copyright, and permission must be obtained from the
publisher prior to any prohibited reproduction, storage in a retrieval system, or transmission in any form
or by any means, electronic, mechanical, photocopying, recording, or likewise. For information regarding
permissions, request forms, and the appropriate contacts within the Pearson Education Global Rights &
Permissions Department, please visit www.pearson.com/permissions.

No patent liability is assumed with respect to the use of the information contained herein. Although
every precaution has been taken in the preparation of this book, the publisher and author assume no
responsibility for errors or omissions. Nor is any liability assumed for damages resulting from the use of
the information contained herein.
ScoutAutomatedPrintCode
Library of Congress Control Number: 2022902108

ISBN-13: 978-0-13-737424-3

ISBN-10: 0-13-737424-0

Warning and Disclaimer


This book is designed to provide information about the CCIE Enterprise Infrastructure certification.
Every effort has been made to make this book as complete and as accurate as possible, but no warranty or
fitness is implied.

The information is provided on an “as is” basis. The authors, Cisco Press, and Cisco Systems, Inc. shall
have neither liability nor responsibility to any person or entity with respect to any loss or damages
arising from the information contained in this book or from the use of the discs or programs that may
accompany it.

The opinions expressed in this book belong to the author and are not necessarily those of
Cisco Systems, Inc.

Trademark Acknowledgments
All terms mentioned in this book that are known to be trademarks or service marks have been appro-
priately capitalized. Cisco Press or Cisco Systems, Inc., cannot attest to the accuracy of this informa-
tion. Use of a term in this book should not be regarded as affecting the validity of any trademark or
service mark.

Special Sales
For information about buying this title in bulk quantities, or for special sales opportunities (which
may include electronic versions; custom cover designs; and content particular to your business, training
goals, marketing focus, or branding interests), please contact our corporate sales department at
[email protected] or (800) 382-3419.

For government sales inquiries, please contact [email protected].

For questions about sales outside the U.S., please contact [email protected].

A01_Kocharians_FM_p00i-000.indd 2 13/05/22 3:14 PM


iii

Feedback Information
At Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book
is crafted with care and precision, undergoing rigorous development that involves the unique expertise of
members from the professional technical community.

Readers’ feedback is a natural continuation of this process. If you have any comments regarding how we
could improve the quality of this book, or otherwise alter it to better suit your needs, you can contact us
through email at [email protected]. Please make sure to include the book title and ISBN in your
message.

We greatly appreciate your assistance.

Editor-in-Chief: Mark Taub Technical Editors: Sarah Anand; Dante McNeil

Alliances Manager, Cisco Press: Arezou Gol Editorial Assistant: Cindy Teeters

Director, ITP Product Management: Brett Bartow Designer: Chuti Prasertsith

Executive Editor: James Manly Composition: codeMantra

Managing Editor: Sandra Schroeder Indexer: Timothy Wright

Development Editor: Ellie Bru Proofreader: Donna E. Mulder

Project Editor: Mandie Frank

Copy Editor: Kitty Wilson

A01_Kocharians_FM_p00i-000.indd 3 13/05/22 3:14 PM


iv CCIE Enterprise Infrastructure Foundation

Credits
Unnumbered figures on pages 860-861 PuTTY

A01_Kocharians_FM_p00i-000.indd 4 13/05/22 3:14 PM


v

Pearson’s Commitment to Diversity, Equity, and


Inclusion
Pearson is dedicated to creating bias-free content that reflects the diversity of all learn-
ers. We embrace the many dimensions of diversity, including but not limited to race,
ethnicity, gender, socioeconomic status, ability, age, sexual orientation, and religious or
political beliefs.

Education is a powerful force for equity and change in our world. It has the potential to
deliver opportunities that improve lives and enable economic mobility. As we work with
authors to create content for every product and service, we acknowledge our responsibil-
ity to demonstrate inclusivity and incorporate diverse scholarship so that everyone can
achieve their potential through learning. As the world’s leading learning company, we have
a duty to help drive change and live up to our purpose to help more people create a bet-
ter life for themselves and to create a better world.

Our ambition is to purposefully contribute to a world where

■ Everyone has an equitable and lifelong opportunity to succeed through learning

■ Our educational products and services are inclusive and represent the rich diversity
of learners

■ Our educational content accurately reflects the histories and experiences of the
learners we serve

■ Our educational content prompts deeper discussions with learners and motivates
them to expand their own learning (and worldview)

While we work hard to present unbiased content, we want to hear from you about any
concerns or needs with this Pearson product so that we can investigate and address them.

Please contact us with concerns about any potential bias at https://www.pearson.com/


report-bias.html.

A01_Kocharians_FM_p00i-000.indd 5 13/05/22 3:14 PM


vi CCIE Enterprise Infrastructure Foundation

About the Author


Narbik Kocharians, CCIE No. 12410 (Routing and Switching, Service Provider, and
Security) is a triple CCIE with more than 46 years of experience in this industry. He has
designed, implemented, and supported numerous small, mid-size, and large enterprise
networks.

Narbik is the president of Micronics Networking and Training, Inc. (www.Micronics


Training.com), where almost all Cisco-authorized and custom courses are conducted,
including CCIE-DC, CCIE-SP, CCIE-Enterprise Infrastructure, CCDE, ACI, and many
more.

A01_Kocharians_FM_p00i-000.indd 6 13/05/22 3:14 PM


vii

About the Technical Reviewers


Sarah Anand has been affiliated with different networking technologies, including
Cisco-specific implementations, for 7 years, with a focus on routing/switching and ser-
vice provider technologies. Currently she works as a technical writer and editor, train-
ing network engineers in vendor-specific and industry-standard technologies. She has
a degree in computer science and enjoys spending free time exploring passions in web
design and search engine optimization.

Dante McNeil has 10 years of IT networking experience in the nonprofit, enterprise,


K–12, and higher education spaces, with a focus on advanced networking implementa-
tions and Cisco technologies. He also spends time writing and creating network training
content for networking engineers. He holds a bachelor of science degree in computing
information sciences from Jacksonville University. In his spare time, he enjoys roller
coasters, video games, and road trips.

A01_Kocharians_FM_p00i-000.indd 7 13/05/22 3:14 PM


viii CCIE Enterprise Infrastructure Foundation

Dedications
I would like to dedicate this book to my beautiful wife, Janet, my children and their
spouses, Chris and Nona (aka Siroon Achik), Patrick and Diana (aka Bestelik Jan),
Alexandra (aka Achiko) and Sevak, and Daniel (aka Chompolik), as well as our first
grandson, Matthew (aka Jigar), whom I LOVE so much, he brightens my day every
morning!

I would like to acknowledge with gratitude the support, sacrifice, and love of my
family for making this book possible. I thank God for the health and wisdom that He has
instilled in me, my lovely family, my first grandson Mathew, and my father, who was
my best friend.

A01_Kocharians_FM_p00i-000.indd 8 13/05/22 3:14 PM


ix

Acknowledgments
A very special thanks to James and Eleanor. I remember brainstorming with James for
hours about this book, and eventually he came up with the ultimate solution. I would
like to thank Eleanor for having a tremendous amount of patience and professionalism.

I would also like to thank my tech editors, Sarah Anand and Dante McNeil, two gifted
network engineers with a tremendous amount of knowledge. God willing, I will be work-
ing with these two champions for a long time to come. They are not CCIEs yet, but their
knowledge is on par with the best CCIEs out there.

A01_Kocharians_FM_p00i-000.indd 9 13/05/22 3:14 PM


x CCIE Enterprise Infrastructure Foundation

Contents at a Glance
Introduction xxxiii

Chapter 1 Switching 1

Chapter 2 IP Prefix Lists 35

Chapter 3 RIPv2 39

Chapter 4 EIGRP 51

Chapter 5 OSPF 65

Chapter 6 BGP 95

Chapter 7 DMVPN 269

Chapter 8 MPLS and L3VPNs 585

Chapter 9 IPv6 609

Chapter 10 SD-WAN 637

Chapter 11 SD-Access 825

Index 881

A01_Kocharians_FM_p00i-000.indd 10 13/05/22 3:14 PM


xi

Contents
Introduction xxxiii

Chapter 1 Switching 1
Lab 1: Configuring Trunks 1
Task 1 2
Task 2 2
Task 3 2
Task 4 2
Task 5 3
Task 6 3
Task 7 3
Task 8 3
Task 9 3
Task 10 3
Task 11 4
Task 12 4
Task 13 4
Task 14 4
Task 15 5
Task 16 5
Task 17 5
Task 18 5
Task 19 5
VTP Pruning 5
Task 20 12
Task 21 12
Task 22 12
Task 23 12
Task 24 12
Task 25 12
Task 26 12
Task 27 12
Task 28 12

A01_Kocharians_FM_p00i-000.indd 11 13/05/22 3:14 PM


xii CCIE Enterprise Infrastructure Foundation

Lab 2: Configuring EtherChannels 13


Task 1 13
Task 2 13
Task 3 13
Task 4 13
Task 5 14
Task 6 14
Lab 3: Introducing Spanning Tree Protocol 14
802.1D Per-VLAN Spanning Tree Protocol 14
Task 1 15
Task 2 15
Task 3 16
Task 4 16
Configuration Tasks: 802.1D 16
Task 1 18
Task 2 18
Task 3 18
Task 4 18
Task 5 18
Task 6 18
Task 7 19
Task 8 19
Task 9 19
Task 10 19
Task 11 19
Task 12 19
Task 13 19
802.1w Per-VLAN Rapid Spanning Tree Protocol 20
Task 1 25
Task 2 25
Task 3 26
Task 4 26
802.1w Configuration Tasks 26
Task 1 26
Task 2 26
Task 3 26

A01_Kocharians_FM_p00i-000.indd 12 13/05/22 3:14 PM


Contents xiii

Task 4 26
Task 5 26
Task 6 26
Task 7 26
Task 8 27
Task 9 27
Task 10 27
802.1s Multiple Spanning Tree Protocol 28
Task 1 28
Task 2 29
Task 3 29
Task 4 30
Let’s Explore 802.1s 30
Task 1 32
Task 2 32
Task 3 33
Task 4 33

Chapter 2 IP Prefix Lists 35


Lab 1: Prefix Lists 35
Task 1 36
Task 2 36
Task 3 36
Task 4 36
Task 5 36
Task 6 36
Task 7 36
Task 8 36
Task 9 36
Task 10 37
Task 11 37

Chapter 3 RIPv2 39
Lab 1: Configuring RIPv2 39
Task 1 40
Task 2 40
Task 3 40

A01_Kocharians_FM_p00i-000.indd 13 13/05/22 3:14 PM


xiv CCIE Enterprise Infrastructure Foundation

Task 4 41
Task 5 41
Task 6 44
Task 7 44
Task 8 44
Task 9 45
Task 10 45
Task 11 45
Task 12 45
Task 13 45
Task 14 45
Task 15 45
Task 16 45
Task 17 46
Task 18 46
Task 19 46
Task 20 46
Lab 2: Helper Map 46
Task 1 47
Task 2 47
Task 3 47
Task 4 47
Lab 3: RIPv2 Challenge Lab 48
Ticket 1 48
Ticket 2 48
Ticket 3 49
Ticket 4 49
Ticket 5 49
Ticket 6 49
Ticket 7 49
Ticket 8 49
Ticket 9 49

