The CCIE RS coaching is done at CCIE coaching colleges, which has tutors, lecturers, and boot camps. Inside the CCIE, you can find six tracks, specifically, Storage Networking, Voice and Wireless, Routing & Switching, Service Provider, and Security. This examination is considered to be rather tough and excellent one to clear, providing you with technical experience and dedication. This also makes you a member of an exclusive group of pros, makes your resume look grand, and will increase your credibility.

Moving forward in career may be the ambition of most IT gurus. CCIE RS coaching will provide the platform to supply a bonus within just the job market.  Once you begin in search of higher opportunities in or exterior your company, the CCIE certification will provide help to attain your objective simply on this aggressive earth.

You'll have many reasons for taking CCIE RS coaching; getting excessive salary could possibly be considered one of them. Getting this certification will not be a simple work; it takes years, sometimes, to clear the exams. It takes eighteen months and a whole bunch of dollars to clear this examination, that's why there's large marketplace for such licensed specialists. The plus side to it really is that, with such limited certified professionals and high demand for them, the salaries supplied are truly high.

After receiving the CCIE RS coaching, you might be imagined of to be an knowledgeable in the networking field. Subsequently, if a tough scenario arises, you might be at all times called in to settle the problem. When you will have this certification, you may be acknowledged worldwide for having high qualification inside of the networking and technology industry.

It can be essential to understand the general means of CCIE RS coaching examination, so that you will understand the form of schooling which can be needed. This examination consists of two principal elements, the written, and the lab exam. The written half is of two hours size containing a number of-choice question. You'll be able to sit for the lab examination only if you are successful in the written exam.  The lab examination is an eight-hour one that can take a look at your capacity to put collectively networking and software equipment and your troubleshooting ability.  Three years are offered for passing the lab examination, after which you really want to reappear for the written exam before continuing for the lab exam again.

A lot of the candidates showing for any CCIE RS workout examination do not go on the first attempt. Nonetheless, there is fairly a high price of success inside the second attempt. To enhance the probabilities of success in this exam, you should research the subjects that are exam specific. One essential issue to be kept in thoughts is that, after receiving this certificate, you should recertify each two years.

Consider mastering concerning the expertise in every area as listed inside the Cisco blueprint. It really is recommended to have not less than four hundred hours of lab follow making use of a simulated gear as a solution to succeed inside of the CCIE security lab examination. Dedicate a part of your day in mastering every topic. You'll find various study materials obtainable available in the market for better understanding of the subjects talked about within the blueprint of Cisco. They assist you to in making ready yourself by way of the aid of structured software. You'll be able to spend money on a good workout application, which lets you improve your degree of expertise.

You can go for online schooling packages from reputed corporations, which provide observe assessments and different helpful services to enhance your skills. CCIE safety can be utilized as a ladder in the direction of success. It is usually accepted as a recognized certification plan in the networking industry worldwide. A CCIE in security will open the gateway towards a shiny career.

Router1#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router1(config)#interface Serial0/0

Router1(config-if)#backup delay 0 300

Router1(config-if)#backup interface BRI0/0

Router1(config-if)#encapsulation frame-relay

Router1(config-if)#down-when-looped

Router1(config-if)#exit

Router1(config)#interface Serial0/0.1 point-to-point

Router1(config-subif)#ip address 10.1.1.10 255.255.255.252

Router1(config-subif)#frame-relay interface-dlci 50

Router1(config-subif)#exit

Router1(config)#interface BRI0/0

Router1(config-if)#ip address 10.1.99.55 255.255.255.0

Router1(config-if)#encapsulation ppp

Router1(config-if)#dialer idle-timeout 300

Router1(config-if)#dialer map ip 10.1.99.1 name dialhost broadcast 95551212

Router1(config-if)#dialer load-threshold 50 either

Router1(config-if)#dialer-group 1

Router1(config-if)#isdn switch-type basic-ni

Router1(config-if)#isdn spid1 800555123400 5551234

Router1(config-if)#isdn spid2 800555123500 5551235

Router1(config-if)#ppp authentication chap

Router1(config-if)#ppp multilink

Router1(config-if)#exit

Router1(config)#dialer-list 1 protocol ip permit

Router1(config)#end

Router1#

In this example, the primary WAN interface is a Frame Relay connection. However, this would work just as well on just about any kind of interface. The main reason why we used Frame Relay is to show that you have to put the backup commands on the physical interface, not on any subinterfaces or virtual interfaces. If this router loses physical signaling on the serial interface, it will automatically bring up the dial backup. The key to this configuration method is the backup command, which you associate with the primary interface:

Router1(config)#interface Serial0/0

Router1(config-if)#backup delay 0 300

Router1(config-if)#backup interface BRI0/0

In this case, you can see that the backup interface for this serial port is the ISDN interface, BRI0/0. We also included a backup delay command, which specifies two times. The first parameter tells the router how long it should wait before bringing up the backup after it loses signals on this primary interface. In this case, we don't want to wait. If there is a failure, we want the backup to activate immediately. However, in some cases, you might want to delay slightly to save money on backup charges in case the primary comes back again right away. So, if you wanted to wait 15 seconds before dialing, you could configure it like this:

Router1(config-if)#backup delay 15 300

The second number tells the router how long to wait after the primary recovers before dropping the dial connection. In Frame Relay in particular, it can take a minute or more after you see physical signals before there is end-to-end connectivity. So it is important to keep the backup link active until everything has stabilized. Also, sometimes a link will bounce up and down if there are electrical problems. Specifying a sensible delay before dropping the backup link ensures helps with link stability.

We have also included the down-when-looped command on the primary interface:

Router1(config)#interface Serial0/0

Router1(config-if)#down-when-looped

The dial backup will only trigger if this interface line protocol is in a down state. Normally, when you put a circuit into a loopback state for testing, the router considers the interface to be in an up state, but looped. However, in this diagnostic state the circuit will not pass any data. So, by configuring down-when-looped, we ensure that the backup will trigger if somebody runs a loopback test (perhaps unintentionally) on the primary circuit.

In general, we don't recommend using the backup interface method for dial backup. There are many types of WAN problems in which you will lose IP connectivity, but you don't lose physical signaling on the interface. For example, in the Frame Relay case again, there could be a problem in the cloud that causes you to lose your virtual circuit. Or you might be connected to a faulty network termination device that keeps signals active even though it doesn't have a real connection.

There is another important disadvantage to using the backup interface method. The router keeps backup interfaces disabled until it needs to dial. This causes two problems.

First, it means that you have to wait longer to dial because the router has to first establish physical connectivity with the backup network. In the case of ISDN, this can take 1015 seconds.

The second problem is that, with ISDN interfaces, you lose the ability to see the state of the ISDN connection. Normally, if an ISDN interface is connected but not dialed, you can use the show isdn status command to verify that it is talking to the carrier's switch correctly. However, since the backup interface is disabled with the method shown in the current recipe, you can't easily verify that your backup circuit is working without failing the primary circuit.

