Escolar Documentos
Profissional Documentos
Cultura Documentos
route-map RM deny 10
match ip address d1p2
The routes are processed by the next route-
map clause, or not redistributed if there are
no further clauses. During redistribution, what happens if a
route-map clause with the permit
parameter does not match any routes?
The routes are either filtered (if matched)
or left in the list of routes to be examined
by the next route-map clause (if not During redistribution, what happens when
matched), if any. the deny parameter is used in the route-
map clause?
The route is not filtered, it just doesn't
match that particular route-map clause.
During redistribution, if a route-map clause
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 1/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 2/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 3/355
5/18/2019 Untitled Document
redistribute
router
The ___ command identifies the routing
Example: source from which routes are taken, and the
router rip ___ command identifies the routing process
redistribute eigrp 1 into which the routes are advertised.
Routes from BGP, IS-IS, OSPF, or RIP will
not be redistributed into EIGRP until a
metric is set. You can specify different When redistributing BGP, IS-IS, OSPF, or
metrics per-route, per-protocol, or set a RIP into EIGRP, what happens if the metric
default metric. However, until a metric is is not set?
configured (whether default or more
specific), IOS accepts the redistribution
commands, but will not actually
redistribute the routes.
160
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 4/355
5/18/2019 Untitled Document
another router, which will then use that When multiple routers are peforming
redistributed route instead of a potentially mutual routing protocol redistribution,
more optimal route presented by a higher- what can be a cause of suboptimal routing?
AD protocol.
destination Null0, to prevent routing loops. How does a summarizing router prevent
routing loops?
Summary routes decrease the amount of
specific information in the routing tables,
which can sometimes cause suboptimal Why does the possibility of suboptimal
routing. routing occur when summary routes are
used?
EIGRP summarization is configured on the
interface in classic mode, or the af-
interface in named mode: How do you configure an EIGRP summary
route?
ip summary-address eigrp ASN network
mask
Under the EIGRP process:
summary-metric network mask bandwidth How do you manually configure the metric
delay reliability load mtu [distance used by an EIGRP summary route?
administrative-distance]
area area range network mask [cost cost] How do you configure an OSPF inter-area
summary?
Where area is where the component
subnets reside. By default, the lowest-cost
component becomes the summary cost, but
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 7/355
5/18/2019 Untitled Document
summary-address network mask [tag tag] How do you configure an OSPF external
summary?
This summarizes external routes as they are
injected into OSPF as an ASBR.
With ip classless, if a packet's destination
does not match a specific route in the IP
routing table, the router uses the default What's the difference between the default
route. ip classless and no ip classless with regard
to whether or not a default route is used?
With no ip classless, the router first checks
to see whether any part of the destination
address's classful network is in the routing
table. If so, that router will not use the
default route for forwarding that packet.
Static route to 0.0.0.0, with the
redistribute static command
In what two ways can both RIP and EIGRP
The ip default-network command advertise a default route?
Of these four, only the default-
information originate command will
cause OSPF to advertise a default route. Which of the following can OSPF use to
advertise a default route?
-RIP
-EIGRP
-OSPF
-IS-IS
True
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 8/355
5/18/2019 Untitled Document
EIGRP advertises the classful network, but How do RIP and EIGRP use the ip
flags it as a candidate default. This is why default-network command differently?
EIGRP must also be advertising the
classful network.
The EIGRP default summary creates the
route 0.0.0.0/0 with the destination null0.
The EIGRP summary has a default AD of What happens if a router learns a default
5, so that route will be used instead of the route from eBGP, and advertises an EIGRP
eBGP route with its default AD of 20. default summary out of an interface?
The local router creates a local summary
route with destination null0 using AD 5.
EIGRP then advertises the summary to When issuing the interface command ip
other routers with AD 90 (EIGRP internal) summary-address eigrp ASN summary
mask, how is the route installed locally, and
then advertised?
Profile
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 9/355
5/18/2019 Untitled Document
Measure
Apply Policy
Control What are the five phases in the PfR "phase
Verify wheel"?
To learn flows that have high latency and
throughput. Traffic being profiled is
referred to as a traffic class. The list of all What is the goal of the PfR Profile phase?
monitored traffic classes (MTC) is referred
to as an MTC list.
To collect and compute performance
metrics for the traffic identified in the
Monitored Traffic Classes (MTC) list. What is the goal of the PfR Measure
phase?
To create low and high thresholds to define
in-policy and out-of-policy performance
categories. What is the goal of the PfR Apply Policy
phase?
To influence traffic by manipulating
routing or by using policy-based routing
(PBR). What is the goal of the PfR Control phase?
After controls have been introduced, PfR
will verify out-of-policy event performance
and make necessary adjustments to bring What is the goal of the PfR Verify phase?
back in-policy performance.
Internal
External
Local What are the three primary interface types
required in a topology to correctly deploy
PfR?
Interfaces that are used to connect to the
internal network for communication with
the control plane manager, the Master What are PfR Internal interfaces?
Controller.
Interfaces used to transmit packets out of
the local network. At least two external
interfaces are required to successfully What are PfR External interfaces?
deploy PfR. These are the interfaces where
prefixes and exit link performance will be
monitored.
Interfaces used in the formation of the
control plane mechanism that drives the
PfR process. The local interface defines the What are PfR Local interfaces?
source interface that is used to
communicate to the Master Controller.
False: Authentication is mandatory, and
performed with key chains.
True or False: With PfR, communication
between the Master Controller and its slave
devices supports optional authentication.
False. However, the MC must be reachable
by the border routers.
True or False: The PfR Master Controller
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 10/355
5/18/2019 Untitled Document
local interface
Link utilization - upper threshold set, What are two PfR features that enable load
traffic beyond is OOP balancing?
Example: 90% link utilization set, traffic
that utilizes 95% of the link is out of policy
Where acl matches the specific information How can you filter IP packet debugging to
you're looking for. only receive the information you're looking
for?
show pfr border defined
233.0.0.0/8
Which range of IP addresses are used for
multicast GLOP addressing?
GLOP addresses
233.0.0.0/8
What is the range of multicast addresses
where the 16-bit ASN is mapped to the
middle two octets referred to as?
239.0.0.0/8
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 14/355
5/18/2019 Untitled Document
IGMP packets are local and not forwarded using IP Protocol ___ with the IP TTL field
by routers because of the TTL value of 1. set to ___.
To inform a local multicast router that a
host wants to receive multicast traffic for a
specific group, or leave that group. What are the two most important goals of
IGMP?
Hosts, routers
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 15/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 16/355
5/18/2019 Untitled Document
2x Query Intervals (125s) + 1/2 Query How long is the default time before an
Response Interval (10s) IGMPv2 Querier router is considered dead
and a new election occurs?
A time period during which, if an IGMPv2
host does not receive an IGMPv1 Query,
the IGMPv2 host concludes that there are What is the host IGMP Version 1 Router
no IGMPv1 routers present and starts Present timeout?
sending IGMPv2 messages.
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 20/355
5/18/2019 Untitled Document
default, but are not dependent on the 3- True or False: The PIM-DM State Refresh
minute (default) Prune timer. message timer is dependent on the Prune
timer.
A Graft message is sent by the downstream
router to the upstream router to request the
multicast traffic again for the particular What happens when a multicast host
(S,G). wishes to receive traffic for a group that
was previously pruned by the router?
When the upstream router receives the
Prune, because it was received on a
multiaccess network (as opposed to point- When multiple PIM downstream routers
to-point), it sets a 3-second timer. The other are present on a network segment and one
router(s) on the segement must sent a Prune or more of the routers sends a Prune
Override message (which is actually just a message while at least one other router still
normal Join message) before the timer needs to send the multicast traffic further
expires. downstream, what happens?
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 23/355
5/18/2019 Untitled Document
After the threshold of kbps is crossed, the How do you configure a Cisco router to
router switches from the RPT through the change from a PIM-SM RPT to a source-
RP to the SPT to the source. By default, specific SPT after a certain rate of traffic?
this occurs after the router receives the first
multicast packet from the RPT.
Downstream routers do not know the IP
address of the multicast source (only the IP
address of the RP) until they receive the Why do receivers of multicast traffic in a
first multicast packet for the group from the PIM-SM network require at least one
source. packet before they can switch from the
RPT to the source-specific SPT?
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 24/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 25/355
5/18/2019 Untitled Document
from the earlier receipt of Boostrap How does a BSR learn about the candidate
messages. Candidate RPs send unicast c- RPs?
RP Advertisements to the BSR which
include the IP address used by the c-RP
and the groups it supports.
True: Each Candidate-BSR sends Bootstrap
messages that include the priority of the
BSR and its IP address. The highest True or False: Multiple PIM-SM BSRs can
priority wins (default 0), followed by be configured on the network
highest IP address. simultaneously.
Globally:
ip msdp peer ip
How do you configure an MSDP peer?
show ip msdp peer
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 28/355
5/18/2019 Untitled Document
Globally:
ip pim bidir-enable
How do you configure PIM BiDir on a
You must then add the bidir keyword to router?
the RP configuration:
Static: ip pim rp-address ip bidir
Auto-RP: ip pim send-rp-announce
interface scope ttl bidir
BSR: ip pim rp-candidate interface bidir
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 29/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 30/355
5/18/2019 Untitled Document
Done
The MLD ___ message is similar to the
IGMPv2 Leave message.
show ipv6 mld interface interface
policy-map policy1
class class1
set dscp ef
class class2
set dscp default
interface f0/0
service-policy output policy1
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 33/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 34/355
5/18/2019 Untitled Document
a policy map, and assigns the policy map to router, what does the trust keyword do
the interface. with regard to class maps?