Chapter 4 EIGRP 51
Lab 1: EIGRP Named Mode 51
Task 1 52
Task 2 52

A01_Kocharians_FM_p00i-000.indd 14 13/05/22 3:14 PM


Contents xv

Task 3 52
Task 4 53
Task 5 53
Task 6 53
Task 7 53
Task 8 53
Task 9 53
Task 10 53
Task 11 53
Task 12 54
Lab 2: EIGRP and Bidirectional Forwarding Detection (BFD) 54
Task 1 54
Task 2 54
Task 3 54
Task 4 54
Lab 3: EIGRP Stub 55
Task 1 55
Task 2 55
Task 3 55
Task 4 56
Task 5 56
Task 6 56
Task 7 56
Task 8 56
Task 9 56
Task 10 57
Task 11 57
Lab 4: EIGRP Filtering 57
Task 1 58
Task 2 58
Task 3 58
Task 4 58
Task 5 58
Task 6 58
Task 7 58

A01_Kocharians_FM_p00i-000.indd 15 13/05/22 3:14 PM


xvi CCIE Enterprise Infrastructure Foundation

Lab 5: Advanced EIGRP Lab 59


Task 1 60
Task 2 60
Task 3 60
Task 4 60
Task 5 61
Task 6 61
Task 7 61
Task 8 61
Task 9 61
Task 10 61
Task 11 61
Lab 6: EIGRP Authentication 62
Task 1 62
Task 2 62
Task 3 62
Lab 7: EIGRP Challenge Lab 63
Ticket 1 63
Ticket 2 63
Ticket 3 64
Ticket 4 64
Ticket 5 64
Ticket 6 64
Ticket 7 64
Ticket 8 64

Chapter 5 OSPF 65
Lab 1: Running OSPF on the Interfaces 65
Task 1 66
Task 2 66
Task 3 66
Task 4 66
Task 5 66
Task 6 66
Task 7 67
Task 8 67

A01_Kocharians_FM_p00i-000.indd 16 13/05/22 3:14 PM


Contents xvii

Lab 2: OSPF Broadcast Networks 67


Task 1 67
Task 2 68
Task 3 69
Lab 3: OSPF Non-broadcast Networks 69
Task 1 69
Task 2 70
Lab 4: OSPF Point-to-Point Networks 70
Task 1 70
Task 2 71
Lab 5: OSPF Point-to-Multipoint and Point-to-Multipoint Non-broadcast
Networks 71
Task 1 71
Task 2 72
Task 3 72
Lab 6: OSPF Area Types 72
Task 1 73
Task 2 73
Task 3 73
Task 4 74
Task 5 74
Task 6 74
Task 7 75
Task 8 75
Task 9 75
Task 10 75
Task 11 76
Task 12 76
Task 13 76
Task 14 76
Task 15 76
Lab 7: OSPF Filtering 77
Task 1 77
Task 2 78
Task 3 78
Task 4 78

A01_Kocharians_FM_p00i-000.indd 17 13/05/22 3:14 PM


xviii CCIE Enterprise Infrastructure Foundation

Task 5 78
Task 6 78
Task 7 78
Task 8 78
Task 9 78
Task 10 79
Task 11 79
Task 12 79
Task 13 79
Task 14 79
Task 15 79
Task 16 79
Task 17 80
Task 18 80
Task 19 80
Task 20 80
Lab 8: OSPF Summarization 80
Task 1 81
Task 2 81
Task 3 81
Task 4 82
Task 5 82
Task 6 82
Task 7 82
Task 8 82
Lab 9: Virtual Links and GRE Tunnels 83
Task 1 84
Task 2 84
Task 3 84
Task 4 85
Lab 10: Default Route Injection 85
Task 1 85
Task 2 85
Task 3 85
Task 4 85
Task 5 85

A01_Kocharians_FM_p00i-000.indd 18 13/05/22 3:14 PM


Contents xix

Task 6 86
Task 7 86
Task 8 86
Task 9 86
Lab 11: OSPF Authentication 87
Task 1 87
Task 2 87
Task 3 87
Task 4 88
Task 5 88
Task 6 88
Task 7 88
Task 8 88
Task 9 88
Task 10 89
Task 11 89
Task 12 89
Lab 12: OSPF Best-Path Determination 90
Task 1 91
Task 2 91
Task 3 91
Lab 13: OSPF Challenge Lab 92
Ticket 1 92
Ticket 2 92
Ticket 3 93
Ticket 4 93
Ticket 5 93
Ticket 6 93
Ticket 7 93
Ticket 8 93

Chapter 6 BGP 95
Lab 1: Establishing a BGP Session Using the Correct TTL Value 95
BGP Peering Session Overview 95
Task 1 97
Task 2 97
Task 3 97

A01_Kocharians_FM_p00i-000.indd 19 13/05/22 3:14 PM


xx CCIE Enterprise Infrastructure Foundation

Task 4 97
Task 5 97
Task 6 97
Task 7 98
Task 8 98
Task 9 98
Lab 2: Establishing Neighbor Adjacency Using Different Methods 98
Task 1 99
Task 2 99
Task 3 99
Task 4 99
Task 5 100
Task 6 100
Task 7 101
Task 8 101
Lab 3: Route Reflectors 101
Task 1 102
Task 2 102
Task 3 102
Task 4 103
Task 5 103
Task 6 103
Lab 4: BGP Confederation 104
Task 1 105
Task 2 105
Task 3 105
Task 4 105
Lab 5: BGP Backdoor and Conditional Advertisement 106
Task 1 106
Task 2 106
Task 3 107
Task 4 107
Task 5 107
Task 6 107
Task 7 107
Task 8 108

A01_Kocharians_FM_p00i-000.indd 20 13/05/22 3:14 PM


Contents xxi

Task 9 109
Task 10 109
Task 11 109
Lab 6: BGP Aggregation 109
Task 1 110
Task 2 110
Task 3 110
Task 4 110
Task 5 110
Task 6 110
Task 7 110
Lab 7: BGP Filtering 111
Task 1 112
Task 2 112
Task 3 112
Task 4 112
Task 5 112
Task 6 113
Task 7 113
Task 8 113
Task 9 113
Task 10 113
Task 11 113
Task 12 113
Task 13 113
Task 14 113
Task 15 113
Task 16 114
Task 17 114
Lab 8: BGP Load Balancing 114
Task 1 115
Task 2 115
Task 3 115
Task 4 115
Task 5 115

A01_Kocharians_FM_p00i-000.indd 21 13/05/22 3:14 PM


xxii CCIE Enterprise Infrastructure Foundation

Lab 9: Remove-Private-AS: A Walkthrough 116


Lab 10: AS Migration 133
Task 1 133
Task 2 133
Task 3 134
Task 4 134
Task 5 134
Task 6 134
Lab 11: BGP Best-Path Algorithm: A Walkthrough 134
Introduction 135
Building Blocks of BGP 135
Path Vector 135
Controlling Routing to Paths 136
Path Attributes 137
Modifying Path Attributes 137
The Best-Path Algorithm 138
Step 1: WEIGHT 140
Step 2: Local Preference 147
5.1.5. LOCAL_PREF 147
Step 3: Locally Originated 164
Step 4: AS_PATH 167
AS_PATH Inbound 179
5.3. AS_PATH and Path Selection 190
Step 5: Origin Code 194
Step 6: MED 198
Step 7: eBGP over iBGP 220
Confederations 223
Step 8: Lowest IGP Metric to the Next Hop 226
Step 9: Determine if Multiple Paths Exist 233
Step 10: Oldest Route 246
Step 11: Lowest Router ID 252
Step 12: Minimum Cluster List Length 260
Step 13: Lowest Neighbor Address 263

Chapter 7 DMVPN 269


Introduction to DMVPN 269
DMVPN Mechanics 283
DMVPN Designs 294

A01_Kocharians_FM_p00i-000.indd 22 13/05/22 3:14 PM


Contents xxiii

Phase 1: Hub-and-Spoke 294


Dynamic Spoke-to-Spoke Tunnels 296
The Need for Spoke-to-Spoke Tunnels 296
Enabling Multipoint GRE on Spokes 298
Forming Spoke-to-Spoke Tunnels 306
Triggering NHRP Resolutions 309
Phase 2: Spoke-Initiated Spoke-to-Spoke Tunnels 310
Phase 2 Spoke-to-Spoke Tunnel Caveats 315
Phase 3: Hub-Initiated Spoke-to-Spoke Tunnels 322
Shortcut or Override 327
Conclusion 329
Lab 1: Single Hub, Single Cloud 330
Implement Phase 1 331
Design Goal 331
DMVPN Tunnel Configuration 331
Implement OSPF 335
Summarization with OSPF 344
Implement EIGRP 347
Implement iBGP 352
Implement eBGP 359
Implement Phase 2 367
Design Goal 337
DMVPN Tunnel Configuration 368
Implement OSPF 372
Implement EIGRP 375
Implement iBGP 379
Implement eBGP 382
Implement Phase 3 387
Design Goal 387
DMVPN Tunnel Configuration 388
Implement OSPF 389
Implement EIGRP 390
Implement iBGP 395
Implement eBGP 399
Lab 2: Single Hub, Dual Cloud 406
Implement Phase 1 407
Design Goal 407

A01_Kocharians_FM_p00i-000.indd 23 13/05/22 3:14 PM


xxiv CCIE Enterprise Infrastructure Foundation

DMVPN Tunnel Configuration 407


Implement OSPF 411
Broadcast Network Type 411
Implement EIGRP 424
Implement iBGP 428
Implement eBGP 436
Implement Phase 2 445
Design Goal 445
DMVPN Tunnel Configuration 446
Implement OSPF 450
Implement EIGRP 461
Implement iBGP 470
Implement eBGP 477
Potential Solution to Above Problems 488
Implement Phase 3 492
Design Goal 492
DMVPN Tunnel Configuration 492
Implement EIGRP 495
Implement iBGP 500
Implement eBGP 504
Lab 3: Dual Hub, Single Cloud 511
Implement Phase 3 513
Design Goal 513
DMVPN Tunnel Configuration 513
Implement EIGRP 518
Implement iBGP 524
Implement eBGP 529
Lab 4: Dual Hub, Dual Cloud 537
Implement Phase 3 539
Design Goal 539
DMVPN Tunnel Configuration 539
Implement EIGRP 541
Implement iBGP 546
Implement eBGP 552
Lab 5: DMVPN NHS Clustering 559
Task 1 560
Task 2 562

A01_Kocharians_FM_p00i-000.indd 24 13/05/22 3:14 PM


Contents xxv

Task 3 566
Task 4 572
Lab 6: DMVPN and DHCP 573
Task 1 574
Task 2 578
Task 3 584

Chapter 8 MPLS and L3VPNs 585


Lab 1: Configuring Label Distribution Protocol 585
Task 1 586
Task 2 586
Task 3 586
Task 4 586
Task 5 586
Task 6 587
Task 7 587
Task 8 587
Task 9 587
Task 10 587
Task 11 588
Task 12 588
Task 13 588
Task 14 588
Task 15 588
Task 16 588
Lab 2: Static and RIPv2 Routing in a VPN 589
Task 1 589
Task 2 589
Task 3 590
Task 4 590
Task 5 590
Task 6 590
Task 7 590
Lab 3: EIGRP Routing in a VPN 591
Task 1 591
Task 2 592
Task 3 592