There is actually an interesting way to get around this last problem, though. Instead of making your backup interface be a physical interface like an ISDN port, as we did in this example, you could make the backup interface be a dialer interfac. In this case, the dialer interface will remain down when the primary is working, but the ISDN interface will still be up. And this means that you will be able to use the various show isdn commands, as you can with the other methods.

There is one interesting extra option to the backup interface configuration that can be useful in some situations. In addition to triggering the backup circuit when the primary circuit fails, you can configure the router to trigger the backup circuit when the load on the primary circuit gets heavy. This is a form of bandwidth on demand:

Router1(config)#interface Serial0/0

Router1(config-if)#backup load 75 25

This command trigger the dial backup when the load on the primary interface rises about 75 percent, and deactivates it when the load drops below 25 percent.

Note, however, that to be really useful as additional bandwidth, you have to make sure that the routing over this new connection makes sense. In particular, it doesn't really help much unless the routing protocol sees the two paths as equal and shares the load between them. This will generally require some careful metric tuning in your routing protocol or use of the unequal cost load-sharing features available in some routing protocols. It also may require that the dial backup circuit terminates on the same router as the primary circuit to ensure that two-way load sharing works properly.

First, it is only available on point-to-point links between routers. This includes point-to-point subinterfaces on ATM and Frame Relay PVCs, as shown in the example. The feature is also available on PPP and HDLC Serial connections. It cannot be used on any multiple access media, including Ethernets, or multipoint subinterfaces.

Second, it can't be used with any virtual templates or frame map statements. It cannot be used with either Frame Relay or ATM SVCs.

Third, it must be enabled on both ends of each link or PVC. This doesn't necessarily mean that both routers must run the same IOS version, however, as long as the AutoQoS feature is available on both routers.

Fourth, you should disable any other service policies or access-groups on the router, even if they are associated with different interfaces.

And finally, you must ensure that CEF is enabled for this feature to work.

AutoQoS for VoIP was introduced in IOS Version 12.2(15)T. This command is actually a macro that adds a series of commands to your router's configuration. You can use the show auto qos command to see exactly what it has added:

Router1#show auto qos

 !

 policy-map AutoQoS-Policy-UnTrust

  class AutoQoS-VoIP-RTP-UnTrust

   priority percent 70

   set dscp ef

  class AutoQoS-VoIP-Control-UnTrust

   bandwidth percent 5

   set dscp af31

  class AutoQoS-VoIP-Remark

   set dscp default

  class class-default

   fair-queue

 !

 ip access-list extended AutoQoS-VoIP-RTCP

  permit udp any any range 16384 32767

 !

 ip access-list extended AutoQoS-VoIP-Control

  permit tcp any any eq 1720

  permit tcp any any range 11000 11999

  permit udp any any eq 2427

  permit tcp any any eq 2428

  permit tcp any any range 2000 2002

  permit udp any any eq 1719

  permit udp any any eq 5060

 !

 rmon event 33333 log trap AutoQoS description "AutoQoS SNMP traps for Voice Drops" owner AutoQoS

 rmon alarm 33333 cbQosCMDropBitRate.1169.1171 30 absolute rising-threshold 1 33333 falling-threshold 0 owner AutoQoS

Serial0/0.1: DLCI 904 -

 !

 interface Serial0/0

  frame-relay traffic-shaping

 !

 interface Serial0/0.1 point-to-point

  frame-relay interface-dlci 904

   class AutoQoS-FR-Se0/0-904

 !

 map-class frame-relay AutoQoS-FR-Se0/0-904

  frame-relay cir 1544000

  frame-relay bc 15440

  frame-relay be 0

  frame-relay mincir 1544000

  service-policy output AutoQoS-Policy-UnTrust

Router1#

Clearly, this little macro has done a lot of work, and in fact this command output doesn't show the class-maps that were created at the same time! Let's examine what it did. First, it created a policy-map called AutoQoS-Policy-UnTrust, which allocates up to 70% of the bandwidth on this link to voice traffic and another 5% to VoIP control packets. It also sets the DSCP values for these traffic streams, overriding whatever values were previously in the packets. All other traffic is configured to use weighted fair-queuing (WFQ).

Then, skipping over the access-lists, whose purpose is fairly clear, the macro has created an RMON rule that will automatically send an SNMP trap every time the router is forced to drop a voice packet. You can then use these trap logs to determine if the queuing parameters are appropriate. If you find that you are dropping a lot of packets, then you may need to increase your bandwidth to reduce congestion.

And finally, it has implemented Frame Relay Traffic Shaping to ensure that the router doesn't attempt to overrun the CIR for the PVC. This is a critical consideration because, by default, the router will assume that it can transmit at wire speed on each PVC individually. So if you have several PVCs on a single physical circuit, it will allow any of them to burst to the full bandwidth capacity of the interface, possibly over-running the CIR of the PVC. As a result, even with the best queuing strategy on the router, you could find yourself dropping packets in the frame cloud.

The AutoQoS for the Enterprise feature was introduced in IOS Version 12.3(7)T. It classifies traffic into 10 categories, which are listed in Table 11-2. Note that if the discovery feature doesn't see any traffic of a particular type, then AutoQoS will not create a corresponding class on the router.

We enabled auto discovery QoS on both ends of a Frame-Relay PVC, ran some traffic through the link and then looked at the output of the show auto discovery qos command to see what the router suggested for a QoS policy:

Router1#show auto discovery qos

Serial0/0.1

 AutoQoS Discovery enabled for applications

 Discovery up time: 3 minutes, 41 seconds

 AutoQoS Class information:

 Class Voice:

  No data found.

 Class Interactive Video:

  No data found.

 Class Signaling:

  No data found.

 Class Streaming Video:

  No data found.

 Class Transactional:

  Recommended Minimum Bandwidth: 1 Kbps/<1% (AverageRate)

  Detected applications and data:

  Application/       AverageRate        PeakRate           Total

  Protocol           (kbps/%)           (kbps/%)           (bytes)

  -----------        -----------        --------           ------------

  telnet             1/<1               32/2               53404

 Class Bulk:

  No data found.

 Class Scavenger:

  No data found.

