The Online CCNP ROUTE 642-902 Exam Guide No filler No hype Exam-focused “A portable, comprehensive guide with everything you need to get up to speed and pass the ROUTE Exam - the first time.” www.ccnpguide.com 1|Page Introduction I started www.ccnpguide.com as a way for me to capture technical notes as I prepared for the three major CCNP Exams – SWITCH, ROUTE, & TSHOOT As I began sharing my notes with the world, I immediately started to receive feedback on the SWITCH exam’s focus areas and how difficult it was What I realized was that the exam prep resources available (read: Cisco Press Books) were not even covering all of the exam topics, including some that you were required to configure in live simulation scenarios First-time fail rates seemed normal and a big part of that was because the some of the simulation scenarios required you to know some extremely specific protocol configuration details that most network professionals just wouldn’t know off the top of their heads I began to tailor my notes to include topics that were not being covered in “official” exam guides and trimmed down those that just were not necessary The feedback was overwhelmingly positive from the online community! The problem is, of course, that the notes were not formatted well for off-line consumption and didn’t include enough lab/scenario-based examples This guide is an answer to the countless requests to create a portable, comprehensive, and exam-focused ROUTE prep guide I’ve refined the online notes even more to focus exclusively on exactly what you Cisco expects you to know on exam day I have also included a Simulation Scenarios section at the end Lastly, Exam Takeaway notes are scattered throughout the guide to help connect you with the most important topics and study suggestions Here’s my recommendation Read through this manual a few times and make sure you understand each chapter Pay close attention to the Exam Takeaway notes and take them seriously After you feel comfortable with the details in each chapter, go to the Simulation Scenarios section and run through the three scenarios until you can solve them off the top of your head That may mean running through them ten times each, but trust me – you’ll thank me when you sit for the test If you have questions, exam feedback, or want to reach out to me directly - shoot me an email at aaron@ccnpguide.com I promise you’ll get a response Best of luck Aaron 2|Page Routing Basics EIGRP 12 OSPF 38 Route Redistribution & Filtering 65 BGP 73 VPNs & IPSec 89 IPv6 94 Simulation Scenarios 108 ROUTE Shortcuts 3|Page Routing Basics 4|Page Static Routes In order for routers to forward packets to remote networks, they must know how to reach them There are two options: static or dynamic routes Static routes are manually configured on each router They are used for a couple of reasons: • • where there is only a single path to a network (a.k.a stub network) when connecting to an ISP and configuring it as a default (static) route There are a number of problems with implementing static routes network-wide Some include: • • • failure to scale well does not automatically react/recover to changes in the network tedious to configure for large networks (see point 1) To configure a static route: R1(conf)# ip route prefix mask address|interface [distance] The prefix and mask is the destination network and subnet mask You can use address to define the IP address of the next hop towards the destination network or specify a local router interface that the router will use to send traffic out to the destination network The optional distance descriptive can be used to manually define the administrative distance for the route 5|Page Static Default Routes One of the most common uses of static routes is for creating a default route There are often cases when you want to forward packets that is not defined in a specific route out an interface or towards another router A common example is when connecting to an ISP If traffic is destined for an address range not defined within your organization (i.e your coworker’s Facebook updates), then it makes sense to configure a default route towards your ISP or other organization To configure a static default route: R1(conf)# ip route 0.0.0.0 0.0.0.0 address|interface Floating Static Routes There are some circumstances when it makes sense to use a static route as a backup to a dynamic routing protocol In order for this to work, however, the default administrative distance value on the static route must be raised so it will have a lower priority than the dynamic routing protocol (see administrative distance section below) Dynamic Routing Dynamic routing protocols can dynamically respond to changes in the network The routing protocol is configured on each router and the routers learn about both each other and remote networks Examples of modern dynamic routing protocols include: 6|Page • • • • • RIP v1,2 (ok, maybe this isn’t very “modern”) EIGRP IS-IS OSPF BGP Distance Vector vs Link-State Distance Vector When routers run a distance vector dynamic routing protocol, they periodically send information about their known routes to their connected neighbors This is how the router knows whether changes have been made to the network They compare their routing table against the information they receive from their neighbors – if it matches, their good If not, they update their routing tables to reflect the changes RIP is an example of a distance vector routing protocol Link State Link state routing protocols operate differently Routers send information about the state of their links to the entire network (or area) that they are a part of In this