HOW TO GET THE CCIE

The NBAR feature is used to identify traffic within a class-map. You can then use the class-map in a policy-map to define how the router should handle each application data stream:

Router1#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router1(config)#ip cef

Router1(config)#class-map INTERACTIVE

Router1(config-cmap)#match protocol citrix

Router1(config-cmap)#match protocol telnet

Router1(config-cmap)#exit

Router1(config)#policy-map QoSPolicy

Router1(config-pmap)#class INTERACTIVE

Router1(config-pmap-c)#bandwidth percent 50

Router1(config-pmap-c)#set dscp ef

Router1(config-pmap-c)#exit

Router1(config-pmap)#class class-default

Router1(config-pmap-c)#bandwidth percent 20

Router1(config-pmap-c)#random-detect dscp-based

Router1(config-pmap-c)#exit

Router1(config-pmap)#exit

Router1(config)#interface FastEthernet0/0

Router1(config-fi)#service-policy inbound QoSPolicy

Router1(config-if)#exit

Router1(config)#end

Router1#

Cisco also offers the ability to download specialized Packet Description Language Module (PDLM) files onto the router's flash device, and then activate them for use with NBAR classification:

Router1#show flash

System flash directory:

File  Length   Name/status

  1   23169076  c2600-ipvoice-mz.124-10.bin

  2   3100     bittorrent.pdlm

[23172304 bytes used, 9857836 available, 33030140 total]

32768K bytes of processor board System flash (Read/Write)

Router1#Router1#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router1(config)#ip nbar pdlm flash://bittorrent.pdlm

Router1(config)#class-map BITTORRENT

Router1(config-cmap)#match protocol bittorrent

Router1(config-cmap)#exit

Router1(config)#end

Router1#

And you can also use NBAR to automatically profile the protocols on a particular interface:

Router1#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router1(config)#interface FastEthernet0/0

Router1(config-if)#ip nbar protocol-discovery

Router1(config-if)#exit

Router1(config)#end

Router1#

Network Based Application Recognition (NBAR) is an extremely useful feature that first became available in IOS Version 12.0(5)XE2, and more generally in 12.1(5)T. Cisco continues to add new protocols to NBAR, allowing you to categorize more and more different traffic streams on your network. The one caveat to using NBAR is that it can introduce a heavy additional load on your router's CPU. We recommend monitoring the CPU utilization after implementing any NBAR-based filtering, at least until you are confident that the router is not straining under the additional load.

The basic syntax is to set up a class-map, and then use the match protocol command with the appropriate keyword:

Router1(config)#class-map INTERACTIVE

Router1(config-cmap)#match protocol citrix

Router1(config-cmap)#match protocol telnet

We used Citrix as an example protocol in this recipe because it is a classic example of the need for the NBAR feature. This is a proprietary protocol that is used in thin-client architectures. The end user's workstation is just a terminal that displays graphical information from the screen of a centrally located computer running a virtual desktop for the user. The protocol transmits graphical information and keystrokes. Because it is an interactive application, it needs to be given high priority through the network. However, it is notoriously difficult to reliably identify from Layer 3 and 4 information:

As the example shows, you can then use this class in a policy-map:

Router1(config)#policy-map QoSPolicy

Router1(config-pmap)#class INTERACTIVE

Router1(config-pmap-c)#bandwidth percent 50

Router1(config-pmap-c)#set dscp ef

Router1(config-pmap-c)#exit

NBAR classifies applications at the application layer, allowing you to differentiate between different streams of traffic that may actually use the same UDP or TCP port numbers, as well as streams of traffic that may use a variety of ports or even arbitrary port numbers.