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 36/355
5/18/2019 Untitled Document
True
True or False: Hardware queues cannot be
affected by IOS queuing tools.
True
This queue exists even if it is not CBWFQ and LLQ both have a special
configured. If a packet does not match any queue referred to as ___.
of the explicitly configured classes in a
policy map, IOS places the packet into the
class-default class.
True
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 37/355
5/18/2019 Untitled Document
If some queues are empty and do not need True or False: The CBWFQ scheduler
their bandwidth for a short period, the guarantees a minimum percentage of a
bandwidth is proportionally allocated link's bandwidth to each class/queue.
across the other classes.
True
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 38/355
5/18/2019 Untitled Document
Packets are randomly dropped when the What value does WRED look at when
average queue depth is between the determining whether a queue has filled
configured minimum and maximum enough to begin discarding packets?
thresholds.
The MPD is the calculated discard
percentage used at the maximum threshold
based on 1/MPD. What is the WRED Mark Probability
Denominator (MPD)?
For example, a MPD of 10 (1/10 = 10%)
means that the discard rate grows from 0%
to 10% as the average queue depth grows
from the minimum threshold to the
maximum. When the maximum is reached,
a full drop occurs.
Minimum threshold
Maximum threshold
Mark Probability Denominator (MPD) What does a WRED traffic profile consist
of?
Physical interfaces (with FIFO queuing)
Non-LLQ classes in a CBWFQ policy map
For which two locations can WRED be
configured?
With the random-detect keyword either
under a physical interface or in a non-LLQ
class in a policy map. How do you enable WRED?
Without the dscp-based keyword, WRED
uses IP Precedence.
What is the difference between random-
detect and random-detect dscp-based?
After issuing the random-detect or
random-detect dscp-based command,
issue either random-detect precedence or How do you modify the default WRED
random-detect dscp traffic profiles?
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 39/355
5/18/2019 Untitled Document
Four
The frame's internal DSCP is compared to What are the two steps involved in
a global DSCP-to-CoS map to determine a classifying and assigning a frame to the
CoS value proper egress queue on the interface of a
Catalyst 3560 switch, assuming the
The per-interface CoS-to-queue map forwarding decision has been made?
determines the queue for a frame based on
the assigned CoS value
Both help to prevent queue starvation when
a PQ exists, but shaped round-robin also
rate-limits the queues so that they do not What is the difference between shared
exceed the configured percentage of the round-robin and shaped round-robin
link's bandwidth. queuing?
Globally:
mls qos srr-queue input priority-queue
{1 | 2} bandwidth percentage How do you enable ingress priority
queuing on a Catalyst 3560 switch?
show mls qos input-queue
The packets are released from the queue so configured rate is exceeded, what happens
that over time the overall bit rate does not to the packets?
exceed the shaping rate.
Tc, which is measured in milliseconds
With a burst size of 8000 bits and a CIR of What is the basic formula for traffic
64 kbps, the Tc = 125ms shaping?
The bucket size is the Bc, and at the
beginning of each Tc, the token bucket is
refilled. With regard to traffic shaping, what is the
token bucket model?
Without Be, if there are tokens still in the
bucket at the beginning of the next Tc, the
overage of new tokens are wasted. If the Bc
is 8000, and there are 1000 tokens still in
the bucket at the next Tc, 7000 new tokens
are placed into the bucket, and 1000 new
tokens are wasted.
The packet must wait until the next Tc
(when new tokens are added to the bucket)
to acquire enough tokens for the packet to With the shaper token bucket model, what
be sent. happens if a packet needs to be sent, but
there are not enough tokens in the bucket?
Be (excess burst) makes the single token
bucket bigger, but there will still only be
the Bc (committed burst) number of tokens How does Be work with the shaper token
added at the beginning of each Tc (time bucket model?
interval).
Generic Traffic Shaping
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 43/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 44/355
5/18/2019 Untitled Document
Xp <= Xb
Xp tokens are drained from the Bc bucket
When the size of the packet requiring
transmission is greater than the number of
tokens available in the Bc token bucket. With single-rate, two color policing, when
is the traffic considered exceeding?
Xp > Xb
No tokens are drained from the Bc bucket
When the size of the packet requiring
transmission is equal to or less than the
number of tokens available in the Bc With single-rate, three color policing, when
bucket. is the traffic considered conforming?
Xp <= Xbc
Xp tokens are drained from the Bc bucket
When the size of the packet requiring
transmission is greater than the number of
tokens available in the Bc bucket, but less With single-rate, three color policing, when
than or equal to the number of tokens is the traffic considered exceeding?
available in the Be bucket.
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 45/355
5/18/2019 Untitled Document
After issuing this command, PPP starts the How do you enable PPP compression on a
Compression Control Protocol (CCP) NCP link?
to support compression negotiation and
manage the compression process.
When the average payload is small.
interface interface
no ip address
pppoe-client dial-pool-number 1
Create a BBA group and assign a virtual
template
Edit the virtual template and assign an IP What are the four high-level steps required
address and an IP pool to use to configure PPPoE on the ISP/server side?
Create the IP pool
Edit the client-facing interface with no IP
address, and enable it for PPPoE
Configure a dialer interface
Associate the dialer interface to a physical
interface What are the two high-level steps required
to configure the client side of a PPPoE
connection?
With the login statement under the console,
aux, or VTY line.
How do you configure Cisco IOS to
prompt the user for a password when
connecting to a console, AUX, or VTY
line?
With the password statement under the
console, AUX, or VTY line.
How do you define the simple password to
be used when logging into a console, AUX,
or VTY line?
With the global service password-
encryption statement.
How do you obfuscate all clear-text
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 50/355
5/18/2019 Untitled Document
1645 was the original defined port, but What is the well-known port used for
later changed to 1812. Cisco IOS still uses RADIUS?
1645 by default.
TCP 49
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 51/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 52/355
5/18/2019 Untitled Document
Default: unlimited
IP Source Guard uses either the DHCP
snooping database or static bindings to
permit incoming packets only from bound What does IP Source Guard do?
IP addresses (and optionally IP + MAC).
The helps mitigate IP spoofing.
Interface:
ip verify source [port-security]
How do you enable IP Source Guard?
The port-security keyword verifies both IP
and MAC.
effect. Storm Control can be enabled only How do you configure Storm Control on
on physical ports. EtherChannel ports?
Storm Control can limit individually
broadcast, multicast, and unicast traffic
per-port. What types of traffic can Storm Control
limit?
Interface:
storm-control traffic-type level rising
[falling] How do you enable the Storm Control
feature?
traffic-type is either broadcast, multicast, or
unicast, and is set individually with
multiple statements.
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 56/355
5/18/2019 Untitled Document
Interface:
ip verify unicast source reachable-via
{rx | any} allow-default
Both trigger IP directed broadcasts. Smurf
uses ICMP Echo, Fraggle uses UDP Echo.
What's the difference between a Smurf
attack and a Fraggle attack?
TCP Intercept monitors TCP connections
for SYN attacks.
With Cisco IOS TCP Intercept, what is the
In Watch mode, it keeps state information difference between Watch mode and
for TCP connections that match an ACL, Intercept mode?
and if TCP does not complete the 3-way
handshake within a particular time period,
TCP Intercept sends a TCP RST to the
destination to clean up the connection.
Watch mode also temporarily denies new
TCP requests if more than 1100 occur in
one second.
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 57/355
5/18/2019 Untitled Document
All other Layer 2 protocols fall under the With CoPP, the only Layer 2 protocol that
default class. can be explicitly assigned to a class is ___.
ACLs
IP Precedence
DSCP What are the only three match options that
can be used with CoPP class maps?
Malicious traffic should be placed at the
top so that it is dropped immediately.
Because classes within a policy-map are
evaluated top-down, which traffic should
you place at the top for CoPP?
Tunnel interface:
tunnel mode gre multipoint
How do you configure the proper mode on
a tunnel interface for DMVPN?
Tunnel interface:
tunnel source physical-interface
When creating a tunnel interface for
DMVPN, how do you associate the tunnel
interface with a physical interface?
Tunnel interface:
ip nhrp map multicast dynamic
With DMVPN, what configuration
This prevents the Hub router from needing statement on the hub is necessary to allow
a separate configuration line for a multicast dynamic routing protocols to operate?
mapping for each spoke router.
On the DMVPN Tunnel Interface, ip nrhp
network-id id enables NHRP, which is
critical to the operation of DMVPN. All How do you specify which DMVPN a
routers and interfaces configured with the device belongs to?
same ID belong to the same DMVPN.
Tunnel interface:
ip nhrp authentication password
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 58/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 60/355
5/18/2019 Untitled Document
interface interface
ipv6 dhcp guard attach-policy policy
show ipv6 dhcp guard policy
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 61/355
5/18/2019 Untitled Document
from the border router's external-facing How does automatic 6to4 IPv6 addressing
IPv4 address encoded as work?
hexadecimal. Using the example
10.1.100.1, the prefix is
2002:0a01:6401::/64.
Internal interfaces:
ipv6 address 2002:external-ip-as-
hex:subnet::1/64
64-bit-prefix:0000:5EFE:ipv4-address-of-
isatap-link-in-hex
How does ISATAP addressing work?
