CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1 (5th Edition)

CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1 (5th Edition), updated 10/29/21, 1:43 PM

About Interesting Posts

Interesting documents about a variety of subjects from around the world. Posted on edocr.

Tag Cloud

Cisco Press
800 East 96th Street
Indianapolis, IN 46240
CCIE Routing and
Switching v5.0 Official
Cert Guide, Volume 1
Fifth Edition
Narbik Kocharians, CCIE No. 12410
Peter Palúch, CCIE No. 23527
CCIE Routing and Switching v5.0 Official Cert Guide,
Volume 1, Fifth Edition
Narbik Kocharians, CCIE No. 12410
Peter Palúch, CCIE No. 23527
Copyright© 2015 Pearson Education, Inc.
Published by:
Cisco Press
800 East 96th Street
Indianapolis, IN 46240 USA
All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means,
electronic or mechanical, including photocopying, recording, or by any information storage and retrieval
system, without written permission from the publisher, except for the inclusion of brief quotations in a
review.
Printed in the United States of America
First Printing August 2014
Library of Congress Control Number: 2014944345
ISBN-13: 978-1-58714-396-0
ISBN-10: 1-58714-396-8
Warning and Disclaimer
This book is designed to provide information about Cisco CCIE Routing and Switching Written Exam,
No. 400-101. Every effort has been made to make this book as complete and as accurate as possible, but
no warranty or fitness is implied.
The information is provided on an “as is” basis. The authors, Cisco Press, and Cisco Systems, Inc. shall
have neither liability nor responsibility to any person or entity with respect to any loss or damages arising
from the information contained in this book or from the use of the discs or programs that may accom-
pany it.
The opinions expressed in this book belong to the authors and are not necessarily those of Cisco
Systems, Inc.
Trademark Acknowledgments
All terms mentioned in this book that are known to be trademarks or service marks have been appropri-
ately capitalized. Cisco Press or Cisco Systems, Inc., cannot attest to the accuracy of this information.
Use of a term in this book should not be regarded as affecting the validity of any trademark or service
mark.
Special Sales
For information about buying this title in bulk quantities, or for special sales opportunities (which may
include electronic versions; custom cover designs; and content particular to your business, training
goals, marketing focus, or branding interests), please contact our corporate sales department at
corpsales@pearsoned.com or (800) 382-3419.
For government sales inquiries, please contact governmentsales@pearsoned.com .
For questions about sales outside the U.S., please contact international@pearsoned.com .
Feedback Information
At Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book
is crafted with care and precision, undergoing rigorous development that involves the unique expertise of
members from the professional technical community.
Readers’ feedback is a natural continuation of this process. If you have any comments regarding how we
could improve the quality of this book, or otherwise alter it to better suit your needs, you can contact us
through email at feedback@ciscopress.com . Please make sure to include the book title and ISBN in your
message.
We greatly appreciate your assistance.
Publisher: Paul Boger
Associate Publisher: Dave Dusthimer
Business Operation Manager, Cisco Press:
Jan Cornelssen
Executive Editor: Brett Bartow
Managing Editor: Sandra Schroeder
Senior Development Editor:
Christopher Cleveland
Senior Project Editor: Tonya Simpson
Copy Editor: John Edwards
Technical Editors: Paul Negron, Sean Wilkins
Editorial Assistant: Vanessa Evans
Cover Designer: Mark Shirar
Composition : Tricia Bronkella
Indexer: Tim Wright
Proofreader: Chuck Hutchinson
iv CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1
About the Authors
Narbik Kocharians , CCIE No. 12410 (Routing and Switching, Security, SP), is a Triple
CCIE with more than 32 years of experience in the IT industry. He has designed,
implemented, and supported numerous enterprise networks. Narbik is the president of
Micronics Training Inc. ( www.micronicstraining.com ), where he teaches CCIE R&S and
SP boot camps.
Peter Palúch , CCIE No. 23527 (Routing and Switching), is an assistant professor, Cisco
Networking Academy instructor, and instructor trainer at the Faculty of Management
Science and Informatics, University of Zilina, Slovakia. Peter has cooperated in various
educational activities in Slovakia and abroad, focusing on networking and Linux-based
network server systems. He is also active at the Cisco Support Community, holding the
Cisco Designated VIP award in LAN & WAN Routing and Switching areas since the
award program inception in 2011. Upon invitation by Cisco in 2012, Peter joined two Job
Task Analysis groups that assisted defining the upcoming CCIE R&S and CCNP R&S cer-
tification exam topics. Peter holds an M.Sc. degree in Applied Informatics and a doctoral
degree in the area of VoIP quality degradation factors. Together with his students, Peter
has started the project of implementing the EIGRP routing protocol into the Quagga
open-source routing software suite, and has been driving the effort since its inception in
2013.
v
About the Technical Reviewers
Paul Negron , CCIE No. 14856, CCSI No. 22752, has been affiliated with networking
technologies for 17 years and has been involved with the design of core network ser-
vices for a number of service providers, such as Comcast, Qwest, British Telecom, and
Savvis to name a few. He currently instructs all the CCNP Service Provider–level courses,
including Advanced BGP, MPLS, and the QoS course. Paul has six years of experience
with satellite communications as well as ten years of experience with Cisco platforms.
Sean Wilkins is an accomplished networking consultant for SR-W Consulting
( www.sr-wconsulting.com ) and has been in the field of IT since the mid 1990s, working
with companies such as Cisco, Lucent, Verizon, and AT&T as well as several other private
companies. Sean currently holds certifications with Cisco (CCNP/CCDP), Microsoft
(MCSE), and CompTIA (A+ and Network+). He also has a Master of Science in informa-
tion technology with a focus in network architecture and design, a Master of Science
in organizational management, a Master’s Certificate in network security, a Bachelor of
Science in computer networking, and Associates of Applied Science in computer infor-
mation systems. In addition to working as a consultant, Sean spends most of his time as a
technical writer and editor for various companies; check out this work at his author web-
site: www.infodispersion.com .
vi CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1
Dedications
From Narbik Kocharians:
I would like to dedicate this book to my wife, Janet, for her love, encouragement, and
continuous support, and to my dad for his words of wisdom.
From Peter Palúch:
To my family, students, colleagues, and friends.
vii
Acknowledgments
From Narbik Kocharians:
First, I would like to thank God for giving me the opportunity and ability to write, teach,
and do what I truly enjoy doing. Also, I would like to thank my family, especially my
wife of 29 years, Janet, for her constant encouragement and help. She does such an amaz-
ing job of interacting with students and handling all the logistics of organizing classes as
I focus on teaching. I also would like to thank my children, Chris, Patrick, Alexandra, and
my little one, Daniel, for their patience.
A special thanks goes to Mr. Brett Bartow for his patience and our constant changing
of the deadlines. It goes without saying that the technical editors and reviewers did a
phenomenal job; thank you very much. Finally, I would like to thank all my students who
inspire me every day, and you, for reading this book.
From Peter Palúch:
The opportunity to cooperate on the new edition of this book has been an honor and
privilege beyond words for me. Wendell Odom, who has so gracefully and generously
passed the torch to us, was the key person in introducing me to the Cisco Press repre-
sentatives as a possible author, and I will be forever indebted to him for all the trust he
has blessed us with. I have strived very much to live up to the unparalelled high level of
content all previous authors have maintained throughout all editions of this book, and I
would like to sincerely thank all of them for authoring such a great book that has signifi-
cantly helped me achieve my certification in the first place.
My next immense thank you goes to Brett Bartow, the executive editor for this book.
Brett’s inviting and forthcoming attitude throughout the time of editing the book, com-
pounded with his patience and understanding for my ever-moving (and constantly missed)
deadlines, is second to none. He has done all in his power to help us, the authors, without
compromising the quality of the work.
I would not have been able to complete my work on this volume without the endless sup-
port of my family. They have encouraged me, supported me, and gone out of their way to
accommodate my needs. Words are not enough to express my gratitude.
Psalm 127, whose musical setting in works of Monteverdi, Handel, or Vivaldi I have
come to admire, begins with words “Unless the Lord build the house, they labor in vain
who build.” Indeed, if it was not first and foremost the Lord’s blessing and help through-
out, this work would not have been finished successfully. To my Lord and Savior, Jesus
Christ—thank you!
viii CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1
Contents at a Glance