Here is a list of supported protocols as of IOS Version 12.4(10):

Router1(config-cmap)#match protocol ?

  arp            IP ARP

  bgp            Border Gateway Protocol

  bridge         Bridging

  cdp            Cisco Discovery Protocol

  citrix         Citrix Systems ICA protocol

  clns           ISO CLNS

  clns_es        ISO CLNS End System

  clns_is        ISO CLNS Intermediate System

  cmns           ISO CMNS

  compressedtcp  Compressed TCP (VJ)

  cuseeme        CU-SeeMe desktop video conference

  dhcp           Dynamic Host Configuration

  dns            Domain Name Server lookup

  edonkey        eDonkey

  egp            Exterior Gateway Protocol

  eigrp          Enhanced Interior Gateway Routing Protocol

  exchange       MS-RPC for Exchange

  fasttrack      FastTrack Traffic - KaZaA, Morpheus, Grokster...

  finger         Finger

  ftp            File Transfer Protocol

  gnutella       Gnutella Version2 Traffic - BearShare, Shareeza, Morpheus ...

  gopher         Gopher

  gre            Generic Routing Encapsulation

  h323           H323 Protocol

  http           World Wide Web traffic

  icmp           Internet Control Message

  imap           Internet Message Access Protocol

  ip             IP

  ipinip         IP in IP (encapsulation)

  ipsec          IP Security Protocol (ESP/AH)

  irc            Internet Relay Chat

  kazaa2         Kazaa Version 2

  kerberos       Kerberos

  l2tp           L2F/L2TP tunnel

  ldap           Lightweight Directory Access Protocol

  llc2           llc2

  mgcp           Media Gateway Control Protocol

  napster        Napster Traffic

  netbios        NetBIOS

  netshow        Microsoft Netshow

  nfs            Network File System

  nntp           Network News Transfer Protocol

  notes          Lotus Notes(R)

  novadigm       Novadigm EDM

  ntp            Network Time Protocol

  ospf           Open Shortest Path First

  pad            PAD links

  pcanywhere     Symantec pcANYWHERE

  pop3           Post Office Protocol

  pppoe          PPP over Ethernet

  pptp           Point-to-Point Tunneling Protocol

  printer        print spooler/lpd

  rcmd           BSD r-commands (rsh, rlogin, rexec)

  rip            Routing Information Protocol

  rsrb           Remote Source-Route Bridging

  rsvp           Resource Reservation Protocol

  rtcp           Real Time Control Protocol

  rtp            Real Time Protocol

  rtsp           Real Time Streaming Protocol

  secure-ftp     FTP over TLS/SSL

  secure-http    Secured HTTP

  secure-imap    Internet Message Access Protocol over TLS/SSL

  secure-irc     Internet Relay Chat over TLS/SSL

  secure-ldap    Lightweight Directory Access Protocol over TLS/SSL

  secure-nntp    Network News Transfer Protocol over TLS/SSL

  secure-pop3    Post Office Protocol over TLS/SSL

  secure-telnet  Telnet over TLS/SSL

  sip            Session Initiation Protocol

  skinny         Skinny Protocol

  smtp           Simple Mail Transfer Protocol

  snapshot       Snapshot routing support

  snmp           Simple Network Management Protocol

  socks          SOCKS

  sqlnet         SQL*NET for Oracle

  sqlserver      MS SQL Server

  ssh            Secured Shell

  streamwork     Xing Technology StreamWorks player

  sunrpc         Sun RPC

  syslog         System Logging Utility

  telnet         Telnet

  tftp           Trivial File Transfer Protocol

  vdolive        VDOLive streaming video

  vofr           voice over Frame Relay packets

  winmx          WinMx file-sharing application

  xwindows       X-Windows remote access

Router1(config-cmap)#

You can obtain and install new PDLM files from Cisco. In the example, we have downloaded a new PDLM file that can identify the BitTorrent protocol. Once we put this file on the router's Flash device, we need to tell NBAR to load the file to make it available:

Router1(config)#ip nbar pdlm flash://bittorrent.pdlm

In the past, Cisco has also made PDLM files available to help network administrators to use NBAR to help to identify hostile applications such as viruses and worms.

We are not aware of PDLM files originating from sources other than Cisco, but we strongly recommend that you use only files that you obtain directly from Cisco. Otherwise, you could potentially open your network to serious security vulnerabilities.