Example:
IPv6 prefix 2001:0db8:0abc:0def::/64
IPv4 tunnel destination address 172.20.20.1
= AC14:1401
ISATAP address:
2001:0db8:0abc:0def:0000:5efe:ac14:1401
tunnel mode ipv6ip isatap
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 63/355
5/18/2019 Untitled Document
1-bit Bottom of Stack What are the four fields that make up the
8-bit TTL 32-bit MPLS header?
When an IP packet arrives at the ingress
PE, the IP packet's TTL value is copied
into the MPLS header's TTL field. As the What is MPLS TTL propagation?
MPLS packet traverses the MPLS network,
the TTL field in the MPLS header is
decremented at each hop. When the packet
arrives at the egress PE and the label is
removed, the MPLS TTL is copied back
into the IP packet's TTL field.
Globally:
[no] mpls ip propagate-ttl [forwarded]
[local] How do you configure MPLS TTL
propagation in Cisco IOS?
Interface:
mpls ip
Assuming CEF is enabled and an IGP has
This automatically enables and uses LDP. been configured, how do you enable basic
MPLS unicast IP routing?
show mpls ldp bindings
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 69/355
5/18/2019 Untitled Document
The router must receive a TCP connection What four checks are used when BGP
request with a source address that the forms neighbor relationships?
router finds in a BGP neighbor statement
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 70/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 72/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 76/355
5/18/2019 Untitled Document
For example, in the AS_PATH value True or False: When choosing a BGP best
(65001 65002) 123, the confederation route, confederation ASNs are not
ASNs in the parenthesis are not counted. considered part of the length of the
AS_PATH.
Confederation routers remove the
confederation ASNs from the AS_PATH in
Updates sent outside the confederation. Why are external BGP routers unaware of a
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 77/355
5/18/2019 Untitled Document
This means you cannot simply convert a When configuring a router for BGP
non-confederation router into a confederations, how do you define the
confederation router. You must remove and router's sub-autonomous system?
re-apply the BGP configuration.
BGP process:
bgp confederation identifier asn
When configuring a router for BGP
confederations, how do you define the
router's actual BGP ASN?
False. Only the RR changes its BGP
behavior. Both clients and non-clients do
not change their behavior and are not even True or False: When using BGP route
aware of the RR. reflectors, RR clients change their BGP
behavior, while non-clients use normal
BGP behavior.
Prefixes learned from non-clients are not
advertised to other non-clients (normal
iBGP peering rules). BGP route reflectors can learn prefixes
from clients, non-clients, and eBGP peers.
The prefixes are advertised to both RR
clients and non-clients, except for which
case?
One or more
Only advertise best routes. What are three methods that BGP Route
Reflectors use to prevent loops?
CLUSTER_LIST - RRs add their cluster
ID the CLUSTER_LIST PA before sending
an Update, and discard received prefixes
for which their cluster ID already appears.
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 78/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 79/355
5/18/2019 Untitled Document
By default, routes learned from clients are How do you prevent a BGP route reflector
reflected to all other clients. from advertising routes learned from a
client to the other clients?
show ip bgp injected-paths
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 80/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 81/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 82/355
5/18/2019 Untitled Document
(^123_45$)|(^123_.*_45$)
^123_45$|^123_.*_45$
^{
This command parses the AS_PATH How can you verify the effects of the regex
variables in a router's BGP table, including in an AS_PATH filter before actually
all special characters. implementing it?
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 83/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 85/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 86/355
5/18/2019 Untitled Document
BGP process:
neighbor ip route-map map out
How do you configure AS_PATH
route-map map permit 10 prepending?
match routes
set as-path prepend asn1 ..asn2
route-map map permit 20
Range 0 - 4B, smaller is better What is the default BGP MED value?
Through the BGP neighbor ip route-map
map out command. The route map matches
the desired routes and changes the MED How do you configure the BGP MED
with set metric value?
The default MED value for routes is 0. This
command makes the default value 4B.
What does the following command do?
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 87/355
5/18/2019 Untitled Document
It is important for all routers to either use bgp bestpath med missing-as-worst
the default of 0, or configure this
command, otherwise routing choices will
be affected.
True. You can override this behavior with
bgp always-compare-med under the BGP
process. True or False: BGP ignores the MED value
when multiple routes to a single NLRI pass
If you implement this command, you through different neighboring ASNs.
should implement it on all routers in an AS,
otherwise routing loops can occur.
By default, Cisco IOS processes BGP table
entries from newest (most recently learned)
to oldest. When there are multiple routes to What does the BGP command bgp
the same NLRI, IOS compares the newest deterministic-med do?
two and selects the best, then compares it
against the next route and chooses the best
of the two, and so on.
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 88/355
5/18/2019 Untitled Document
With eBGP, the route remains so as to not neighbor, but receives an otherwise
cause route flaps, but can be changed with identical route from an iBGP neighbor with
bgp bestpath compare-routerid a smaller BGP RID?
The final tiebreaker is the lowest BGP
neighbor ID (IP address). This is used
when the route is coming from a router What is the final BGP bestpath decision
who has multiple separate neighbor tiebreaker?
relationships, as opposed to a single
relationship using loopback addresses.
1
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 90/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 91/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 93/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 94/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 95/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 96/355
5/18/2019 Untitled Document
vlan num
shutdown
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 100/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 101/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 104/355
5/18/2019 Untitled Document
Sender Port ID
Receiver Port ID (not included in the
BPDU - evaluated locally as the final
tiebreaker)
Hellos, because their origination is driven
by the Hello timer.
What is another term for STP
Configuration BPDUs?
The BPDU expires within a time interval of
MaxAge - MessageAge seconds, and must
receive another BPDU within that time Each port in an STP topology stores the
frame. Designated Port's BPDU. DPs send their
own BPDU, and Root and Blocking ports
For example, with the default MaxAge store the received BPDU from the
time of 20 seconds, a switch that is two upstream switch.
hops away from the Root should receive a
BPDU with a MessageAge of 4, therefore When a port stores a received BPDU, when
it must receive another BPDU within 16 must it be refreshed?
seconds, otherwise the stored BPDU
expires.
-Elect the root switch
-Determine each switch's Root Port
-Determine the Designated Port for each What are the three steps STP uses to
segment determine which ports to forward and
block?
When STP is initialized on a switch, it
sends out BPDUs claiming itself to be the
Root. If it receives a superior BPDU, it How does STP elect the root bridge?
stops claiming to be the Root and stops
originating BPDUs, and starts forwarding
the received superior BPDUs onward.
The original Bridge ID is a 2-byte Priority
field + 6-byte System ID (MAC address).
What is the difference between the original
The revised BID splits the Priority field 802.1D Bridge ID, and the revised 802.1t
into a 4-bit Priority field + 12-bit System Bridge ID (now a part of 802.1D-2004)?
ID Extension (which is typically set to the
VLAN ID).
Prior to the 802.1t amendment, Per-VLAN What is another term for the revised STP
Spanning-Tree required a separate unique BID System ID Extension field?
MAC address for the BID for each VLAN,
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 108/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 109/355
5/18/2019 Untitled Document
instructs all switches in the STP domain to STP domain is informed of a topology
shorten their aging time for CAM entries to change?
ForwardDelay seconds.
Blocking, Forwarding, Disabled = stable
Listening, Learning = Transitory
Which classic STP port states are
considered stable, and which are
transitory?
Learning, Forwarding
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 111/355
5/18/2019 Untitled Document
0100.0CCC.CCCD
To which destination MAC address are
PVST+ BPDUs sent?
0180.C200.0000
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 112/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 113/355
5/18/2019 Untitled Document
STP uses Configuration and TCN BPDUs, How many types of BPDUs are used by
while RSTP contains everything within the RSTP?
single BPDU type.
2
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 117/355
5/18/2019 Untitled Document
tunneled over the CST regions in the same exactly like PVST+ and STP with regard to
manner. CST and Per-VLAN regions.
-All switches must run RSTP/RPVST+
-All inter-switch links must be properly
installed and recognized as point-to-point What are the three requirements for RSTP
links to provide quick reaction to changes in the
-All ports toward end stations must be network topology?
properly identified as Edge ports
Classic STP / PVST+ rules will be in effect
for that port
What happens if a switch running
RSTP/RPVST+ connects to a switch
running classic STP or PVST+?
RSTP reverts to timer-based (instead of
event-driven) operations on shared
segments, which greatly increases What happens when switches running
reconvergence time during topology RSTP have shared segments (instead of
changes. point-to-point links)?
Several platforms, such as the 2960, 3560
and 3750, support up to 128 STP instances
(and therefore 128 active VLANs). To get For lower-end Catalyst switching
around this limitation, use MST. platforms, what is the R/PVST+ instance
limitation, and how do you get around it?
65: Instance 0 + up to 64 user-defined
instances
How many active instances does MST
support?
0 - 4095. MST uses the 802.1t System ID
Extension field for instance numbers.
What is the valid range of MST instance
numbers?
MST uses a single BPDU to carry
information about about all instances.
How many BPDUs are used to carry
information about MST instances?
Designated
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 118/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 120/355
5/18/2019 Untitled Document
-Revision Number
-VLAN-to-Instance Mappings
What are the three mandatory elements in
an MST region whose configuration must
match on all switches within the region?
Within the MST BPDUs is the region
name, revision number, and MD5 hash of
the VLAN-to-Instance mapping. If all three How do two MST switches consider
of these match, the switches are in the same themselves to be in the same MST region?
MST region.