Introduction
xxiv
Part I
LAN Switching
Chapter 1
Ethernet Basics
3
Chapter 2
Virtual LANs and VLAN Trunking
47
Chapter 3
Spanning Tree Protocol
103
Part II
IP Networking
Chapter 4
IP Addressing
183
Chapter 5
IP Services
227
Part III
IP IGP Routing

Chapter 6
IP Forwarding (Routing)
267
Chapter 7
RIPv2 and RIPng 313
Chapter 8
EIGRP 347
Chapter 9
OSPF 453
Chapter 10
IS-IS
563
Chapter 11
IGP Route Redistribution, Route Summarization, Default Routing, and
Troubleshooting
633
Part IV
Final Preparation

Chapter 12
Final Preparation
701
Part V
Appendixes

Appendix A Answers to the “Do I Know This Already?” Quizzes
707
Appendix B
CCIE Exam Updates
713

Index 714
CD-Only

Appendix C Decimal to Binary Conversion Table

Appendix D IP Addressing Practice

Appendix E
Key Tables for CCIE Study
Appendix F
Solutions for Key Tables for CCIE Study
Appendix G
Study Planner


Glossary

Contents

Introduction xxiv
Part I
LAN Switching
Chapter 1
Ethernet Basics 3
“Do I Know This Already?” Quiz 3
Foundation Topics 8
Ethernet Layer 1: Wiring, Speed, and Duplex 8
RJ-45 Pinouts and Category 5 Wiring 8
Autonegotiation, Speed, and Duplex 9
CSMA/CD 10
Collision Domains and Switch Buffering 10
Basic Switch Port Configuration 11
Ethernet Layer 2: Framing and Addressing 14
Types of Ethernet Addresses 16
Ethernet Address Formats 17
Protocol Types and the 802.3 Length Field 18
Switching and Bridging Logic 19
SPAN, RSPAN, and ERSPAN 22
Core Concepts of SPAN, RSPAN, and ERSPAN 23
Restrictions and Conditions 24
Basic SPAN Configuration 26
Complex SPAN Configuration 26
RSPAN Configuration 26
ERSPAN Configuration 27
Virtual Switch System 28
Virtual Switching System 29
VSS Active and VSS Standby Switch 30
Virtual Switch Link 30
Multichassis EtherChannel (MEC) 31
Basic VSS Configuration 31
VSS Verification Procedures 35
IOS-XE 38
Foundation Summary 41
ix
x CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1
Memory Builders 44
Fill In Key Tables from Memory 44
Definitions 44
Further Reading 45
Chapter 2
Virtual LANs and VLAN Trunking 47
“Do I Know This Already?” Quiz 47
Foundation Topics 51
Virtual LANs 51
VLAN Configuration 51
Using VLAN Database Mode to Create VLANs 52
Using Configuration Mode to Put Interfaces into VLANs 55
Using Configuration Mode to Create VLANs 56
Modifying the Operational State of VLANs 57
Private VLANs 60
VLAN Trunking: ISL and 802.1Q 69
ISL and 802.1Q Concepts 69
ISL and 802.1Q Configuration 71
Allowed, Active, and Pruned VLANs 76
Trunk Configuration Compatibility 76
Configuring Trunking on Routers 77
802.1Q-in-Q Tunneling 79
VLAN Trunking Protocol 83
VTP Process and Revision Numbers 86
VTP Configuration 89
Normal-Range and Extended-Range VLANs 94
Storing VLAN Configuration 94
Configuring PPPoE 96
Foundation Summary 99
Memory Builders 101
Fill In Key Tables from Memory 101
Definitions 101
Further Reading 101
Chapter 3
Spanning Tree Protocol 103
“Do I Know This Already?” Quiz 103
Foundation Topics 107
802.1D Spanning Tree Protocol and Improvements 107
Choosing Which Ports Forward: Choosing Root Ports and Designated
Ports 109
Electing a Root Switch 110
Determining the Root Port 111
Determining the Designated Port 113
Converging to a New STP Topology 115
Topology Change Notification and Updating the CAM 117
Transitioning from Blocking to Forwarding 119
Per-VLAN Spanning Tree and STP over Trunks 119
STP Configuration and Analysis 124
Rapid Spanning Tree Protocol 128
New Port Roles, States and Types, and New Link Types 128
Changes to BPDU Format and Handling 132
Proposal/Agreement Process in RSTP 133
Topology Change Handling in RSTP 136
Rapid Per-VLAN Spanning Tree Plus (RPVST+) 137
Multiple Spanning Trees: IEEE 802.1s 137
MST Principles of Operation 138
Interoperability Between MST and Other STP Versions 141
MST Configuration 144
Protecting and Optimizing STP 148
PortFast Ports 148
Root Guard, BPDU Guard, and BPDU Filter: Protecting Access Ports 149
Protecting Against Unidirectional Link Issues 151
Configuring and Troubleshooting EtherChannels 154
Load Balancing Across Port-Channels 154
Port-Channel Discovery and Configuration 157
Troubleshooting Complex Layer 2 Issues 161
Layer 2 Troubleshooting Process 162
Layer 2 Protocol Troubleshooting and Commands 163
Troubleshooting Using Cisco Discovery Protocol 163
Troubleshooting Using Link Layer Discovery Protocol 165
Troubleshooting Using Basic Interface Statistics 167
xi
xii CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1
Troubleshooting Spanning Tree Protocol 170
Troubleshooting Trunking 171
Troubleshooting VTP 172
Troubleshooting EtherChannels 174
Approaches to Resolving Layer 2 Issues 175
Foundation Summary 177
Memory Builders 179
Fill in Key Tables from Memory 179
Definitions 179
Further Reading 179
Part II
IP Networking
Chapter 4
IP Addressing 183
“Do I Know This Already?” Quiz 183
Foundation Topics 187
IP Operation 187
TCP Operation 187
UDP Operation 188
IP Addressing and Subnetting 188
IP Addressing and Subnetting Review 188
Subnetting a Classful Network Number 189
Comments on Classless Addressing 191
Subnetting Math 192
Dissecting the Component Parts of an IP Address 192
Finding Subnet Numbers and Valid Range of IP Addresses—
Binary 193
Decimal Shortcuts to Find the Subnet Number and Valid Range of IP
Addresses 194
Determining All Subnets of a Network—Binary 196
Determining All Subnets of a Network—Decimal 198
VLSM Subnet Allocation 200
Route Summarization Concepts 201
Finding Inclusive Summary Routes—Binary 202
Finding Inclusive Summary Routes—Decimal 203
Finding Exclusive Summary Routes—Binary 204
CIDR, Private Addresses, and NAT 205
Classless Interdomain Routing 206
Private Addressing 207
xiii
Network Address Translation 207
Static NAT 209
Dynamic NAT Without PAT 210
Overloading NAT with Port Address Translation 211
Dynamic NAT and PAT Configuration 212
IPv6 214
IPv6 Address Format 215
Network Prefix 215
IPv6 Address Types 216
Address Management and Assignment 216
Static Configuration 217
Stateless Address Autoconfiguration 217
Stateful DHCPv6 217
Stateless DHCP 218
IPv6 Transition Technologies 218
Dual Stack 218
Tunneling 219
Translation 220
Foundation Summary 221
Memory Builders 225
Fill in Key Tables from Memory 225
Definitions 225
Further Reading 225
Chapter 5
IP Services 227
“Do I Know This Already?” Quiz 227
Foundation Topics 232
ARP, Proxy ARP, Reverse ARP, BOOTP, and DHCP 232
ARP and Proxy ARP 232
RARP, BOOTP, and DHCP 233
DHCP 234
HSRP, VRRP, and GLBP 236
Network Time Protocol 240
SNMP 241
SNMP Protocol Messages 243
SNMP MIBs 244
SNMP Security 245
Syslog 245
xiv CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1
Web Cache Communication Protocol 246
Implementing the Cisco IOS IP Service Level Agreement (IP SLA)
Feature 249
Implementing NetFlow 250
Implementing Router IP Traffic Export 252
Implementing Cisco IOS Embedded Event Manager 253
Implementing Remote Monitoring 254
Implementing and Using FTP on a Router 255
Implementing a TFTP Server on a Router 256
Implementing Secure Copy Protocol 257
Implementing HTTP and HTTPS Access 257
Implementing Telnet Access 258
Implementing SSH Access 258
Foundation Summary 259
Memory Builders 264
Fill In Key Tables from Memory 264
Definitions 264
Further Reading 264
Part III
IP IGP Routing
Chapter 6
IP Forwarding (Routing) 267
“Do I Know This Already?” Quiz 267
Foundation Topics 271
IP Forwarding 271
Process Switching, Fast Switching, and Cisco Express Forwarding 272
Load Sharing with CEF and Related Issues 282
Multilayer Switching 286
MLS Logic 286
Using Routed Ports and Port-channels with MLS 287
MLS Configuration 291
Policy Routing 296
Routing Protocol Changes and Migration 299
Planning the Migration Strategy 300
Activating New IGP While Keeping the Current IGP Intact 300
Verifying New IGP Adjacencies and Working Database Contents 301
Deactivating Current IGP 301
Removing New IGP’s Temporary Settings 303
Specifics of Distance-Vector Protocols in IGP Migration 303
xv
Foundation Summary 309
Memory Builders 310
Fill In Key Tables from Memory 310