We note in passing that Cisco has also added the option to manually create your own NBAR rules using the ip nbar custom command. This feature should allow you to, for example, define a new protocol by specifying TCP or UDP port numbers, as well as any special rules that look for identifiable content at a particular bit offset in the packet payload. However, the syntax for this feature is confusing, and the parser is apparently unstable in some IOS versions, so we don't currently recommend using it.

The last feature discussed in the Solution section of this recipe is the NBAR Protocol-Discovery feature. This is a useful tool for figuring out what is going through your network, particularly if you are trying to define a QoS strategy. You can use the show ip nbar protocol-discovery command to get detailed statistics on the utilization for every type of protocol that NBAR understands. However, NBAR now supports so many protocols that this complete list is often not very useful for spotting trends. Instead, we suggest using the top-n keyword with a relatively small argument number, such as 5, or at most 10. This will allow you to immediately see statistics for the top protocols for each interface on which you enabled the feature:

Router1#show ip nbar protocol-discovery top-n 5

 FastEthernet0/0

                            Input                    Output

                            -----                    ------

   Protocol                 Packet Count             Packet Count

                            Byte Count               Byte Count

                            5min Bit Rate (bps)      5min Bit Rate (bps)

                            5min Max Bit Rate (bps)  5min Max Bit Rate (bps)

   ------------------------ ------------------------ ------------------------

   icmp                     220                      110

                            25080                    12540

                            0                        0

                            4000                     3000

   http                     55                       104

                            3763                     60019

                            0                        0

                            1000                     4000

   telnet                   130                      71

                            19212                    4269

                            0                        0

                            3000                     1000

   eigrp                    90                       45

                            6660                     3330

                            0                        0

                            0                        0

   secure-http              4                        4

                            248                      216

                            0                        0

                            0                        0

   unknown                  2                        2

                            122                      112

                            0                        0

                            0                        0

   Total                    501                      336

                            55085                    80486

                            0                        0

                            8000                     8000

Router1#

The NBAR feature is used to identify traffic within a class-map. You can then use the class-map in a policy-map to define how the router should handle each application data stream:

Router1#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router1(config)#ip cef

Router1(config)#class-map INTERACTIVE

Router1(config-cmap)#match protocol citrix

Router1(config-cmap)#match protocol telnet

Router1(config-cmap)#exit

Router1(config)#policy-map QoSPolicy

Router1(config-pmap)#class INTERACTIVE

Router1(config-pmap-c)#bandwidth percent 50

Router1(config-pmap-c)#set dscp ef

Router1(config-pmap-c)#exit

Router1(config-pmap)#class class-default

Router1(config-pmap-c)#bandwidth percent 20

Router1(config-pmap-c)#random-detect dscp-based

Router1(config-pmap-c)#exit

Router1(config-pmap)#exit

Router1(config)#interface FastEthernet0/0

Router1(config-fi)#service-policy inbound QoSPolicy

Router1(config-if)#exit

Router1(config)#end

Router1#

Cisco also offers the ability to download specialized Packet Description Language Module (PDLM) files onto the router's flash device, and then activate them for use with NBAR classification:

Router1#show flash

System flash directory:

File  Length   Name/status

  1   23169076  c2600-ipvoice-mz.124-10.bin

  2   3100     bittorrent.pdlm

[23172304 bytes used, 9857836 available, 33030140 total]

32768K bytes of processor board System flash (Read/Write)

Router1#Router1#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router1(config)#ip nbar pdlm flash://bittorrent.pdlm

Router1(config)#class-map BITTORRENT

Router1(config-cmap)#match protocol bittorrent

Router1(config-cmap)#exit

Router1(config)#end

Router1#

And you can also use NBAR to automatically profile the protocols on a particular interface:

Router1#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router1(config)#interface FastEthernet0/0

Router1(config-if)#ip nbar protocol-discovery

Router1(config-if)#exit

Router1(config)#end

Router1#

Network Based Application Recognition (NBAR) is an extremely useful feature that first became available in IOS Version 12.0(5)XE2, and more generally in 12.1(5)T. Cisco continues to add new protocols to NBAR, allowing you to categorize more and more different traffic streams on your network. The one caveat to using NBAR is that it can introduce a heavy additional load on your router's CPU. We recommend monitoring the CPU utilization after implementing any NBAR-based filtering, at least until you are confident that the router is not straining under the additional load.