A01_Kocharians_FM_p00i-000.indd 25 13/05/22 3:14 PM


xxvi CCIE Enterprise Infrastructure Foundation

Task 4 592
Task 5 592
Task 6 592
Task 7 593
Lab 4: EIGRP Site-of-Origin 593
Task 1 593
Task 2 594
Task 3 594
Task 4 594
Task 5 594
Lab 5: OSPF Routing in a VPN 595
Task 1 595
Task 2 596
Task 3 596
Task 4 596
Task 5 596
Task 6 597
Lab 6: Backdoor Links and OSPF 597
Task 1 598
Task 2 598
Task 3 598
Task 4 598
Task 5 598
Task 6 598
Task 7 598
Task 8 599
Task 9 599
Lab 7: BGP Routing in a VPN 599
Task 1 600
Task 2 600
Task 3 600
Task 4 600
Task 5 600
Task 6 600
Lab 8: MPLS and NAT 601
Task 1 601
Task 2 601

A01_Kocharians_FM_p00i-000.indd 26 13/05/22 3:14 PM


Contents xxvii

Task 3 602
Task 4 602
Task 5 602
Task 6 602
Lab 9: Route Targets, Import Maps, and Export Maps 603
Task 1 603
Task 2 604
Task 3 604
Task 4 604
Task 5 604
Task 6 605
Task 7 605
Task 8 605
Task 9 605
Task 10 605
Task 11 605
Task 12 605
Lab 10: Internet Access Methods: Partial Internet Routes 606
Task 1 606
Task 2 607
Task 3 607
Task 4 607

Chapter 9 IPv6 609


Lab 1: Acquiring an IPv6 Address 609
Task 1 610
Task 2 610
Task 3 610
Task 4 610
Task 5 611
Task 6 611
Task 7 611
Task 8 611
Lab 2: DMVPN and IPv6 612
Task 1 612
Task 2 612
Task 3 612

A01_Kocharians_FM_p00i-000.indd 27 13/05/22 3:14 PM


xxviii CCIE Enterprise Infrastructure Foundation

Task 4 613
Task 5 613
Task 6 613
Lab 3: Configuring OSPFv3 614
Task 1 614
Task 2 614
Task 3 615
Lab 4: Summarization of Internal and External Networks 615
Task 1 615
Task 2 615
Task 3 616
Task 4 616
Task 5 616
Task 6 616
Task 7 616
Lab 5: OSPFv3 Broadcast Networks 617
Task 1 617
Task 2 617
Task 3 617
Task 4 618
Lab 6: OSPFv3 Non-Broadcast Networks 618
Task 1 619
Task 2 619
Lab 7: OSPFv3 Point-to-Point Networks 620
Task 1 620
Task 2 620
Lab 8: OSPFv3 Point-to-Multipoint Networks 621
Task 1 621
Task 2 622
Task 3 622
Lab 9: OSPFv3 Cost and Auto-Cost 622
Task 1 623
Task 2 623
Task 3 623
Lab 10: LSAs in OSPFv3 624
Task 1 624
Task 2 625

A01_Kocharians_FM_p00i-000.indd 28 13/05/22 3:14 PM


Contents xxix

Task 3 625
Task 4 625
Task 5 625
Lab 11: OSPFv3 Area Types 626
Task 1 627
Task 2 627
Task 3 627
Task 4 627
Task 5 627
Task 6 627
Task 7 627
Task 8 628
Task 9 628
Task 10 628
Task 11 628
Task 12 628
Task 13 629
Task 14 629
Lab 12: OSPFv3 Authentication 629
Task 1 630
Task 2 630
Task 3 630
Task 4 630
Task 5 630
Task 6 631
Task 7 631
Lab 13: EIGRPv6 632
Task 1 632
Task 2 633
Task 3 633
Task 4 633
Task 5 633
Task 6 633
Task 7 633
Task 8 633
Task 9 633

A01_Kocharians_FM_p00i-000.indd 29 13/05/22 3:14 PM


xxx CCIE Enterprise Infrastructure Foundation

Task 10 634
Task 11 634
Task 12 634
Task 13 634
Task 14 634
Lab 14: BGP Configuration 634
Task 1 634
Task 2 635
Task 3 635
Task 4 635

Chapter 10 SD-WAN 637


Lab 1: Onboarding WAN Edge Devices 638
Site 2: CSR 1000v Onboarding 655
Lab 2: Exploring Unicast Routing 664
Lab 3: Configuring Segmentation in All Sites Using VRF 100 and
VRF 200 682
Branch-1 686
Branch-2 693
Lab 4: Configuring vEdge Using a Feature Template 703
Lab 5: Configuring vEdge Using a vManage Feature Template 729
Lab 6: Configuring cEdge Using a BR-2–Specific vManage Feature
Template 753
Lab 7: Configuring vEdge Using a vManage Feature Template and ZTP 782
Creating a DHCP Server on ISP-1 805
Lab 8: Configuring an Application-Aware Routing Policy 816

Chapter 11 SD-Access 825


Lab 1: Configuring the SDA Policy Engine 826
Task 1: ISE Integration with DNA Center 826
Task 2: Finalize the Integration on DNA Center 831
Lab 2: SDA Design 835
Task 1: Design the Network Hierarchy 835
Task 2: Configure Common Network Settings 842

A01_Kocharians_FM_p00i-000.indd 30 13/05/22 3:14 PM


Contents xxxi

Task 3: Configure Device Credentials 845


Task 4: Create and Reserve IP Address Pools 847
Lab 3: Building the SDA Campus Fabric 855
Task 1: Discover Devices 855
Task 2: Provisioning the Devices 859
Lab 4: LAN Automation 869

Index 881

A01_Kocharians_FM_p00i-000.indd 31 13/05/22 3:14 PM


xxxii CCIE Enterprise Infrastructure Foundation

Command Syntax Conventions


The conventions used to present command syntax in this book are the same conventions
used in the IOS Command Reference. The Command Reference describes these conven-
tions as follows:

■ Boldface indicates commands and keywords that are entered literally as shown. In
actual configuration examples and output (not general command syntax), boldface
indicates commands that are manually input by the user (such as a show command).

■ Italic indicates arguments for which you supply actual values.


■ Vertical bars (|) separate alternative, mutually exclusive elements.

■ Square brackets ([ ]) indicate an optional element.

■ Braces ({ }) indicate a required choice.

■ Braces within brackets ([{ }]) indicate a required choice within an optional element.

A01_Kocharians_FM_p00i-000.indd 32 13/05/22 3:14 PM


xxxiii

Introduction
Enterprise networking has undergone many small changes over the years, building from
simple shared bus LANs to intricate routing and switching architectures and wireless
communications. Behind all of this is a need to ensure high reliability, agility, and speed.
Through the decades, many different networking technologies, from physical connec-
tions to software protocols, have been created to assist enterprise networks in reaching
those goals. For seasoned networking veterans, working with the various protocols and
architectures is second nature. However, those who are just starting to build their careers
and trying to study more advanced areas of network engineering may be overwhelmed
by the multitude of routing protocols, Layer 2 features, and new buzzwords like “soft-
ware-defined.”

This book is written as a foundation guide for the most common enterprise network-
ing concepts that are required for a network engineer looking to move forward to more
advanced aspects of networking. It combines aspects of theory instruction with practical
application. Topics such as LAN switching, IP routing, and overlay networking technolo-
gies such as DMVPN are explained as foundational topics, including examples. Each
chapter also functions as a lab manual with a task-oriented structure. Lab scenarios are
presented as either configuration objectives, troubleshooting scenarios, or design scenar-
ios. Each lab scenario includes full solutions and explanations. For beginner to intermedi-
ate readers, the solutions can be read while solving the tasks. Advanced readers can chal-
lenge their knowledge and skills by solving tasks first and then comparing their solutions
to the ones provided in this book.

This book is not meant to be an exhaustive study of all the included technologies. It is
meant to provide enough information on all topics to allow you to speak intelligently
about each technology and even implement some of the configurations, if necessary, in
your own environment. It takes topics from Cisco’s CCIE Enterprise Infrastructure cer-
tification blueprint but includes some legacy topics, where necessary, to facilitate under-
standing.

Who This Book Is For


Although the title of this book is CCIE Enterprise Infrastructure Foundation, the tar-
get audience is not limited to just those seeking expert-level certification. Any person
looking to learn a little bit more about these foundational technologies will find this
book very accessible.

This book breaks down complicated topics and provides examples to maximize under-
standing. It does, however, assume some basic networking knowledge. The following
types of readers will get the most out of this book:

■ Those who have completed CCNA certification and are part of the way through
their preparation for CCNP Enterprise certification

■ Those who have completed CCNP Enterprise certification and are pursuing CCIE
Enterprise Infrastructure certification

A01_Kocharians_FM_p00i-000.indd 33 13/05/22 3:14 PM


xxxiv CCIE Enterprise Infrastructure Foundation

■ Those who are currently working in an environment that is implementing specific


technologies covered in this book

■ Those who are migrating from another vendor to a Cisco environment and need to
understand Cisco configurations for common networking protocols

How This Book Is Organized


This book is divided into the 11 chapters described here. Every chapter can stand alone
and can be used as a reference for the technologies it covers.

Chapter 1: Switching
Chapter 1 introduces Layer 2 concepts such as preventing loops with Spanning Tree
Protocol, segmenting with VLANs, extending VLANs between switches through trunk-
ing, and bonding multiple Ethernet links together to increase bandwidth between net-
work nodes. It covers topics such as Spanning Tree Protocol, RSTP, MSTP, VTP and
VTP pruning, 802.1Q and ISL trunking, and LACP and PAgP.

Chapter 2: IP Prefix Lists


Chapter 2 introduces a common route filtering mechanism known as a prefix list. It
explains why prefix lists were invented and why they are used over access lists for route
filtering. This chapter shows how to write prefix lists and apply them in various routing
protocols for filtering routes.

Chapter 3: RIPv2
Chapter 3 introduces Routing Information Protocol (RIP). RIP may not be included on
the exam, but it is a perfect example of a simple distance vector routing protocol that
follows all the standard distance vector designs. It focuses on the simplicity of RIP con-
figuration, advanced RIP filtering scenarios, and RIP configuration challenges.

Chapter 4: EIGRP
Chapter 4 focuses on Cisco’s improvement on its own version of Interior Gateway
Routing Protocol (IGRP), Enhanced Interior Gateway Routing Protocol (EIGRP). It intro-
duces EIGRP as a distance vector protocol that forms neighbor relationships and keeps
a topology table like some other protocols. EIGRP is considered an advanced distance
vector protocol that uses more than simple hop counts to learn loop-free paths through
a network. This chapter covers EIGRP configuration topics such as EIGRP classic and
address family configuration, EIGRP stub routing, and EIGRP with BFD.