Definitions 310
Further Reading 310
Chapter 7
RIPv2 and RIPng 313
“Do I Know This Already?” Quiz 313
Foundation Topics 316
Introduction to Dynamic Routing 316
RIPv2 Basics 318
RIPv2 Convergence and Loop Prevention 320
Converged Steady-State Operation 327
Triggered (Flash) Updates and Poisoned Routes 328
RIPv2 Convergence When Routing Updates Cease 331
Convergence Extras 334
RIPv2 Configuration 334
Enabling RIPv2 and the Effects of Autosummarization 335
RIPv2 Authentication 337
RIPv2 Next-Hop Feature and Split Horizon 338
RIPv2 Offset Lists 338
Route Filtering with Distribute Lists and Prefix Lists 338
RIPng for IPv6 339
Foundation Summary 342
Memory Builders 345
Definitions 345
Further Reading 345
Chapter 8
EIGRP 347
“Do I Know This Already?” Quiz 347
Foundation Topics 356
EIGRP Basics and Evolution 356
EIGRP Roots: Interior Gateway Routing Protocol 357
Moving from IGRP to Enhanced IGRP 358
EIGRP Metrics, Packets, and Adjacencies 360
EIGRP Classic Metrics 360
Bandwidth Metric Component 361
Delay Metric Component 361
xvi CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1
Reliability Metric Component 362
Load Metric Component 362
MTU Metric Component 363
Hop Count Metric Component 363
Calculating the Composite Metric 363
EIGRP Wide Metrics 364
Tweaking Interface Metrics to Influence Path Selection 368
EIGRP Packet Format 368
EIGRP Packets 371
EIGRP Packets in Action 371
Hello Packets 372
Acknowledgment Packets 372
Update Packets 373
Query Packet 374
Reply Packets 374
SIA-Query and SIA-Reply Packets 374
Reliable Transport Protocol 374
Router Adjacencies 376
Diffusing Update Algorithm 380
Topology Table 380
Computed, Reported, and Feasible Distances, and Feasibility
Condition 384
Local and Diffusing Computations in EIGRP 391
DUAL FSM 397
Stuck-In-Active State 402
EIGRP Named Mode 410
Address Family Section 414
Per-AF-Interface Configuration Section 415
Per-AF-Topology Configuration Section 416
Additional and Advanced EIGRP Features 417
Router ID 417
Unequal-Cost Load Balancing 420
Add-Path Support 421
Stub Routing 423
Route Summarization 427
Passive Interfaces 431
Graceful Shutdown 432
xvii
Securing EIGRP with Authentication 432
Default Routing Using EIGRP 435
Split Horizon 436
EIGRP Over the ToP 437
EIGRP Logging and Reporting 443
EIGRP Route Filtering 443
EIGRP Offset Lists 444
Clearing the IP Routing Table 444
Foundation Summary 445
Memory Builders 450
Fill In Key Tables from Memory 450
Definitions 450
Further Reading 450
Chapter 9
OSPF 453
“Do I Know This Already?” Quiz 453
Foundation Topics 460
OSPF Database Exchange 460
OSPF Router IDs 460
Becoming Neighbors, Exchanging Databases, and Becoming Adjacent 461
OSPF Neighbor States 462
Becoming Neighbors: The Hello Process 464
Transmitting LSA Headers to Neighbors 466
Database Description Exchange: Master/Slave Relationship 466
Requesting, Getting, and Acknowledging LSAs 468
Designated Routers on LANs 469
Designated Router Optimization on LANs 470
DR Election on LANs 471
Designated Routers on WANs and OSPF Network Types 472
Caveats Regarding OSPF Network Types over NBMA Networks 474
Example of OSPF Network Types and NBMA 474
SPF Calculation 479
Steady-State Operation 480
OSPF Design and LSAs 480
OSPF Design Terms 480
OSPF Path Selection Process 482
LSA Types 482
LSA Types 1 and 2 484
LSA Type 3 and Inter-Area Costs 488
xviii CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1
LSA Types 4 and 5, and External Route Types 1 and 2 492
OSPF Design in Light of LSA Types 496
Stubby Areas 496
OSPF Path Choices That Do Not Use Cost 502
Choosing the Best Type of Path 502
Best-Path Side Effects of ABR Loop Prevention 502
OSPF Configuration 505
OSPF Costs and Clearing the OSPF Process 507
Alternatives to the OSPF network Command 510
OSPF Filtering 510
Filtering Routes Using the distribute-list Command 511
OSPF ABR LSA Type 3 Filtering 513
Filtering Type 3 LSAs with the area range Command 514
Virtual Link Configuration 515
Configuring Classic OSPF Authentication 517
Configuring Extended Cryptographic OSPF Authentication 520
Protecting OSPF Routers with TTL Security Check 522
Tuning OSPF Performance 523
Tuning the SPF Scheduling with SPF Throttling 524
Tuning the LSA Origination with LSA Throttling 526
Incremental SPF 527
OSPFv2 Prefix Suppression 528
OSPF Stub Router Configuration 529
OSPF Graceful Restart 530
OSPF Graceful Shutdown 532
OSPFv3 533
Differences Between OSPFv2 and OSPFv3 533
Virtual Links, Address Summarization, and Other OSPFv3 Features 534
OSPFv3 LSA Types 534
OSPFv3 in NBMA Networks 536
Configuring OSPFv3 over Frame Relay 537
Enabling and Configuring OSPFv3 537
OSPFv3 Authentication and Encryption 546
OSPFv3 Address Family Support 548
OSPFv3 Prefix Suppression 552
OSPFv3 Graceful Shutdown 552
Foundation Summary 553
xix
Memory Builders 560
Fill in Key Tables from Memory 560
Definitions 560
Further Reading 561
Chapter 10
IS-IS 563
“Do I Know This Already?” Quiz 563
Foundation Topics 571
OSI Network Layer and Addressing 572
Levels of Routing in OSI Networks 576
IS-IS Metrics, Levels, and Adjacencies 577
IS-IS Packet Types 579
Hello Packets 579
Link State PDUs 580
Complete and Partial Sequence Numbers PDUs 585
IS-IS Operation over Different Network Types 586
IS-IS Operation over Point-to-Point Links 587
IS-IS Operation over Broadcast Links 592
Areas in IS-IS 598
Authentication in IS-IS 608
IPv6 Support in IS-IS 610
Configuring IS-IS 613
Foundation Summary 625
Memory Builders 629
Fill In Key Tables from Memory 630
Definitions 630
Further Reading 630
Chapter 11
IGP Route Redistribution, Route Summarization, Default Routing, and
Troubleshooting 633
“Do I Know This Already?” Quiz 633
Foundation Topics 638
Route Maps, Prefix Lists, and Administrative Distance 638
Configuring Route Maps with the route-map Command 638
Route Map match Commands for Route Redistribution 640
Route Map set Commands for Route Redistribution 641
IP Prefix Lists 641
Administrative Distance 644
xx CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1
Route Redistribution 645
Mechanics of the redistribute Command 645
Redistribution Using Default Settings 646
Setting Metrics, Metric Types, and Tags 649
Redistributing a Subset of Routes Using a Route Map 650
Mutual Redistribution at Multiple Routers 654
Preventing Suboptimal Routes by Setting the Administrative
Distance 656
Preventing Suboptimal Routes by Using Route Tags 659
Using Metrics and Metric Types to Influence Redistributed Routes 661
Route Summarization 663
EIGRP Route Summarization 664
OSPF Route Summarization 665
Default Routes 665
Using Static Routes to 0.0.0.0, with redistribute static 667
Using the default-information originate Command 669
Using the ip default-network Command 670
Using Route Summarization to Create Default Routes 671
Performance Routing (PfR) 672
Performance Routing Operational Phases 673
Performance Routing Concepts 674
Authentication 674
Performance Routing Operational Roles 675
Master Controller (MC) 675
Border Router 676
PfR Basic Configuration 677
Configuration of the Master Controller 677
Configuration of the Border Router 681
Task Completion on R3 682
Troubleshooting Complex Layer 3 Issues 683
Layer 3 Troubleshooting Process 684
Layer 3 Protocol Troubleshooting and Commands 686
IP Routing Processes 686
Approaches to Resolving Layer 3 Issues 695
Foundation Summary 696
xxi
Memory Builders 698
Fill In Key Tables from Memory 698
Definitions 698
Further Reading 698
Part IV
Final Preparation
Chapter 12 Final Preparation 701
Tools for Final Preparation 701
Pearson Cert Practice Test Engine and Questions on the CD 701
Install the Software from the CD 701
Activate and Download the Practice Exam 702
Activating Other Exams 702
Premium Edition 703
The Cisco Learning Network 703
Memory Tables 703
Chapter-Ending Review Tools 704
Suggested Plan for Final Review/Study 704
Using the Exam Engine 704
Summary 705
Part V
Appendixes
Appendix A Answers to the “Do I Know This Already?” Quizzes 707
Appendix B CCIE Exam Updates 713