The basic syntax is to set up a class-map, and then use the match protocol command with the appropriate keyword:

Router1(config)#class-map INTERACTIVE

Router1(config-cmap)#match protocol citrix

Router1(config-cmap)#match protocol telnet

We used Citrix as an example protocol in this recipe because it is a classic example of the need for the NBAR feature. This is a proprietary protocol that is used in thin-client architectures. The end user's workstation is just a terminal that displays graphical information from the screen of a centrally located computer running a virtual desktop for the user. The protocol transmits graphical information and keystrokes. Because it is an interactive application, it needs to be given high priority through the network. However, it is notoriously difficult to reliably identify from Layer 3 and 4 information:

As the example shows, you can then use this class in a policy-map:

Router1(config)#policy-map QoSPolicy

Router1(config-pmap)#class INTERACTIVE

Router1(config-pmap-c)#bandwidth percent 50

Router1(config-pmap-c)#set dscp ef

Router1(config-pmap-c)#exit

NBAR classifies applications at the application layer, allowing you to differentiate between different streams of traffic that may actually use the same UDP or TCP port numbers, as well as streams of traffic that may use a variety of ports or even arbitrary port numbers.

Here is a list of supported protocols as of IOS Version 12.4(10):

Router1(config-cmap)#match protocol ?

  arp            IP ARP

  bgp            Border Gateway Protocol

  bridge         Bridging

  cdp            Cisco Discovery Protocol

  citrix         Citrix Systems ICA protocol

  clns           ISO CLNS

  clns_es        ISO CLNS End System

  clns_is        ISO CLNS Intermediate System

  cmns           ISO CMNS

  compressedtcp  Compressed TCP (VJ)

  cuseeme        CU-SeeMe desktop video conference

  dhcp           Dynamic Host Configuration

  dns            Domain Name Server lookup

  edonkey        eDonkey

  egp            Exterior Gateway Protocol

  eigrp          Enhanced Interior Gateway Routing Protocol

  exchange       MS-RPC for Exchange

  fasttrack      FastTrack Traffic - KaZaA, Morpheus, Grokster...

  finger         Finger

  ftp            File Transfer Protocol

  gnutella       Gnutella Version2 Traffic - BearShare, Shareeza, Morpheus ...

  gopher         Gopher

  gre            Generic Routing Encapsulation

  h323           H323 Protocol

  http           World Wide Web traffic

  icmp           Internet Control Message

  imap           Internet Message Access Protocol

  ip             IP

  ipinip         IP in IP (encapsulation)

  ipsec          IP Security Protocol (ESP/AH)

  irc            Internet Relay Chat

  kazaa2         Kazaa Version 2

  kerberos       Kerberos

  l2tp           L2F/L2TP tunnel

  ldap           Lightweight Directory Access Protocol

  llc2           llc2

  mgcp           Media Gateway Control Protocol

  napster        Napster Traffic

  netbios        NetBIOS

  netshow        Microsoft Netshow

  nfs            Network File System

  nntp           Network News Transfer Protocol

  notes          Lotus Notes(R)

  novadigm       Novadigm EDM

  ntp            Network Time Protocol

  ospf           Open Shortest Path First

  pad            PAD links

  pcanywhere     Symantec pcANYWHERE

  pop3           Post Office Protocol

  pppoe          PPP over Ethernet

  pptp           Point-to-Point Tunneling Protocol

  printer        print spooler/lpd

  rcmd           BSD r-commands (rsh, rlogin, rexec)