 Class Management:

  Recommended Minimum Bandwidth: 1 Kbps/<1% (AverageRate)

  Detected applications and data:

  Application/       AverageRate        PeakRate           Total

  Protocol           (kbps/%)           (kbps/%)           (bytes)

  -----------        -----------        --------           ------------

  snmp               1/<1               11/<1              50245

 Class Routing:

  Recommended Minimum Bandwidth: 0 Kbps/0% (AverageRate)

  Detected applications and data:

  Application/       AverageRate        PeakRate           Total

  Protocol           (kbps/%)           (kbps/%)           (bytes)

  -----------        -----------        --------           ------------

  icmp               0/0                8/<1               11432

  eigrp              0/0                0/0                6016

 Class Best Effort:

  Current Bandwidth Estimation: 3 Kbps/<1% (AverageRate)

  Detected applications and data:

  Application/       AverageRate        PeakRate           Total

  Protocol           (kbps/%)           (kbps/%)           (bytes)

  -----------        -----------        --------           ------------

  http               3/<1               33/2               84777

  unknowns           0/0                0/0                184

Suggested AutoQoS Policy for the current uptime:

 !

 class-map match-any AutoQoS-Transactional-Se0/0.1

  match protocol telnet

 !

 class-map match-any AutoQoS-Management-Se0/0.1

  match protocol snmp

 !

 policy-map AutoQoS-Policy-Se0/0.1

  class AutoQoS-Transactional-Se0/0.1

   bandwidth remaining percent 1

   random-detect dscp-based

   set dscp af21

  class AutoQoS-Management-Se0/0.1

   bandwidth remaining percent 1

   set dscp cs2

  class class-default

   fair-queue

Router1#

As you can see, we didn't let the discovery phase run for very long, and consequently did not discovery very many types of traffic. The router saw no traffic in the Voice, Interactive Video, Telephony Signaling, Streaming Video, Bulk, or Scavenger classes. But it did see some TELNET traffic in the Transactional class, some SNMP traffic in the Network Management class, as well as some Routing Protocol and Best Efforts traffic. Note that the command output includes average and peak rate traffic statistics, which the router will use to help determine queuing parameters:

Class Best Effort:

  Current Bandwidth Estimation: 3 Kbps/<1% (AverageRate)

  Detected applications and data:

  Application/       AverageRate        PeakRate           Total

  Protocol           (kbps/%)           (kbps/%)           (bytes)

  -----------        -----------        --------           ------------

  http               3/<1               33/2               84777

  unknowns           0/0                0/0                184

The output then ends with a suggestion for a QoS policy-map to be applied to this interface. This output shows that the AutoQoS feature uses the NBAR match command to identify protocols. NBAR is the basis of AutoQoS.

Once we are satisfied that this is a good QoS policy, we enable it by using the auto qos command:

Router1(config)#interface Serial0/0.1 point-to-point

Router1(config-subif)#frame-relay interface-dlci 904

Router1(config-fr-dlci)#auto qos

%Creating new map-class.

Router1(config-fr-dlci)#no auto discovery qos

Router1(config-fr-dlci)#exit

Router1(config-subif)#exit

If you want to see the new configuration commands that AutoQoS has added to your router, use the show auto qos command:

Router1#show auto qos

 !

 policy-map AutoQoS-Policy-Se0/0.1

  class AutoQoS-Transactional-Se0/0.1

   bandwidth remaining percent 1

   random-detect dscp-based

   set dscp af21

  class AutoQoS-Routing-Se0/0.1

   bandwidth remaining percent 1

   set dscp cs6

  class class-default

   fair-queue

 !

 policy-map AutoQoS-Policy-Se0/0.1-Parent

  class class-default

   shape average 1544000

   service-policy AutoQoS-Policy-Se0/0.1

 !

 class-map match-any AutoQoS-Transactional-Se0/0.1

  match protocol telnet

 !

 class-map match-any AutoQoS-Routing-Se0/0.1

  match protocol icmp

  match protocol eigrp

  match protocol rip

Serial0/0.1: DLCI 904 -

 !

 interface Serial0/0.1 point-to-point

  frame-relay interface-dlci 904

   class AutoQoS-FR-Se0/0-904

 !

 map-class frame-relay AutoQoS-FR-Se0/0-904

  frame-relay cir 1544000

  frame-relay bc 15440

  frame-relay be 0

  frame-relay mincir 1544000

  service-policy output AutoQoS-Policy-Se0/0.1-Parent

Router1#

Note that the actual policy map does not exactly match the version that we saw earlier during the data collection phase. The biggest difference is that the router saw some additional RIP traffic in the meantime and added this protocol to the class called AutoQoS-Routing-Se0/0.1. It has also created a Frame Relay map class that includes traffic shaping parameters for the PVC.

Because AutoQoS adds so many different commands to the router configuration, if you want to disable AutoQoS, it is not sufficient to just remove the auto qos command. You will need to remove all of the other commands separately. In fact, you should be careful about removing this command because if you do so, the show auto qos command will no longer function, making it much more difficult to figure out what commands are actually related to this feature. To make matters worse, once you have removed the auto qos command, you can't even put it back because the router needs to repeat the discovery phase first!

If you want to remove this feature after you have enabled it, we recommend capturing the output of the show auto qos command and using a text editor to create a configuration script that selectively eliminates all of the associated commands.

AutoQoS for the Enterprise can be a useful way of generating a detailed queuing strategy for your network. We do urge some caution in using this feature, however. In our experience, the discovery option can be unreliable. In particular, if you are using NBAR or have access-groups enabled on the router, this can interfere with the data collection. Furthermore, we have seen questionable results in the output that went away after disabling and re-enabling the discovery option.

We strongly recommend looking very closely at the recommendations made by this command before implementing them.

CCIE examination entails two assessments, that happen to be a CCIE developed verify and also a CCIE lab test. To be able to try the lab examination, you have to crystal clear the published examination. If you're not inside a position to very clear the penned examination the initial time, it is best to view to get a hundred and eighty days for retaking it. Soon after clearing the created examine, it really is ideal to build an experiment with for that CCIE lab examination inside of 18 months. It you are unable to obvious the lab examination, then you certainly should certainly re-try within 12 months which includes a view to maintain the published examination consequence valid.

It has a time limit of two hrs and is carried out in numerous have a look at centers internationally. The topics lined inside the authored examination rely on the specialization or track you choose. For company supplier, you could possibly opt for from groups like Cable, DSL, IP Telephony, Dial, Material content Networking, Optical, WAN switching, and Metro Ethernet. Each authored examination is constructed these days in the beta kind at a worth of $50 USD.

The CCIE lab examination is distinctive in nature, as you'll find it an eight-hour exam, which exams the power of the candidate to configure and troubleshoot networking devices. Cisco has significant diploma of package in its CCIE labs for use around the lab exams. The blue print from the lab test is obtainable on its website. The lab examination is not accessible in the slightest degree Pearson VUE or Prometric testing centers.

A common CCIE R&S lab examination contains a two-hour hassle-taking pictures section by which that you are presented a collection of tickets for preconfigured networks in the CCIE labs. You ought to have the ability to identify and resolve the faults. You can proceed towards the configuration part after you end the troubleshooting part.

A sound passing score is critical to try a CCIE Labs test. Cisco uses the help of proctors to guage the candidates in the preliminary rounds in its CCIE labs located worldwide. Factors are awarded when a criterion is met and grading is completed using some computerized tools. The outcomes of a lab examination are mirrored within forty eight hours. A move/fail is projected inside the end result and in case of a fail, the areas where you happen to be lacking behind are talked about so as to put together properly earlier than a re-try.