Index 714
CD-Only
Appendix C Decimal to Binary Conversion Table
Appendix D IP Addressing Practice
Appendix E Key Tables for CCIE Study
Appendix F Solutions for Key Tables for CCIE Study
Appendix G Study Planner

Glossary
xxii CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1
Icons Used in This Book

PC
PC with
Software
Sun
Workstation
Macintosh
Terminal
File
Server
Web
Server
Cisco Works
Workstation
Printer
Laptop
IBM
Mainframe
Cluster
Controller
Router
Bridge
Hub
Catalyst
Switch
Multilayer
Switch
ATM
Switch
Communication
Server
Gateway
Network Cloud
Line: Ethernet
Line: Serial
Line: Switched Serial
Route/Switch
Processor
LAN2LAN
Switch
Label Switch
Router
ATM router
Headquarters
Branch
Office
House, Regular
ONS 15540
Optical
Services
Router
Cisco
MDS 9500
Fibre
Channel
JBOD
Enterprise
Fibre Channel disk
Cisco
MDS 9500

xxiii
Command Syntax Conventions
The conventions used to present command syntax in this book are the same conventions used in the IOS
Command Reference. The Command Reference describes these conventions as follows:

Boldface indicates commands and keywords that are entered literally as shown. In
actual configuration examples and output (not general command syntax), boldface
indicates commands that are manually input by the user (such as a show command).