  rip            Routing Information Protocol

  rsrb           Remote Source-Route Bridging

  rsvp           Resource Reservation Protocol

  rtcp           Real Time Control Protocol

  rtp            Real Time Protocol

  rtsp           Real Time Streaming Protocol

  secure-ftp     FTP over TLS/SSL

  secure-http    Secured HTTP

  secure-imap    Internet Message Access Protocol over TLS/SSL

  secure-irc     Internet Relay Chat over TLS/SSL

  secure-ldap    Lightweight Directory Access Protocol over TLS/SSL

  secure-nntp    Network News Transfer Protocol over TLS/SSL

  secure-pop3    Post Office Protocol over TLS/SSL

  secure-telnet  Telnet over TLS/SSL

  sip            Session Initiation Protocol

  skinny         Skinny Protocol

  smtp           Simple Mail Transfer Protocol

  snapshot       Snapshot routing support

  snmp           Simple Network Management Protocol

  socks          SOCKS

  sqlnet         SQL*NET for Oracle

  sqlserver      MS SQL Server

  ssh            Secured Shell

  streamwork     Xing Technology StreamWorks player

  sunrpc         Sun RPC

  syslog         System Logging Utility

  telnet         Telnet

  tftp           Trivial File Transfer Protocol

  vdolive        VDOLive streaming video

  vofr           voice over Frame Relay packets

  winmx          WinMx file-sharing application

  xwindows       X-Windows remote access

Router1(config-cmap)#

You can obtain and install new PDLM files from Cisco. In the example, we have downloaded a new PDLM file that can identify the BitTorrent protocol. Once we put this file on the router's Flash device, we need to tell NBAR to load the file to make it available:

Router1(config)#ip nbar pdlm flash://bittorrent.pdlm

In the past, Cisco has also made PDLM files available to help network administrators to use NBAR to help to identify hostile applications such as viruses and worms.

We are not aware of PDLM files originating from sources other than Cisco, but we strongly recommend that you use only files that you obtain directly from Cisco. Otherwise, you could potentially open your network to serious security vulnerabilities.

We note in passing that Cisco has also added the option to manually create your own NBAR rules using the ip nbar custom command. This feature should allow you to, for example, define a new protocol by specifying TCP or UDP port numbers, as well as any special rules that look for identifiable content at a particular bit offset in the packet payload. However, the syntax for this feature is confusing, and the parser is apparently unstable in some IOS versions, so we don't currently recommend using it.

The last feature discussed in the Solution section of this recipe is the NBAR Protocol-Discovery feature. This is a useful tool for figuring out what is going through your network, particularly if you are trying to define a QoS strategy. You can use the show ip nbar protocol-discovery command to get detailed statistics on the utilization for every type of protocol that NBAR understands. However, NBAR now supports so many protocols that this complete list is often not very useful for spotting trends. Instead, we suggest using the top-n keyword with a relatively small argument number, such as 5, or at most 10. This will allow you to immediately see statistics for the top protocols for each interface on which you enabled the feature:

Router1#show ip nbar protocol-discovery top-n 5

 FastEthernet0/0

                            Input                    Output

                            -----                    ------

   Protocol                 Packet Count             Packet Count

                            Byte Count               Byte Count

                            5min Bit Rate (bps)      5min Bit Rate (bps)

                            5min Max Bit Rate (bps)  5min Max Bit Rate (bps)

   ------------------------ ------------------------ ------------------------

   icmp                     220                      110

                            25080                    12540

                            0                        0

                            4000                     3000

   http                     55                       104

                            3763                     60019

                            0                        0

                            1000                     4000

   telnet                   130                      71

                            19212                    4269

                            0                        0

                            3000                     1000

   eigrp                    90                       45

                            6660                     3330

                            0                        0

                            0                        0

   secure-http              4                        4

                            248                      216

                            0                        0

                            0                        0

   unknown                  2                        2

                            122                      112

                            0                        0

                            0                        0

   Total                    501                      336

                            55085                    80486

                            0                        0

                            8000                     8000

Router1#

Leading CCIE Training as well as the correctly solution to get CCIE Certification CCIE Training

There is not a needs to have yet another expert coaching or class certificates to qualify. The CCIE Security training is made of a written examination to qualify then the lab exam. You happen to be advised to get on the least 3-5 yrs of job expertise earlier than trying this certification.