The MST VLAN-to-Instance mappings are
distributed in the MST BPDUs as an MD5
hash, and can be verified with: How are MST VLAN-to-Instance
mappings distributed, and how can you
show spanning-tree mst configuration verify this?
digest
Create the VLAN-to-Instance mappings for
all possible VLANs within a region, even if
the VLANs do not currently exist. What is considered a best practice for MST
with regard to VLAN-to-Instance
Modifying the VLAN-to-Instance mapping mappings?
must be performed on all switches within
the region and requires an outage window.
However, VLANs can be both created and
deleted after they are mapped to an
instance and will not cause a topology
change event with respect to MST.
show spanning-tree mst configuration
digest
How can you verify if a switch supports
If a single MD5 value is listed, the switch only pre-standard MST?
only supports pre-standard MST. Two MD5
digests indicate support for both standard
and pre-standard MST.
The switch running standard MST must
have spanning-tree mst pre-standard
configured on the port toward the pre- If a switch running standard MST is
standard MST switch. connected to another switch supporting
only pre-standard MST, what must be
configured?
Globally:
spanning-tree mst configuration
What is the first step to configure MST?
abort
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 121/355
5/18/2019 Untitled Document
Globally:
spanning-tree portfast bpduguard
default How do you globally enable BPDU Guard?
Interface:
spanning-tree bpduguard {enable |
disable} How do you unconditionally configure the
operation of BPDU Guard?
Interface:
spanning-tree guard root
How do you enable Root Guard?
spanning-tree portfast bpdufilter default
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 123/355
5/18/2019 Untitled Document
-Received UDLD messages containing the unidirectional links, and what happens
exact switch/port pair as the originator when a unidirectional link is detected?
(self-looped port)
-Received UDLD messages contain more
than one switch/port pair in the list of
detected neighbors, but only one neighbor
is detected.
Interface:
spanning-tree portfast network
BPDUs sources from different MAC How does EtherChannel Misconfig Guard
addresses on a port-channel interface, work?
indicating that the neighbor is treating
some of the links as individual and not
bundled together.
802.1AX
Previously 802.3ad
What is the IEEE standard for LACP?
The frequency of sending PAgP messages
can be configured per-port:
pagp timer {normal | fast} What is the only configurable parameter of
PAgP?
Normal = 30 seconds
Fast = 1 second
16, though only up to 8 can be active. The
remaining are in Standby.
How many links can be placed into an
LACP bundle?
The switch with the lower LACP System
ID selects the link to be promoted. The link
with the lowest Port ID is chosen. How does an LACP Standby link get
promoted to Active?
A configurable 16-bit Priority value + base
MAC address
What does the LACP System ID consist
of?
16-bit Priority + port number
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 129/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 130/355
5/18/2019 Untitled Document
Example: /24 is 8 host bits, (2^8) - 2 = 254 If a subnet is defined with X host bits, how
usable IP addresses. many valid usable IP addresses are in the
Example: /30 is 2 host bits, (2^2) - 2 = 2 subnet?
usable IP addresses
Example: /21 is 11 host bits, (2^11) - 2 =
2046 usable IP addresses
-Inside Local (private) address maps to
Inside Global (public)
-Outside Local (typically private) address With static NAT, what is the relationship
maps to Outside Global (public) between inside/outside/local/global IP
addresses?
Interface:
ip nat {inside | outside}
How do you define interfaces for NAT?
Globally:
ip nat inside source static inside-local
inside-global How do you configure static NAT to map
an inside local address to an inside global
address?
show ip nat translations
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 132/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 134/355
5/18/2019 Untitled Document
ntp server ip
Globally:
snmp-server host ip community
How do you specify which SNMP
Manager for IOS to send SNMP traps to?
True, but can be configured to do so with
logging buffered
True or False: Cisco devices do not log
events to NVRAM by default.
UDP 514
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 140/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 146/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 147/355
5/18/2019 Untitled Document
While the holddown timer is 180 seconds, What is the effective RIPv2 holddown
it is preceded by the Invalid After timer. period?
The Flushed After timer is 240 seconds and
begins after the last route update. The
Flushed After and Invalid After times are
reset together, and increment together.
Flushed After - Invalid After = 60 seconds
of effective holddown.
The Flushed After timer is reset with each
route update. It counts down
simultaneously with the Invalid After When is the RIPv2 Flushed After timer
timer. However, the Flushed After timer is taken into account?
not taken into account until after the
Invalid After timer expires. This means if
the Flushed After timer is less than the
Invalid After timer, the route will not be
removed from the routing table until the
Invalid After timer expires first.
True, only a subsequent arrival of an
update from a different neighbor with a
lower total metric would cause the router to True or False: If the next-hop RIPv2 router
change the next hop. The logic is that if the for a destination network suddenly
next-hop router is suddenly more distant to advertises a higher distance than
the destination network than before, so previously, the advertisement is accepted
must all other routers that traverse the next- immediately.
hop.
To delay processing updates about a
network whose reachability has become
questionable because any received updates What is the main purpose of the RIPv2
might not have accurate information. By Holddown timer?
delaying processing of updates for a period
of time, there is a better chance of accurate
information being propagated when the
Holddown timer expires.
The router declares the network to be
invalid (e.g. the route is "possibly down"),
and starts the Holddown timer while What happens when the RIPv2 Invalid
advertising the network with an infinite After timer expires?
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 148/355
5/18/2019 Untitled Document
packets using a per-interface ACL. How do you enable RIPv2 to send updates
out of an interface, but disable receiving
updates?
Filter the outbound advertisements of the
subnet on the other interfaces using
distribute lists. How do you prevent a RIPv2 router from
advertising a connected subnet?
router rip
neighbor ip
How do you configure RIPv2 to use unicast
updates?
Automatic summarization applies
whenever a router intends to advertise a
subnetwork of a particular classful network How does the defaut autosummarization
out an interface that is itself in a different work with RIPv2?
classful network.
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 151/355
5/18/2019 Untitled Document
Interface:
ipv6 rip process default-information only
ipv6 rip process enable
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 152/355
5/18/2019 Untitled Document
MTU and hop count are metric What components can be used to calculate
components, but are not used in the the EIGRP classic composite metric?
calculation of the composite metric.
Lowest
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 153/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 154/355
5/18/2019 Untitled Document
Bandwidth and delay metric values are What is a negative consequence of the
carried in EIGRP Updates in their scaled scaling factor in EIGRP classic metrics?
form, so each router must descale them,
then re-scale them when computing the
composite metric and advertising the
values to neighbors. Because the
calculations are performed via integer
arithmetic, round-off errors introduce a
gradual loss of resolution.
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 155/355
5/18/2019 Untitled Document
eigrp-release >= 8.0 supports wide metrics How can you determine if a router supports
EIGRP wide metrics?
show ip protocols also reveals the K6
constant, which classic metrics do not
support.
65536 * 10,000,000 / interface bandwidth
in kbps
How is the EIGRP wide metric Throughput
The Throughput component tells how represented?
many times slower the interface is than a
655.36 Tbps link
(65536 * interface delay in picoseconds) /
1,000,000
How is the EIGRP wide metric latency
calculated?
Default interface delay converted to
picoseconds
For EIGRP wide metrics, how is the
Example, 1 Gpbs link default delay is 10 interface delay (not the overall latency
µsec, so the converted value is 10,000,000 component metric) calculated for 1 Gbps
and slower interfaces without bandwidth
and delay commands issued?
10,000,000,000,000 / interface default
bandwidth
For EIGRP wide metrics, how is the
Example: 10 Gbps link interface delay (not the overall latency
component metric) calculated for interfaces
10,000,000,000,000 / 10,000,000 kbps = faster than 1 Gbps
1,000,000 picosecond delay without bandwidth and delay commands
issued?
Default interface delay converted to
picoseconds
For EIGRP wide metrics, how is the
interface delay (not the overall latency
component metric) calculated for interfaces
configured with bandwidth but not delay?
The specified delay value converted to
picoseconds
For EIGRP wide metrics, how is the
interface delay (not the overall latency
component metric) calculated for interfaces
with delay configured?
These values are identical, and used
identically, to EIGRP classic metrics.
How are the EIGRP Reliability, Load,
MTU, and Hop Count values used for wide
metrics?
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 156/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 157/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 158/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 159/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 160/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 161/355
5/18/2019 Untitled Document
guaranteed due to the nature of distance- True or False: Every neighbor satisfying
vector routing protocols. the EIGRP Feasibility Condition provides a
loop-free path, however not every loop-free
path satisfies the Feasibility Condition.
Feasible Successor
This applies to all neighbors that can What is the term for an EIGRP neighbor
guarantee a loop-free path toward the that meets the Feasibility Condition for a
destination. particular destination?
Successors are also Feasible Successors, as
they both meet the Feasibility Condition.
Successors are neighbors with the lowest What is the difference between EIGRP
Computed Distance toward the destination. Successors and Feasible Successors?
A topology change occurs whenever the
distance to a network changes or a new
neighbor comes online that advertises the For EIGRP, what constitutes a topology
network. change?
The router sets the Computed Distance /
Reported Distance of all networks
reachable through that neighbor to infinity. With regard to the topology, how does
EIGRP process the event of a neighbor
going down?
-The FS providing the least Computed
Distance is made the new Successor
-The FD is updated if the CD of the new What is the EIGRP local computation
Successor is less than the current FD process when a Feasible Successor is
-The routing table is updated to point present?
toward the new Successor
-An Update is sent to all neighbors if the
current distance to the destination has
changed as a result of switching to the new
Successor
If there are no Feasible Successors, the
diffusing computation must be performed
so that a new loop-free path can be Why might an EIGRP diffusing
guaranteed. computation be necessary after detecting a
topology change?