Italic indicates arguments for which you supply actual values.

Vertical bars (|) separate alternative, mutually exclusive elements.

Square brackets ([ ]) indicate an optional element.

Braces ({ }) indicate a required choice.

Braces within brackets ([{ }]) indicate a required choice within an optional element.
xxiv CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1
Introduction
The Cisco Certified Internetwork Expert (CCIE) certification might be the most chal-
lenging and prestigious of all networking certifications. It has received numerous awards
and certainly has built a reputation as one of the most difficult certifications to earn in
all of the technology world. Having a CCIE certification opens doors professionally and
typically results in higher pay and looks great on a resume.
Cisco currently offers several CCIE certifications. This book covers the version 5.0 exam
blueprint topics of the written exam for the CCIE Routing and Switching certification.
The following list details the currently available CCIE certifications at the time of this
book’s publication; check www.cisco.com/go/ccie for the latest information. The certifi-
cations are listed in the order in which they appear on the web page:

CCDE

CCIE Collaboration

CCIE Data Center

CCIE Routing & Switching

CCIE Security

CCIE Service Provider

CCIE Service Provider Operations

CCIE Wireless
Each of the CCDE and CCIE certifications requires the candidate to pass both a written
exam and a one-day, hands-on lab exam. The written exam is intended to test your knowl-
edge of theory, protocols, and configuration concepts that follow good design practices.
The lab exam proves that you can configure and troubleshoot actual gear.
Why Should I Take the CCIE Routing and Switching Written Exam?
The first and most obvious reason to take the CCIE Routing and Switching written exam
is that it is the first step toward obtaining the CCIE Routing and Switching certification.
Also, you cannot schedule a CCIE lab exam until you pass the corresponding written
exam. In short, if you want all the professional benefits of a CCIE Routing and Switching
certification, you start by passing the written exam.
The benefits of getting a CCIE certification are varied and include the following:

Better pay

Career-advancement opportunities
xxv

Applies to certain minimum requirements for Cisco Silver and Gold Channel
Partners, as well as those seeking Master Specialization, making you more valuable
to Channel Partners

Better movement through the problem-resolution process when calling the
Cisco TAC