The examination for that CCIE Security is of two-hour length with many different decisions. This is made up of hundred queries, which is able to go over topics equal to software package protocols, working programs, basic safety technologies, security protocols, and Cisco security apps. The test supplies are presented within the spot so you aren't authorized to usher in outdoors reference substances.

Network engineers possessing a CCIE certificates are thought about because the expert inside neighborhood engineering discipline in addition to the masters of CISCO services. The CCIE has introduced revolution within the group community when it comes to technically tough assignments and possibilities when using the obligatory instruments and methodologies. You can find a program which updates and reorganizes the instruments to supply good quality company. There's totally different modes of CCIE Exercise like authored examination preparing and effectivity based lab. This facilitates to strengthen the performance and standard within the marketplace. CISCO has launched this certification policy in 1993 that has a watch to distinguish the top industry professionals from your rest.

In order to be certified, initially composed examination have got to be handed after which must cross the lab exam. CISCO in any way instances tries to apply totally diverse CCIE Schooling procedures for bigger overall performance. There are a number of ways for the CCIE certification. The initial phase for certification could be to move a two hours lasting computer system based mostly primarily MCQ oriented created examination. For this examination necessary payments need to be finished through via the web. This examination is related with exam vouchers and promotional codes. The authenticity within the voucher offering company should be well recognized with the candidates. The promotional code should really be accessed appropriately and in case of fraudulent vouchers in conjunction with promotional codes shouldn't acceptable and CISCO will not repay the cost. The candidates really need to wait around five days for that prepared examination following payment plus they cannot sit for that same exact exam for your following 100 eighty days in the event of recertification.

Which includes a see to get certified and eligible for that CCIE Coaching some factors are to get remembered appropriately. As a result of passing the published examination the candidates have got a the majority of 18 months time for trying the lab examination. When the period of time exceeds then the authenticity from the published examination could be invalid. For that to start with timer applied to have CCIE certification the penned examination is available inside of the form of Beta examination with savings attainable. Inside the Beta time period the candidates can sit only the minute for that exam. The results will come within 6 to 8 weeks soon after the examination is in excess of.

The subsequent phase for the CCIE certification certainly is the Lab test. The shortlisted candidates for the authored examination can entirely use for the fingers-on lab exam. Although there are lots of written examination centers of CISCO yet Lab exam services are limited. It is really an eight hour fingers-on functional dependent mainly examination wherein the power of troubleshooting and configuring local community generally based mostly troubles and program are checked. For the scheduling of Lab examination the shortlisted candidates with the earlier composed test needs to existing the identification quantity in conjunction with passing rating as well as date of passing.

The price for Lab examination needs to be cleared before than ninety days belonging to the scheduled test. With out the fee the reservation could be cancelled. Once passing the Lab test combined while using the composed exam the candidates can utilize for the CCIE certification. By considering all the details involved while using the talked about ways, it's possible to obtain the CISCO certification in hand and be competent for that CCIE Education.

The answer to this problem depends upon the type of potential customers distinctions you need to build, also the model of IOS you're managing in your routers.

There must be a little something that defines the different different kinds of visitors that you simply need to prioritize. In general, the less difficult the distinctions are to produce, the higher. This is because all of the tests take router assets and introduce processing delays. The most common rules for distinguishing concerning customers forms use the packet's input interface and straight forward IP header detail such as TCP port quantities. The subsequent examples show find out how to set an IP Precedence worth of quick (2) for all FTP management page views that arrives via the serial0/0 interface, and an IP Precedence of concern (1) for all FTP info visitors. This distinction is feasible for the reason that FTP regulate customers takes advantage of TCP port 21, and FTP data uses port twenty.