A01_Kocharians_FM_p00i-000.indd 34 13/05/22 3:14 PM


Introduction xxxv

Chapter 5: OSPF
Chapter 5 introduces the Open Shortest Path First (OSPF) routing protocol. It begins
with an analysis of how OSPF builds its link-state database (LSDB) with various link-
state advertisements (LSA) and uses that information to calculate loop-free routed paths
through a network. This chapter also details multiarea OSPF design, filtering, and virtual
links. It includes a detailed walkthrough on OSPF’s best-path determination to help you
understand OSPF’s path selection process.

Chapter 6: BGP
Chapter 6 introduces Border Gateway Protocol (BGP), the protocol that routes the
Internet. It explains BGP operation between autonomous systems (external BGP, or
eBGP) and within a single autonomous system (internal BGP, or iBGP). Topics covered
include BGP session establishment, route reflectors and confederations, aggregation, and
filtering. This chapter includes a detailed walkthrough of the BGP best-path determina-
tion process.

Chapter 7: DMVPN
Chapter 7 focuses on Cisco’s original SD-WAN technology, known as Dynamic
Multipoint VPN (DMVPN). It explains DMVPN from the ground up, introducing con-
cepts such as overlay and underlay networking, the link between DMVPN and NHRP,
DMVPN routing using common routing protocols, and different DMVPN designs.
It covers DMVPN Phase 1 through Phase 3 configurations, NHRP shortcut switching
enhancements, hub-and-spoke networking designs, and (m)GRE tunnels.

Chapter 8: MPLS and L3VPNs


Chapter 8 introduces Multiprotocol Label Switching (MPLS) and the suite of services
MPLS can provide. This chapter begins with an introduction to MPLS labels and Label
Distribution Protocol (LDP). It also introduces the most common MPLS service, MPLS
Layer 3 VPN (L3VPN). Topics covered include CE and PE routers, MPLS core con-
figuration, LDP session establishment, BGP route targets and route distinguishers, and
exchange of IGP routes between two sites connected by an MPLS L3VPN.

Chapter 9: IPv6
Chapter 9 introduces Internet Protocol Version 6 (IPv6), which is the successor to IPv4
due to its massive address space. It also details IPv6 address types, assignment, and con-
figuration. Topics covered include IPv6 NDP, IPv6 SLAAC, DMVPN for IPv6, OSPF for
IPv6 (OSPFv3), EIGRP for IPv6, and BGP for IPv6.

A01_Kocharians_FM_p00i-000.indd 35 13/05/22 3:14 PM


xxxvi CCIE Enterprise Infrastructure Foundation

Chapter 10: SD-WAN


Chapter 10 introduces Cisco’s new SD-WAN platform, which is based on its acquisition
of Viptela. This chapter details basic SD-WAN components, such as vSmart, vManage,
and vBond, as well as the setup and configuration required to join vEdge routers to an
SD-WAN solution. Topics covered include onboarding WAN edge devices, unicast rout-
ing, segmentation, vManage device templates, ZTP, and application-aware policies.

Chapter 11: SD-Access


Chapter 11 introduces Cisco’s SD-Access solution for creating scalable, automated, and
resilient enterprise fabric. This chapter covers configuration of the SD-Access policy
engine as well as SDA design and implementation. Topics covered include Cisco ISE,
pxGrid, XMPP, SDA hierarchy global IP pools, DNAC, and LAN automation.

A01_Kocharians_FM_p00i-000.indd 36 13/05/22 3:14 PM


Introduction xxxvii

Before Starting the First Chapter

Bookmark the Companion Website


The companion website contains the config files, topology diagrams, CLI output, and
explanations for the labs in this book. These elements are essential and a fundamental
part of your learning experience. To use this book effectively, you need to have them.
Use the config files, reference the topology diagrams, and work through the labs while
checking your work against the CLI output on the companion website. At the end of
each lab, read through the explanations for further insight.

To access the book’s companion website, simply follow these steps:

1. Go to www.ciscopress.com/register.

2. Enter the print book ISBN: 9780137374243.

3. Answer the security question to validate you purchase.

4. Go to your account page.

5. Click on the Registered Product tab.

6. Under the book listings, click on Access Bonus Content link.

If you have any issues accessing the companion website, you can contact our support
team by going to http://pearsonitp.echelp.org.

A01_Kocharians_FM_p00i-000.indd 37 13/05/22 3:14 PM


This page intentionally left blank

M11_Kocharians_C11_p825-880.indd 880 10/05/22 6:58 PM


Chapter 4

EIGRP

Lab 1: EIGRP Named Mode


Lo0 Lo0
6.6.6.6/8 7.7.7.7/8
.6 .7

R6 R7
G0/9 G0/9
Lo2
1.1.2.1/24 10.1.1.0/24
Lo3 Lo0
1.1.3.1/24 2.2.2.2/8
Lo1 G0/9 G0/9
1.1.1.1/24
.1 .2
G0/2 G0/1 G0/3
12.1.1.0/24
R1 R2
G0/3
1.1.0.1/24 G0/0
Lo0
13.1.1.0/24 Lo0 23.1.1.0/24
145.1.1.0/24 3.3.3.3/8
G0/0 G0/0

.4 .5 .3
G0/1
R4 R5 R3 G0/2

4.4.4.4/8 5.5.5.5/8
Lo0 Lo0

This lab should be conducted on the Enterprise POD.


Lab Setup:
If you are using EVE-NG, and you have imported the EVE-NG topology from the
EVE-NG-Topology folder, ignore the following tasks and use Lab 1-EIGRP Named
Mode in the EIGRP folder in EVE-NG.

To copy and paste the initial configurations, go to the Initial-config folder → EIGRP
folder → Lab-1.

9780137374243_print.indb 51 09/05/22 8:21 PM


52 Chapter 4: EIGRP

Task 1
Configure EIGRP on R1, R2, and R3 based on the following policy:

Router Interface AS Number


R1 G0/9 200

G0/0 100

G0/2 100

G0/3 100

Loopback0–Loopback3 100
R2 G0/9 200

G0/1 100

G0/3 100

Loopback0 100
R3 G0/1 100

G0/2 100

Loopback0 100

■ R1 should be configured to use unicast to establish an EIGRP neighbor adjacency


with R2.

■ R1 should use multicast to establish an EIGRP neighbor adjacency with R3.

■ R1, R2, and R3 should use an EIGRP named mode configuration to accomplish this
task.

Task 2
Configure R4 and R5 in EIGRP AS 100. You must use named mode to accomplish this
task.

Task 3
Configure R1, R4, and R5 to use unicast to establish their EIGRP neighbor adjacency.

9780137374243_print.indb 52 09/05/22 8:21 PM


Lab 1: EIGRP Named Mode 53

Task 4
Configure R6 in EIGRP AS 200. This router should run EIGRP AS 200 on its G0/9 and
Loopback0 interfaces. You should use an EIGRP named mode configuration to accom-
plish this task.

Task 5
Configure OSPF Area 0 on R6’s G0/9 and R7’s G0/9 and Loopback0 interfaces. The
router ID of these routers should be configured as 0.0.0.x, where x is the router number.

Task 6
Configure R6 to redistribute OSPF into EIGRP such that R1 and R2 go directly to R7 to
reach the 7.0.0.0/8 network.

Task 7
Configure the hello interval of all routers in AS 200 to be twice the default hello interval.

Task 8
Configure R4 such that in the worst-case scenario, it uses 10% of the bandwidth for its
EIGRP updates. This policy should apply to the existing and future interfaces.

Task 9
Configure R1 to summarize its loopback interfaces and advertise a single summary in the
EIGRP AS 100 routing domain.

Task 10
Configure R1 to limit the number of received prefixes from R5 to 10. R1 should be con-
figured to receive a warning message once 50% of this threshold is reached and a warning
message for every additional route that exceeds the threshold. You should configure Lo1–
Lo10 on R5 by copying and pasting the initial configuration, called EIGRP-Lab-1-Task10.

Task 11
Configure R1 to limit the number of prefixes received from R4 to five. R1 should be con-
figured to tear down the adjacency if R4 exceeds the specified threshold. Copy and paste
the EIGRP-Lab-1-Task11 initial configuration on R4.

9780137374243_print.indb 53 09/05/22 8:21 PM


54 Chapter 4: EIGRP

Task 12
Erase the startup configuration and reload the routers before proceeding to the next lab.

Lab 2: EIGRP and Bidirectional Forwarding


Detection (BFD)
100 100
.5 .6
56.1.1.0/24
R5 G0/6 G0/5 R6

Lo0 Lo0
5.5.5.5/8 6.6.6.6/8

Task 1
Configure the routers based on the previous diagram. Do not configure any routing
protocol.

Task 2
Configure EIGRP AS 100 on all directly connected interfaces of these two routers and
ensure reachability. R5 should be configured using EIGRP classical mode, and R6 should
use the EIGRP named mode configuration style.

Task 3
Configure and test BFD on these two routers.

Task 4
Erase the startup configuration of these two routers and reload the devices before pro-
ceeding to the next lab.

9780137374243_print.indb 54 09/05/22 8:21 PM


Lab 3: EIGRP Stub 55

Lab 3: EIGRP Stub


200.1.1.1/24 200.2.2.2/24
Lo0 Lo0
1.1.0.1/24 G0/1 G0/2 2.2.0.2/24
.1 .2
G0/2 G0/1
12.1.1.0/24
R1 R2
1.1.1.1/24 2.2.1.2/24
Lo1 Lo1
1.1.2.1/24 1.1.3.1/24 2.2.3.2/24 2.2.2.2/24
Lo2 Lo3 Lo3 Lo2

Lab Setup:
If you are using EVE-NG, and you have imported the EVE-NG topology from the
EVE-NG-Topology folder, ignore the following tasks and use Lab 3-EIGRP Stub in the
EIGRP folder in EVE-NG.

To copy and paste the initial configurations, go to the Initial-config folder → EIGRP
folder → Lab-3.

Task 1
Configure EIGRP AS 100 on the G0/2 and G0/1 interfaces of R1 and R2, respectively, as
well as on all loopback interfaces of these two routers. On R1 configure EIGRP using the
classic mode, and on R2 configure EIGRP in named mode to accomplish this task. Do
not run EIGRP on the G0/1 interface of R1 or the G0/2 interface of R2.

Task 2
Configure R1 and R2 to summarize their loopback interfaces in EIGRP.

Task 3
Configure the following static routes on R1 and R2 and redistribute them into EIGRP:

■ On R1: 11.0.0.0/8 via G0/1

■ On R2: 22.0.0.0/8 via G0/2

9780137374243_print.indb 55 09/05/22 8:21 PM


56 Chapter 4: EIGRP

Task 4
Advertise the G0/1 interface of R1 and the G0/2 interface of R2 into RIPv2 and disable
auto-summarization. You should redistribute RIPv2 into EIGRP and use any metric for
the redistributed routes.

Task 5
Configure EIGRP stub routing on R1 by using the command eigrp stub connected. Test
this option and verify the routes in the routing tables of both routers.

