HOW TO GET THE CCIE

Cisco routers can watch the physical signals on an interface and trigger a backup interface if the primary link fails. The router will automatically drop the call after the primary circuit comes back up:

Router1#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router1(config)#interface Serial0/0

Router1(config-if)#backup delay 0 300

Router1(config-if)#backup interface BRI0/0

Router1(config-if)#encapsulation frame-relay

Router1(config-if)#down-when-looped

Router1(config-if)#exit

Router1(config)#interface Serial0/0.1 point-to-point

Router1(config-subif)#ip address 10.1.1.10 255.255.255.252

Router1(config-subif)#frame-relay interface-dlci 50

Router1(config-subif)#exit

Router1(config)#interface BRI0/0

Router1(config-if)#ip address 10.1.99.55 255.255.255.0

Router1(config-if)#encapsulation ppp

Router1(config-if)#dialer idle-timeout 300

Router1(config-if)#dialer map ip 10.1.99.1 name dialhost broadcast 95551212

Router1(config-if)#dialer load-threshold 50 either

Router1(config-if)#dialer-group 1

Router1(config-if)#isdn switch-type basic-ni

Router1(config-if)#isdn spid1 800555123400 5551234

Router1(config-if)#isdn spid2 800555123500 5551235

Router1(config-if)#ppp authentication chap

Router1(config-if)#ppp multilink

Router1(config-if)#exit

Router1(config)#dialer-list 1 protocol ip permit

Router1(config)#end

Router1#

In this example, the primary WAN interface is a Frame Relay connection. However, this would work just as well on just about any kind of interface. The main reason why we used Frame Relay is to show that you have to put the backup commands on the physical interface, not on any subinterfaces or virtual interfaces. If this router loses physical signaling on the serial interface, it will automatically bring up the dial backup. The key to this configuration method is the backup command, which you associate with the primary interface:

Router1(config)#interface Serial0/0

Router1(config-if)#backup delay 0 300

Router1(config-if)#backup interface BRI0/0

In this case, you can see that the backup interface for this serial port is the ISDN interface, BRI0/0. We also included a backup delay command, which specifies two times. The first parameter tells the router how long it should wait before bringing up the backup after it loses signals on this primary interface. In this case, we don't want to wait. If there is a failure, we want the backup to activate immediately. However, in some cases, you might want to delay slightly to save money on backup charges in case the primary comes back again right away. So, if you wanted to wait 15 seconds before dialing, you could configure it like this:

Router1(config-if)#backup delay 15 300

The second number tells the router how long to wait after the primary recovers before dropping the dial connection. In Frame Relay in particular, it can take a minute or more after you see physical signals before there is end-to-end connectivity. So it is important to keep the backup link active until everything has stabilized. Also, sometimes a link will bounce up and down if there are electrical problems. Specifying a sensible delay before dropping the backup link ensures helps with link stability.

We have also included the down-when-looped command on the primary interface:

Router1(config)#interface Serial0/0

Router1(config-if)#down-when-looped

The dial backup will only trigger if this interface line protocol is in a down state. Normally, when you put a circuit into a loopback state for testing, the router considers the interface to be in an up state, but looped. However, in this diagnostic state the circuit will not pass any data. So, by configuring down-when-looped, we ensure that the backup will trigger if somebody runs a loopback test (perhaps unintentionally) on the primary circuit.

In general, we don't recommend using the backup interface method for dial backup. There are many types of WAN problems in which you will lose IP connectivity, but you don't lose physical signaling on the interface. For example, in the Frame Relay case again, there could be a problem in the cloud that causes you to lose your virtual circuit. Or you might be connected to a faulty network termination device that keeps signals active even though it doesn't have a real connection.

There is another important disadvantage to using the backup interface method. The router keeps backup interfaces disabled until it needs to dial. This causes two problems.

First, it means that you have to wait longer to dial because the router has to first establish physical connectivity with the backup network. In the case of ISDN, this can take 1015 seconds.

The second problem is that, with ISDN interfaces, you lose the ability to see the state of the ISDN connection. Normally, if an ISDN interface is connected but not dialed, you can use the show isdn status command to verify that it is talking to the carrier's switch correctly. However, since the backup interface is disabled with the method shown in the current recipe, you can't easily verify that your backup circuit is working without failing the primary circuit.

There is actually an interesting way to get around this last problem, though. Instead of making your backup interface be a physical interface like an ISDN port, as we did in this example, you could make the backup interface be a dialer interfac. In this case, the dialer interface will remain down when the primary is working, but the ISDN interface will still be up. And this means that you will be able to use the various show isdn commands, as you can with the other methods.

There is one interesting extra option to the backup interface configuration that can be useful in some situations. In addition to triggering the backup circuit when the primary circuit fails, you can configure the router to trigger the backup circuit when the load on the primary circuit gets heavy. This is a form of bandwidth on demand:

Router1(config)#interface Serial0/0

Router1(config-if)#backup load 75 25

This command trigger the dial backup when the load on the primary interface rises about 75 percent, and deactivates it when the load drops below 25 percent.

Note, however, that to be really useful as additional bandwidth, you have to make sure that the routing over this new connection makes sense. In particular, it doesn't really help much unless the routing protocol sees the two paths as equal and shares the load between them. This will generally require some careful metric tuning in your routing protocol or use of the unequal cost load-sharing features available in some routing protocols. It also may require that the dial backup circuit terminates on the same router as the primary circuit to ensure that two-way load sharing works properly.

AutoQoS is an extremely useful feature that can take a lot of the mystery out of building a QoS policy. Unfortunately, there are several restrictions on this feature that you need to be aware of.

First, it is only available on point-to-point links between routers. This includes point-to-point subinterfaces on ATM and Frame Relay PVCs, as shown in the example. The feature is also available on PPP and HDLC Serial connections. It cannot be used on any multiple access media, including Ethernets, or multipoint subinterfaces.

Second, it can't be used with any virtual templates or frame map statements. It cannot be used with either Frame Relay or ATM SVCs.

Third, it must be enabled on both ends of each link or PVC. This doesn't necessarily mean that both routers must run the same IOS version, however, as long as the AutoQoS feature is available on both routers.

Fourth, you should disable any other service policies or access-groups on the router, even if they are associated with different interfaces.

And finally, you must ensure that CEF is enabled for this feature to work.