Prestige

Credibility for consultants and customer engineers, including the use of the Cisco
CCIE logo
The other big reason to take the CCIE Routing and Switching written exam is that it
recertifies an individual’s associate-, professional-, and expert-level Cisco certifications,
regardless of his or her technology track. Recertification requirements do change, so
please verify the requirements at www.cisco.com/go/certifications .
CCIE Routing and Switching Written Exam 400-101
The CCIE Routing and Switching written exam, at the time of this writing, consists of
a two-hour exam administered at a proctored exam facility affiliated with Pearson VUE
( www.vue.com/cisco ). The exam typically includes approximately 100 multiple-choice
questions. No simulation questions are currently part of the written exam.
As with most exams, everyone wants to know what is on the exam. Cisco provides gen-
eral guidance as to topics on the exam in the CCIE Routing and Switching written exam
blueprint, the most recent copy of which can be accessed from www.cisco.com/go/ccie .
Cisco changes both the CCIE written and lab blueprints over time, but Cisco seldom, if
ever, changes the exam numbers. However, exactly this change occurred when the CCIE
Routing and Switching blueprint was refreshed for v5.0. The previous written exam for
v4.0 was numbered 350-001; the v5.0 written exam is identified by 400-101.
Table I-1 lists the CCIE Routing and Switching written exam blueprint 5.0 at press time.
Table I-1 also lists the chapters that cover each topic.
Table I-1
CCIE Routing and Switching Written Exam Blueprint
Topics
Book
Volume
Book
Chapter
1.0 Network Principles
1.1 Network theory
1.1.a Describe basic software architecture differences between IOS
and IOS XE
1.1.a (i) Control plane and Forwarding plane
1
1
1.1.a (ii) Impact on troubleshooting and performance
1
1
1.1.a (iii) Excluding a specific platform’s architecture
1
1
xxvi CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1
Topics
Book
Volume
Book
Chapter
1.1.b Identify Cisco Express Forwarding concepts
1.1.b (i) RIB, FIB, LFIB, Adjacency table
1
6
1.1.b (ii) Load-balancing hash
1
6
1.1.b (iii) Polarization concept and avoidance
1
6
1.1.c Explain general network challenges
1.1.c (i) Unicast flooding
1
4
1.1.c (ii) Out-of-order packets
1
4
1.1.c (iii) Asymmetric routing
1
4
1.1.c (iv) Impact of micro burst
1
4
1.1.d Explain IP operations
1.1.d (i) ICMP unreachable, redirect
1
4
1.1.d (ii) IPv4 options, IPv6 extension headers
1
4
1.1.d (iii) IPv4 and IPv6 fragmentation
1
4
1.1.d (iv) TTL
1
4
1.1.d (v) IP MTU
1
4
1.1.e Explain TCP operations
1.1.e (i) IPv4 and IPv6 PMTU
1
4
1.1.e (ii) MSS
1
4
1.1.e (iii) Latency
1
4
1.1.e (iv) Windowing
1
4
1.1.e (v) Bandwidth delay product
1
4
1.1.e (vi) Global synchronization
1
4
1.1.e (vii) Options
1
4
1.1.f Explain UDP operations
1.1.f (i) Starvation
1
4
1.1.f (ii) Latency
1
4
1.1.f (iii) RTP/RTCP concepts
1
4
1.2 Network implementation and operation
1.2.a Evaluate proposed changes to a network
1.2.a (i) Changes to routing protocol parameters
1
7–10
1.2.a (ii) Migrate parts of a network to IPv6
1
4
xxvii
Topics
Book
Volume
Book
Chapter
1.2.a (iii) Routing protocol migration
1
6
1.2.a (iv) Adding multicast support
2
8
1.2.a (v) Migrate Spanning Tree Protocol
1
3
1.2.a (vi) Evaluate impact of new traffic on existing QoS design
2
3, 4, 5
1.3 Network troubleshooting
1.3.a Use IOS troubleshooting tools
1.3.a (i) debug, conditional debug
1
4
1.3.a (ii) ping, traceroute with extended options
1
4
1.3.a (iii) Embedded packet capture
2
9
1.3.a (iv) Performance monitor
1
5
1.3.b Apply troubleshooting methodologies
1.3.b (i) Diagnose the root cause of networking issues (analyze
symptoms, identify and describe root cause)
1
11
1.3.b (ii) Design and implement valid solutions according to
constraints
1
11
1.3.b (iii) Verify and monitor resolution
1
11
1.3.c Interpret packet capture
1.3.c (i) Using Wireshark trace analyzer
2
9
1.3.c (ii) Using IOS embedded packet capture
2
9
2.0 Layer 2 Technologies
2.1 LAN switching technologies
2.1.a Implement and troubleshoot switch administration
2.1.a (i) Managing the MAC address table
1
1
2.1.a (ii) errdisable recovery
1
3
2.1.a (iii) L2 MTU
1
1
2.1.b Implement and troubleshoot Layer 2 protocols
2.1.b (i) CDP, LLDP
1
3
2.1.b (ii) UDLD
1
3
2.1.c Implement and troubleshoot VLAN
2.1.c (i) Access ports
1
2
2.1.c (ii) VLAN database
1
2
2.1.c (iii) Normal, extended VLAN, voice VLAN
1
2
xxviii CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1
Topics
Book
Volume
Book
Chapter
2.1.d Implement and troubleshoot trunking
2.1.d (i) VTPv1, VTPv2, VTPv3, VTP pruning
1
2
2.1.d (ii) dot1Q
1
2
2.1.d (iii) Native VLAN
1
2
2.1.d (iv) Manual pruning
1
2
2.1.e Implement and troubleshoot EtherChannel
2.1.e (i) LACP, PAgP, manual
1
3
2.1.e (ii) Layer 2, Layer 3
1
3
2.1.e (iii) Load balancing
1
3
2.1.e (iv) EtherChannel misconfiguration guard
1
3
2.1.f Implement and troubleshoot spanning tree
2.1.f (i) PVST+/RPVST+/MST
1
3
2.1.f (ii) Switch priority, port priority, path cost, STP timers
1
3
2.1.f (iii) PortFast, BPDU Guard, BPDU Filter
1
3
2.1.f (iv) Loop Guard, Root Guard
1
3
2.1.g Implement and troubleshoot other LAN switching technologies
2.1.g (i) SPAN, RSPAN, ERSPAN
1
1
2.1.h Describe chassis virtualization and aggregation technologies
2.1.h (i) Multichassis
1
1
2.1.h (ii) VSS concepts
1
1
2.1.h (iii) Alternatives to STP
1
1
2.1.h (iv) Stackwise
1
1
2.1.h (v) Excluding specific platform implementation
1
1
2.1.i Describe spanning-tree concepts
2.1.i (i) Compatibility between MST and RSTP
1
3
2.1.i (ii) STP dispute, STP Bridge Assurance
1
3
2.2 Layer 2 multicast
2.2.a Implement and troubleshoot IGMP
2.2.a (i) IGMPv1, IGMPv2, IGMPv3
2
7
2.2.a (ii) IGMP snooping
2
7
2.2.a (iii) IGMP querier
2
7
xxix
Topics
Book
Volume
Book
Chapter
2.2.a (iv) IGMP filter
2
7
2.2.a (v) IGMP proxy
2
7
2.2.b Explain MLD
2
8
2.2.c Explain PIM snooping
2
8
2.3 Layer 2 WAN circuit technologies
2.3.a Implement and troubleshoot HDLC
2
6
2.3.b Implement and troubleshoot PPP
2.3.b (i) Authentication (PAP, CHAP)
2
6