Task 6
Remove the eigrp stub connected option configured in the previous task and reconfigure
EIGRP stub routing on R1 by using the eigrp stub summary command. Test this option
and verify the routes in the routing tables of both routers.

Task 7
Remove the eigrp stub summary option configured in the previous task and reconfigure
EIGRP stub routing on R1 by using the command eigrp stub static. Test this option and
verify the routes in the routing tables of both routers.

Task 8
Remove the eigrp stub static option configured in the previous task and reconfigure
EIGRP stub routing on R1 by using the command eigrp stub redistributed. Test this
option and verify the routes in the routing tables of both routers.

Task 9
Remove the eigrp stub redistributed option configured in the previous task and recon-
figure EIGRP stub routing on R1 by using the command eigrp stub receive-only. Test
this option and verify the routes in the routing tables of both routers.

9780137374243_print.indb 56 09/05/22 8:21 PM


Lab 4: EIGRP Filtering 57

Task 10
Remove the eigrp stub receive-only option configured in the previous task and recon-
figure EIGRP stub routing on R1 by using the command eigrp stub. Test this option and
verify the routes in the routing tables of both routers.

Task 11
Erase the startup configuration and reload the routers before proceeding to the next lab.

Lab 4: EIGRP Filtering


Lo1 Lo0
11.1.1.1/8 1.1.1.1/8
.1

R1
111.1.1.1/8 G0/2
Lo2

12.1.1.0/24

Lo1 Lo0 Lo1 Lo0


200.1.1.1/24 3.3.3.3/8 200.1.1.1/24 G0/1 2.2.2.2/8
.3 .2

R3 R2
200.2.2.2/24 G0/0 G0/0 200.2.2.2/24
Lo2 Lo2
10.1.1.0/24

G0/0
.4
R4

Lab Setup:
If you are using EVE-NG, and you have imported the EVE-NG topology from the
EVE-NG-Topology folder, ignore the following tasks and use Lab 4-EIGRP Filtering in
the EIGRP folder in EVE-NG.

To copy and paste the initial configurations, go to the Initial-config folder → EIGRP
folder → Lab-4.

9780137374243_print.indb 57 09/05/22 8:21 PM


58 Chapter 4: EIGRP

Task 1
Configure EIGRP 100 on all routers and advertise their directly connected links into
EIGRP.

Task 2
Configure R4 such that it filters existing (1.0.0.0/8, 11.0.0.0/8, and 111.0.0.0/8) and future
networks behind R1. Do not use distribute-list, access-list, prefix-list, or route-map to
accomplish this task.

Task 3
Configure R4 such that it uses R2 as its only connection to network 200.1.1.0 /24. You
should use an access list to accomplish this task.

Task 4
Configure R4 such that it takes R3 to reach network 200.2.2.0 /24. R4 should only use
R2 as the next hop to reach network 200.2.2.0/24 when R3 is down. You should use a
standard access list to accomplish this task.

Task 5
Filter network 2.0.0.0/8 on R4. Do not use distribute-list or route-map to accomplish this
task.

Task 6
Configure R4 to filter network 3.0.0.0/8.

Task 7
Erase the startup configuration and reload the routers before proceeding to the next task.

9780137374243_print.indb 58 09/05/22 8:21 PM


Lab 5: Advanced EIGRP Lab 59

Lab 5: Advanced EIGRP Lab


Lo0 – 1.1.1.1/32

.1
R1
G0/0

123.1.1.0/24
Lo0 – 3.3.3.3/32
G0/0 G0/0 Lo100 – 100.1.0.1/24
Lo101 – 100.1.1.1/24
.2 .3 Lo102 – 100.1.2.1/24
Lo0 – 2.2.2.2/32 Lo103 – 100.1.3.1/24
R2 R3 Lo104 – 100.1.4.1/24
G0/4 G0/6 Lo105 – 100.1.5.1/24
Lo106 – 100.1.6.1/24
G0/5 Lo107 – 100.1.7.1/24
Lo0 – 7.7.7.7/32

34.1.1.0/24 35.1.1.0/24 36.1.1.0/24 .7


G0/6
R7
Lo0 – 4.4.4.4/32 Lo0 – 6.6.6.6/32

67.1.1.0/24
G0/3 G0/3 G0/3

.4 .5 .6 G0/7

R4 R5 R6
G0/8

Lo0 – 5.5.5.5/32

100.1.1.0/24

G0/5

.8
R8

Lo0 – 8.8.8.8/32

Lab Setup:
If you are using EVE-NG, and you have imported the EVE-NG topology from the
EVE-NG-Topology folder, ignore the following tasks and use Lab 5-Advanced EIGRP
Lab in the EIGRP folder in EVE-NG.

To copy and paste the initial configurations, go to the Initial-config folder → EIGRP
folder → Lab-5.

9780137374243_print.indb 59 09/05/22 8:21 PM


60 Chapter 4: EIGRP

Task 1
Configure the G0/0 interfaces of R1, R2, and R3 in EIGRP AS 100. These routers should
be configured to advertise their Lo0 interfaces in this AS, using the following policy:

■ These routers should be configured to reach each other’s loopback interface/s by


going through R1.

■ Do not use Policy-based Routing (PBR) or configure another AS to accomplish this


task.

Task 2
Configure R3’s G0/4, G0/5, and G0/6 in AS 300. Configure R4’s, R5’s, and R6’s G0/3 and
loopback 0 interfaces in this AS.

Configure R3 to summarize its Lo100–Lo107.

The summary route should be advertised to R4, R5, and R6 based on the following
policy:

■ R4 should receive the summary only.

■ R5 should receive the summary plus network 100.1.3.0 /24.

■ R6 should receive the summary plus all the specific routes.

■ Configure the minimum number of ip summary-address commands possible to


accomplish this task.

Task 3
Configure EIGRP 300 on R4’s Lo134 and Lo135 and advertise a single summary in AS
300.

Task 4
Configure the G0/7 and Lo0 interfaces of R6 and the G0/6 and loopback 0 interfaces
on R7 for EIGRP in AS 67.

R7 should be configured to advertise its Lo130, such that the command show ip route
eigrp 67 on R6 produces the following output:

D EX 130.3.0.0/16 [170/130816] via 67.1.1.7, 00:00:16,


GigabitEthernet0/7

9780137374243_print.indb 60 09/05/22 8:21 PM


Lab 5: Advanced EIGRP Lab 61

R7 should use redistribute static to accomplish this task. Do not configure a static route
to accomplish this task.

Task 5
Configure the routers in AS 67 such that they log neighbor warning messages and repeat
the warning messages every 10 minutes. You should disable logging of neighbor changes
for this AS.

Task 6
Configure the routers in AS 67 such that a dead neighbor is detected within 3 seconds.

Task 7
Routers in AS 100 should be configured to use Bandwidth and not Bandwidth + DLY
when calculating their composite metric.

Task 8
Configure R2 such that EIGRP never uses more than 25% of its G0/0 link’s bandwidth.

Task 9
Configure the G0/8 interface of R5 and the G0/5 and the Lo0 interfaces of R8 in AS 500.

Task 10
Configure R5 to inject a default route in AS 500 based on the following policy:

■ R5 should be configured to inject a default route plus networks 4.0.0.0/8 and 6.0.0.0/8
from AS 300.

Task 11
Erase the startup configuration and reload the routers before proceeding to the next task.

9780137374243_print.indb 61 09/05/22 8:21 PM


62 Chapter 4: EIGRP

Lab 6: EIGRP Authentication


23.1.1.0/24
Lo0 Lo0 Lo0
G0/0 G0/0
1.1.1.1/8 2.2.2.2/8 3.3.3.3/8
.1 .2 .3
G0/2
12.1.1.0/24
G0/1 AS 100
R1 R2 R3
AS 100 G0/3 G0/2

123.1.1.0/24

Lab Setup:
If you are using EVE-NG, and you have imported the EVE-NG topology from
the EVE-NG-Topology folder, ignore the following tasks and use Lab 6-EIGRP
Authentication in the EIGRP folder in EVE-NG.

To copy and paste the initial configurations, go to the Initial-config folder → EIGRP
folder → Lab-6.

Task 1
Configure EIGRP based on the previous diagram. If this configuration is successful, these
routers should be able to see and have reachability to all routes. You should use named
mode configuration style when configuring R2 and R3 and classic EIGRP configuration
style when configuring R1 to accomplish this task.

Task 2
Configure R2 to authenticate all existing and future directly connected interfaces using
the strongest authentication method available. Use the minimum number of commands
and CCIE as the password to accomplish this task.

■ R2 should authenticate R1 using MD5 and Cisco as the password.

■ In the future, R3 may have other neighbors that won’t need authentication.

Task 3
Erase the startup configuration and reload the routers before proceeding to the next lab.

9780137374243_print.indb 62 09/05/22 8:21 PM


Lab 7: EIGRP Challenge Lab 63

Lab 7: EIGRP Challenge Lab


Lo0 Lo0 Lo0
7.47.100.4/32 7.47.100.5/32 7.47.100.3/32

7.47.45.0/24 7.47.45.0/24
7.47.35.0/24
R4 G0/5 G0/4 R5 G0/3 G0/5 R3
G0/6 G0/1
G0/7
Tu
nn

7.47.45.0/24
7.47.13.0/24
el

Lo0
1

7.47.100.1/32

DMVPN
7.47.46.0/24 7.47.45.0/24
7.47.36.0/24 19.48.213.0/24
7.47.45.0/24 G0/3

Lo0
7.47.100.6/32
R1
Tu
n
ne
l1

G0/3
Lo101 Lo100
57.73.21.21/24 7.47.1.1/24
7.47.1.1/24
R6 G0/3
G0/7
19.48.216.0/24
7.47.45.0/24
G0/6 R7

Lab Setup:
If you are using EVE-NG, and you have imported the EVE-NG topology from the
EVE-NG-Topology folder, ignore the following tasks and use Lab 7-EIGRP Challenge
Lab in the EIGRP folder in EVE-NG.

To copy and paste the initial configurations, go to the Initial-config folder → EIGRP
folder → Lab-7.

NOTE Do not access R7 at all. You should only fix the problem identified in the ticket.

Ticket 1
R1 can’t reach R3’s Lo0. You must configure R1 to fix the problem.

Ticket 2
R6 does not have a stable EIGRP adjacency with R4. Do not use an EIGRP command to
fix this ticket.

9780137374243_print.indb 63 09/05/22 8:21 PM


64 Chapter 4: EIGRP

Ticket 3
When R3’s G0/1, G0/7, and G0/6 are down, R3 can’t reach R4’s Lo0. Do not remove any
commands to fix this ticket.

Ticket 4
R1’s Lo0 should always have reachability to R4’s Lo0 and G0/5 interfaces, but it does not.
You should fix this problem without configuring R1 or R4. You should not remove any
commands to resolve this ticket.

Ticket 5
R3 is configured to use multiple paths to R4’s Lo0. However, it’s using only one of the
paths.

Ticket 6
R6 can’t reach R7’s Lo101.

Ticket 7
R3 should establish a EIGRP adjacency with R8 over its G0/8 interface. You should make
configuration changes on R3 only.

Ticket 8
Erase the startup configuration and reload the devices before proceeding to the next lab.