way, each router understands the entire network topology and must run an algorithm every time a network change is announced to recalculate the best routes throughout the network This makes link state routing protocols much more processor intensive The second major difference in link state routing protocols is that updates are only sent is a change on a router’s link occurs This helps keep bandwidth utilization low, unlike distance vector protocols which send out reoccurring updates regardless if a change has occurred 7|Page OSPF and IS-IS are examples of a distance vector routing protocols Advanced Distance Vector This is the tile Cisco gives to EIGRP, which borrows the best attributes of both distance vector and link state designs EIGRP does not send periodic route information, instead it sends updates only when changes occur (like link state protocols) Also, EIGRP forms neighbor relationships with its directly connected peers and only updates them – not the entire network (like distance vector protocols) Classful Concepts IP routing protocols are either classful or classless and that determines how they present route information Classful Classful routing protocols (like RIPv1) not include the subnet mask in routing updates When an update is sent, the packet contains only the major network information depending on whether it is a class A,B, or C address For example, a route to network 172.16.10.0/24 would be advertised as 172.16.0.0/16 because its classful boundary is a class B address Obviously if you have broken your major network boundaries up into smaller subnets that are more granular than the major classful boundaries, this will not work well and that’s the reason almost all modern routing protocols are classless 8|Page Classeless Classless routing protocols (like RIPv2, EIGRP, OSPF, IS-IS, and BGP) include the subnet mask in routing updates allowing for VLSM support and supernetting Administrative Distance Routers need a way of determining which path to use to a destination network if two or more routing protocols are in use and both advertise a route Administrative distance is Cisco’s answer Cisco has assigned an administrative distance (AD) to each routing protocol that outlines which protocol a router will prefer The AD values can be between and 255 with the lowest values being used for routing Default AD values : 9|Page For example, if router R1 receives a route to network 10.10.10.200.0 from both EIGRP and a OSPF, the router will compare the administrative distance of the EIGRP learned route (90), to that of OSPF (110) The router will then add EIGRP’s route to the routing table because its AD is lower (90 < 110) Summary 10 | P a g e Static NAT-PT For an IPv6 to IPv4 static mapping: R1(config)# ipv6 nat v6v4 source ipv6_address ipv4_address For an IPv4 to IPv6 static mapping: R1(config)# ipv6 nat v4v6 source ipv4_address ipv6_address Dynamic NAT-PT There are many ways to implement dynamic NAT using IPv6, but at its most basic level a pool of addresses is created and the router temporarily assigns them to hosts as they need them For an IPv4 to IPv6 static mapping: R1(config)# ipv6 nat v4v6 pool name begining_ipv6 ending_ipv6 prefix-length prefix-length R1(config)# ipv6 nat v4v6 source list (access-list_number | name) pool name For an IPv6 to IPv4 static mapping: R1(config)# ipv6 nat v6v4 pool name begining_ipv4 ending_ipv4 prefix-length prefix-length R1(config)# ipv6 nat v6v4 source list (access-list_number | name) pool name 107 | P a g e ROUTING SIMULATION SCENARIOS 108 | P a g e EIGRP/OSPF Redistribution Simulation Example: PROBLEM In this scenario, routers R2 and R3 need to be configured for redistribution between their repective EIGRP and OSPF Autonomous Systems Only R2 and R3 can be configured and the traffic path from R1 to the 10.1.1.0 network should use the links with the greatest bandwidth When completed, router R1 should be able to ping a host in the 10.1.1.0/24 network 109 | P a g e SOLUTION First we need to find out parameters (Bandwidth, Delay, Reliability, Load, MTU) of the s1/1 interface (the interface of R2 connected to R4) for redistribution : R2# show interface s1/1 Now write down these parameters, notice that we have to divide the Delay by 10 because its metric unit is tens of microsecond For example, if we get: Bandwidth=1544 Kbit Delay=20000 us Reliability=255 Load=1 MTU=1500 bytes …then we would redistribute as follows: R2#config terminal R2(config)# router ospf R2(config-router)# redistribute eigrp 200 metric-type subnets R2(config-router)# exit R2(config-router)# router eigrp 200 R2(config-router)# redistribute ospf metric 1544 2000 255 1500 110 | P a g e For R3 we use the show interface fa1/1 to get the same parameters R3# show interface fa1/1 For example we get Bandwidth=10000 Kbit, Delay=1000 us, Reliability=255, Load=1, MTU=1500 bytes Now let’s configure it the same way we did R2: R3#config terminal R3(config)#router ospf R3(config-router)#redistribute eigrp 200 metric-type subnets R3(config)#exit R3(config-router)#router eigrp 200 R3(config-router)#redistribute ospf metric 10000 100 255 1500 Verification Perform a “show ip route” on R1 to see the 10.1.1.0/24 network (the network behind R4) in the routing table Next, ping from R1 to the network to validate the connectivity Finally perform a traceroute on R1 to the fa1/1 interface of R1 to make sure the traffic is going form R1-R2-R3-R4 This fulfills the “highest bandwidth” requirement – using the Fast Ethernet links instead of the Serial connection 111 | P a g e IPv6 OSPF Virtual Link Simulation Example: PROBLEM In this scenario, two organizations have merged and need to connect