Cisco stands out inside the subject of networking by providing a CCIE certification so that you can pursue your education as well as get acknowledged by a reputed organization. The CCIE lab exam can be utilized as a platform to challenge your capability in varied tracks provided by Cisco. Attempting a lab test requires rigorous teaching and high sense of understanding. The CCIE labs variety step one to your superior potential career.

Router1#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router1(config)#ip cef

Router1(config)#class-map INTERACTIVE

Router1(config-cmap)#match protocol citrix

Router1(config-cmap)#match protocol telnet

Router1(config-cmap)#exit

Router1(config)#policy-map QoSPolicy

Router1(config-pmap)#class INTERACTIVE

Router1(config-pmap-c)#bandwidth percent 50

Router1(config-pmap-c)#set dscp ef

Router1(config-pmap-c)#exit

Router1(config-pmap)#class class-default

Router1(config-pmap-c)#bandwidth percent 20

Router1(config-pmap-c)#random-detect dscp-based

Router1(config-pmap-c)#exit

Router1(config-pmap)#exit

Router1(config)#interface FastEthernet0/0

Router1(config-fi)#service-policy inbound QoSPolicy

Router1(config-if)#exit

Router1(config)#end

Router1#

Cisco also offers the ability to download specialized Packet Description Language Module (PDLM) files onto the router's flash device, and then activate them for use with NBAR classification:

Router1#show flash

System flash directory:

File  Length   Name/status

  1   23169076  c2600-ipvoice-mz.124-10.bin

  2   3100     bittorrent.pdlm

[23172304 bytes used, 9857836 available, 33030140 total]

32768K bytes of processor board System flash (Read/Write)

Router1#Router1#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router1(config)#ip nbar pdlm flash://bittorrent.pdlm

Router1(config)#class-map BITTORRENT

Router1(config-cmap)#match protocol bittorrent

Router1(config-cmap)#exit

Router1(config)#end

Router1#

And you can also use NBAR to automatically profile the protocols on a particular interface:

Router1#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router1(config)#interface FastEthernet0/0

Router1(config-if)#ip nbar protocol-discovery

Router1(config-if)#exit

Router1(config)#end

Router1#

Network Based Application Recognition (NBAR) is an extremely useful feature that first became available in IOS Version 12.0(5)XE2, and more generally in 12.1(5)T. Cisco continues to add new protocols to NBAR, allowing you to categorize more and more different traffic streams on your network. The one caveat to using NBAR is that it can introduce a heavy additional load on your router's CPU. We recommend monitoring the CPU utilization after implementing any NBAR-based filtering, at least until you are confident that the router is not straining under the additional load.

The basic syntax is to set up a class-map, and then use the match protocol command with the appropriate keyword:

Router1(config)#class-map INTERACTIVE

Router1(config-cmap)#match protocol citrix

Router1(config-cmap)#match protocol telnet

We used Citrix as an example protocol in this recipe because it is a classic example of the need for the NBAR feature. This is a proprietary protocol that is used in thin-client architectures. The end user's workstation is just a terminal that displays graphical information from the screen of a centrally located computer running a virtual desktop for the user. The protocol transmits graphical information and keystrokes. Because it is an interactive application, it needs to be given high priority through the network. However, it is notoriously difficult to reliably identify from Layer 3 and 4 information:

As the example shows, you can then use this class in a policy-map:

Router1(config)#policy-map QoSPolicy

Router1(config-pmap)#class INTERACTIVE

Router1(config-pmap-c)#bandwidth percent 50

Router1(config-pmap-c)#set dscp ef

Router1(config-pmap-c)#exit

NBAR classifies applications at the application layer, allowing you to differentiate between different streams of traffic that may actually use the same UDP or TCP port numbers, as well as streams of traffic that may use a variety of ports or even arbitrary port numbers.

Here is a list of supported protocols as of IOS Version 12.4(10):

Router1(config-cmap)#match protocol ?

  arp            IP ARP

  bgp            Border Gateway Protocol

  bridge         Bridging

  cdp            Cisco Discovery Protocol

  citrix         Citrix Systems ICA protocol

  clns           ISO CLNS

  clns_es        ISO CLNS End System

  clns_is        ISO CLNS Intermediate System

  cmns           ISO CMNS

  compressedtcp  Compressed TCP (VJ)

  cuseeme        CU-SeeMe desktop video conference

  dhcp           Dynamic Host Configuration

  dns            Domain Name Server lookup

  edonkey        eDonkey

  egp            Exterior Gateway Protocol

  eigrp          Enhanced Interior Gateway Routing Protocol

  exchange       MS-RPC for Exchange

  fasttrack      FastTrack Traffic - KaZaA, Morpheus, Grokster...

  finger         Finger

  ftp            File Transfer Protocol

  gnutella       Gnutella Version2 Traffic - BearShare, Shareeza, Morpheus ...

  gopher         Gopher

  gre            Generic Routing Encapsulation

  h323           H323 Protocol

  http           World Wide Web traffic

  icmp           Internet Control Message

  imap           Internet Message Access Protocol

  ip             IP

  ipinip         IP in IP (encapsulation)

  ipsec          IP Security Protocol (ESP/AH)

  irc            Internet Relay Chat

  kazaa2         Kazaa Version 2

  kerberos       Kerberos

  l2tp           L2F/L2TP tunnel

  ldap           Lightweight Directory Access Protocol

  llc2           llc2

  mgcp           Media Gateway Control Protocol

  napster        Napster Traffic

  netbios        NetBIOS

  netshow        Microsoft Netshow

  nfs            Network File System

  nntp           Network News Transfer Protocol

  notes          Lotus Notes(R)

  novadigm       Novadigm EDM

  ntp            Network Time Protocol

  ospf           Open Shortest Path First

  pad            PAD links

  pcanywhere     Symantec pcANYWHERE

  pop3           Post Office Protocol

  pppoe          PPP over Ethernet

  pptp           Point-to-Point Tunneling Protocol

  printer        print spooler/lpd

  rcmd           BSD r-commands (rsh, rlogin, rexec)

  rip            Routing Information Protocol

  rsrb           Remote Source-Route Bridging

  rsvp           Resource Reservation Protocol

  rtcp           Real Time Control Protocol

  rtp            Real Time Protocol

  rtsp           Real Time Streaming Protocol

  secure-ftp     FTP over TLS/SSL

  secure-http    Secured HTTP

  secure-imap    Internet Message Access Protocol over TLS/SSL

  secure-irc     Internet Relay Chat over TLS/SSL

  secure-ldap    Lightweight Directory Access Protocol over TLS/SSL

  secure-nntp    Network News Transfer Protocol over TLS/SSL

  secure-pop3    Post Office Protocol over TLS/SSL

  secure-telnet  Telnet over TLS/SSL

  sip            Session Initiation Protocol

  skinny         Skinny Protocol

  smtp           Simple Mail Transfer Protocol

  snapshot       Snapshot routing support

  snmp           Simple Network Management Protocol

  socks          SOCKS

  sqlnet         SQL*NET for Oracle

  sqlserver      MS SQL Server

  ssh            Secured Shell

  streamwork     Xing Technology StreamWorks player

  sunrpc         Sun RPC

  syslog         System Logging Utility

  telnet         Telnet

  tftp           Trivial File Transfer Protocol

  vdolive        VDOLive streaming video

  vofr           voice over Frame Relay packets

  winmx          WinMx file-sharing application

  xwindows       X-Windows remote access

Router1(config-cmap)#

You can obtain and install new PDLM files from Cisco. In the example, we have downloaded a new PDLM file that can identify the BitTorrent protocol. Once we put this file on the router's Flash device, we need to tell NBAR to load the file to make it available:

Router1(config)#ip nbar pdlm flash://bittorrent.pdlm

In the past, Cisco has also made PDLM files available to help network administrators to use NBAR to help to identify hostile applications such as viruses and worms.

We are not aware of PDLM files originating from sources other than Cisco, but we strongly recommend that you use only files that you obtain directly from Cisco. Otherwise, you could potentially open your network to serious security vulnerabilities.

We note in passing that Cisco has also added the option to manually create your own NBAR rules using the ip nbar custom command. This feature should allow you to, for example, define a new protocol by specifying TCP or UDP port numbers, as well as any special rules that look for identifiable content at a particular bit offset in the packet payload. However, the syntax for this feature is confusing, and the parser is apparently unstable in some IOS versions, so we don't currently recommend using it.

The last feature discussed in the Solution section of this recipe is the NBAR Protocol-Discovery feature. This is a useful tool for figuring out what is going through your network, particularly if you are trying to define a QoS strategy. You can use the show ip nbar protocol-discovery command to get detailed statistics on the utilization for every type of protocol that NBAR understands. However, NBAR now supports so many protocols that this complete list is often not very useful for spotting trends. Instead, we suggest using the top-n keyword with a relatively small argument number, such as 5, or at most 10. This will allow you to immediately see statistics for the top protocols for each interface on which you enabled the feature:

Router1#show ip nbar protocol-discovery top-n 5

 FastEthernet0/0

                            Input                    Output

                            -----                    ------

   Protocol                 Packet Count             Packet Count

                            Byte Count               Byte Count

                            5min Bit Rate (bps)      5min Bit Rate (bps)

                            5min Max Bit Rate (bps)  5min Max Bit Rate (bps)

   ------------------------ ------------------------ ------------------------

   icmp                     220                      110

                            25080                    12540

                            0                        0

                            4000                     3000

   http                     55                       104

                            3763                     60019

                            0                        0

                            1000                     4000

   telnet                   130                      71

                            19212                    4269

                            0                        0

                            3000                     1000

   eigrp                    90                       45

                            6660                     3330

                            0                        0

                            0                        0

   secure-http              4                        4

                            248                      216

                            0                        0

                            0                        0

   unknown                  2                        2

                            122                      112

                            0                        0

                            0                        0

   Total                    501                      336

                            55085                    80486

                            0                        0

                            8000                     8000

Router1#

CCIE Bootcamps deliver basically essentially the most handy procedure of passing out the checks of CCIE. There's many companies pretty institutes which offer CCIE Bootcamp education comparable to Cathay School. Using a view to improve for being qualified for your bootcamps the institutes more often than not current a prerequisite. It can help to boost the prospect in the candidates to move the CCIE exams within a better way than many others. This prerequisite is called CCNP status.

The connected price for taking the CCIE Safety examination is big, so most candidates go to get a preparation course to cross it in a single sitting. Some unbiased companies and establishments produce courses and workshop to individuals deciding on CCIE Security workout. Even so, most candidates prefer to benefit from the instructor-led and on-line workshops, which Cisco give you, like a aspect of Authorized Finding out Companions system. The teaching methods are presented plus the educators are acknowledged by Cisco.

For your CCIE Protection certification, you must sign up for the published examination in your space of specialization. The many exams are carried out with the Cisco approved facility, which also accepts value for your test. The price of using a CCIE created examination is from $80 to $325. The written exam is supervised and performed on the laptop or computer. It can be of 1 or two hours paper containing various options, drag and drop questions and fill around the blanks. Aside from white boards and markers for calculations, as a candidate for CCIE Safety coaching examination, you aren't allowed to hold every other product to the exam corridor.

CCIE Bootcamp is accompanied which has a number of systems to provide the best preparing content with the students. They principally furnish some must-have textbooks to get ready them for the prepared CCIE just take a look at together with some word wide web accessibility for your Lab test. Relying on these two categories the CCIE Bootcamps is divided into two sections. The divisions are course building also, the Lab simulation. The class development calls for two phases and they are fingers-on coaching and lectured-based mostly lessons. In the class construction the college students are furnished with the data of Bit splitting, VLSM and so on. Nevertheless the lab simulation is important component of CCIE Bootcamp. Right here the students are subjected to cope with several real-life concerns together with the troubleshooting talents are checked appropriately. Which is the ultimate phase of CCIE Bootcamps the place the students are nicely-prepared for the Blueprintv4, MPLS etcetera. These methodologies enable pupils to troubleshoot any real-life difficulties and improve the facility to find out the proper options.

But there can be few trusted institutes available for sale during the market place which delivers entire CCIE Bootcamps. One among a great deal of properly-renowned institutes is Cathay College which renders particularly perfect organisations just in case of bootcamps for CCIE. They provide bootcamp facilities to fairly huge amount of faculty students from a variety of corners on the planet like Australia, Norway, Uk, Sweden, USA and a multitude of a bit more. In accordance with all the research of this institute from 2005, they are sustaining doc number of proportion of passing pace in CCIE exam. This file is itself a kind of guarantee for them. There are plenty of will cause to pick out Cathay School for CCIE Bootcamps. The report amount of passing charge of just about 90% is among the most desirable functionality of it. Other than it, 1 other exceptional attribute would be the one-to-one lab coaching which aid the students to filter out every one of the doubts related to any downside from your instructors.

The expected important information associated with the bootcamp is available for the trusted organisation blog that's cathayschool.com. It is a really effortless site which delivers multiple putting amenities like on-line Self-Study CCIE Lab Workbooks, one-on-one on the net coaching, Teacher Led education etc. Each of the amenities together with the course durations with each other considering the funds are effectively-described here like which the users will need to not really need to deal with any kind of headache relating to CCIE Bootcamps.