The brand new method for configuring this takes advantage of course maps. Cisco first of all introduced this aspect in IOS Model 12.0(5)T. This method first of all defines a class-map that specifies how the router will recognize this sort of visitors. It then defines a policy-map that actually makes the variations with the packet's TOS discipline:

Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#access-list 101 permit any eq ftp any
Router(config)#access-list 101 permit any any eq ftp
Router(config)#access-list 102 permit any eq ftp-data any
Router(config)#access-list 102 permit any any eq ftp-data
Router(config)#class-map match-all ser00-ftpcontrol
Router(config-cmap)#description branch ftp control traffic
Router(config-cmap)#match input-interface serial0/0
Router(config-cmap)#match access-group 101
Router(config-cmap)#exit
Router(config)#class-map match-all ser00-ftpdata
Router(config-cmap)#description branch ftp data traffic
Router(config-cmap)#match input-interface serial0/0
Router(config-cmap)#match access-group 102
Router(config-cmap)#exit
Router(config)#policy-map serialftppolicy
Router(config-pmap)#description branch ftp traffic policy
Router(config-pmap)#class ser00-ftpcontrol
Router(config-pmap-c)#set ip precedence immediate
Router(config-pmap-c)#exit
Router(config-pmap)#class ser00-ftpdata
Router(config-pmap-c)#set ip precedence priority
Router(config-pmap-c)#exit
Router(config-pmap)#exit
Router(config)#interface serial0/0
Router(config-if)#ip route-cache policy
Router(config-if)#service-policy input serialftppolicy
Router(config-if)#exit
Router(config)#end
Router#

For before IOS variations, where exactly class-maps happen to be not accessible, you've gotten make use of policy-based routing to change the TOS discipline in a very packet. Applying this policy for the interface tells the router to work with this policy to test all incoming packets on this interface and rewrite those that match the route map:Router#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#access-list 101 permit any eq ftp any
Router(config)#access-list 101 permit any any eq ftp
Router(config)#access-list 102 permit any eq ftp-data any
Router(config)#access-list 102 permit any any eq ftp-data
Router(config)#route-map serialftp-rtmap permit 10
Router(config-route-map)#match ip address 101
Router(config-route-map)#set ip precedence immediate
Router(config-route-map)#exit
Router(config)#route-map serialftp-rtmap permit 20
Router(config-route-map)#match ip address 102
Router(config-route-map)#set ip precedence priority
Router(config-route-map)#exit
Router(config)#interface serial0/0
Router(config-if)#ip policy route-map serialftp-rtmap
Router(config-if)#ip route-cache policy
Router(config-if)#exit
Router(config)#end
Router#

Right before you'll be able to tag a packet for specific cure, you might have to have a particularly crystal clear idea of what different types of site visitors want specific treatment, as well as precisely what kind of special procedure they are going to need to have. While in the example, we've got chose to give a exclusive concern to FTP targeted traffic acquired on the precise serial interface. We present how one can do that utilising equally the outdated and new configuration solutions.
This will likely seem to be a fairly artificial instance. When all, why would you care about tagging inbound site visitors you have presently received from a low-speed interface? Basically, among the list of most critical principles for implementing QoS within a network is always that you might want to definitely tag the packet as early as is possible, ideally at the edges of the network. Then, because it passes throughout the network, just about every router only has to have a look at the tag, and will not must do any even more classification. In cases like this, we might guarantee that the FTP site traffic returning inside the other gestion is tagged from the primary router that gets it. Therefore the outbound site traffic has previously been tagged, and this is a waste of router resources to reclassify the outbound packets.

Countless organizations actually consider this idea of marking with the edges 1 stage further more, and remark each individual acquired packet. This can help to make sure that users are not requesting exclusive QoS privileges they aren't allowed to own. In spite of this, you should be mindful of this seeing that it will probably often disrupt reliable markings. For instance, a real-time software may very well use RSVP to order bandwidth with the network. It happens to be imperative the packets for this application possess the best suited Expedited Forwarding (EF) DSCP marking or perhaps the network may not manage them competently. On the other hand, you also don't desire to let other non-real-time applications from this identical source hold the same EF concern degree. So, for everybody who is heading to configure your routers to remark all incoming packets in the edges, make sure you figure out what incoming markings are respectable.

In that scenario, the routers are working DLSw to bridge SNA targeted traffic by an IP network. So the routers themselves basically generate the IP packets. This makes an extra problem given that there exists no incoming interface. So that recipe employs community policy-based routing. The very fact which the router results in the packets also presents it a very important advantage simply because it does not have to take into account any DLSw packets that may just come about to pass through.