Route locked > FD set to CD > Active /
Query > Neighbors process
What four events consist of the EIGRP
-The entry in the routing table (pointing to diffusing computation process when a route
the current unchanged Successor) is locked becomes Active?
and cannot be changed until the route
returns to Passive
-The FD is set to the current (possibly
increased) Computed Distance through the
current unchanged Successor
-The route is put into Active state and a
Query is sent to all neighbors with the
current CD
-Each neighbor receiving the Query
updates its own topology table and
reevaluates its own Successor/FSs. If the
neighbor still has a Successor, it sends back
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 164/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 165/355
5/18/2019 Untitled Document
SIA-Query messages are sent at half the Assuming an EIGRP router receives all
Active time (90 seconds by default). When SIA-Reply messages in response to SIA-
an SIA-Reply is received, the Active time Query messages, at what point is the
is reset. A maximum of three SIA-Query neighbor adjacency torn down?
messages can be sent, and if a regular
Reply (not an SIA-Reply) is not received
after the third SIA-Query, the neighbor
adjacency is torn down after the Active
timer expires.
show ip eigrp topology active
This can be disabled under the af- when you enter the configuration mode for
interface default section. the IPv6 address family, and how do you
modify this behavior?
There is a 1:1 correspondence between an
EIGRP named process and an address
family instance with a particular AS. What is the relationship with EIGRP
named mode processes and address family
For example, you cannot have multiple instances?
IPv4 unicast ASNs under a single process,
and you cannot have the same IPv4 unicast
ASN under multiple processes.
Unlike with named mode, EIGRPv6 in
classic mode is shutdown by default when
configured, so no shutdown must be After configuring EIGRPv6 in classic
issued under the ipv6 router eigrp process. mode, what final step must be performed?
MTR is defined as a subset of routers and
links in a network for which a separate set
of routes is calculated. MTR includes the How does MTR (Multi Topology Routing)
base topology which is the entire network, compare to VRF (Virtual Routing and
and additional topologies are class-specific, Forwarding)?
which are a subset of the base topology.
Each class-specific topology carries a class
of traffic and has independent NLRI used
to maintain separate RIBs and FIBs, which
allows the router to perform independent
calculations and forwarding for each
topology.
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 168/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 169/355
5/18/2019 Untitled Document
messages so that nonstub routers will not both regular EIGRP and stub EIGRP
process them. routers exist on a common network
segment?
This is common for hub and spoke routers
connected by DMVPN or VPLS.
-The keyword cannot be used with any
other keyword
-To reach networks behind the router, What are two caveats of using the eigrp
neighbors must use static routing, or the stub receive-only command?
stub router must use NAT
connected
summary
static What are the EIGRP stub advertisement
redistributed options?
leak-map
receive-only
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 171/355
5/18/2019 Untitled Document
5
What is the default administrative distance
of an EIGRP discard route?
If the router is configured to advertise a
manual summary route that exactly
matches a route that is already learned by With an EIGRP router performing
the router from another source, the discard summarization, what is a potential issue
route can possibly replace the route learned with regard to an automatically installed
in the routing table due to the default AD discard route?
of 5. For example, if EIGRP is configured
to advertise a summarized default 0.0.0.0/0,
but the router has the same route learned
from another source, it may no longer be
able to reach that default route because of
the automatic discard route.
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 172/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 173/355
5/18/2019 Untitled Document
Interface:
[no] ip split-horizon eigrp
How do you configure split horizon for
EIGRP classic mode?
router eigrp
event-log-size 500
event-logging What are the EIGRP logging defaults?
log-neighbor-changes
log-neighbor-warnings
show eigrp address-family ipv4 events
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 176/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 178/355
5/18/2019 Untitled Document
-The network type is P2P router to move from the Init or 2-Way
-The network type is P2MP neighbor state to ExStart?
-The network type is virtual link
-The router itself or its neighbor is a DR or
BDR
-Compare RIDs to determine Master/Slave
roles
-Establish common starting sequence What two things happen during the OSPF
number for DBD packets ExStart neighbor state?
After the Master/Slave relationship is
established.
When does an OSPF neighbor state move
from ExStart to Exchange?
DBDs are exchanged between the
neighbors to build the list of LSAs known
by each router. Actual LSAs are not What occurs during the OSPF Exchange
exchanged at this time. neighbor state?
After a router receives the complete list of
LSAs via DBD exchange during the
Exchange state, the Loading state is when What is the OSPF Loading neighbor state?
the actual LSAs are exchanged between the
neighbors.
All required LSAs have been exchanged
between neighbors, and the neighbors are
now considered fully adjacent. What is the OSPF Full neighbor state?
2-Way
Full
What are the stable OSPF neighbor states?
-Discover OSPF routers on common
subnets
-Check for agreement on configuration What are the four major functions of OSPF
parameters Hello messages?
-Verify bidirectional visibility between
neighbors
-Monitor neighbor liveliness and react
accordingly
The primary IP address for an interface
must also be advertised into OSPF, either
directly at the interface or through the What must be true for OSPF to advertise
OSPF network command. Even if the secondary IP addresses?
secondary IP address is explicitly
configured for advertisement, it will not be
advertised if the primary IP address is not
also advertised.
224.0.0.5 All OSPF Routers
40s on broadcast and P2P network type What is the default OSPF Dead time?
120s on nonbroadcast and P2MP network
type
debug ip ospf hello will reveal "Mistached
hello parameters from RID"
How can you verify that OSPF Hello
parameters are mismatched between
neighbors?
show ip ospf interface interface
0x7FFFFFFF.
Loopback
Broadcast
Non-Broadcast (NBMA)
Which OSPF network types elect a DR?
Non-Broadcast (NBMA)
Point-to-Multipoint Non-Broadcast
Which OSPF network types require static
"Nonbroadcast Needs Neighbors" configuration of neighbors?
Point-to-Point
Loopback
Which OSPF network types do not permit
more than two routers on the subnet?
Broadcast
Point-to-Point
For which OSPF network types is the
default Hello interval set to 10 seconds?
Non-Broadcast (NBMA)
Point-to-Multipoint
Point-to-Mulitpoint Non-Broadcast For which OSPF network types is the
default Hello interval set to 30 seconds?
-Matching Hello/Dead timers
-Whether or not a DR is expected to be
elected, and if so, it must have reachability While certain OSPF network types can be
to all routers in the common subnet mixed together, what are the caveats to
watch out for?
1
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 184/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 185/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 187/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 189/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 190/355
5/18/2019 Untitled Document
Example: The default reference bandwidth When calculating OSPF costs, the resulting
is 100 Mbps. The cost of a serial link with value is rounded ___ to the nearest integer.
its default bandwidth of 1.544 Mbps is 100
/ 1.544 = 64.77, which is rounded down to
an OSPF cost of 64.
OSPF process:
neighbor ip cost cost
How do you set the OSPF cost for a
This is valid only on OSPF point-to- particular neighbor?
multipoint nonbroadcast network types.
Interface:
ip ospf cost cost
How do you set the OSPF cost value on an
interface?
OSPF process network command
advertises stub networks for any secondary
IP subnets matched by the network With regard to advertising secondary IP
command addresses, what is the difference between
the OSPF process network command, and
Interface ip ospf area command includes the interface ip ospf area command?
all secondary subnets by default, unless the
secondaries none parameter is used at the
end of the command.
By default, when using the ip ospf area
command on an interface, all secondary IP
subnets are advertised as stub networks. What does the following command do?
Including the secondaries none parameter
at the end causes only the primary IP ip ospf pid area area secondaries none
subnet to be advertised.
With RIP and EIGRP, the routes are filtered
from the respective protocol's update
messages. What is the difference between the way the
distribute-list command works for RIP
With OSPF and IS-IS, the LSDB within an and EIGRP, versus OSPF and IS-IS?
area must be identical, so the distribute-
list prevents the routes from being installed
in the local IP routing table, but remain
within the LSDB.
The inbound direction applies to the results
of SPF - LSAs are not filtered, but routes
that SPF would choose to install into the With OSPF, how does the distribute-list
local routing table are. command work differently in the inbound
and outbound directions?
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 192/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 194/355
5/18/2019 Untitled Document
interface interface
ip ospf authentication key-chain name
OSPF routers send their packets with the
TTL set to 255. With the exception of
virtual and sham links, OSPF routers What is the general premise of the OSPF
should always receive OSPF packets with TTL security check feature?
the TTL still set to 255 based on direct
router-to-router communications. Packets
received with a TTL of less than 255,
outside of a virtual or sham link, should
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 195/355
5/18/2019 Untitled Document
Interface:
ip ospf ttl-security hops count
OSPF process:
ttl-security all-interfaces hops count
When IOS processes received OSPF
packets, the TTL is decremented by one
before handing the packet to the OSPF When configuring the OSPF TTL security
process, unless the TTL is already one, in mechanism, you can relax the setting by
which case the number is not decremented. adjusting the hop count. Why is the
minimum value for this setting 1?
This is considered a peculiarity of IOS and
is not considered standard behavior.
OSPF virtual and sham links are unaffected
by these settings. Virtual and sham links
can be protected with the TTL security When OSPF is configured for the TTL
mechanism directly with the area virtual- security mechanism either under the OSPF
link ttl-security hops or area sham-link process or directly on an interface, how are
ttl-security hops commands. The hops OSPF virtual and sham links affected?
parameter is mandatory.