Router1#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router1(config)#ip cef

Router1(config)#class-map INTERACTIVE

Router1(config-cmap)#match protocol citrix

Router1(config-cmap)#match protocol telnet

Router1(config-cmap)#exit

Router1(config)#policy-map QoSPolicy

Router1(config-pmap)#class INTERACTIVE

Router1(config-pmap-c)#bandwidth percent 50

Router1(config-pmap-c)#set dscp ef

Router1(config-pmap-c)#exit

Router1(config-pmap)#class class-default

Router1(config-pmap-c)#bandwidth percent 20

Router1(config-pmap-c)#random-detect dscp-based

Router1(config-pmap-c)#exit

Router1(config-pmap)#exit

Router1(config)#interface FastEthernet0/0

Router1(config-fi)#service-policy inbound QoSPolicy

Router1(config-if)#exit

Router1(config)#end

Router1#

Cisco also offers the ability to download specialized Packet Description Language Module (PDLM) files onto the router's flash device, and then activate them for use with NBAR classification:

Router1#show flash

System flash directory:

File  Length   Name/status

  1   23169076  c2600-ipvoice-mz.124-10.bin

  2   3100     bittorrent.pdlm

[23172304 bytes used, 9857836 available, 33030140 total]

32768K bytes of processor board System flash (Read/Write)

Router1#Router1#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router1(config)#ip nbar pdlm flash://bittorrent.pdlm

Router1(config)#class-map BITTORRENT

Router1(config-cmap)#match protocol bittorrent

Router1(config-cmap)#exit

Router1(config)#end

Router1#

And you can also use NBAR to automatically profile the protocols on a particular interface:

Router1#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router1(config)#interface FastEthernet0/0

Router1(config-if)#ip nbar protocol-discovery

Router1(config-if)#exit

Router1(config)#end

Router1#

Network Based Application Recognition (NBAR) is an extremely useful feature that first became available in IOS Version 12.0(5)XE2, and more generally in 12.1(5)T. Cisco continues to add new protocols to NBAR, allowing you to categorize more and more different traffic streams on your network. The one caveat to using NBAR is that it can introduce a heavy additional load on your router's CPU. We recommend monitoring the CPU utilization after implementing any NBAR-based filtering, at least until you are confident that the router is not straining under the additional load.

The basic syntax is to set up a class-map, and then use the match protocol command with the appropriate keyword:

Router1(config)#class-map INTERACTIVE

Router1(config-cmap)#match protocol citrix

Router1(config-cmap)#match protocol telnet

We used Citrix as an example protocol in this recipe because it is a classic example of the need for the NBAR feature. This is a proprietary protocol that is used in thin-client architectures. The end user's workstation is just a terminal that displays graphical information from the screen of a centrally located computer running a virtual desktop for the user. The protocol transmits graphical information and keystrokes. Because it is an interactive application, it needs to be given high priority through the network. However, it is notoriously difficult to reliably identify from Layer 3 and 4 information:

As the example shows, you can then use this class in a policy-map:

Router1(config)#policy-map QoSPolicy

Router1(config-pmap)#class INTERACTIVE

Router1(config-pmap-c)#bandwidth percent 50

Router1(config-pmap-c)#set dscp ef

Router1(config-pmap-c)#exit

NBAR classifies applications at the application layer, allowing you to differentiate between different streams of traffic that may actually use the same UDP or TCP port numbers, as well as streams of traffic that may use a variety of ports or even arbitrary port numbers.

Here is a list of supported protocols as of IOS Version 12.4(10):

Router1(config-cmap)#match protocol ?

  arp            IP ARP

  bgp            Border Gateway Protocol

  bridge         Bridging

  cdp            Cisco Discovery Protocol

  citrix         Citrix Systems ICA protocol

  clns           ISO CLNS

  clns_es        ISO CLNS End System

  clns_is        ISO CLNS Intermediate System

  cmns           ISO CMNS

  compressedtcp  Compressed TCP (VJ)

  cuseeme        CU-SeeMe desktop video conference

  dhcp           Dynamic Host Configuration

  dns            Domain Name Server lookup

  edonkey        eDonkey

  egp            Exterior Gateway Protocol

  eigrp          Enhanced Interior Gateway Routing Protocol

  exchange       MS-RPC for Exchange

  fasttrack      FastTrack Traffic - KaZaA, Morpheus, Grokster...

  finger         Finger

  ftp            File Transfer Protocol

  gnutella       Gnutella Version2 Traffic - BearShare, Shareeza, Morpheus ...

  gopher         Gopher

  gre            Generic Routing Encapsulation

  h323           H323 Protocol

  http           World Wide Web traffic

  icmp           Internet Control Message

  imap           Internet Message Access Protocol

  ip             IP

  ipinip         IP in IP (encapsulation)

  ipsec          IP Security Protocol (ESP/AH)

  irc            Internet Relay Chat

  kazaa2         Kazaa Version 2

  kerberos       Kerberos

  l2tp           L2F/L2TP tunnel

  ldap           Lightweight Directory Access Protocol

  llc2           llc2

  mgcp           Media Gateway Control Protocol

  napster        Napster Traffic

  netbios        NetBIOS

  netshow        Microsoft Netshow

  nfs            Network File System

  nntp           Network News Transfer Protocol

  notes          Lotus Notes(R)

  novadigm       Novadigm EDM

  ntp            Network Time Protocol

  ospf           Open Shortest Path First

  pad            PAD links

  pcanywhere     Symantec pcANYWHERE

  pop3           Post Office Protocol

  pppoe          PPP over Ethernet

  pptp           Point-to-Point Tunneling Protocol

  printer        print spooler/lpd

  rcmd           BSD r-commands (rsh, rlogin, rexec)

  rip            Routing Information Protocol

  rsrb           Remote Source-Route Bridging

  rsvp           Resource Reservation Protocol

  rtcp           Real Time Control Protocol

  rtp            Real Time Protocol

  rtsp           Real Time Streaming Protocol

  secure-ftp     FTP over TLS/SSL

  secure-http    Secured HTTP

  secure-imap    Internet Message Access Protocol over TLS/SSL

  secure-irc     Internet Relay Chat over TLS/SSL

  secure-ldap    Lightweight Directory Access Protocol over TLS/SSL

  secure-nntp    Network News Transfer Protocol over TLS/SSL

  secure-pop3    Post Office Protocol over TLS/SSL

  secure-telnet  Telnet over TLS/SSL

  sip            Session Initiation Protocol

  skinny         Skinny Protocol

  smtp           Simple Mail Transfer Protocol

  snapshot       Snapshot routing support

  snmp           Simple Network Management Protocol

  socks          SOCKS

  sqlnet         SQL*NET for Oracle

  sqlserver      MS SQL Server

  ssh            Secured Shell

  streamwork     Xing Technology StreamWorks player

  sunrpc         Sun RPC

  syslog         System Logging Utility

  telnet         Telnet

  tftp           Trivial File Transfer Protocol

  vdolive        VDOLive streaming video

  vofr           voice over Frame Relay packets

  winmx          WinMx file-sharing application

  xwindows       X-Windows remote access

Router1(config-cmap)#

You can obtain and install new PDLM files from Cisco. In the example, we have downloaded a new PDLM file that can identify the BitTorrent protocol. Once we put this file on the router's Flash device, we need to tell NBAR to load the file to make it available:

Router1(config)#ip nbar pdlm flash://bittorrent.pdlm

In the past, Cisco has also made PDLM files available to help network administrators to use NBAR to help to identify hostile applications such as viruses and worms.