their core routed networks Luckily, both have already implemented IPv6 routing using OSPF, but their area numbers not fit together well You have been tasked with getting their core OSPF routers up and running using their current area configuration until a full redesign can be performed Currently, R4’s loopback address cannot be seen in R1’s routing table (and vice-versa) 112 | P a g e SOLUTION You should know by now that in OSPF, all areas must connect back to the backbone area (area 0) In this case, that isn’t an option because the directions specifically ask us not to change the current area assignments The solution? A virtual link! We can configure area as a transit area for area using the area virtual-link command R2> enable R2# configure terminal R2(config)# ipv6 router ospf R2(config-rtr)# area virtual-link 3.3.3.3 (Notice that we have to use neighbor router-id 3.3.3.3, not R2′s router-id 2.2.2.2) Now onto R3: R3> enable R3# configure terminal R3(config)# ipv6 router ospf R3(config-rtr)# area virtual-link 2.2.2.2 113 | P a g e That’s all there is to it! Verification To verify that R1 has a route to R4’s loopback interface, use the show ipv6 route command on R1 114 | P a g e OSPF Simulation Example: PROBLEM Sharky’s Surf ‘n Turf is a fast-growing corporate seafood establishment and needs your help A new HQ office was recently constructed with connectivity provided by router R1 Your task is to configure and verify connectivity between the current HQ headend router (R2) and the new location (R1) The physical cabling between R1 and R2 has been completed, but the configuration of OSPF Area needs to be completed to include ONLY R1 s1/0 and R2 s1/1 The mask should be configured to allow only the two interfaces to participate in the OSPF area Also, Area should be configured in a way so that it does not receive any inter-area or external routes (except default routes) The interfaces have already been configured with the IP addresses shown in the diagram 115 | P a g e SOLUTION Let’s start with R1 There are two primary considerations in this scenario First, Area must be configured to include only R1 and R2’s interfaces The network that the circuit is using is /30, meaning we need to use a wildcard mask for the OSPF area that reflects that /30 address range 0.0.0.3 will just that! R1#config terminal R1(config)# router ospf R1(config-router)# network 192.168.4.40 0.0.0.3 area The second major consideration for this scenario is that Area should be configured in a way so that it does not receive any inter- area or external routes (except default routes) That’s code for a totally stubby area In this case, R1 needs to have the stub command applied R1(config-router)# area stub R1(config-router)# exit Moving on to R2 The same network wildcard must be applied to R2: R1#config terminal R1(config)# router ospf R1(config-router)# network 192.168.4.40 0.0.0.3 area 116 | P a g e R1(config-router)# area stub no-summary R1(config-router)# exit Notice the area stub no-summary command R2 is the ABR, so if we want Area to be a totally stubby area then we need to use the no –summary command here That’s it! Fairly simple, but VERY important practice for the exam 117 | P a g e Policy-Based Routing Simulation Example: PROBLEM You’ve been tasked with providing a routing policy solution to a new web-startup company They have heavy outbound HTTP traffic loads and want to use a dedicated frame relay circuit to carry it Configure router PBR in such a way that all HTTP traffic traverses the frame relay link to ISP A if the link is up All other traffic can go through either link Only router PBR can be configured and due to network policies, static routes and default routes are not allowed 118 | P a g e 119 | P a g e SOLUTION First we need to create an access list that defines the web traffic PBR(config)# access-list 101 permit tcp any any eq www A source of “any” is used to capture all EIGRP network sources Now we create a route map that sets the next-hop for the web traffic PBR(config)# route-map PBR permit 10 PBR(config-route-map)# match ip address 101 PBR(config-route-map)# set ip next-hop 10.1.1.1 PBR(config-route-map)# exit PBR(config)# route-map PBR permit 20 PBR(config-route-map)# exit Notice that the first statement sets the next-hop address for the HTTP traffic and the following route map line (20) allows any other traffic through unmodified If line 20 wasn’t used, the implicit deny would drop any non-web traffic Last step is to apply the route map to the internal-facing interface on router PBR PBR(config)# int fa0/1 PBR(config-if)# ip policy route-map PBR PBR(config-if)# exit PBR(config)# exit Verification 120 | P a g e On a host in the internal EIGRP network, generate HTTP traffic destined for the internet Next, use the show route-map command to verify that packets are being matched against the new filter PBR# show route-map You should see something like “Policy routing matches: 12 packets…” in the output if your configuration is correct 121 | P a g e ... 10.1.3.0 /24 , successors, FD is 156160 via 10.1.100.3 (156160/ 128 256), FastEthernet0/0 P 10.1 .2. 0 /24 , successors, FD is 156160 via 10.1.100 .2 (156160/ 128 256), FastEthernet0/0 via 10.1 .20 0 .2 (22 97856/ 128 256),... 10.1.100.0 /24 , successors, FD is 28 160 via Connected, FastEthernet0/0 P 10.1 .20 0.0 /24 , successors, FD is 21 724 16 via 10.1.100.1 (21 724 16 /21 69856), FastEthernet0/0 via 10.1.100 .2 (21 724 16 /21 69856),... Address Interface Hold Uptime SRTT RTO Q Seq 23 | P a g e 10.1.100 .2 10.1.100.1 Fa0/0 Fa0/0 (sec) (ms) 13 00: 12: 23 737 14 00: 12: 29 535 Cnt Num 4 422 21 321 0 22 show ip eigrp topology Displays the output