First activate the feature with the hop count
set to 254, which effectively configures but
does not enforce the feature. After routers What is the recommended process of
have been migrated, set the hop count to migrating OSPF routers to use the TTL
the default of 1. security mechanism?
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 198/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 199/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 200/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 201/355
5/18/2019 Untitled Document
Virtual links use globally-scoped IPv6 With the exception of virtual links, which
addresses. address does OSPFv3 use to source
OSPFv3 packets from?
Prefix, Length
Interface:
ipv6 ospf encryption parameters
How do you configure OSPFv3 encryption
The parameters must match on both ends on a link?
of the link.
OSPFv3 process:
area area {authentication | encryption}
parameters How do you configure OSPFv3
authentication or encryption for an area?
The parameters must match on all routers
in the area. Interface-level commands
override area-level commands.
Interface:
ospfv3 authentication key-chain keychain
How do you configure OSPFv3
Authentication Trailer?
Global:
router ospfv3 pid
How is multi-AF OSPFv3 configured in
Interface: IOS?
ospfv3 pid afi area area
0: IPv6 Unicast
32: IPv6 Multicast
64: IPv4 Unicast What are the OSPFv3 base instance ID
96: IPv4 Multicast values?
128-191 = Unassigned
192-255 = Private
The instance ID allows multiple OSPFv3
processes to communicate over the same
link while remaining separate. What is the purpose of the OSPFv3
instance ID?
The types of addresses advertised in Type 8
& 9 LSAs.
What do OSPFv3 instance ID values
indicate?
The base instance ID for the address family
type:
When configuring OSPFv3 multiple
0 IPv6 Unicast address family support, what instance ID is
32 IPv6 Multicast automatically chosen, if not specified
64 IPv4 Unicast manually?
96 IPv4 Multicast
The instances are each run completely
independent of each other, even under the
same OSPFv3 process. In addition to When running multiple OSPFv3 instances
addresses being separated, the topology is under a single OSPFv3 process, what is
calculated seperately per-instance as well. shared among the instances?
The AF-bit in the Options bitfield inside
OSPFv3 Hello, DBD, and LSA packets is
set when the sending router supports the When is the OSPFv3 AF-bit set?
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 203/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 204/355
5/18/2019 Untitled Document
When the SEL is 0, no particular service is What is the name of an NSAP address
being addressed, and the entire NSAP where the SEL octet is 0?
address identifies the destination node itself
without referring to any particular service.
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 205/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 211/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 212/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 214/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 216/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 217/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 218/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 219/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 220/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 221/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 222/355
5/18/2019 Untitled Document
DMVPN Phase 1 does not establish spoke- For which DMVPN Phase(s) is
to-spoke tunnels, and summarization is not summarization on the hub allowed?
an issue. Summarization on the hub is not
allowed in DMVPN Phase 2 because the
next-hop address cannot be modified.
Phase 3 allows summarization on the hub
due to the behavior of the NHRP redirect /
shortcut.
DMVPN Phase 1 does not establish spoke-
to-spoke tunnels, and summarization is not
an issue. Why is summarization allowed on the hub
in DMVPN Phase 1?
Summarization on the hub is not allowed in
DMVPN Phase 2 because the next-hop
address cannot be modified. Why is summarization on the hub not
allowed in DMVPN Phase 2?
Phase 3 allows summarization on the hub
due to the behavior of the NHRP redirect /
shortcut. Why is summarization allowed on the hub
with DMVPN Phase 3?
-1st spoke sends packet destined for 2nd
spoke with hub as next-hop
-Hub forwards packet to 2nd spoke, and What is the process of building spoke-to-
sends NHRP Redirect to 1st spoke spoke communication with DMVPN Phase
-1st spoke receives NHRP Redirect and 3?
sends NHRP Resolution Request toward
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 223/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 224/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 225/355
5/18/2019 Untitled Document
keyword, the neighbor adjacency is torn particular EIGRP neighbor, what happens
down when the limit is crossed. if the warning-only keyword is not used?
View existing ACLs first:
show access-lists
What is a good practice before configuring
an ACL?
10,000,000 Kbps / lowest bandwidth along
the path in Kbps
+ Sum of all delays along the path in 10s of How do you manually calculate the default
microseconds EIGRP classic metric?
* 256
faster-speed links.
No, the rib-scale value has local
significance only in the sense that the
calculation is performed locally, and the If you adjust the EIGRP wide metric rib-
resulting value is stored only in the local scale value on one router, do you have to
RIB and not advertised. change it on all routers?
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 227/355
5/18/2019 Untitled Document
IT Foundation
SaaS Software as a Service
PaaS Platform as a Service What are the four critical service layers of
Iaas Infrastructure as a Service cloud computing as defined by Cisco?
Software as a Service
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 228/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 229/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 230/355
5/18/2019 Untitled Document
Ceilometer
What is the codename for the OpenStack
telemetry component?
Ceilometer is used for telemetry and
provides a single point of contact for
billing systems used within the cloud What is the OpenStack codename
environment. Ceilometer component?
Trove
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 231/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 234/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 235/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 236/355
5/18/2019 Untitled Document
entering the value range midpoint, the +- When configuring a route-map, how do
modifier, and the positive and negative you select a range of metric values?
range.
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 239/355
5/18/2019 Untitled Document
What is IP Protocol 1?
IGMP
What is IP Protocol 2?
IP-in-IP encapsulation
What is IP Protocol 4?
TCP
What is IP Protocol 6?
UDP
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 240/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 241/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 242/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 243/355
5/18/2019 Untitled Document
from a host to determine if any other hosts When is an IGMPv2 Membership Query
exist on the segment. sent?
0.0.0.0
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 247/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 248/355
5/18/2019 Untitled Document
IPv6 Embedded RP
What type of IPv6 address is FF70::/12?
IPv6 Embedded RP
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 249/355
5/18/2019 Untitled Document
This queue always exists even if no With CBWFQ and LLQ, what queue
configuration for it is defined. requires no configuration?
It is placed into the class-default class.
Milliseconds
Xp <= Xb
Exceeding
Xp > Xb
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 252/355
5/18/2019 Untitled Document
Violating
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 253/355
5/18/2019 Untitled Document
Way Handshake completes, the router How does Cisco IOS TCP Intercept operate
creates a TCP connection to the in Intercept mode?
destination, then stitches the two
connections together.
On the DMVPN Tunnel Interface, ip nrhp
network-id id enables NHRP, which is
critical to the operation of DMVPN. All What is the purpose of the ip nhrp
routers and interfaces configured with the network-id command?
same ID belong to the same DMVPN.
0.0.0.0
2001:0db8:0abc:0def:0000:5efe:ac14:1401
ISATAP
64-bit-prefix:0000:5efe:ipv4-in-hex
False, RAs are disabled by default on
tunnel interfaces.
True or False: RAs are enabled by default
on tunnel interfaces.
RAs are disabled by default on tunnel
interfaces, but must be enabled on ISATAP
tunnels. What is the relationship between ISATAP
tunnel interfaces and IPv6 RAs?
show interfaces pruning
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 256/355
5/18/2019 Untitled Document
can disable TTL propagation for forwarded What are the two types of MPLS TTL
traffic, which effectively hides the internals propagation in Cisco IOS?
of the MPLS network between the CEs, but
still have locally-originated traffic
propagate the TTL in order to use tools like
traceroute internally to the MPLS network.
The LDP ID
This does not occur with the redistribute True or False: When BGP auto-summary
command and auto-summary is enabled, and the network command is
used, subnets are still injected into the BGP
table if they exist in the IP routing table.
BGP AS_PATH path attribute
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 259/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 260/355
5/18/2019 Untitled Document
. (period)
^$
^$
^123$
^asn$ where asn is the AS to be matched
^123
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 262/355
5/18/2019 Untitled Document
^123_45$
An AS_PATH beginning with AS 123,
ending in AS 45, with at least one other AS
in between What does this BGP regex match?
^123_.*_45$
An AS_PATH beginning with AS 123 with
zero or more ASNs and delimiters, and
ending with any AS whose last two digits What does this BGP regex match?
are 45 (including AS 45 itself)
^123_.*45
An AS_PATH beginning with either an
AS_SET or an AS_CONFED_SET
What does this BGP regex match?
^{
The administrative weight can be assigned
to each NLRI locally on the router, and is
not passed on in Update messages. It is set Within a single BGP AS, where can the
either directly with neighbor ip weight or Weight PA be assigned?
within a route-map.
This well-known discretionary PA can be
set on any router inside the AS, and is not
distributed outside the AS. Within a BGP AS, where can the
LOCAL_PREF value be set?
As a single ASN, regardless of the number
of ASNs in the set
Within the BGP AS_PATH, how is an
AS_SET treated with regard to bestpath
calculation?
BGP process:
bgp bestpath as-path ignore
How do you configure a router to disregard
the AS_PATH lengh when calculating the
BGP best path?
This command causes BGP to disregard the
AS_PATH length when calculating the
BGP best path What does the following command do?
BGP process:
bgp always-compare-med
How do you configure BGP to take the
MED value into consideration when
multiple routes to a single NLRI pass
through different neighboring ASNs?
If you implement this command, you
should implement it on all routers in an AS,
otherwise routing loops can occur. What is a caveat of enabling the bgp
always-compare-med command?