2.3.b (ii) PPPoE
2
6
2.3.b (iii) MLPPP
2
6
2.3.c Describe WAN rate-based Ethernet circuits
2.3.c (i) Metro and WAN Ethernet topologies
2
6
2.3.c (ii) Use of rate-limited WAN Ethernet services
2
6
3.0 Layer 3 Technologies
3.1 Addressing technologies
3.1.a Identify, implement, and troubleshoot IPv4 addressing and
subnetting
3.1.a (i) Address types, VLSM
1
4
3.1.a (ii) ARP
1
4
3.1.b Identify, implement, and troubleshoot IPv6 addressing and
subnetting
3.1.b (i) Unicast, multicast
1
4
3.1.b (ii) EUI-64
1
4
3.1.b (iii) ND, RS/RA
1
4
3.1.b (iv) Autoconfig/SLAAC, temporary addresses (RFC 4941)
1
4
3.1.b (v) Global prefix configuration feature
1
4
3.1.b (vi) DHCP protocol operations
1
4
3.1.b (vii) SLAAC/DHCPv6 interaction
2
10
3.1.b (viii) Stateful, stateless DHCPv6
1
4
3.1.b (ix) DHCPv6 prefix delegation
1
4
3.2 Layer 3 multicast
3.2.a Troubleshoot reverse path forwarding
xxx CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1
Topics
Book
Volume
Book
Chapter
3.2.a (i) RPF failure
2
8
3.2.a (ii) RPF failure with tunnel interface
2
8
3.2.b Implement and troubleshoot IPv4 protocol independent
multicast
3.2.b (i) PIM dense mode, sparse mode, sparse-dense mode
2
8
3.2.b (ii) Static RP, auto-RP, BSR
2
8
3.2.b (iii) Bidirectional PIM
2
8
3.2.b (iv) Source-specific multicast
2
8
3.2.b (v) Group-to-RP mapping
2
8
3.2.b (vi) Multicast boundary
2
8
3.2.c Implement and troubleshoot multicast source discovery protocol
3.2.c (i) Intra-domain MSDP (anycast RP)
2
8
3.2.c (ii) SA filter
2
8
3.2.d Describe IPv6 multicast
3.2.d (i) IPv6 multicast addresses
2
7
3.2.d (ii) PIMv6
2
8
3.3 Fundamental routing concepts
3.3.a Implement and troubleshoot static routing
1
6
3.3.b Implement and troubleshoot default routing
1
7–11
3.3.c Compare routing protocol types
3.3.c (i) Distance vector
1
7
3.3.c (ii) Link state
1
7
3.3.c (iii) Path vector
1
7
3.3.d Implement, optimize, and troubleshoot administrative distance
1
11
3.3.e Implement and troubleshoot passive interface
1
7–10
3.3.f Implement and troubleshoot VRF lite
2
11
3.3.g Implement, optimize, and troubleshoot filtering with any routing
protocol
1
11
3.3.h Implement, optimize, and troubleshoot redistribution between
any routing protocols
1
11
3.3.i Implement, optimize, and troubleshoot manual and auto
summarization with any routing protocol
1
7–10
xxxi
Topics
Book
Volume
Book
Chapter
3.3.j Implement, optimize, and troubleshoot policy-based routing
1
6
3.3.k Identify and troubleshoot suboptimal routing
1
11
3.3.l Implement and troubleshoot bidirectional forwarding detection
1
11
3.3.m Implement and troubleshoot loop prevention mechanisms
3.3.m (i) Route tagging, filtering
1
11
3.3.m (ii) Split horizon
1
7
3.3.m (iii) Route poisoning
1
7
3.3.n Implement and troubleshoot routing protocol authentication
3.3.n (i) MD5
1
7–10
3.3.n (ii) Key-chain
1
7–10
3.3.n (iii) EIGRP HMAC SHA2-256bit
1
8
3.3.n (iv) OSPFv2 SHA1-196bit
1
9
3.3.n (v) OSPFv3 IPsec authentication
1
9
3.4 RIP (v2 and v6)
3.4.a Implement and troubleshoot RIPv2
1
7
3.4.b Describe RIPv6 (RIPng)
1
7
3.5 EIGRP (for IPv4 and IPv6)
3.5.a Describe packet types
3.5.a (i) Packet types (hello, query, update, and so on)
1
8
3.5.a (ii) Route types (internal, external)
1
8
3.5.b Implement and troubleshoot neighbor relationship
3.5.b (i) Multicast, unicast EIGRP peering
1
8
3.5.b (ii) OTP point-to-point peering
1
8
3.5.b (iii) OTP route-reflector peering
1
8
3.5.b (iv) OTP multiple service providers scenario
1
8
3.5.c Implement and troubleshoot loop-free path selection
3.5.c (i) RD, FD, FC, successor, feasible successor
1
8
3.5.c (ii) Classic metric
1
8
3.5.c (iii) Wide metric
1
8
3.5.d Implement and troubleshoot operations
3.5.d (i) General operations
1
8
xxxii CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1
Topics
Book
Volume
Book
Chapter
3.5.d (ii) Topology table, update, query, active, passive
1
8
3.5.d (iii) Stuck in active
1
8
3.5.d (iv) Graceful shutdown
1
8
3.5.e Implement and troubleshoot EIGRP stub
3.5.e (i) Stub
1
8
3.5.e (ii) Leak-map
1
8
3.5.f Implement and troubleshoot load balancing
3.5.f (i) equal-cost
1
8
3.5.f (ii) unequal-cost
1
8
3.5.f (iii) add-path
1
8
3.5.g Implement EIGRP (multiaddress) named mode
3.5.g (i) Types of families
1
8
3.5.g (ii) IPv4 address-family
1
8
3.5.g (iii) IPv6 address-family
1
8
3.5.h Implement, troubleshoot, and optimize EIGRP convergence and
scalability
3.5.h (i) Describe fast convergence requirements
1
8
3.5.h (ii) Control query boundaries
1
8
3.5.h (iii) IP FRR/fast reroute (single hop)
1
8
3.5.h (iv) Summary leak-map
1
8
3.5.h (v) Summary metric
1
8
3.6 OSPF (v2 and v3)
3.6.a Describe packet types
3.6.a (i) LSA types (1, 2, 3, 4, 5, 7, 9)
1
9
3.6.a (ii) Route types (N1, N2, E1, E2)
1
9
3.6.b Implement and troubleshoot neighbor relationship
1
9
3.6.c Implement and troubleshoot OSPFv3 address-family support
3.6.c (i) IPv4 address-family
1
9
3.6.c (ii) IPv6 address-family
1
9
3.6.d Implement and troubleshoot network types, area types, and
router types
3.6.d (i) Point-to-point, multipoint, broadcast, nonbroadcast
1
9
xxxiii
Topics
Book
Volume
Book
Chapter
3.6.d (ii) LSA types, area type: backbone, normal, transit, stub, NSSA,
totally stub
1
9
3.6.d (iii) Internal router, ABR, ASBR
1
9
3.6.d (iv) Virtual link
1
9
3.6.e Implement and troubleshoot path preference
1
9
3.6.f Implement and troubleshoot operations
3.6.f (i) General operations
1
9
3.6.f (ii) Graceful shutdown
1
9
3.6.f (iii) GTSM (Generic TTL Security Mechanism)
1
9
3.6.g Implement, troubleshoot, and optimize OSPF convergence and
scalability
3.6.g (i) Metrics
1
9
3.6.g (ii) LSA throttling, SPF tuning, fast hello
1
9
3.6.g (iii) LSA propagation control (area types, ISPF)
1
9
3.6.g (iv) IP FRR/fast reroute (single hop)
1
9
3.6.g (v) LFA/loop-free alternative (multihop)
1
9
3.6.g (vi) OSPFv3 prefix suppression
1
9
3.7 BGP
3.7.a Describe, implement, and troubleshoot peer relationships
3.7.a (i) Peer-group, template
2
1
3.7.a (ii) Active, passive
2
1
3.7.a (iii) States, timers
2
1
3.7.a (iv) Dynamic neighbors
2
1
3.7.b Implement and troubleshoot IBGP and EBGP
3.7.b (i) EBGP, IBGP
2
1