We are not aware of PDLM files originating from sources other than Cisco, but we strongly recommend that you use only files that you obtain directly from Cisco. Otherwise, you could potentially open your network to serious security vulnerabilities.

We note in passing that Cisco has also added the option to manually create your own NBAR rules using the ip nbar custom command. This feature should allow you to, for example, define a new protocol by specifying TCP or UDP port numbers, as well as any special rules that look for identifiable content at a particular bit offset in the packet payload. However, the syntax for this feature is confusing, and the parser is apparently unstable in some IOS versions, so we don't currently recommend using it.

The last feature discussed in the Solution section of this recipe is the NBAR Protocol-Discovery feature. This is a useful tool for figuring out what is going through your network, particularly if you are trying to define a QoS strategy. You can use the show ip nbar protocol-discovery command to get detailed statistics on the utilization for every type of protocol that NBAR understands. However, NBAR now supports so many protocols that this complete list is often not very useful for spotting trends. Instead, we suggest using the top-n keyword with a relatively small argument number, such as 5, or at most 10. This will allow you to immediately see statistics for the top protocols for each interface on which you enabled the feature:

Router1#show ip nbar protocol-discovery top-n 5

 FastEthernet0/0

                            Input                    Output

                            -----                    ------

   Protocol                 Packet Count             Packet Count

                            Byte Count               Byte Count

                            5min Bit Rate (bps)      5min Bit Rate (bps)

                            5min Max Bit Rate (bps)  5min Max Bit Rate (bps)

   ------------------------ ------------------------ ------------------------

   icmp                     220                      110

                            25080                    12540

                            0                        0

                            4000                     3000

   http                     55                       104

                            3763                     60019

                            0                        0

                            1000                     4000

   telnet                   130                      71

                            19212                    4269

                            0                        0

                            3000                     1000

   eigrp                    90                       45

                            6660                     3330

                            0                        0

                            0                        0

   secure-http              4                        4

                            248                      216

                            0                        0

                            0                        0

   unknown                  2                        2

                            122                      112

                            0                        0

                            0                        0

   Total                    501                      336

                            55085                    80486

                            0                        0

                            8000                     8000

Router1#

The CCIESecurityTrainingeducation consists of a published examination to qualify then the lab examination. You could be proposed to obtain for the least 3-5 a long time of occupation skills previously than wanting this certification.

The examination for that CCIE Protection is of two-hour duration with various decisions. This consists of hundred thoughts, which is able to cover subjects equivalent to application protocols, working methods, safety technologies, protection protocols, and Cisco protection programs. The exam supplies are provided within the spot and also you aren't allowed to usher in outside reference substances.

Network engineers possessing a CCIE certificates are taken into consideration since the skilled from the neighborhood engineering discipline plus the masters of CISCO services. The CCIE has brought revolution inside of the neighborhood community with regards to technically tough assignments and selections aided by the mandatory instruments and methodologies. There's a system which updates and reorganizes the instruments to produce good quality service. There are many different modes of CCIE Instruction like created examination preparation and performance based mostly lab. This aids to reinforce the efficiency and natural for the marketplace. CISCO has launched this certification coverage in 1993 by having a see to differentiate the top gurus through the relaxation.

To be able to be certified, very first authored examination ought to be handed following which has to cross the lab exam. CISCO in any respect times tries to apply absolutely numerous CCIE Instruction processes for increased overall performance. There are a selection of actions for that CCIE certification. The very first step for certification is always to pass a two hrs lasting computer based mostly principally MCQ oriented composed exam. For this examination very important payments have to be accomplished by means of online. This examination is associated with examination vouchers and promotional codes. The authenticity in the voucher providing agency should be perfectly known to the candidates. The promotional code has to be accessed accurately and in case of fraudulent vouchers coupled with promotional codes shouldn't appropriate and CISCO will not likely repay the cost. The candidates be required to wait five days for that penned examination once payment and so they cannot sit for the exact same test for that following one hundred eighty days in case of recertification.

Having a look at to acquire certified and eligible for that CCIE Exercise some elements are to be remembered efficiently. Once passing the published examination the candidates possess a the vast majority of eighteen months time for trying the lab exam. If the time period exceeds then the authenticity belonging to the published exam may be invalid. For that earliest timer applied to obtain CCIE certification the developed exam is obtainable inside the form of Beta examination with savings available. During the Beta period the candidates can sit only the minute for your test. The outcomes will come inside of six to eight weeks following the examination is around.

The next move for that CCIE certification often is the Lab examination. The shortlisted candidates on the written test can solely utilize for your fingers-on lab examination. While there are plenty of authored examination centers of CISCO all the same Lab exam amenities are limited. You'll find it an 8 hour fingers-on practical primarily based mainly examination wherein the power of troubleshooting and configuring group mainly centered conditions and application are checked. For the scheduling of Lab examination the shortlisted candidates of this earlier written test should always existing the identification amount along with passing ranking and also date of passing.

The price for Lab examination has to be cleared previously than 90 days of this scheduled exam. With out the fee the reservation may very well be cancelled. Once passing the Lab examination mixed using the developed exam the candidates can use for that CCIE certification. By considering

There ought to be one thing that defines the various forms of targeted traffic which you need to prioritize. On the whole, the more simple the distinctions are to build, the higher. It is because every one of the checks take router sources and introduce processing delays. The commonest rules for distinguishing concerning website traffic varieties use the packet's input interface and uncomplicated IP header details like as TCP port quantities. The subsequent examples present ways to set an IP Precedence value of quick (2) for all FTP manage targeted traffic that arrives via the serial0/0 interface, and an IP Precedence of concern (one) for all FTP knowledge potential customers. This distinction is feasible given that FTP handle traffic makes use of TCP port 21, and FTP knowledge employs port 20.