AutoQoS for VoIP was introduced in IOS Version 12.2(15)T. This command is actually a macro that adds a series of commands to your router's configuration. You can use the show auto qos command to see exactly what it has added:

Router1#show auto qos

 !

 policy-map AutoQoS-Policy-UnTrust

  class AutoQoS-VoIP-RTP-UnTrust

   priority percent 70

   set dscp ef

  class AutoQoS-VoIP-Control-UnTrust

   bandwidth percent 5

   set dscp af31

  class AutoQoS-VoIP-Remark

   set dscp default

  class class-default

   fair-queue

 !

 ip access-list extended AutoQoS-VoIP-RTCP

  permit udp any any range 16384 32767

 !

 ip access-list extended AutoQoS-VoIP-Control

  permit tcp any any eq 1720

  permit tcp any any range 11000 11999

  permit udp any any eq 2427

  permit tcp any any eq 2428

  permit tcp any any range 2000 2002

  permit udp any any eq 1719

  permit udp any any eq 5060

 !

 rmon event 33333 log trap AutoQoS description "AutoQoS SNMP traps for Voice Drops" owner AutoQoS

 rmon alarm 33333 cbQosCMDropBitRate.1169.1171 30 absolute rising-threshold 1 33333 falling-threshold 0 owner AutoQoS

Serial0/0.1: DLCI 904 -

 !

 interface Serial0/0

  frame-relay traffic-shaping

 !

 interface Serial0/0.1 point-to-point

  frame-relay interface-dlci 904

   class AutoQoS-FR-Se0/0-904

 !

 map-class frame-relay AutoQoS-FR-Se0/0-904

  frame-relay cir 1544000

  frame-relay bc 15440

  frame-relay be 0

  frame-relay mincir 1544000

  service-policy output AutoQoS-Policy-UnTrust

Router1#

Clearly, this little macro has done a lot of work, and in fact this command output doesn't show the class-maps that were created at the same time! Let's examine what it did. First, it created a policy-map called AutoQoS-Policy-UnTrust, which allocates up to 70% of the bandwidth on this link to voice traffic and another 5% to VoIP control packets. It also sets the DSCP values for these traffic streams, overriding whatever values were previously in the packets. All other traffic is configured to use weighted fair-queuing (WFQ).

Then, skipping over the access-lists, whose purpose is fairly clear, the macro has created an RMON rule that will automatically send an SNMP trap every time the router is forced to drop a voice packet. You can then use these trap logs to determine if the queuing parameters are appropriate. If you find that you are dropping a lot of packets, then you may need to increase your bandwidth to reduce congestion.

And finally, it has implemented Frame Relay Traffic Shaping to ensure that the router doesn't attempt to overrun the CIR for the PVC. This is a critical consideration because, by default, the router will assume that it can transmit at wire speed on each PVC individually. So if you have several PVCs on a single physical circuit, it will allow any of them to burst to the full bandwidth capacity of the interface, possibly over-running the CIR of the PVC. As a result, even with the best queuing strategy on the router, you could find yourself dropping packets in the frame cloud.

The AutoQoS for the Enterprise feature was introduced in IOS Version 12.3(7)T. It classifies traffic into 10 categories, which are listed in Table 11-2. Note that if the discovery feature doesn't see any traffic of a particular type, then AutoQoS will not create a corresponding class on the router.

Table 11-2. AutoQos traffic classes
Class Name	DSCP	Description
IP Routing	CS6	Routing protocol and ICMP traffic
Interactive Voice	EF	RTP Voice traffic
Interactive Video	AF41	RTP Video traffic
Streaming Video	CS4	Various streaming audio and video protocols, such as CU-SeeMe, RealAudio, and Netshow
Telephony Signaling	CS3	RTP and H.323
Transactional/Interactive	AF21	Database protocols, such as SAP, SQLNet, and SQLServer, as well as interactive protocols, including Citrix, Telnet, Notes, SSH, and X11
Network Management	CS2	Primarily SNMP
Bulk Data	AF11	Batch file transfer protocols such as FTP, Exchange, POP3, SMTP, NNTP, and network printing
Scavenger	CS1	Various peer-to-peer and entertainment protocols, including Napster, Fasttrack, and Gnutella; this group is given a worse than best-efforts priority
Best Effort	0	Various miscellaneous protocols, including HTTP, NFS, SunRPC, NTP, and gopher, as well as any unidentified traffic

We enabled auto discovery QoS on both ends of a Frame-Relay PVC, ran some traffic through the link and then looked at the output of the show auto discovery qos command to see what the router suggested for a QoS policy:

Router1#show auto discovery qos

Serial0/0.1

 AutoQoS Discovery enabled for applications

 Discovery up time: 3 minutes, 41 seconds

 AutoQoS Class information:

 Class Voice:

  No data found.

 Class Interactive Video:

  No data found.

 Class Signaling:

  No data found.

 Class Streaming Video:

  No data found.

 Class Transactional:

  Recommended Minimum Bandwidth: 1 Kbps/<1% (AverageRate)

  Detected applications and data:

  Application/       AverageRate        PeakRate           Total

  Protocol           (kbps/%)           (kbps/%)           (bytes)

  -----------        -----------        --------           ------------

  telnet             1/<1               32/2               53404

 Class Bulk:

  No data found.

 Class Scavenger:

  No data found.

 Class Management:

  Recommended Minimum Bandwidth: 1 Kbps/<1% (AverageRate)

  Detected applications and data:

  Application/       AverageRate        PeakRate           Total

  Protocol           (kbps/%)           (kbps/%)           (bytes)

  -----------        -----------        --------           ------------

  snmp               1/<1               11/<1              50245

 Class Routing:

  Recommended Minimum Bandwidth: 0 Kbps/0% (AverageRate)

  Detected applications and data:

  Application/       AverageRate        PeakRate           Total

  Protocol           (kbps/%)           (kbps/%)           (bytes)

  -----------        -----------        --------           ------------

  icmp               0/0                8/<1               11432

  eigrp              0/0                0/0                6016

 Class Best Effort:

  Current Bandwidth Estimation: 3 Kbps/<1% (AverageRate)

  Detected applications and data:

  Application/       AverageRate        PeakRate           Total

  Protocol           (kbps/%)           (kbps/%)           (bytes)

  -----------        -----------        --------           ------------

  http               3/<1               33/2               84777

  unknowns           0/0                0/0                184

Suggested AutoQoS Policy for the current uptime:

 !

 class-map match-any AutoQoS-Transactional-Se0/0.1

  match protocol telnet

 !

 class-map match-any AutoQoS-Management-Se0/0.1

  match protocol snmp

 !

 policy-map AutoQoS-Policy-Se0/0.1

  class AutoQoS-Transactional-Se0/0.1

   bandwidth remaining percent 1

   random-detect dscp-based

   set dscp af21

  class AutoQoS-Management-Se0/0.1

   bandwidth remaining percent 1

   set dscp cs2

  class class-default

   fair-queue

Router1#

As you can see, we didn't let the discovery phase run for very long, and consequently did not discovery very many types of traffic. The router saw no traffic in the Voice, Interactive Video, Telephony Signaling, Streaming Video, Bulk, or Scavenger classes. But it did see some TELNET traffic in the Transactional class, some SNMP traffic in the Network Management class, as well as some Routing Protocol and Best Efforts traffic. Note that the command output includes average and peak rate traffic statistics, which the router will use to help determine queuing parameters:

Class Best Effort:

  Current Bandwidth Estimation: 3 Kbps/<1% (AverageRate)

  Detected applications and data:

  Application/       AverageRate        PeakRate           Total

  Protocol           (kbps/%)           (kbps/%)           (bytes)

  -----------        -----------        --------           ------------

  http               3/<1               33/2               84777

  unknowns           0/0                0/0                184

The output then ends with a suggestion for a QoS policy-map to be applied to this interface. This output shows that the AutoQoS feature uses the NBAR match command to identify protocols. NBAR is the basis of AutoQoS.