9780137374243_print.indb 64 09/05/22 8:21 PM


Index

Numerics application-aware routing policy,


816–824
area range command, 345
802.1D, 16–19
area types, OSPF, 72–76, 626–629
blocking ports, 18
ARP (Address Resolution Protocol),
bridges, 16
275
broadcast frames, 17
ASN (autonomous system number),
broadcast storm, 17 118
CAM (Content Addressable AS_PATH attribute, 122–123,
Memory) table, 17 167–173
root bridge, 17 in confederations, 181–188–190
root port, 18 inbound, 179–181
single collision domain, 16 outbound, 173–179
switches, 17 path selection and, 190–194
unknown unicast flooding, 17 authentication
802.1w. See RSTP (Rapid Spanning EIGRP, 62
Tree Protocol)
OSPF, 87–89, 629–631
auto-cost, 622–623
A automation, LAN, 869–879

AAR policy, creating, 816–824


active open attempt, 96 B
adjacency table, CEF (Cisco Express
backdoor links, OSPF and, 597–599
Forwarding), 310–312, 316–320
backup port, 22

Z01_Kocharians_index_p881-906.indd 881 11/05/22 9:13 PM


882 best-path algorithm

best-path algorithm, 134–135, AS_PATH attribute, 167–173–


138–140 179–181–188, 188–190
AS_PATH attribute, 167–173 confederation and, 223–225
in confederations, 181–188– determine if multiple paths
190 exist, 233–246
inbound, 179–181 eBGP over iBGP, 220–223
outbound, 173–179 LOCAL_PREF attribute,
path selection and, 190–194 147–164
confederation and, 223–225 locally originated path,
164–167
determine if multiple paths exist,
233–236 lowest neighbor address,
263–268
external and internal paths,
240–244 lowest router ID, 252–260
external paths, 236–240 MED attribute, 198–220
internal paths, 244–246 minimum cluster list length,
260–263
eBGP over iBGP, 220–223
oldest route, 246–252
LOCAL_PREF attribute, 147–164
ORIGIN attribute, 194–197
locally originated path, 164–167
path selection, 190–194
lowest neighbor address, 263–268
WEIGHT attribute, 140–147
lowest router ID, 252–260
building blocks of, 135
minimum cluster list length, 260–263
confederation, 104–105, 148
oldest route, 246–252
configuring, 634–635
WEIGHT attribute, 140–147
controlling routing to paths, 136–137
best-path determination, 90–91
dynamic neighbor feature, 353
BFD (Bidirectional Forwarding
Detection), 54 dynamic peering, 379
BGP (Border Gateway Protocol), establishing a neighbor adjacency,
120–122. See also iBGP; spoke- 98–101
to-spoke tunnels establishing a session using the
AS_PATH attribute, 122–123 correct TTL value, 95–98
aggregation, 109–110 filtering, 111–114
ASN (autonomous system number), internal routers, 148
118 limited transit capability, 147
backdoor and conditional load balancing, 114–115
advertisement, 106–109 loop prevention, 363–365
best-path algorithm, 134–135, AS migration, 122–134
138–140
path attributes, 136–138

Z01_Kocharians_index_p881-906.indd 882 11/05/22 9:13 PM


commands 883

path vector, 135–136 clear ip bgp command, 122, 153


remove-private-as all command, clear ip nhrp command, 503–504,
126–131, 132 528
remove-private-as command, Cluster Length attribute, 260–263
119–120, 122, 123–125 commands
route reflectors, 101–103 area range, 345
routing in a VPN, 599–600 bgp always-compare-med, 214–216
suboptimal routing, 158 bgp bestpath as-path ignore,
third-party next hop, 361 191–194, 250–252
transit AS, 136 bgp bestpath compare-routerid,
bgp always-compare-med command, 258–260
214–216 bgp bestpath med missing-as-worst,
bgp bestpath as-path ignore 209–211
command, 191–194, 250–252 bgp deterministic-med, 217–218
bgp bestpath compare-routerid bgp listen range, 353–354
command, 258–260 bgp redistribute-internal, 527, 548
bgp bestpath med missing-as-worst clear ip bgp, 122, 153
command, 209–211
clear ip nhrp, 503–504, 528
bgp deterministic-med command,
debug ip bgp update, 159
217–218
debug ip nhrp packet, 300
bgp listen range command, 353–354
debug nhrp detail, 287–288
bgp redistribute-internal command,
527, 548 debug nhrp packet, 287–288
blocking ports, 18 default-originate, 500
BPDUs, 20–21, 23–24 distance, 465
bridges, 16 interface, 673
broadcast frames, 17 interface tunnel 100, 331
broadcast network type, 67–69, ip dhcp support tunnel unicast, 581,
336–340, 411–418, 617–618 583
broadcast storm, 17 ip helper-address, 581
ip nhrp map multicast dynamic, 280,

C 291, 332, 333–334


ip nhrp network id 1, 276–277
CAM (Content Addressable Memory) ip nhrp network-id 100, 332
table, 17 ip nhrp nhs, 286
CEF (Cisco Express Forwarding), ip nhrp nhs 100.1.1.1 nbma 15.1.1.1
adjacency table, 310–312, multicast, 368
316–320 ip nhrp nhs fallback, 570

Z01_Kocharians_index_p881-906.indd 883 11/05/22 9:13 PM


884 commands

ip nhrp nhs nbma multicast, 304–305 set origin code, 196–197


ip nhrp shortcut, 388 show adjacency, 312
ip ospf hello-interval, 342, 418 show dmvpn, 288, 290–291, 300,
ip ospf network broadcast, 336–337, 301–302, 305, 369–370,
372–373 371–372, 515–516, 562
ip ospf network point-to-multipoint, show interface e0/1 pruning, 10–11
341–342 show interfaces trunk, 8, 10
ip ospf network point-to-point, 342 show ip bgp, 120, 123, 125, 131–132,
ip ospf priority 0, 372–373 133, 141, 145–146, 149, 160, 355,
357–359, 360, 365, 380–381,
ip split-horizon eigrp 100, 350–351
383–384, 396–397, 401–402,
ip summary-address eigrp, 392–393, 431–432, 438–439, 440–441,
425, 495 444, 471–472, 479–480,
ip summary-address eigrp 1, 296 483–484, 486, 502–503, 526,
listen range, 470–471 531, 554, 556
maximum-paths, 234–235 show ip bgp neighbors, 155–156
neighbor, 96 show ip bgp summary, 355, 363, 482
neighbor default-originate, 356 show ip cef, 340
neighbor spokes next-hop-self, 404 show ip cef internal, 311, 321–322
neighbor spokes remote-as, 359–360 show ip dhcp pool TST, 581
neighbor x.x.x.x weight, C02.119 show ip eigrp 100 neighbor, 348,
391–392
network, 347, 382, 384, 470–471
show ip eigrp neighbors, 292–293,
network eigrp, 583
303–304, 305–306, 376–377,
no ip next-hop-self eigrp 100, 375 463–465
no ip split-horizon eigrp, 282–283, show ip nhrp, 277, 288, 307, 389,
375, 461–462, 565 561, 576–577
no route bgp 100, 437–438 show ip nhrp multicast, 280,
passive-interface, 337–338, 390–391 291–292, 302–303, 370
ping, 277, 285–286, 299, 306–307, show ip ospf, 345
417, 422–423, 427–428, 435, show ip ospf database network,
444–445, 456, 467, 476, 457–459
487–488, 497, 509, 569, 570–571,
show ip ospf database router, 459
675–676, 680–681, 728–729,
752–753, 809–810 show ip ospf interface brief,
414–415
remove-private-as, 119–120, 122
show ip ospf neighbor, 343, 413, 452
remove-private-as all, 126–131, 132
show ip ospf neighbor command,
remove-private-as command,
373–374
123–125

Z01_Kocharians_index_p881-906.indd 884 11/05/22 9:13 PM


DMVPN (Dynamic Multipoint VPN) 885

show ip ospf neighbor detail, 337 416–417, 455, 457, 466, 467–468,
show ip protocols, 238 475, 481–482, 483, 487, 490,
499, 503, 507–509–510, 529,
show ip route, 272, 277–278, 352,
534–535, 544–545, 550–552,
460–461, 469
557, 558
show ip route bgp, 356, 381
tunnel destination, 274, 298, 300
show ip route eigrp, 293, 295, 310,
tunnel mode gre multipoint, 298, 331
315, 318, 320, 496–497, 554,
564–565–566–567, 568–570, confederation, 104–105, 148,
571, 698–700 223–225
show ip route eigrp 100, 377, 468, AS_PATH attribute and, 181–183,
490, 534, 543, 548–549, 582–583 188–190
show ip route next-hop-override, 329 advertising paths within, 183–188
show ip route nhrp, 325, 394, 398 convergence, 22–23, 435–436
show ip route nhrp nhs redundancy, cost, 622–623
572
show ip route ospf, 339, 343–344,
374, 413–414, 416, 420–421,
D
423, 452–453, 454, 677–678, debug ip bgp update command, 159
688–690, 692–693, 701–703
debug ip nhrp packet command, 300
show ip route vpn 100, 674–675
debug nhrp detail command, 287–288
show ip route vrf 100, 669–671,
debug nhrp packet command,
673–674, 676–677
287–288
show ip routes omp, 681–682
default route injection, 85–86
show omp routes, 664–667,
default-originate command, 500
683–686, 690–692
DHCP (Dynamic Host Configuration
show run interface tunnel1, 295
Protocol)
show running-config system, 808
creating a server, 805–816
show sdwan control local properties,
DMVPN and, 572–573
649–650
relay agent, 580
show sdwan omp peers, 650
distance command, 465
show sdwan omp routes, 668–669
distance vector protocols, 135
show sdwan running-config,
643–644, 678–679 DMVPN (Dynamic Multipoint VPN),
269, 283. See also dual hub, single
switchport trunk pruning vlan, 10, 11
cloud design; single hub, dual cloud
traceroute, 152, 273, 316, 318–319, design; single hub, single cloud
320–321, 323–324, 334–335, design
351, 371, 374–375, 377–379,
adding a spoke, 290–291
382, 386–387, 393, 397–398,
DHCP and, 572–573

Z01_Kocharians_index_p881-906.indd 885 11/05/22 9:13 PM


886 DMVPN (Dynamic Multipoint VPN)

hub redundancy, 329 tunnel configuration, 331–335


hub routers, 285 tunnel destination command,
IPv6 and, 612–613 300
NHRP Phase 2, 309–322, 367
NHS clustering, 567–572 CEF adjacency table, 310–312,
316–320
registration, 285–289
implement eBGP, 382–387
Phase 1, 294–309
implement EIGRP, 375–379
debug ip nhrp packet
command, 300 implement iBGP, 379–382
enabling multipoint GRE on implement OSPF, 372–375
spokes, 298–306 NHRP resolution, 313–315
forming spoke-to-spoke show adjacency command, 312
tunnels, 306–309 show ip cef internal command,
implement eBGP, 359–367 311, 321–322
implement iBGP, 352–359 show ip route eigrp command,
implement OSPF, 335–346 310, 315, 318, 320
implementing EIGRP, 347–351 spoke-to-spoke tunnel caveats,
315–322
ip nhrp nhs nbma multicast
command, 304–305 tunnel configuration, 368–372
NHRP resolution, 306–309 Phase 3, 277–329
OSPF summarization, 344–346 implement eBGP, 399–405
show dmvpn command, 300, implement EIGRP, 390–394
301–302, 305 implement iBGP, 395–398
show ip eigrp neighbors implement OSPF, 389–390
command, 303–304, NHRP resolution, 381–390
305–306
overriding next hop
show ip nhrp command, 307 information, 325–329
show ip nhrp multicast show ip route eigrp command,
command, 302–303 328
show ip route eigrp command, show ip route next-hop-
294–295 override command, 329
show run interface tunnel1 show ip route nhrp command,
command, 295–296 325
spoke-to-spoke tunnels, tunnel configuration, 388
296–298
verifying tunnel configuration,
triggering NHRP resolutions, 388–389
309