The brand new solution for configuring this utilizes class maps. Cisco to begin with released this function in IOS Version 12.0(five)T. This method initial defines a class-map that specifies how the router will identify this sort of targeted traffic. It then defines a policy-map that actually makes the alterations for the packet's TOS area:

Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#access-list 101 permit any eq ftp any
Router(config)#access-list 101 permit any any eq ftp
Router(config)#access-list 102 permit any eq ftp-data any
Router(config)#access-list 102 permit any any eq ftp-data
Router(config)#class-map match-all ser00-ftpcontrol
Router(config-cmap)#description branch ftp control traffic
Router(config-cmap)#match input-interface serial0/0
Router(config-cmap)#match access-group 101
Router(config-cmap)#exit
Router(config)#class-map match-all ser00-ftpdata
Router(config-cmap)#description branch ftp data traffic
Router(config-cmap)#match input-interface serial0/0
Router(config-cmap)#match access-group 102
Router(config-cmap)#exit
Router(config)#policy-map serialftppolicy
Router(config-pmap)#description branch ftp traffic policy
Router(config-pmap)#class ser00-ftpcontrol
Router(config-pmap-c)#set ip precedence immediate
Router(config-pmap-c)#exit
Router(config-pmap)#class ser00-ftpdata
Router(config-pmap-c)#set ip precedence priority
Router(config-pmap-c)#exit
Router(config-pmap)#exit
Router(config)#interface serial0/0
Router(config-if)#ip route-cache policy
Router(config-if)#service-policy input serialftppolicy
Router(config-if)#exit
Router(config)#end
Router#

For earlier IOS versions, where exactly class-maps ended up not out there, you could have to employ policy-based routing to alter the TOS subject in a packet. Making use of this policy on the interface tells the router to employ this coverage to test all incoming packets on this interface and rewrite those that match the route map:Router#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#access-list 101 permit any eq ftp any
Router(config)#access-list 101 permit any any eq ftp
Router(config)#access-list 102 permit any eq ftp-data any
Router(config)#access-list 102 permit any any eq ftp-data
Router(config)#route-map serialftp-rtmap permit 10
Router(config-route-map)#match ip address 101
Router(config-route-map)#set ip precedence immediate
Router(config-route-map)#exit
Router(config)#route-map serialftp-rtmap permit 20
Router(config-route-map)#match ip address 102
Router(config-route-map)#set ip precedence priority
Router(config-route-map)#exit
Router(config)#interface serial0/0
Router(config-if)#ip policy route-map serialftp-rtmap
Router(config-if)#ip route-cache policy
Router(config-if)#exit
Router(config)#end
Router#

Ahead of it's possible to tag a packet for unique procedure, you've to get an extremely clear thought of what forms of website traffic might need exclusive treatment method, coupled with precisely what kind of specific treatment they'll want. Around the example, we now have chose to give a unique priority to FTP website traffic acquired on a special serial interface. We show how to do this working with each the old and new configuration approaches.
This might look to be a somewhat synthetic illustration. After all, why would you treatment about tagging inbound targeted visitors that you simply have by now obtained from a low-speed interface? Ultimately, among the most critical rules for utilizing QoS in the network is the fact that be certain to forever tag the packet as early as you possibly can, preferably for the edges of this network. Then, because it passes through the network, each router only needs to investigate the tag, and isn't going to want to do any added classification. In cases like this, we might ensure that the FTP customers returning inside other intendance is tagged through the primary router that gets it. So the outbound traffic has already been tagged, and it is a waste of router assets to reclassify the outbound packets.

A great number of organizations in fact just take this concept of marking for the edges one action additionally, and remark each and every received packet. This aids to ensure that consumers aren't requesting exclusive QoS privileges that they are not permitted to acquire. On the other hand, you should be thorough of this since it could at times disrupt authentic markings. For example, a real-time software might probably use RSVP to order bandwidth throughout the network. It can be important which the packets for this application hold the ideal Expedited Forwarding (EF) DSCP marking or even the network won't manage them thoroughly. All the same, you also never wish to permit other non-real-time apps from this same supply possess the exact same EF concern amount. So, in case you are heading to configure your routers to remark all incoming packets for the edges, make sure that you recognize what incoming markings are legit.

In that case, the routers are running DLSw to bridge SNA site traffic thru an IP network. And so the routers their selves really set up the IP packets. This makes a further challenge for the reason that there's no incoming interface. To make sure that recipe uses neighborhood policy-based routing. The very fact the router generates the packets also provides it a crucial gain on the grounds that it doesn't have to take into account any DLSw packets that may just come about to go through.

The benefits in the more recent class-map procedure are not clear in this example, but among the many first significant features appears if you would like to make use of the more contemporary DSCP tagging scheme. Because the mature policy-based routing system would not directly help DSCP, you will have to fake it by setting both equally the IP Precedence in addition to the TOS individually as follows.

Router(config)#route-map serialftp-rtmap permit 10
Router(config-route-map)#match ip address 115
Router(config-route-map)#set ip precedence immediate
Router(config-route-map)#set ip tos max-throughput

In this case, the packet will wind up with an IP Precedence value of immediate, or 2 (010 in binary), and TOS of max-throughput, or 4 (0100 in binary).

Doing the same thing with the class-map method is much more direct:

Router(config)#policy-map serialftppolicy
Router(config-pmap)#class serialftpclass
Router(config-pmap-c)#set ip dscp af21

Class-maps will even be practical afterwards on this chapter once we discuss class-based weighted truthful queuing and class-based customers shaping.
It can be crucial to note that during this complete instance, we've only put a specific value in to the packet's TOS or DSCP industry. This, by itself, would not have an effect on how the packet is forwarded by the network. To try and do that, you have to be certain that as just about every router in the network forwards these marked packets, the interface queues will react appropriately to this facts.

At last, we should note that when this recipe displays two advantageous ways of marking packets, by using Committed Entry Pace (Automotive) attributes. Car or truck tends to get further effective on greater velocity interfaces.

Router#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)#access-list 101 permit ip any any precedence 7

Router(config)#access-list 102 permit ip any any precedence 6

Router(config)#access-list 103 permit ip any any precedence 5

Router(config)#access-list 104 permit ip any any precedence 4

Router(config)#access-list 105 permit ip any any precedence 3

Router(config)#access-list 106 permit ip any any precedence 2

Router(config)#access-list 107 permit ip any any precedence 1

Router(config)#queue-list 1 protocol ip 1 list 101

Router(config)#queue-list 1 protocol ip 2 list 102

Router(config)#queue-list 1 protocol ip 3 list 103

Router(config)#queue-list 1 protocol ip 4 list 104

Router(config)#queue-list 1 protocol ip 5 list 105

Router(config)#queue-list 1 protocol ip 6 list 106

Router(config)#queue-list 1 protocol ip 7 list 107

Router(config)#queue-list 1 lowest-custom 4

Router(config)#interface HSSI0/0

Router(config-if)#custom-queue-list 1

Router(config-if)#exit

Router(config)#end

Router#

In this case, however, we have added the command:

Router(config)#queue-list 1 lowest-custom 4

This command allows you to mix Custom and Priority Queue types. Note that this command only works with queue-list number 1. It is not available for any other queue-lists.

In this example, queue number 4 is the lowest numbered Custom Queue. So, in this example, queues 1, 2, and 3 are all Priority Queues. This means that the router will deliver all of the packets in queue number 1, then all of the packets in queue number, and then all of the packets in queue number 3. Then, if these high priority queues are all empty, it will use custom queuing to deliver the packets in the lower priority queues.

The main advantage to this sort of configuration is that it gives absolute priority to real-time applications. This is important not because of the bandwidth, but because priority queuing the real-time applications minimizes their queuing latency.