Once we are satisfied that this is a good QoS policy, we enable it by using the auto qos command:

Router1(config)#interface Serial0/0.1 point-to-point

Router1(config-subif)#frame-relay interface-dlci 904

Router1(config-fr-dlci)#auto qos

%Creating new map-class.

Router1(config-fr-dlci)#no auto discovery qos

Router1(config-fr-dlci)#exit

Router1(config-subif)#exit

It is critical to enable AutoQoS before disabling the discovery feature. Otherwise, the router will lose all of the traffic information that it has learned.

If you want to see the new configuration commands that AutoQoS has added to your router, use the show auto qos command:

Router1#show auto qos

 !

 policy-map AutoQoS-Policy-Se0/0.1

  class AutoQoS-Transactional-Se0/0.1

   bandwidth remaining percent 1

   random-detect dscp-based

   set dscp af21

  class AutoQoS-Routing-Se0/0.1

   bandwidth remaining percent 1

   set dscp cs6

  class class-default

   fair-queue

 !

 policy-map AutoQoS-Policy-Se0/0.1-Parent

  class class-default

   shape average 1544000

   service-policy AutoQoS-Policy-Se0/0.1

 !

 class-map match-any AutoQoS-Transactional-Se0/0.1

  match protocol telnet

 !

 class-map match-any AutoQoS-Routing-Se0/0.1

  match protocol icmp

  match protocol eigrp

  match protocol rip

Serial0/0.1: DLCI 904 -

 !

 interface Serial0/0.1 point-to-point

  frame-relay interface-dlci 904

   class AutoQoS-FR-Se0/0-904

 !

 map-class frame-relay AutoQoS-FR-Se0/0-904

  frame-relay cir 1544000

  frame-relay bc 15440

  frame-relay be 0

  frame-relay mincir 1544000

  service-policy output AutoQoS-Policy-Se0/0.1-Parent

Router1#

Note that the actual policy map does not exactly match the version that we saw earlier during the data collection phase. The biggest difference is that the router saw some additional RIP traffic in the meantime and added this protocol to the class called AutoQoS-Routing-Se0/0.1. It has also created a Frame Relay map class that includes traffic shaping parameters for the PVC.

Because AutoQoS adds so many different commands to the router configuration, if you want to disable AutoQoS, it is not sufficient to just remove the auto qos command. You will need to remove all of the other commands separately. In fact, you should be careful about removing this command because if you do so, the show auto qos command will no longer function, making it much more difficult to figure out what commands are actually related to this feature. To make matters worse, once you have removed the auto qos command, you can't even put it back because the router needs to repeat the discovery phase first!

If you want to remove this feature after you have enabled it, we recommend capturing the output of the show auto qos command and using a text editor to create a configuration script that selectively eliminates all of the associated commands.

AutoQoS for the Enterprise can be a useful way of generating a detailed queuing strategy for your network. We do urge some caution in using this feature, however. In our experience, the discovery option can be unreliable. In particular, if you are using NBAR or have access-groups enabled on the router, this can interfere with the data collection. Furthermore, we have seen questionable results in the output that went away after disabling and re-enabling the discovery option.

We strongly recommend looking very closely at the recommendations made by this command before implementing them.

By using CCIE, gurus have an opportunity to determine by themselves throughout the area of networking. Only some thousand individuals are believed to obvious the CCIE examination. CCIE labs are deemed to impart substantial phase of coaching ambiance, which functions being a significant gain for candidates.

CCIE examination entails two assessments, which can be a CCIE composed test in addition to a CCIE lab test. To be able to attempt the lab exam, you'll have to clear the written test. If you are not in a situation to apparent the developed examination the 1st time, it is best to observe to get a hundred and eighty days for retaking it. Following clearing the published examine, it is really ideal to produce an consider for your CCIE lab examination within just 18 months. It you happen to be incapable to crystal clear the lab examination, then you definitely might re-try inside of 12 months using a look at to take care of the developed examination result legitimate.

It's a time limit of two hours and is also carried out in a variety of have a look at centers across the world. The matters lined within the published exam depend on the specialization or track you end up picking. For service provider, you could choose from classes like Cable, DSL, IP Telephony, Dial, Subject matter content Networking, Optical, WAN switching, and Metro Ethernet. Each published examination is designed available within the beta sort at a worth of $50 USD.

The CCIE lab examination is exceptional in nature, as it's an eight-hour test, which exams the power with the applicant to configure and troubleshoot networking products. Cisco has superior degree of package in its CCIE labs for use in the lab exams. The blue print in the lab test is obtainable on its web-site. The lab examination is not for sale in any respect Pearson VUE or Prometric testing centers.

A normal CCIE R&S lab examination contains a two-hour hassle-taking pictures section by which you're presented a collection of tickets for preconfigured networks inside the CCIE labs. You'll want to have the ability to identify and resolve the faults. You can proceed towards the configuration part subsequent to you end the troubleshooting part.

A sound passing score is critical to try a CCIE Labs exam. Cisco uses the help of proctors to guage the candidates inside preliminary rounds in its CCIE labs located worldwide. Factors are awarded when a criterion is met and grading is completed applying some computerized tools. The outcomes of a lab examination are mirrored within just forty eight hrs. A move/fail is projected throughout the end outcome and in case of a fail, the areas where you're lacking behind are talked about so as to put together properly earlier than a re-try.

Cisco stands out inside the field of networking by providing a CCIE certification so that you can pursue your education as well as get acknowledged by a reputed organization. The CCIE lab exam can be utilized being a platform to challenge your capability in varied tracks provided by Cisco. Attempting a lab examination requires rigorous workout and excessive sense of understanding. The CCIE labs form step one to your large potential career.

The NBAR feature is used to identify traffic within a class-map. You can then use the class-map in a policy-map to define how the router should handle each application data stream:

Router1#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router1(config)#ip cef

Router1(config)#class-map INTERACTIVE

Router1(config-cmap)#match protocol citrix

Router1(config-cmap)#match protocol telnet

Router1(config-cmap)#exit

Router1(config)#policy-map QoSPolicy

Router1(config-pmap)#class INTERACTIVE

Router1(config-pmap-c)#bandwidth percent 50

Router1(config-pmap-c)#set dscp ef

Router1(config-pmap-c)#exit

Router1(config-pmap)#class class-default

Router1(config-pmap-c)#bandwidth percent 20

Router1(config-pmap-c)#random-detect dscp-based

Router1(config-pmap-c)#exit

Router1(config-pmap)#exit

Router1(config)#interface FastEthernet0/0

Router1(config-fi)#service-policy inbound QoSPolicy

Router1(config-if)#exit

Router1(config)#end

Router1#

Cisco also offers the ability to download specialized Packet Description Language Module (PDLM) files onto the router's flash device, and then activate them for use with NBAR classification:

Router1#show flash

System flash directory:

File  Length   Name/status

  1   23169076  c2600-ipvoice-mz.124-10.bin

  2   3100     bittorrent.pdlm

[23172304 bytes used, 9857836 available, 33030140 total]

32768K bytes of processor board System flash (Read/Write)

Router1#Router1#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router1(config)#ip nbar pdlm flash://bittorrent.pdlm

Router1(config)#class-map BITTORRENT

Router1(config-cmap)#match protocol bittorrent

Router1(config-cmap)#exit

Router1(config)#end

Router1#

And you can also use NBAR to automatically profile the protocols on a particular interface:

Router1#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router1(config)#interface FastEthernet0/0

Router1(config-if)#ip nbar protocol-discovery

Router1(config-if)#exit

Router1(config)#end

Router1#

Network Based Application Recognition (NBAR) is an extremely useful feature that first became available in IOS Version 12.0(5)XE2, and more generally in 12.1(5)T. Cisco continues to add new protocols to NBAR, allowing you to categorize more and more different traffic streams on your network. The one caveat to using NBAR is that it can introduce a heavy additional load on your router's CPU. We recommend monitoring the CPU utilization after implementing any NBAR-based filtering, at least until you are confident that the router is not straining under the additional load.