Z01_Kocharians_index_p881-906.indd 886 11/05/22 9:13 PM


GRE (Generic Routing Encapsulation) tunnels 887

dual hub, dual cloud design, 537–538 EIGRP, 279, 285, 291, 632–634
DMVPN Phase 3 advanced lab, 59–61
implement eBGP, 552–558 authentication, 62
implement EIGRP, 541–545 BFD (Bidirectional Forwarding
implement iBGP, 546–552 Detection) and, 54
tunnel configuration, 539–541 challenge lab, 63–64
dual hub, single cloud design, DMVPN Phase 1 configuration,
511–513 347–351, 424–428
DMVPN Phase 3 DMVPN Phase 2 configuration,
375–379, 461–470
implement eBGP, 529–536
DMVPN Phase 3 configuration,
implement EIGRP, 518–523
390–394, 495–500, 518–523,
implement iBGP, 524–529 541–545
tunnel configuration, 513–518 filtering, 57–58
named mode, 51–54
E routing in a VPN, 591–593
site-of-origin, 593–594
eBGP, 220–223
stub, C05.127–57
DMVPN Phase 1 configuration,
EtherChannel, configuring, 13–14
359–367
export maps, 603–605
spokes in different autonomous
systems, 359–361, 436–441 external networks, summarization,
615–616
spokes in the same autonomous
system, 362–367
DMVPN Phase 2 configuration, F
382–387
spokes in different autonomous feature template, 703–729–753–782
systems, 477–485 filtering
spokes in the same autonomous BGP, 111–114
system, 485–488 EIGRP, 57–58
DMVPN Phase 3 configuration OSPF, 77–80
spokes in different autonomous full-mesh topology, 297
systems, 402–405, 507–510,
532–536, 555–558
spokes in the same autonomous G-H-I
system, 399–402, 504–507,
530–531, 552–554 GRE (Generic Routing Encapsulation)
tunnels, 270–272–273
edge ports, 23
virtual links and, 83–85

Z01_Kocharians_index_p881-906.indd 887 11/05/22 9:13 PM


888 hub-and-spoke topology

hub-and-spoke topology, 283–285. ip ospf network broadcast command,


See also spoke-to-spoke tunnels 336–337, 372–373
iBGP, 220–223 ip ospf network point-to-multipoint
DMVPN Phase 1 configuration, command, 341–342
352–359, 428–436 ip ospf network point-to-point
DMVPN Phase 2 configuration, command, 342
379–382, 470–477 ip ospf priority 0 command,
DMVPN Phase 3 configuration, 372–373
395–398, 500–504, 524–529, ip split-horizon eigrp 100 command,
546–552 350–351
import maps, 603–605 ip summary-address eigrp 1
inter-area routes, 345 command, 296
interface command, 673 ip summary-address eigrp command,
392–393, 425, 495
interface tunnel 100 command, 331
IPv6
internal networks, summarization,
615–616 acquiring an address, 609–611
internal routers, 148 DMVPN and, 612–613
Internet access, partial internet
routes, 606–607 J-K-L
ip dhcp support tunnel unicast
command, 581, 583 labs
ip helper-address command, 581 Acquiring an IPv6 address, 609–611
ip nhrp map multicast dynamic Advanced EIGRP lab, 59–61
command, 280, 291, 332 AS migration, 122–134
ip nhrp network id 1 command, Backdoor links and OSPF, 597–599
276–277
BGP aggregation, 109–110
ip nhrp network-id 100 command,
BGP backdoor and conditional
332, 333–334
advertisement, 106–109
ip nhrp nhs 100.1.1.1 nbma 15.1.1.1
BGP best-path algorithm, 134–135,
multicast command, 368
138–140, 223–225
ip nhrp nhs command, 286
AS_PATH attribute, 167–
ip nhrp nhs fallback command, 570 173–179–181–188, 188–190
ip nhrp nhs nbma multicast command, building blocks of BGP, 135
304–305, 567–568
controlling routing to paths,
ip nhrp shortcut command, 388 136–137
ip ospf hello-interval command, 342, determine if multiple paths
418 exist, 233–246

Z01_Kocharians_index_p881-906.indd 888 11/05/22 9:13 PM


labs 889

eBGP over iBGP, 220–223 Configuring segmentation in all sites


LOCAL_PREF attribute, using VRF 100 and VRF 200,
147–164 682–686
locally originated path, Branch-1, 686–693
164–167 Branch-2, 693–703
lowest IGP metric to the next Configuring the SDA policy engine,
hop, 226–232 826–834
lowest neighbor address, Configuring trunks, 1–2
263–268 show interfaces trunk
lowest router ID, 252–260 command, 8
MED attribute, 198–220 VTP pruning, 5–7, 8–12
minimum cluster list length, Configuring vEdge using a feature
260–263 template, 703–729
oldest route, 246–252 Configuring vEdge using a vManage
ORIGIN attribute, 194–197 feature template, 729–753
path attributes, 136–138 Configuring vEdge using a vManage
feature template and ZTP,
path selection, 190–194
782–805–816
path vector, 135–136
Default route injection, 85–86
WEIGHT attribute, 140–147
DMVPN and DHCP, 572–573
BGP confederation, 104–105
DMVPN and IPv6, 612–613
BGP configuration, 634–635
DMVPN NHS clustering, 559–572
BGP filtering, 111–114
Dual hub, single cloud design,
BGP load balancing, 114–115 511–536
BGP routing in a VPN, 599–600 EIGRP and Bidirectional Forwarding
Building the SDA campus fabric, Detection (BFD), 54
855–868 EIGRP authentication, 62
Configuring an application-aware EIGRP challenge lab, 63–64
routing policy, 816–824
EIGRP filtering, 57–58
Configuring cEdge using a BR-2-
EIGRP named mode, 51–54
specific vManage feature
template, 753–782 EIGRP routing in a VPN, 591–593
Configuring EtherChannels, 13–14 EIGRP site-of-origin, 593–594
Configuring Label Distribution EIGRP stub, C05.127–57
Protocol, 585–588 EIGRPv6, 632–634
Configuring OSPFv3, 614–615 Establishing a BGP session using the
correct TTL value, 95–98

Z01_Kocharians_index_p881-906.indd 889 11/05/22 9:13 PM


890 labs

Establishing neighbor adjacency OSPF point-to-point networks,


using different methods, 98–101 70–71
Exploring unicast routing, 664–682 OSPF routing in a VPN, 595–597
Helper map, 46–47 OSPF summarization, 80–82
Internet access methods: Partial OSPFv3 area types, 626–629
internet routes, 606–607 OSPFv3 authentication, 629–631
Introducing Spanning Tree Protocol, OSPFv3 broadcast networks,
14–16. See also Spanning Tree 617–618
Protocol
OSPFv3 cost and auto-cost, 622–623
802.1D, 16–19
OSPFv3 non-broadcast networks,
RSTP (Rapid Spanning Tree 618–619
Protocol), 20–28
OSPFv3 point-to-multipoint
LAN automation, 869–879 networks, 621–622
LSAs in OSPFv3, 624–625 OSPFv3 point-to-point networks,
MPLS and NAT, 601–602 620
Multiple Spanning Tree Protocol, Prefix lists, 35–37
28–48 Remove-private-AS: A walkthrough,
Onboarding WAN edge devices 116–132
CSR 1000v onboarding, RIPv2, 39–46
655–662 RIPv2 challenge lab, 48–49
CSR1/CSR2 onboarding, Route reflectors, 101–103
638–655
Route targets, import maps, and
vEdge cloud router onboarding, export maps, 603–605
655–662
Running OSPF on the interfaces,
OSPF area types, 72–76 65–67
OSPF authentication, 87–89 SDA design, 835–854
OSPF best-path determination, Single hub, dual cloud design
90–91
DMVPN Phase 1, 407–445
OSPF broadcast networks, 67–69
DMVPN Phase 2, 445–492
OSPF challenge lab, 92–93
DMVPN Phase 3, 492–510
OSPF filtering, 77–80
Single hub, single cloud design
OSPF non-broadcast networks,
DMVPN Phase 1, 331–367
69–70
DMVPN Phase 2, 367–387
OSPF point-to-multipoint and point-
to-multipoint non-broadcast DMVPN Phase 3, 387–405
networks, 71–72 Static and RIPv2 routing in a VPN,
589–590

Z01_Kocharians_index_p881-906.indd 890 11/05/22 9:13 PM


NHRP (Next Hop Resolution Protocol) 891

Summarization of internal and multicast IP addresses, 279


external networks, 615–616 multicasting, 47
Virtual links and GRE tunnels, 83–85 multipoint GRE, enabling on spokes,
LAN automation, 869–879 298–306
LDP (Label Distribution Protocol),
585–588
limited transit capability, 147
N
link-state protocols, 135 NAT, MPLS and, 601–602
listen range command, 470–471 NBMA (non-broadcast multiple-
load balancing, BGP, 114–115 access) networks, 275–276
LOCAL_PREF attribute, 147–164 neighbor command, 96
loop prevention, BGP, 363–365 neighbor default-originate command,
356
loopback interfaces, 40–41
neighbor spokes next-hop-self
LSAs (link-state advertisement), 344,
command, 404
624–625
neighbor spokes remote-as command,
359–360
M neighbor x.x.x.x weight command,
C02.119
manual pruning, 8
network command, 347, 382, 384,
maximum-paths command, 234–235 470–471
MED attribute, 198–199, 201–207, network eigrp command, 583
209–211, 214–216, 218–220
NHC (next hop client), 275
deterministic evaluation, 217–218
NHRP (Next Hop Resolution
evaluation, 207–208 Protocol), 275–279
missing values, 208–209 domain, 276
modifying the evaluation, 211–214 multicast mapping table, 291
setting, 199–201 NHC (next hop client), 275
mGRE (multipoint Generic Routing NHS (next hop server), 275
Encapsulation) tunnels, 274–283,
NHS clustering, 567–572
285
pseudo-multicasting, 279
MPLS (Multiprotocol Label
Switching), NAT and, 601–602 registration, 285–289
MST (Multiple Spanning Tree registration message, 275
Protocol), 28–30 resolution, 306–309, 313–315,
instances, 31 381–390
regions, 32 shortcut switching enhancements,
323