The benefits within the newer class-map procedure aren't obvious in such a case in point, but among the to begin with enormous features appears if you need to utilize the greater current DSCP tagging scheme. Because the more mature policy-based routing approach will not instantly support DSCP, you've gotten to faux it by setting the two the IP Precedence together with the TOS independently as follows.

Router(config)#route-map serialftp-rtmap permit 10
Router(config-route-map)#match ip address 115
Router(config-route-map)#set ip precedence immediate
Router(config-route-map)#set ip tos max-throughput

In this case, the packet will wind up with an IP Precedence value of immediate, or 2 (010 in binary), and TOS of max-throughput, or 4 (0100 in binary).

Doing the same thing with the class-map method is much more direct:

Router(config)#policy-map serialftppolicy
Router(config-pmap)#class serialftpclass
Router(config-pmap-c)#set ip dscp af21

Class-maps may also be valuable afterwards during this chapter when we discuss class-based weighted honest queuing and class-based page views shaping.
It is crucial to note that in the course of this whole instance, we've only put a distinctive price to the packet's TOS or DSCP area. This, by alone, will not have an affect on how the packet is forwarded via the network. To try and do that, you have to be certain that as every router during the network forwards these marked packets, the interface queues will react appropriately to this facts.

At last, we must always note that as this recipe reveals two valuable techniques of marking packets, using Committed Accessibility Charge (Motor vehicle) elements. Vehicle tends for being alot more productive on bigger speed interfaces.

As a way to acquire a special position in the world of networking the CCIE surely helps any type of IT professional.

CCIE certification course is unquestionably one of the best kinds of IT certification and certification programs offered by Cisco. The CCIE training and certification assist people to face out in the crowd. Those IT professionals, who've achieved this sort of certification, can gain an additional edge in the IT and networking field. But then the CCIE Labs certification is an expensive certification course, reasonably one of the vital costly within the IT area because of which only a few persons are prepared to invest their money this certification course. However then those that are keen to pursue the course can earn an extra advantage. This is the reason why numerous IT professionals observe this CCIE coaching programs and those who are prepared to bear the price of the course can get pleasure from a lot of benefits.

Wage

The lucrative wage which is obtainable to those who have cleared such courses works as an amazing motivation for these people who CCIE certification course. Though cracking this exam with the intention to get hold of this certification isn't any easy process, if one manages to clear it, things might be actually helpful for him. CCIE is extremely respected on account of which if you manage to clear it you would surely earn an additional edge over others. Furthermore the marketplace for the CCIEs could be very competitive as a result of which the licensed individuals on this discipline earn excessive salaries.

Accomplishments

Amongst all the Cisco certifications, this one is surely the hardest and when you handle to change into a CCIE certified professional you'll find yourself as a member of the unique group of the IT professionals. This certification would look splendid on the resume and would also validate one credibility. CCIE in Security gives the IT professional an excellent air of superiority and authority. This technical certification would prove your technical prowess which very few engineers possess.

Job opportunities

Everybody needs to make it large in life and reach the top most place in the profession ladder. Though for a while we have a tendency to remain satisfied with the type of job we're doing this satisfaction is only for a while since nearly all of us crave to enhance each job profile and our wage with the help of some new course. Those IT professionals who are in search of new alternatives both inside the group or exterior it ought to contemplate opting for the CCIE certification. The CCIE coaching and certification would help you to face apart from the rest and show your expertise from the several other IT professionals.

Professional-level skill

Almost all of us possess some special experience which might make us reach the last word objective we are looking for and this is also true for the IT professionals. A IT skilled after acquiring the CCIE coaching and certification would be capable of declare an professional-stage of knowledge in the area of networking. Although acquiring a CCIE course certification may appear to be quite troublesome, it is not unimaginable for with some quantity of effort and funding you will get maintain of a degree which would certainly enable you to make better progress than the others. For those who feel that your peers are gaining more significance in or outside your group and you wish to beat them all then Pass CCIE is the key to success.