The basic syntax is to set up a class-map, and then use the match protocol command with the appropriate keyword:

Router1(config)#class-map INTERACTIVE

Router1(config-cmap)#match protocol citrix

Router1(config-cmap)#match protocol telnet

We used Citrix as an example protocol in this recipe because it is a classic example of the need for the NBAR feature. This is a proprietary protocol that is used in thin-client architectures. The end user's workstation is just a terminal that displays graphical information from the screen of a centrally located computer running a virtual desktop for the user. The protocol transmits graphical information and keystrokes. Because it is an interactive application, it needs to be given high priority through the network. However, it is notoriously difficult to reliably identify from Layer 3 and 4 information:

As the example shows, you can then use this class in a policy-map:

Router1(config)#policy-map QoSPolicy

Router1(config-pmap)#class INTERACTIVE

Router1(config-pmap-c)#bandwidth percent 50

Router1(config-pmap-c)#set dscp ef

Router1(config-pmap-c)#exit

NBAR classifies applications at the application layer, allowing you to differentiate between different streams of traffic that may actually use the same UDP or TCP port numbers, as well as streams of traffic that may use a variety of ports or even arbitrary port numbers.

Here is a list of supported protocols as of IOS Version 12.4(10):

Router1(config-cmap)#match protocol ?

  arp            IP ARP

  bgp            Border Gateway Protocol

  bridge         Bridging

  cdp            Cisco Discovery Protocol

  citrix         Citrix Systems ICA protocol

  clns           ISO CLNS

  clns_es        ISO CLNS End System

  clns_is        ISO CLNS Intermediate System

  cmns           ISO CMNS

  compressedtcp  Compressed TCP (VJ)

  cuseeme        CU-SeeMe desktop video conference

  dhcp           Dynamic Host Configuration

  dns            Domain Name Server lookup

  edonkey        eDonkey

  egp            Exterior Gateway Protocol

  eigrp          Enhanced Interior Gateway Routing Protocol

  exchange       MS-RPC for Exchange

  fasttrack      FastTrack Traffic - KaZaA, Morpheus, Grokster...

  finger         Finger

  ftp            File Transfer Protocol

  gnutella       Gnutella Version2 Traffic - BearShare, Shareeza, Morpheus ...

  gopher         Gopher

  gre            Generic Routing Encapsulation

  h323           H323 Protocol

  http           World Wide Web traffic

  icmp           Internet Control Message

  imap           Internet Message Access Protocol

  ip             IP

  ipinip         IP in IP (encapsulation)

  ipsec          IP Security Protocol (ESP/AH)

  irc            Internet Relay Chat

  kazaa2         Kazaa Version 2

  kerberos       Kerberos

  l2tp           L2F/L2TP tunnel

  ldap           Lightweight Directory Access Protocol

  llc2           llc2

  mgcp           Media Gateway Control Protocol

  napster        Napster Traffic

  netbios        NetBIOS

  netshow        Microsoft Netshow

  nfs            Network File System

  nntp           Network News Transfer Protocol

  notes          Lotus Notes(R)

  novadigm       Novadigm EDM

  ntp            Network Time Protocol

  ospf           Open Shortest Path First

  pad            PAD links

  pcanywhere     Symantec pcANYWHERE

  pop3           Post Office Protocol

  pppoe          PPP over Ethernet

  pptp           Point-to-Point Tunneling Protocol

  printer        print spooler/lpd

  rcmd           BSD r-commands (rsh, rlogin, rexec)

  rip            Routing Information Protocol

  rsrb           Remote Source-Route Bridging

  rsvp           Resource Reservation Protocol

  rtcp           Real Time Control Protocol

  rtp            Real Time Protocol

  rtsp           Real Time Streaming Protocol

  secure-ftp     FTP over TLS/SSL

  secure-http    Secured HTTP

  secure-imap    Internet Message Access Protocol over TLS/SSL

  secure-irc     Internet Relay Chat over TLS/SSL

  secure-ldap    Lightweight Directory Access Protocol over TLS/SSL

  secure-nntp    Network News Transfer Protocol over TLS/SSL

  secure-pop3    Post Office Protocol over TLS/SSL

  secure-telnet  Telnet over TLS/SSL

  sip            Session Initiation Protocol

  skinny         Skinny Protocol

  smtp           Simple Mail Transfer Protocol

  snapshot       Snapshot routing support

  snmp           Simple Network Management Protocol

  socks          SOCKS

  sqlnet         SQL*NET for Oracle

  sqlserver      MS SQL Server

  ssh            Secured Shell

  streamwork     Xing Technology StreamWorks player

  sunrpc         Sun RPC

  syslog         System Logging Utility

  telnet         Telnet

  tftp           Trivial File Transfer Protocol

  vdolive        VDOLive streaming video

  vofr           voice over Frame Relay packets

  winmx          WinMx file-sharing application

  xwindows       X-Windows remote access

Router1(config-cmap)#

You can obtain and install new PDLM files from Cisco. In the example, we have downloaded a new PDLM file that can identify the BitTorrent protocol. Once we put this file on the router's Flash device, we need to tell NBAR to load the file to make it available:

Router1(config)#ip nbar pdlm flash://bittorrent.pdlm

In the past, Cisco has also made PDLM files available to help network administrators to use NBAR to help to identify hostile applications such as viruses and worms.

We are not aware of PDLM files originating from sources other than Cisco, but we strongly recommend that you use only files that you obtain directly from Cisco. Otherwise, you could potentially open your network to serious security vulnerabilities.

We note in passing that Cisco has also added the option to manually create your own NBAR rules using the ip nbar custom command. This feature should allow you to, for example, define a new protocol by specifying TCP or UDP port numbers, as well as any special rules that look for identifiable content at a particular bit offset in the packet payload. However, the syntax for this feature is confusing, and the parser is apparently unstable in some IOS versions, so we don't currently recommend using it.