Z01_Kocharians_index_p881-906.indd 891 11/05/22 9:13 PM


892 NHS (next hop server)

NHS (next hop server), 275 filtering, 77–80


no ip next-hop-self eigrp 100 inter-area routes, 345
command, 375 LSAs (link-state advertisement), 344,
no ip split-horizon eigrp, 375 624–625
no ip split-horizon eigrp command, non-broadcast networks, 69–70,
282–283, 461–462, 565 618–619
no route bgp 100 command, point-to-multipoint network type,
437–438 71–72, 341–344, 621–622
non-broadcast networks, 69–70, point-to-point network type, 70–71,
618–619 341–344, 418–423, 620
routing in a VPN, 595–597
O running on interfaces, 65–67
summarization, 80–82, 344–346
onboarding WAN edge devices outer header, 270
CSR 1000v onboarding, 655–662 overlay network, 270
CSR1/CSR2 onboarding, 638–655
vEdge cloud router onboarding,
662–664
P
ORIGIN attribute, 194–197 partial internet routes, 606–607
OSPF (Open Shortest Path First), 47, partial-mesh topology, 297–298
335
passive-interface command, 337–338,
area types, 72–76, 626–629 390–391
authentication, 87–89, 629–631 path attributes, BGP, 136–138
auto-cost, 622–623 ping command, 277, 285–286, 299,
backdoor links and, 597–599 306–307, 417, 422–423, 427–428,
best-path determination, 90–91 435, 444–445, 456, 467, 476,
487–488, 497, 509, 569, 570–571,
broadcast network type, 67–69,
675–676, 680–681, 728–729,
336–340, 411–418, 617–618
752–753, 809–810
challenge lab, 92–93
point-to-multipoint network type,
configuring, 614–615 71–72, 341–344, 621–622
cost, 622–623 point-to-point network type, 70–71,
DMVPN Phase 1 configuration, 341–344, 418–423, 620
411–423 policy, AAR, 816–824
DMVPN Phase 2 configuration, prefix lists, 35–37, 144
372–375, 450–461
private IP addressing, 270
DMVPN Phase 3 configuration,
389–390

Z01_Kocharians_index_p881-906.indd 892 11/05/22 9:13 PM


show ip bgp command 893

protocol analyzers, 270


pruning ineligible, 9, 11
S
pseudo-multicasting, 279 SD-Access
public IP addressing, 270 building the campus fabric, 855–868
configuring the policy engine,
Q-R 826–834
designing, 835–854
redundancy, hub and transport, LAN automation, 869–879
329–330
SD-WAN
registration, NHRP (Next Hop
application-aware routing policy,
Resolution Protocol), 285–289
816–824
remove-private-as all command,
configuring vEdge
126–131, 132
using a feature template,
remove-private-as command,
703–729
119–120, 122, 123–125
using a vManage template,
RFC 6793, 118
729–753–782
RIPv2, 47, 272
using a vManage template and
challenge lab, 48–49 ZTP, 782–816
configuring, 39–46 onboarding WAN edge devices
VPN (virtual private network) and, CSR 1000v onboarding,
589–590 655–662
root bridge, 17 CSR1/CSR2 onboarding,
root port, 18 638–655
route maps, prefix lists and, 144 vEdge cloud router onboarding,
route reflectors, 101–103 655–662
route targets, 603–605 segmentation, 682–686–693–703
routing protocols, 135 unicast routing, 664–682
RSTP (Rapid Spanning Tree Protocol), segmentation, 682–686
20–28 set origin code command, 196–197
backup port, 22 show adjacency command, 312
BPDUs, 20–21, 23–24 show dmvpn command, 288,
convergence, 22–23 290–291, 300, 301–302, 305,
369–370, 371–372, 515–516, 562
edge ports, 23
show interface e0/1 pruning
link type, 23
command, 10–11
port roles, 21
show interfaces trunk command, 8,
states, 21 10
show ip bgp command, 120, 123,
125, 131–132, 133, 141, 145–146,

Z01_Kocharians_index_p881-906.indd 893 11/05/22 9:13 PM


894 show ip bgp command

149, 160, 355, 357–359, 360, 365, show ip route bgp command, 356,
380–381, 383–384, 396–397, 381
401–402, 431–432, 438–439, show ip route command, 272,
440–441, 445, 471–472, 277–278, 352, 460–461, 469
479–480, 483–484, 486,
show ip route eigrp 100 command,
502–503, 526, 531, 554, 556
377, 468, 490, 534, 543, 548–549,
show ip bgp neighbors command, 582–583
155–156
show ip route eigrp command, 293,
show ip bgp summary command, 355, 295, 310, 315, 318, 320, 496–497,
363, 482 554, 564–565–566–567, 568–
show ip bp command, 444 569–570, 571, 698–700
show ip cef command, 340 show ip route next-hop-override
show ip cef internal command, 311, command, 329
321–322 show ip route nhrp command, 325,
show ip dhcp pool TST command, 394, 398
581 show ip route nhrp nhs redundancy
show ip eigrp 100 neighbor command, 572
command, 348, 391–392, show ip route ospf command, 339,
463–465 343–344, 346, 374, 413–414,
show ip eigrp neighbors command, 416, 420–421, 423, 452–453,
292–293, 303–304, 305–306, 454, 677–678, 688–690,
376–377 692–693, 701–703
show ip nhrp command, 277, 288, show ip route vpn 100 command,
307, 389, 561, 576–577 674–675
show ip nhrp multicast command, show ip route vrf 100 command, 668,
280, 291–292, 302–303, 370 669–671, 673–674, 676–677
show ip ospf command, 345 show ip routes omp command,
681–682
show ip ospf database network
command, 457–459 show omp routes command, 664–667,
683–686, 690–692
show ip ospf database router
command, 459 show run interface tunnel1 command,
295
show ip ospf int brief command,
672–673 show running-config system
command, 808
show ip ospf interface brief
command, 414–415, 453–454 show sdwan control local properties
command, 649–650
show ip ospf neighbor command,
343, 373–374, 413, 452 show sdwan omp peers command,
650
show ip ospf neighbor detail
command, 337 show sdwan omp routes command,
668–669
show ip protocols command, 238

Z01_Kocharians_index_p881-906.indd 894 11/05/22 9:13 PM


Spanning Tree Protocol 895

show sdwan running-config DMVPN Phase 2


command, 643–644, 678–679 implement eBGP, 382–387
single collision domain, 16 implement EIGRP, 375–379
single hub, dual cloud design, 404, implement iBGP, 379–382
445
implement OSPF, 372–375
convergence, 435–436
tunnel configuration, 368–372
DMVPN Phase 1
DMVPN Phase 3
implement eBGP, 436–445
implement eBGP, 399–405
implement EIGRP, 424–428
implement EIGRP, 390–394
implement iBGP, 428–436
implement iBGP, 395–398
implement OSPF, 411–423
implement OSPF, 389–390
tunnel configuration, 407–410
tunnel configuration, 388–389
DMVPN Phase 2
Spanning Tree Protocol. See also MST
implement eBGP, 477–488 (Multiple Spanning Tree Protocol)
implement EIGRP, 461–470 802.1D, 16–19
implement iBGP, 470–477 blocking ports, 18
implement OSPF, 450–461 bridges, 16
tunnel configuration, 446–449 broadcast frames, 17
DMVPN Phase 3 broadcast storm, 17
implement eBGP, 504–510 CAM (Content Addressable
implement EIGRP, 495–500 Memory) table, 17
implement iBGP, 500–504 convergence, 27
tunnel configuration, 492–494 root bridge, 17
implement eBGP, spokes in the same root port, 18
autonomous system, 441–445 single collision domain, 16
potential solutions to problems, switches, 17
488–492
unknown unicast flooding, 17
single hub, single cloud design
MST, 28–30
DMVPN Phase 1
instances, 31
implement eBGP, 359–367
regions, 32
implement EIGRP, 347–351
RSTP (Rapid Spanning Tree
implement iBGP, 352–359 Protocol), 20–28
implement OSPF, 335–344 backup port, 22
summarization with OSPF, BPDUs, 20–21, 23–24
344–346
convergence, 22–23
tunnel configuration, 331–335
edge ports, 23

Z01_Kocharians_index_p881-906.indd 895 11/05/22 9:13 PM


896 Spanning Tree Protocol

link type, 23 467–468, 475, 481–482, 483,


port roles, 21 487, 490, 499, 503, 507–509–510,
517–518, 529, 534–535, 544–545,
states, 21
550–551–552, 557, 558
split horizon, 282, 349
transparent bridge, 16
spokes
transport redundancy, 329–330
adding to DMVPN cloud, 290–291
trunks
enabling multipoint GRE on,
configuring, 1–20
298–306
VTP pruning, 5–7
spoke-to-spoke tunnels, 296–298
pruning ineligible, 9, 11
caveats, 315–322
show interface e0/1 pruning
forming, 306–309
command, 10–11
hub-initiated, 322–329
show interfaces trunk
static routing, VPN (virtual private command, 8, 10
network) and, 589–590
switchport trunk pruning vlan
summarization command, 10, 11
of internal and external networks, VMA (VTP membership
615–616 advertisement), 8
OSPF, 80–82, 344–346 tunnel destination command, 274,
switches, 16, 17, 23 298, 300
switchport trunk pruning vlan tunnel mode gre multipoint command,
command, 10, 11 298, 331
tunnels, 270
T DMVPN Phase 1 configuration,
331–335
TCP DMVPN Phase 2 configuration,
active open attempt, 96 368–372, 446–449
sessions, 95 DMVPN Phase 3 configuration,
388–389, 492–494, 513–518,
three-way handshake, 353
539–541
third-party next hop, 361
GRE (Generic Routing
three-way handshake, 353 Encapsulation), 270–272–273
topologies mGRE (multipoint Generic Routing
full-mesh, 297 Encapsulation), 274–283
partial-mesh, 297–298 overlay network, 270
traceroute command, 152, 273, 316, spoke-to-spoke, 296–298, 306–309
318–319, 320–321, 323–324, underlay network, 270
334–335, 340, 371, 374–375,
377–379, 382, 386–387, 393,
397–398, 416–417, 455, 457, 466,

Z01_Kocharians_index_p881-906.indd 896 11/05/22 9:13 PM


ZTP server configuration 897

U EIGRP routing in a, 591–593


OSPF routing in a, 595–597
underlay network, 270 static and RIPv2 routing in a,
589–590
unicast routing, 664–682
VTP pruning, 5–7
unknown unicast flooding, 17
pruning ineligible, 9, 11

V show interfaces trunk command, 8,


10
switchport trunk pruning vlan
verifying, DMVPN Phase 3 tunnel
command, 10, 11
configuration, 388–389
VMA (VTP membership
virtual links, GRE tunnels and, 83–85
advertisement), 8
virtual network, 270
VMA (VTP membership
advertisement), 8 W-X-Y-Z
vManage template, 729–753–782
WEIGHT attribute, 140–147
VPN (virtual private network)
ZTP server configuration, 809–816
BGP routing in a, 599–600

Z01_Kocharians_index_p881-906.indd 897 11/05/22 9:13 PM

You might also like