Ignore the MED value unless configured
with bgp always-compare-med
What is the default BGP behavior with
regard to the MED value when multiple
routes to a single NLRI pass through
different neighboring ASNs?
BGP process:
bgp bestpath compare-routerid
If a BGP router has a current best route
installed from an eBGP neighbor, but
receives an otherwise identical route from
an eBGP neighbor with a smaller RID, how
do you configure the router to accept and
use the new route?
To avoid route flaps. This behavior can be
changed with bgp besthpath compare-
routerid If a BGP router has a current route for a
prefix through an eBGP neighbor, but
This applies only to eBGP routes. iBGP receives an otherwise identical route from
routes always use the lowest RID as the another eBGP neighbor with a lower BGP
tiebreaker. RID, why is the existing route kept?
This is used when the route is coming from
a router who has multiple separate
neighbor relationships, as opposed to a What causes the lowest BGP neighbor ID
single relationship using loopback (IP address) to be used as the final best
addresses. path tiebreaker?
FFFF:FF01
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 264/355
5/18/2019 Untitled Document
FFFF:FF03
What is the value of the BGP LOCAL_AS
/ NO_EXPORT_SUBCONFED
community?
LOCAL_AS /
NO_EXPORT_SUBCONFED
What BGP community has the value
FFFF:FF03?
5 seconds
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 267/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 270/355
5/18/2019 Untitled Document
0000.0C07.AC01
VRRP group 1
0000.5E00.0101
GLBP group 1 AVF 1
0007.B40X.xxyy where Xxx is the 10-bit What does this MAC address correspond
GLBP group number, and yy is the AVF to?
number.
0007.B400.0101
0007.B40X.xxyy where Xxx is the 10-bit
GLBP group number, and yy is the AVF
number. How does GLBP addressing work?
The device being managed
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 280/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 281/355
5/18/2019 Untitled Document
LSA throttling
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 283/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 285/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 286/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 287/355
5/18/2019 Untitled Document
TCN BPDUs are necessary for downstream Why are classic STP TCN BPDUs
bridges to notify upstream bridges of a necessary?
topology change.
The switch detecting the topology change
sends a TCN BPDU on its root port toward
the designated switch. The designated How do classic STP TCN BPDUs get
switch responds back with a normal processed in the network?
configuration BPDU with the TCAck bit
set. The process repeats with the designated
switch sending a TCN BPDU on its own
root port and expecting to receive a TCAck
from it's designated bridge. When the TCN
reaches the root, the root sends out
configuration BPDUs with the TC bit set,
which then flows downstream to all
switches in the topology.
The switch becomes aware of a topology
change and reduces its CAM aging time to
the forward delay, which is 15 seconds by What is the effect of a switch running
default. classic STP receiving a configuration
BPDU with the TC bit set?
The root bridge sends out configuration
BPDUs with the TC bit set for max age +
forward delay (20+15=35) seconds. With classic STP, when the root bridge is
Downstream bridges receiving the BPDU notified of a topology change, how does it
with the TC bit set reduce their CAM aging react?
time to the forward delay.
Max Age + Forward Delay seconds
All Nodes
What is the IPv6 address FF02::1
associated with?
FF02::2
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 295/355
5/18/2019 Untitled Document
-EtherChannel
-PVLAN
0100.0C00.0000 or 0300.0C00.0000 for
Ethernet
To which addresses are ISL encapsulated
frames sent to?
Both normal and extended range
However, not all packets with the same All packets belonging to the same MPLS
label belong to the same FEC FEC have the same ___.
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 297/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 298/355
5/18/2019 Untitled Document
IKE
Port UDP 500 is associated with what
technology?
-Authentication method
-Diffie-Hellman group
-Encryption type What are the four main parameters
-Hash algorithm exchanged during IKE Phase 1?
IKE Phase 1
interface interface
crypto map name
show crypto isakmp [default] policy
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 300/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 301/355
5/18/2019 Untitled Document
Proxy ID
With IPsec, what is the "interesting" traffic
referred to as?
The ACLs must mirror each other between
peers.
When configuring ACLs to be used as
Proxy IDs for IPsec, what is the
configuration requirement of both peers?
Security Parameter Index (SPI) values
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 302/355
5/18/2019 Untitled Document
Displays type (PIM Encap or PIM Decap), How can you view information about
RP address, source address automatic PIM-SM tunnels?
This interface command can reference an
ACL to prevent state from specified
multicast groups from being installed. What is the purpose of the ip multicast
boundary command?
When an interface is configured for sparse-
dense mode, if an RP is not found for a
particular multicast group, the interface What does the command ip pim dm-
attempts to locate the multicast source via fallback do?
PIM-DM.
The default ip pim dm-fallback command
instructs the router to attempt to find the
multicast source via PIM-DM. What is the default behavior of an interface
configured for PIM sparse-dense-mode if it
cannot find the RP for a particular
multicast group?
5 / 15 seconds
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 304/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 307/355
5/18/2019 Untitled Document
show ip nhrp
How can you verify the NHRP cache?
The matched criteria should use normal
forwarding, not policy routing.
With PBR, what does a route-map deny
clause indicate?
debug ip policy
Type 8 "Link LSA" provides all the IPv6 What's the difference between an OSPF
addresses on the link Type 8 and Type 9 LSA?
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 308/355
5/18/2019 Untitled Document
One crypto map can be applied to multiple How many crypto maps can be applied on
interfaces. an interface?
One crypto map per (sub) interface.
However, one crypto map can be applied to
multiple interfaces. What is the relationship between crypto
maps and interfaces?
Crypto maps are applied to outbound
traffic on an interface, after NAT and
routing have occurred. This means static How do crypto maps interact with routing
routing and/or NAT exemption may be and NAT?
required.
Router B:
-Priority 10: Lower requirements
-Priority 20: Higher requirements
The crypto map should be applied to the
physical interface, not the tunnel interface,
for GRE over IPsec. Traffic is GRE When using crypto maps with GRE
encapsulated first, and encrypted second. tunnels, where should the crypto map be
This allows for a single Proxy ACL entry applied?
to permit GRE traffic between the
endpoints.
By applying the crypto map to the physical
interface instead of the tunnel interface,
traffic is GRE encapsulated first, and How does GRE over IPsec work?
encrypted second. This allows for a single
Proxy ACL entry to permit GRE traffic
between the endpoints.
The MTU value is not copied between
headers, so the MTU of the GRE tunnel
must be adjusted downward accordingly How does GRE over IPsec break PMTUD?
(1400 bytes is standard, with 1360 TCP
MSS).
FC00::/7 (1111 110)
Equivalent to RFC 1918 private What are IPv6 Unique Local addresses?
addressing, not routable via global BGP
Unique Local
FC00::/7
The general prefix allows multiple longer
IPv6 addresses to be defined from a single
shorter base prefix, which acts as a shortcut What is an IPv6 general prefix?
for renumbering scenarios.
Globally:
ipv6 general-prefix name prefix/length
How do you configure an IPv6 general
Example: prefix?
ipv6 general-prefix GenPfx
2001:db8:1234::/48
Interface:
ipv6 address gen-pfx-name address/length
How do you configure a more specific IPv6
Example: address based on a general prefix?
Configured general prefix:
2001:db8:1234::/48
ipv6 address GenPfx 0:0:0:5678::1/64
Results in final address
2001:db8:1234:5678::1/64
vrf upgrade-cli
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 312/355
5/18/2019 Untitled Document
translation, which allows proper routing for What is the NAT/routing order of
returning packets with translated sources. operations for outside addressing?
BFD Bidirectional Forwarding Detection
Example:
bfd interval 50 min_rx 50 multiplier 5
This causes BFD echoes to be sent at 50ms,
and BFD expects to receive the echo back
within 50ms. If five consecutive echoes are
missed, the upper-layer protocol is notified
of the failure.
show bfd neighbors
bfd all-interfaces
BFD does not detect neighbors, and relies
on the neighborship formed by upper-layer
protocols. Without the neighborship, BFD What happens if BFD is enabled, but not
is idle. registered to any upper-layer protocol?
uRPF and IP redirects must be disabled
Echo
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 314/355
5/18/2019 Untitled Document
This is controlled by various OSPF What option controls whether or not a Type
commands with the nssa-only keyword. 7 LSA is propagated to the rest of the
With the nssa-only keyword, the Type 7 OSPF domain?
LSA is not converted to Type 5 at the ABR
and remains within the NSSA.
You can reduce unicast flooding by
ensuring ARP entries time out before CAM
entries, so that the ARP table can be What is the relationship between ARP
repopulated before the CAM entires expire. entries, the switch CAM table, and unicast
flooding?
Interface:
switchport block unicast
How do you prevent a switch from
flooding unknown unicast frames?
When traffic enters a higher-speed
interface and exits a lower-speed interface
What are two common causes of traffic
When traffic from multiple ports are trying "microbursts"?
to reach a single port
When the source sets the Record Route IP
option, an empty list is created in the
header, and each router along the path adds What is the IP Record Route option?
its IPv4 address to the list.
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 315/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 316/355
5/18/2019 Untitled Document
ip nat inside source static IL IG What allows static NAT mappings of one
extendable inside local address to multiple inside
global addresses?
ip nat pool name prefix-length length
address start end
address start end How do you configure multiple address
ranges in a single NAT pool?
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 319/355
5/18/2019 Untitled Document
The IPv4 address is encoded into the final What is the IPv6 Well-Known Prefix used
32 bits. for IPv4 translation?