The last feature discussed in the Solution section of this recipe is the NBAR Protocol-Discovery feature. This is a useful tool for figuring out what is going through your network, particularly if you are trying to define a QoS strategy. You can use the show ip nbar protocol-discovery command to get detailed statistics on the utilization for every type of protocol that NBAR understands. However, NBAR now supports so many protocols that this complete list is often not very useful for spotting trends. Instead, we suggest using the top-n keyword with a relatively small argument number, such as 5, or at most 10. This will allow you to immediately see statistics for the top protocols for each interface on which you enabled the feature:

Router1#show ip nbar protocol-discovery top-n 5

 FastEthernet0/0

                            Input                    Output

                            -----                    ------

   Protocol                 Packet Count             Packet Count

                            Byte Count               Byte Count

                            5min Bit Rate (bps)      5min Bit Rate (bps)

                            5min Max Bit Rate (bps)  5min Max Bit Rate (bps)

   ------------------------ ------------------------ ------------------------

   icmp                     220                      110

                            25080                    12540

                            0                        0

                            4000                     3000

   http                     55                       104

                            3763                     60019

                            0                        0

                            1000                     4000

   telnet                   130                      71

                            19212                    4269

                            0                        0

                            3000                     1000

   eigrp                    90                       45

                            6660                     3330

                            0                        0

                            0                        0

   secure-http              4                        4

                            248                      216

                            0                        0

                            0                        0

   unknown                  2                        2

                            122                      112

                            0                        0

                            0                        0

   Total                    501                      336

                            55085                    80486

                            0                        0

                            8000                     8000

Router1#

It is really aimed to choose the specialists within the networking firm for that famend company giving possibilities for the technical departments. Which has a objective to get CCIE certification the candidates really have to transfer by two critical pick tests. To start with, the published test is usually to be handed once which the candidates can sit for that Lab test. The brief-listed candidates can solely have CCIE certification. In an effort to get ready for the CCIE exams, CCIE Bootcamp is created.

CCIE Bootcamps offer you essentially the most easy solution of passing out the checks of CCIE. You can get a considerable number of companies pretty institutes which offer CCIE Bootcamp coaching comparable to Cathay School. By having a view to expand to become eligible for your bootcamps the institutes in most cases present a prerequisite. It will help to spice up the prospect of your candidates to maneuver the CCIE exams inside of a better way than other individuals. This prerequisite is referred to as CCNP position.

The affiliated fee for using the CCIE Protection examination is significant, so most candidates go for just a preparation course to cross it in a single sitting. Some unbiased businesses and establishments deliver courses and workshop to these deciding upon CCIE Stability coaching. Nonetheless, most candidates prefer to make use of the instructor-led and on-line workshops, which Cisco present, as being a element of Authorized Learning Companions system. The teaching choices are provided plus the educators are acknowledged by Cisco.

For your CCIE Stability certification, you need to register for that created examination in your area of specialization. Most of the exams are done with the Cisco authorized facility, which also accepts expenditure for that exam. The price of using a CCIE composed examination is from $80 to $325. The published exam is supervised and executed on a home pc. It is of one or two hours paper made up of many selections, drag and drop thoughts and fill inside blanks. Apart from white boards and markers for calculations, for a candidate for CCIE Protection coaching examination, you are not permitted to carry some other item towards the examination corridor.

CCIE Bootcamp is accompanied along with a amount of approaches to deliver the most effective planning material for the students. They generally supply some must-have textbooks to prepare them for the developed CCIE get a look at jointly with some online world entry for that Lab check. Relying on these two categories the CCIE Bootcamps is divided into two sections. The divisions are class construction and the Lab simulation. The category building will require two phases and they're fingers-on coaching and lectured-based principally classes. Within just the category construction the college students are supplied while using info of Bit splitting, VLSM and many others. But the lab simulation is critical portion of CCIE Bootcamp. Right here the scholars are subjected to deal with quite a few real-life dilemmas and therefore the troubleshooting skills are checked properly. That is certainly the final stage of CCIE Bootcamps the put the students are nicely-prepared for that Blueprintv4, MPLS etcetera. These methodologies guide students to troubleshoot any real-life challenges and make improvements to the facility to learn the correct answers.

But there are number of trustworthy institutes available out there around the market place which offers full CCIE Bootcamps. One in every of a large number of properly-renowned institutes is Cathay School which renders extremely excellent manufacturers in the event of bootcamps for CCIE. They supply bootcamp amenities to fairly big variety of school students from a number of corners around the world like Australia, Norway, Uk, Sweden, USA and a multitude of a lot of. In accordance while using the statistics of this institute from 2005, they are sustaining doc various proportion of passing fee in CCIE test. This file is alone a form of guarantee for them. There are numerous leads to to pick out Cathay College for CCIE Bootcamps. The report variety of passing price of nearly 90% is the most attractive functionality of it. Besides it, one particular other excellent characteristic often is the one-to-one lab coaching which enable the pupils to filter out all of the doubts regarding any downside through the instructors.

The essential advice regarding the bootcamp is obtainable into the reliable company web-site that is cathayschool.com. It is a incredibly convenient webpage which can provide quite a few putting amenities like on-line Self-Study CCIE Lab Workbooks, one-on-one using the web coaching, Instructor Led workout and so on. Each of the facilities as well as training course durations together along with the money are effectively-described right here like that the visitors may want to not be required to confront any form of trouble about CCIE Bootcamps.

The NBAR feature is used to identify traffic within a class-map. You can then use the class-map in a policy-map to define how the router should handle each application data stream:

Router1#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router1(config)#ip cef

Router1(config)#class-map INTERACTIVE

Router1(config-cmap)#match protocol citrix

Router1(config-cmap)#match protocol telnet

Router1(config-cmap)#exit

Router1(config)#policy-map QoSPolicy

Router1(config-pmap)#class INTERACTIVE

Router1(config-pmap-c)#bandwidth percent 50

Router1(config-pmap-c)#set dscp ef

Router1(config-pmap-c)#exit

Router1(config-pmap)#class class-default

Router1(config-pmap-c)#bandwidth percent 20

Router1(config-pmap-c)#random-detect dscp-based

Router1(config-pmap-c)#exit

Router1(config-pmap)#exit

Router1(config)#interface FastEthernet0/0

Router1(config-fi)#service-policy inbound QoSPolicy

Router1(config-if)#exit

Router1(config)#end

Router1#

Cisco also offers the ability to download specialized Packet Description Language Module (PDLM) files onto the router's flash device, and then activate them for use with NBAR classification:

Router1#show flash

System flash directory:

File  Length   Name/status

  1   23169076  c2600-ipvoice-mz.124-10.bin

  2   3100     bittorrent.pdlm

[23172304 bytes used, 9857836 available, 33030140 total]

32768K bytes of processor board System flash (Read/Write)

Router1#Router1#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router1(config)#ip nbar pdlm flash://bittorrent.pdlm

Router1(config)#class-map BITTORRENT

Router1(config-cmap)#match protocol bittorrent

Router1(config-cmap)#exit

Router1(config)#end

Router1#

And you can also use NBAR to automatically profile the protocols on a particular interface:

Router1#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router1(config)#interface FastEthernet0/0

Router1(config-if)#ip nbar protocol-discovery

Router1(config-if)#exit

Router1(config)#end

Router1#

Network Based Application Recognition (NBAR) is an extremely useful feature that first became available in IOS Version 12.0(5)XE2, and more generally in 12.1(5)T. Cisco continues to add new protocols to NBAR, allowing you to categorize more and more different traffic streams on your network. The one caveat to using NBAR is that it can introduce a heavy additional load on your router's CPU. We recommend monitoring the CPU utilization after implementing any NBAR-based filtering, at least until you are confident that the router is not straining under the additional load.

The basic syntax is to set up a class-map, and then use the match protocol command with the appropriate keyword:

Router1(config)#class-map INTERACTIVE

Router1(config-cmap)#match protocol citrix

Router1(config-cmap)#match protocol telnet

We used Citrix as an example protocol in this recipe because it is a classic example of the need for the NBAR feature. This is a proprietary protocol that is used in thin-client architectures. The end user's workstation is just a terminal that displays graphical information from the screen of a centrally located computer running a virtual desktop for the user. The protocol transmits graphical information and keystrokes. Because it is an interactive application, it needs to be given high priority through the network. However, it is notoriously difficult to reliably identify from Layer 3 and 4 information:

As the example shows, you can then use this class in a policy-map:

Router1(config)#policy-map QoSPolicy

Router1(config-pmap)#class INTERACTIVE

Router1(config-pmap-c)#bandwidth percent 50

Router1(config-pmap-c)#set dscp ef

Router1(config-pmap-c)#exit

NBAR classifies applications at the application layer, allowing you to differentiate between different streams of traffic that may actually use the same UDP or TCP port numbers, as well as streams of traffic that may use a variety of ports or even arbitrary port numbers.

Here is a list of supported protocols as of IOS Version 12.4(10):

Router1(config-cmap)#match protocol ?

  arp            IP ARP

  bgp            Border Gateway Protocol

  bridge         Bridging

  cdp            Cisco Discovery Protocol

  citrix         Citrix Systems ICA protocol

  clns           ISO CLNS

  clns_es        ISO CLNS End System

  clns_is        ISO CLNS Intermediate System

  cmns           ISO CMNS

  compressedtcp  Compressed TCP (VJ)

  cuseeme        CU-SeeMe desktop video conference

  dhcp           Dynamic Host Configuration

  dns            Domain Name Server lookup

  edonkey        eDonkey

  egp            Exterior Gateway Protocol

  eigrp          Enhanced Interior Gateway Routing Protocol

  exchange       MS-RPC for Exchange

  fasttrack      FastTrack Traffic - KaZaA, Morpheus, Grokster...

  finger         Finger

  ftp            File Transfer Protocol

  gnutella       Gnutella Version2 Traffic - BearShare, Shareeza, Morpheus ...

  gopher         Gopher

  gre            Generic Routing Encapsulation

  h323           H323 Protocol

  http           World Wide Web traffic

  icmp           Internet Control Message

  imap           Internet Message Access Protocol

  ip             IP

  ipinip         IP in IP (encapsulation)

  ipsec          IP Security Protocol (ESP/AH)

  irc            Internet Relay Chat

  kazaa2         Kazaa Version 2

  kerberos       Kerberos

  l2tp           L2F/L2TP tunnel

  ldap           Lightweight Directory Access Protocol

  llc2           llc2

  mgcp           Media Gateway Control Protocol

  napster        Napster Traffic

  netbios        NetBIOS

  netshow        Microsoft Netshow

  nfs            Network File System

  nntp           Network News Transfer Protocol

  notes          Lotus Notes(R)

  novadigm       Novadigm EDM

  ntp            Network Time Protocol

  ospf           Open Shortest Path First

  pad            PAD links

  pcanywhere     Symantec pcANYWHERE

  pop3           Post Office Protocol

  pppoe          PPP over Ethernet

  pptp           Point-to-Point Tunneling Protocol

  printer        print spooler/lpd

  rcmd           BSD r-commands (rsh, rlogin, rexec)

  rip            Routing Information Protocol

  rsrb           Remote Source-Route Bridging

  rsvp           Resource Reservation Protocol

  rtcp           Real Time Control Protocol

  rtp            Real Time Protocol

  rtsp           Real Time Streaming Protocol

  secure-ftp     FTP over TLS/SSL

  secure-http    Secured HTTP

  secure-imap    Internet Message Access Protocol over TLS/SSL

  secure-irc     Internet Relay Chat over TLS/SSL

  secure-ldap    Lightweight Directory Access Protocol over TLS/SSL

  secure-nntp    Network News Transfer Protocol over TLS/SSL

  secure-pop3    Post Office Protocol over TLS/SSL

  secure-telnet  Telnet over TLS/SSL

  sip            Session Initiation Protocol

  skinny         Skinny Protocol

  smtp           Simple Mail Transfer Protocol

  snapshot       Snapshot routing support

  snmp           Simple Network Management Protocol

  socks          SOCKS

  sqlnet         SQL*NET for Oracle

  sqlserver      MS SQL Server

  ssh            Secured Shell

  streamwork     Xing Technology StreamWorks player

  sunrpc         Sun RPC

  syslog         System Logging Utility

  telnet         Telnet

  tftp           Trivial File Transfer Protocol

  vdolive        VDOLive streaming video

  vofr           voice over Frame Relay packets

  winmx          WinMx file-sharing application

  xwindows       X-Windows remote access

Router1(config-cmap)#

You can obtain and install new PDLM files from Cisco. In the example, we have downloaded a new PDLM file that can identify the BitTorrent protocol. Once we put this file on the router's Flash device, we need to tell NBAR to load the file to make it available:

Router1(config)#ip nbar pdlm flash://bittorrent.pdlm

In the past, Cisco has also made PDLM files available to help network administrators to use NBAR to help to identify hostile applications such as viruses and worms.

We are not aware of PDLM files originating from sources other than Cisco, but we strongly recommend that you use only files that you obtain directly from Cisco. Otherwise, you could potentially open your network to serious security vulnerabilities.

We note in passing that Cisco has also added the option to manually create your own NBAR rules using the ip nbar custom command. This feature should allow you to, for example, define a new protocol by specifying TCP or UDP port numbers, as well as any special rules that look for identifiable content at a particular bit offset in the packet payload. However, the syntax for this feature is confusing, and the parser is apparently unstable in some IOS versions, so we don't currently recommend using it.

The last feature discussed in the Solution section of this recipe is the NBAR Protocol-Discovery feature. This is a useful tool for figuring out what is going through your network, particularly if you are trying to define a QoS strategy. You can use the show ip nbar protocol-discovery command to get detailed statistics on the utilization for every type of protocol that NBAR understands. However, NBAR now supports so many protocols that this complete list is often not very useful for spotting trends. Instead, we suggest using the top-n keyword with a relatively small argument number, such as 5, or at most 10. This will allow you to immediately see statistics for the top protocols for each interface on which you enabled the feature:

Router1#show ip nbar protocol-discovery top-n 5

 FastEthernet0/0

                            Input                    Output

                            -----                    ------

   Protocol                 Packet Count             Packet Count

                            Byte Count               Byte Count

                            5min Bit Rate (bps)      5min Bit Rate (bps)

                            5min Max Bit Rate (bps)  5min Max Bit Rate (bps)

   ------------------------ ------------------------ ------------------------

   icmp                     220                      110

                            25080                    12540

                            0                        0

                            4000                     3000

   http                     55                       104

                            3763                     60019

                            0                        0

                            1000                     4000

   telnet                   130                      71

                            19212                    4269

                            0                        0

                            3000                     1000

   eigrp                    90                       45

                            6660                     3330

                            0                        0

                            0                        0

   secure-http              4                        4

                            248                      216

                            0                        0

                            0                        0

   unknown                  2                        2

                            122                      112

                            0                        0

                            0                        0

   Total                    501                      336

                            55085                    80486

                            0                        0

                            8000                     8000

Router1#

There is just not a should always have yet another skilled teaching or class certificates to qualify.