The IPv6 prefix can be either 32, 40, 48,
56, 64, or 96 bits in length.
How are locally-designated prefixes used
The embedded IPv4 address begins directly with NAT64?
after the prefix, with the exception of bits
64-71 which are always set to 0 (except for
the 96-bit prefix length which does not
have any null bits).
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 321/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 322/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 323/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 324/355
5/18/2019 Untitled Document
devices attached to Cisco ACI. What is the primary function of the Cisco
APIC?
The traffic transit point where a packet is
captured and associated with a buffer, such
as the IPv4/IPv6 CEF switching path with What is the EPC capture point?
interface input and output.
A capture buffer and a capture point need
to be defined. The capture point should be
associated with the capture buffer. What are the two requirements for
configuring EPC?
-Create the buffer (traffic to be captured)
-Define the capture point
-Associate the capture point with the buffer What are the four major steps of capturing
-Start the capture point (and optionally data with EPC?
stop)
monitor capture buffer name options
options include clearing or exporting the How do you configure an EPC capture
buffer, filtering, and limiting by duration, buffer?
packet count, packets per second, and size
CEF:
monitor capture point {ip | ipv6} cef
name interface {in | out | both} How do you configure an EPC capture
point?
Process Switched:
monitor capture
point {ip | ipv6} process-switched name
{in | out | both | from-us}
monitor capture point associate capture-
point-name capture-buffer-name
How do you configure an EPC association?
monitor capture point start {capture-
point-name | all}
How do you activate an EPC session?
Stop the capture with the same command,
replacing start for stop
monitor capture buffer name export
location
How do you export an EPC session?
An applet is a form of policy defined
within the CLI configuration
What is the difference between an EEM
A script is a form of policy written in TCL applet and an EEM script?
Event Detector, of which there are multiple
types (CLI event, IP SLA event, Syslog
event, etc). What is the EEM component that monitors
the system for particular conditions?
EEM Actions, such as executing particular
CLI commands, sending an email,
generating SNMP trap, etc. What is the EEM response to a detected
event?
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 325/355
5/18/2019 Untitled Document
The SoO can also be configured via peer How do you configure a BGP Site-of-
groups and policy templates. Origin (SoO) value?
EIGRP SoO is used for per-site VPN
filtering:
-MPLS VPNs with backdoor links What are the general use cases for the
-CE routers dual-homed to different PE EIGRP Site-of-Origin (SoO) feature?
routers
-PE routers that support CE routers from
different sites in the same VRF
PIMv1 uses IGMP for transport
PIMv2 uses IP Protocol 103
What is the difference between PIMv1 and
PIMv2 with regard to transport?
PIMv2 is required
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 326/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 327/355
5/18/2019 Untitled Document
FF01::/16 Node-local
FF02::/16 Link-local
FF05::/16 Site-local What are the five IPv6 multicast scopes?
FF08::/16 Organization-local
FF0E::/16 Global
FF01::/16
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 330/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 331/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 332/355
5/18/2019 Untitled Document
You then define interesting traffic with With Cisco Performance Monitor, how do
match and what particular statistics to you configure a flow record?
collect with collect
flow monitor type performance-monitor
The flow monitor is used to associate a With Cisco Performance Monitor, how do
flow record with a flow exporter you configure a flow monitor?
policy-map type performance-monitor
The policy-map associates the class with a With Cisco Performance Monitor, how do
flow monitor you configure a performance monitor
policy?
Associate the performance monitor policy
with an interface:
service-policy type performance-monitor What is the final step in implementing
Cisco Performance Monitoring?
0 CS0 / Routine
8 CS1 / Priority
16 CS2 / Immediate What are the decimal values for the
24 CS3 / Flash corresponding eight Class Selector / IP
32 CS4 / Flash Override Precedence values?
40 CS5 / Critical
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 333/355
5/18/2019 Untitled Document
NIC-F-FIPR
MPP restricts the interfaces and protocols
for which remote administration can be
performed. Management protocols not What is Cisco Managment Plane Protection
permitted by the MPP policy, or received (MPP)?
on a non-mangement interface, are
dropped.
control-plane host
management-interface interface allow
protocol1 protocol2... How do you configure Management Plane
Protection (MPP)?
Example:
management-interface g0/1 allow ssh
snmp
System IDs must be unique within an area
for L1 adjacency, and must be unique
within the domain for L2 adjacency. What is the requirement of IS-IS System
IDs for router adjacencies?
IS-IS will not establish an adjacency
between two routers with the same System
ID.
-If IPSec then check input access list
-decryption
-check input access list What is the order of operations for NAT
-check input rate limits inside-to-outside translation?
-input accounting
-redirect to web cache
-policy routing
-routing
-NAT inside to outside (local to global
translation)
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 335/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 336/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 337/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 338/355
5/18/2019 Untitled Document
Restrict: discard offending traffic, log, What's the difference between the
SNMP trap, increment SecurityViolation switchport port security violation modes?
counter
When set to 0, the detected CLI command With EEM, when using synchronous
is skipped. When set to 1, the CLI processing, what determines if the CLI
command is executed. event is executed or not?
0900.2B00.0005
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 341/355
5/18/2019 Untitled Document
vrf-lite command disables the PE checks, When do you need to use the OSPF
causing the router to ignore the DN bit and capability vrf-lite command?
domain tag present in any LSAs.
2-byte Type field
Administrator field
Assigned number field What are the three fields of a Route
Distinguisher?
Type 0: ASN:nn
Type 1: IP:nn
Type 2: 4-byte ASN:nn What are the three types of Route
Distinguisher?
ASN:nn where ASN is a 16-bit value, and
nn is a 32-bit value
What is the format of the Type 0 RD?
IP:nn where IP is a 32-bit value, and nn is a
16-bit value
What is the format of a Type 1 RD?
4-byte ASN:nn where ASN is a 32-bit
value, and nn is a 16-bit value
What is the format of a Type 2 RD?
AS_TRANS, which is used by BGP router
supporting 4-byte ASNs to peer with BGP
routers that only support 2-byte ASNs. What is another name for BGP ASN
23456?
AS4_PATH, which is used if any of the
ASNs in the path are newer 4-byte ASNs
What are the new optional transitive BGP
AS4_AGGREGATOR may also be present PAs used to support 32-bit ASN?
The router supporting only 2-byte ASNs
peers with ASN 23456
How does a BGP router supporting only 2-
byte ASNs peer with one that has a 4-byte
ASN?
asplain is the default format, where the
ASN is a 32-bit decimal value
What is the default BGP 4-byte ASN
BGP process: display format in Cisco IOS, and how do
bgp asnotation dot you change it?
minimum of one second, and never sub- Fast Hellos to detect a failed link in less
second as in the case of BFD. than one second?
Interface: isis password
Area: area-password
Domain: domain-password What are the three methods of plaintext
authentication in IS-IS?
Interface:
isis password password [level-1 | level-2]
How do you configure plaintext
If not specified, the password is used for authentication for IS-IS hellos?
both levels.
IS-IS process:
area-password password
How do you configure plaintext
authentication for IS-IS L1 LSPs, CSNPs,
and PSNPs?
IS-IS process:
domain-password password
How do you configure plaintext
authentication for IS-IS L2 LSPs, CSNPs,
and PSNPs?
Infinite
The metric must be set during What is the default seed metric of routes
redistribution or with the default-metric redistributed into EIGRP if the source
command. protocol does not have a compatible metric,
such as RIP and OSPF?
The two routers are considered to be in
different areas, and with the default setting
of L1/L2, a L2 IS-IS adjacency is formed. What type of IS-IS neighbor adjacency is
formed between two routers connected to
the same IP subnet where the NET of one
router is 45.1234.000a.0003.00 and the
other is 49.4567.0000.0000.000b.00 when
all other settings are at their defaults on
Cisco IOS?
With multi-host mode, you can attach
multiple hosts to a single 802.1X-enabled
port. Only one of the attached supplications How does 802.1X multi-host mode work?
must be authorized for all supplicants to be
granted access. If the port becomes
unauthorized for any reason, access is
denied to all attached supplicants.
A 64-bit header used by an IPv6 source to
indicate that a packet exceeds the path
MTU size. What is the IPv6 fragment header?
LMP Link Management Protocol
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 347/355
5/18/2019 Untitled Document
RTC allows a PE to signal to an internal Within the context of MPLS, what is RTC?
route reflector only the prefixes it needs.
Normally, the RR sends all VPNv4 prefixes
to the PE, even if it will never import some
of the available route targets.
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 348/355
5/18/2019 Untitled Document
The first three bits correspond to the queue What is common across all Assured
class (1 - 4) Forwarding PHBs when their values are
represented as binary?
The fourth and fifth bits correspond to the
drop priority (1 - 3)
A non-transitive extended community that
can be passed between iBGP and
Confederation peers to influence the path What is the BGP cost community?
selection when multiple ECMPs exist, with
the lowest cost community being preferred.
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 349/355
5/18/2019 Untitled Document
others do not. Verify keepalives are enabled What is a troubleshooting issue you should
on both sides with the keepalive command verify when using Virtual Templates on
under the Virtual Template configuration. both ends of a link?
Communication between two unnumbered
interfaces
With PPP, what is the no peer neighbor-
route command designed for?
debug ip packet and debug interface
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 351/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 352/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 353/355
5/18/2019 Untitled Document
https://neckercube.com/CCIE_RSv5.1_neckercube.com.htm 355/355