The CCIESecurityTrainingeducation is made up of a created examination to qualify after which the lab examination. That you are suggested to get on the minimum 3-5 ages of position skills earlier than striving this certification.

The examination for your CCIE Security is of two-hour duration with many different decisions. This consists of hundred queries, that will go over topics equivalent to applications protocols, working systems, basic safety technologies, basic safety protocols, and Cisco basic safety purposes. The exam supplies are supplied around the spot and you also aren't authorized to usher in outside reference components.

Network engineers having a CCIE certificates are viewed as since the knowledgeable inside the local community engineering self-control and then the masters of CISCO solutions. The CCIE has introduced revolution within just the neighborhood market concerning technically hard assignments and possible choices using the necessary instruments and methodologies. There exists a system which updates and reorganizes the instruments to provide fine quality services. You will find many different modes of CCIE Coaching like penned examination preparation and effectiveness primarily based lab. This assists to bolster the effectivity and regular with the sector. CISCO has launched this certification policy in 1993 that has a watch to tell apart the top authorities in the relaxation.

So as to be licensed, initially authored examination will need to be handed soon after which needs to cross the lab test. CISCO whatsoever times tries to apply thoroughly a variety of CCIE Teaching procedures for bigger functionality. There are a number of techniques for that CCIE certification. The first phase for certification is always to move a two hours lasting personal computer primarily based mainly MCQ oriented published test. For this examination vital payments must be accomplished by the use of web. This examination is associated with test vouchers and promotional codes. The authenticity belonging to the voucher offering firm should be nicely identified on the candidates. The promotional code should really be accessed efficiently and in the event of fraudulent vouchers in conjunction with promotional codes shouldn't acceptable and CISCO is not going to repay the price. The candidates must wait five days for the prepared examination following payment and so they can't sit for the exact examination for your subsequent one hundred eighty days just in case of recertification.

Using a see to get licensed and qualified for your CCIE Workout some features are to get remembered correctly. Subsequent to passing the prepared examination the candidates possess a nearly all of 18 months time for hoping the lab examination. In the event the period of time exceeds then the authenticity with the authored examination can be invalid. For your initial timer applied to acquire CCIE certification the developed examination is obtainable inside of the type of Beta examination with discounts attainable. From the Beta interval the candidates can sit only the minute for your exam. The results will occur inside of six to 8 weeks immediately after the examination is over.

The subsequent action for that CCIE certification would be the Lab test. The shortlisted candidates on the developed examination can exclusively use for that fingers-on lab exam. Though there are numerous penned examination centers of CISCO even so Lab examination amenities are limited. It really is an eight hour fingers-on practical based typically examination wherein the power of troubleshooting and configuring group predominantly based dilemmas and software system are checked. For that scheduling of Lab examination the shortlisted candidates within the before prepared examination have got to current the identification quantity along with passing score and then the date of passing.

The cost for Lab examination must be cleared earlier than 90 days of this scheduled test. With out the charge the reservation may perhaps be cancelled. Following passing the Lab test combined when using the composed test the candidates can use for your CCIE certification. By contemplating

The answer to this main problem depends upon the sort of targeted visitors distinctions you're looking for to produce, likewise the edition of IOS you might be operating with your routers.

There should be something that defines the various different types of page views that you just desire to prioritize. In general, the less difficult the distinctions are to generate, the better. It is because every one of the checks take router resources and introduce processing delays. The most typical policies for distinguishing between traffic variations use the packet's input interface and easy IP header important information these types of as TCP port figures. The next examples present the right way to set an IP Precedence value of instant (2) for all FTP control page views that arrives via the serial0/0 interface, and an IP Precedence of priority (1) for all FTP information targeted visitors. This distinction is feasible due to the fact FTP command page views employs TCP port 21, and FTP info works by using port twenty.

The brand new strategy for configuring this usages course maps. Cisco first of all introduced this attribute in IOS Edition 12.0(5)T. This process 1st defines a class-map that specifies how the router will identify this sort of site visitors. It then defines a policy-map that truly makes the adjustments for the packet's TOS field:

Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#access-list 101 permit any eq ftp any
Router(config)#access-list 101 permit any any eq ftp
Router(config)#access-list 102 permit any eq ftp-data any
Router(config)#access-list 102 permit any any eq ftp-data
Router(config)#class-map match-all ser00-ftpcontrol
Router(config-cmap)#description branch ftp control traffic
Router(config-cmap)#match input-interface serial0/0
Router(config-cmap)#match access-group 101
Router(config-cmap)#exit
Router(config)#class-map match-all ser00-ftpdata
Router(config-cmap)#description branch ftp data traffic
Router(config-cmap)#match input-interface serial0/0
Router(config-cmap)#match access-group 102
Router(config-cmap)#exit
Router(config)#policy-map serialftppolicy
Router(config-pmap)#description branch ftp traffic policy
Router(config-pmap)#class ser00-ftpcontrol
Router(config-pmap-c)#set ip precedence immediate
Router(config-pmap-c)#exit
Router(config-pmap)#class ser00-ftpdata
Router(config-pmap-c)#set ip precedence priority
Router(config-pmap-c)#exit
Router(config-pmap)#exit
Router(config)#interface serial0/0
Router(config-if)#ip route-cache policy
Router(config-if)#service-policy input serialftppolicy
Router(config-if)#exit
Router(config)#end
Router#

For previously IOS variations, exactly where class-maps had been not offered, you've to utilize policy-based routing to change the TOS subject in a packet. Applying this policy to your interface tells the router to make use of this policy to test all incoming packets on this interface and rewrite those that match the route map:Router#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#access-list 101 permit any eq ftp any
Router(config)#access-list 101 permit any any eq ftp
Router(config)#access-list 102 permit any eq ftp-data any
Router(config)#access-list 102 permit any any eq ftp-data
Router(config)#route-map serialftp-rtmap permit 10
Router(config-route-map)#match ip address 101
Router(config-route-map)#set ip precedence immediate
Router(config-route-map)#exit
Router(config)#route-map serialftp-rtmap permit 20
Router(config-route-map)#match ip address 102
Router(config-route-map)#set ip precedence priority
Router(config-route-map)#exit
Router(config)#interface serial0/0
Router(config-if)#ip policy route-map serialftp-rtmap
Router(config-if)#ip route-cache policy
Router(config-if)#exit
Router(config)#end
Router#

Previous to one can tag a packet for specific treatment, you've gotten to possess an extremely distinct plan of what different types of targeted visitors will need wonderful cure, as well as exactly what kind of unique remedy they'll will be needing. From the illustration, we've decided to give a specific concern to FTP website traffic received on the exact serial interface. We exhibit ideas on how to do this implementing both equally the outdated and new configuration techniques.
This might appear to become a fairly synthetic case in point. Subsequent to all, why would you treatment about tagging inbound targeted traffic that you have presently received from a low-speed interface? Essentially, one of the most vital principles for utilizing QoS in a network is that you really should frequently tag the packet as early as you possibly can, ideally with the edges in the network. Then, since it passes with the network, each and every router only needs to check out the tag, and doesn't need to do any supplemental classification. In this instance, we might be sure the FTP visitors returning around the other gestion is tagged through the initially router that receives it. Therefore the outbound targeted visitors has currently been tagged, and this is a waste of router resources to reclassify the outbound packets.

Plenty of organizations genuinely get this idea of marking at the edges one particular move even more, and remark each individual received packet. This can help to make certain that users are not requesting distinctive QoS privileges which they are not permitted to have. Still, you have to be watchful of this given that it may possibly quite often disrupt legitimate markings. One example is, a real-time software can use RSVP to reserve bandwidth in the network. It can be beneficial the packets for this software possess the applicable Expedited Forwarding (EF) DSCP marking or the network might not cope with them competently. Even so, you also never wish to let other non-real-time programs from this exact same source hold the same EF concern amount. So, when you're going to configure your routers to remark all incoming packets for the edges, be certain that you perceive what incoming markings are authentic.

In that circumstance, the routers are managing DLSw to bridge SNA website traffic by an IP network. Therefore the routers on their own actually establish the IP packets. This generates an additional challenge since there is no incoming interface. To make sure that recipe usages regional policy-based routing. The fact that the router makes the packets also provides it a significant advantage because it doesn't have to contemplate any DLSw packets that may just take place to go through.

The advantages for the newer class-map method are not obvious within this example, but one of the primary giant positive aspects appears if you would like make use of the greater current DSCP tagging scheme. Because the mature policy-based routing technique isn't going to right support DSCP, you have got to faux it by environment both equally the IP Precedence and the TOS independently as follows.

Router(config)#route-map serialftp-rtmap permit 10
Router(config-route-map)#match ip address 115
Router(config-route-map)#set ip precedence immediate
Router(config-route-map)#set ip tos max-throughput

In this case, the packet will wind up with an IP Precedence value of immediate, or 2 (010 in binary), and TOS of max-throughput, or 4 (0100 in binary).

Doing the same thing with the class-map method is much more direct:

Router(config)#policy-map serialftppolicy
Router(config-pmap)#class serialftpclass
Router(config-pmap-c)#set ip dscp af21

Class-maps may even be invaluable afterwards in this chapter once we speak about class-based weighted reasonable queuing and class-based website traffic shaping.
It is vital to notice that all the way through this complete illustration, we have only place a extraordinary price into the packet's TOS or DSCP discipline. This, by alone, doesn't influence how the packet is forwarded thru the network. To do that, you have to assure that as every router around the network forwards these marked packets, the interface queues will react appropriately to this particulars.

At long last, we must always be aware that even when this recipe exhibits two practical procedures of marking packets, working with Dedicated Accessibility Amount (Autobus) capabilities. Autobus tends to be considerably more reliable on increased velocity interfaces.

You can split the queues so that some use Priority Queuing and the remainder Custom Queuing:

Router#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)#access-list 101 permit ip any any precedence 7

Router(config)#access-list 102 permit ip any any precedence 6

Router(config)#access-list 103 permit ip any any precedence 5

Router(config)#access-list 104 permit ip any any precedence 4

Router(config)#access-list 105 permit ip any any precedence 3

Router(config)#access-list 106 permit ip any any precedence 2

Router(config)#access-list 107 permit ip any any precedence 1

Router(config)#queue-list 1 protocol ip 1 list 101

Router(config)#queue-list 1 protocol ip 2 list 102

Router(config)#queue-list 1 protocol ip 3 list 103

Router(config)#queue-list 1 protocol ip 4 list 104

Router(config)#queue-list 1 protocol ip 5 list 105

Router(config)#queue-list 1 protocol ip 6 list 106

Router(config)#queue-list 1 protocol ip 7 list 107

Router(config)#queue-list 1 lowest-custom 4

Router(config)#interface HSSI0/0

Router(config-if)#custom-queue-list 1

Router(config-if)#exit

Router(config)#end

Router#

In this case, however, we have added the command:

Router(config)#queue-list 1 lowest-custom 4

This command allows you to mix Custom and Priority Queue types. Note that this command only works with queue-list number 1. It is not available for any other queue-lists.

In this example, queue number 4 is the lowest numbered Custom Queue. So, in this example, queues 1, 2, and 3 are all Priority Queues. This means that the router will deliver all of the packets in queue number 1, then all of the packets in queue number, and then all of the packets in queue number 3. Then, if these high priority queues are all empty, it will use custom queuing to deliver the packets in the lower priority queues.

The main advantage to this sort of configuration is that it gives absolute priority to real-time applications. This is important not because of the bandwidth, but because priority queuing the real-time applications minimizes their queuing latency.

By using CCIE, gurus have an opportunity to determine by themselves throughout the area of networking. Only some thousand individuals are believed to obvious the CCIE examination. CCIE Lab are deemed to impart substantial phase of coaching ambiance, which functions being a significant gain for candidates.

CCIE examination entails two assessments, which can be a CCIE composed test in addition to a CCIE lab test. To be able to attempt the lab exam, you'll have to clear the written test. If you are not in a situation to apparent the developed examination the 1st time, it is best to observe to get a hundred and eighty days for retaking it. Following clearing the published examine, it is really ideal to produce an consider for your CCIE lab examination within just 18 months. It you happen to be incapable to crystal clear the lab examination, then you definitely might re-try inside of 12 months using a look at to take care of the developed examination result legitimate.

It's a time limit of two hours and is also carried out in a variety of have a look at centers across the world. The matters lined within the published exam depend on the specialization or track you end up picking. For service provider, you could choose from classes like Cable, DSL, IP Telephony, Dial, Subject matter content Networking, Optical, WAN switching, and Metro Ethernet. Each published examination is designed available within the beta sort at a worth of $50 USD.

The CCIE lab examination is exceptional in nature, as it's an eight-hour test, which exams the power with the applicant to configure and troubleshoot networking products. Cisco has superior degree of package in its CCIE labs for use in the lab exams. The blue print in the lab test is obtainable on its web-site. The lab examination is not for sale in any respect Pearson VUE or Prometric testing centers.

A normal CCIE R&S lab examination contains a two-hour hassle-taking pictures section by which you're presented a collection of tickets for preconfigured networks inside the CCIE labs. You'll want to have the ability to identify and resolve the faults. You can proceed towards the configuration part subsequent to you end the troubleshooting part.

A sound passing score is critical to try a CCIE lab exam. Cisco uses the help of proctors to guage the candidates inside preliminary rounds in its CCIE labs located worldwide. Factors are awarded when a criterion is met and grading is completed applying some computerized tools. The outcomes of a lab examination are mirrored within just forty eight hrs. A move/fail is projected throughout the end outcome and in case of a fail, the areas where you're lacking behind are talked about so as to put together properly earlier than a re-try.

Cisco stands out inside the field of networking by providing a CCIE certification so that you can pursue your education as well as get acknowledged by a reputed organization. The CCIE Labs exam can be utilized being a platform to challenge your capability in varied tracks provided by Cisco. Attempting a lab examination requires rigorous workout and excessive sense of understanding. The CCIE labs form step one to your large potential career.