3.7.b (ii) 4-byte AS number
2
1
3.7.b (iii) Private AS
2
1
3.7.c Explain attributes and best-path selection
2
1
3.7.d Implement, optimize, and troubleshoot routing policies
3.7.d (i) Attribute manipulation
2
2
3.7.d (ii) Conditional advertisement
2
2
3.7.d (iii) Outbound route filtering
2
2
xxxiv CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1
Topics
Book
Volume
Book
Chapter
3.7.d (iv) Communities, extended communities
2
2
3.7.d (v) Multihoming
2
2
3.7.e Implement and troubleshoot scalability
3.7.e (i) Route-reflector, cluster
2
2
3.7.e (ii) Confederations
2
2
3.7.e (iii) Aggregation, AS set
2
2
3.7.f Implement and troubleshoot multiprotocol BGP
3.7.f (i) IPv4, IPv6, VPN address-family
2
2
3.7.g Implement and troubleshoot AS path manipulations
3.7.g (i) Local AS, allow AS in, remove private AS
2
2
3.7.g (ii) Prepend
2
2
3.7.g (iii) Regexp
2
2
3.7.h Implement and troubleshoot other features
3.7.h (i) Multipath
2
2
3.7.h (ii) BGP synchronization
2
2
3.7.h (iii) Soft reconfiguration, route refresh
2
2
3.7.i Describe BGP fast convergence features
3.7.i (i) Prefix independent convergence
2
2
3.7.i (ii) Add-path
2
2
3.7.i (iii) Next-hop address tracking
2
2
3.8 IS-IS (for IPv4 and IPv6)
3.8.a Describe basic IS-IS network
3.8.a (i) Single area, single topology
1
10
3.8.b Describe neighbor relationship
1
10
3.8.c Describe network types, levels, and router types
3.8.c (i) NSAP addressing
1
10
3.8.c (ii) Point-to-point, broadcast
1
10
3.8.d Describe operations
1
10
3.8.e Describe optimization features
3.8.e (i) Metrics, wide metric
1
10
4.0 VPN Technologies
xxxv
Topics
Book
Volume
Book
Chapter
4.1 Tunneling
4.1.a Implement and troubleshoot MPLS operations
4.1.a (i) Label stack, LSR, LSP
2
11
4.1.a (ii) LDP
2
11
4.1.a (iii) MPLS ping, MPLS traceroute
2
11
4.1.b Implement and troubleshoot basic MPLS L3VPN
4.1.b (i) L3VPN, CE, PE, P
2
11
4.1.b (ii) Extranet (route leaking)
2
11
4.1.c Implement and troubleshoot encapsulation
4.1.c (i) GRE
2
10
4.1.c (ii) Dynamic GRE
2
10
4.1.c (iii) LISP encapsulation principles supporting EIGRP OTP
1
8
4.1.d Implement and troubleshoot DMVPN (single hub)
4.1.d (i) NHRP
2
10
4.1.d (ii) DMVPN with IPsec using preshared key
2
10
4.1.d (iii) QoS profile
2
10
4.1.d (iv) Pre-classify
2
10
4.1.e Describe IPv6 tunneling techniques
4.1.e (i) 6in4, 6to4
2
8
4.1.e (ii) ISATAP
2
8
4.1.e (iii) 6RD
2
8
4.1.e (iv) 6PE/6VPE
2
8
4.1.g Describe basic Layer 2 VPN—wireline
4.1.g (i) L2TPv3 general principles
2
10
4.1.g (ii) ATOM general principles
2
11
4.1.h Describe basic L2VPN—LAN services
4.1.h (i) MPLS-VPLS general principles
2
10
4.1.h (ii) OTV general principles
2
10
4.2 Encryption
4.2.a Implement and troubleshoot IPsec with preshared key
4.2.a (i) IPv4 site to IPv4 site
2
10
xxxvi CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1
Topics
Book
Volume
Book
Chapter
4.2.a (ii) IPv6 in IPv4 tunnels
2
10
4.2.a (iii) Virtual tunneling Interface (VTI)
2
10
4.2.b Describe GET VPN
2
10
5.0 Infrastructure Security
5.1 Device security
5.1.a Implement and troubleshoot IOS AAA using local database
2
9
5.1.b Implement and troubleshoot device access control
5.1.b (i) Lines (VTY, AUX, console)
1
5
5.1.b (ii) SNMP
1
5
5.1.b (iii) Management plane protection
2
9
5.1.b (iv) Password encryption
1
5
5.1.c Implement and troubleshoot control plane policing
2
9
5.1.d Describe device security using IOS AAA with TACACS+ and
RADIUS
5.1.d (i) AAA with TACACS+ and RADIUS
2
9
5.1.d (ii) Local privilege authorization fallback
2
9
5.2 Network security
5.2.a Implement and troubleshoot switch security features
5.2.a (i) VACL, PACL
2
9
5.2.a (ii) Stormcontrol
2
9
5.2.a (iii) DHCP snooping
2
9
5.2.a (iv) IP source-guard
2
9
5.2.a (v) Dynamic ARP inspection
2
9
5.2.a (vi) port-security
2
9
5.2.a (vii) Private VLAN
1
2
5.2.b Implement and troubleshoot router security features
5.2.b (i) IPv4 access control lists (standard, extended, time-based)
2
9
5.2.b (ii) IPv6 traffic filter
2
9
5.2.b (iii) Unicast reverse path forwarding
2
9
5.2.c Implement and troubleshoot IPv6 first-hop security
5.2.c (i) RA guard
2
9
xxxvii
Topics
Book
Volume
Book
Chapter
5.2.c (ii) DHCP guard
2
9
5.2.c (iii) Binding table
2
9
5.2.c (iv) Device tracking
2
9
5.2.c (v) ND inspection/snooping
2
9
5.2.c (vii) Source guard
2
9
5.2.c (viii) PACL
2
9
5.2.d Describe 802.1x
5.2.d (i) 802.1x, EAP, RADIUS
2
9
5.2.d (ii) MAC authentication bypass
2
9
6.0 Infrastructure Services
6.1 System management
6.1.a Implement and troubleshoot device management
6.1.a (i) Console and VTY
1
5
6.1.a (ii) Telnet, HTTP, HTTPS, SSH, SCP
1
5
6.1.a (iii) (T)FTP
1
5
6.1.b Implement and troubleshoot SNMP
6.1.b (i) v2c, v3
1
5
6.1.c Implement and troubleshoot logging
6.1.c (i) Local logging, syslog, debug, conditional debug
1
5
6.1.c (ii) Timestamp
2
6
6.2 Quality of service
6.2.a Implement and troubleshoot end-to-end QoS
6.2.a (i) CoS and DSCP mapping
2
3
6.2.b Implement, optimize, and troubleshoot QoS using MQC
6.2.b (i) Classification
2
3
6.2.b (ii) Network-based application recognition (NBAR)
2
3
6.2.b (iii) Marking using IP precedence, DSCP, CoS, ECN
2
3
6.2.b (iv) Policing, shaping
2
5
6.2.b (v) Congestion management (queuing)
2
4
6.2.b (vi) HQoS, subrate Ethernet link
2
3, 4, 5
6.2.b (vii) Congestion avoidance (WRED)
2
4
xxxviii CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1
Topics
Book
Volume
Book
Chapter
6.2.c Describe Layer 2 QoS
6.2.c (i) Queuing, scheduling
2
4
6.2.c (ii) Classification, marking
2
2
6.3 Network services
6.3.a Implement and troubleshoot first-hop redundancy protocols
6.3.a (i) HSRP, GLBP, VRRP
1
5
6.3.a (ii) Redundancy using IPv6 RS/RA
1
5
6.3.b Implement and troubleshoot Network Time Protocol
6.3.b (i) NTP master, client, version 3, version 4
1
5
6.3.b (ii) NTP Authentication
1
5
6.3.c Implement and troubleshoot IPv4 and IPv6 DHCP
6.3.c (i) DHCP client, IOS DHCP server, DHCP relay
1
5
6.3.c (ii) DHCP options
1
5
6.3.c (iii) DHCP protocol operations
1
5
6.3.c (iv) SLAAC/DHCPv6 interaction
1
4
6.3.c (v) Stateful, stateless DHCPv6
1
4
6.3.c (vi) DHCPv6 prefix delegation
1
4
6.3.d Implement and troubleshoot IPv4 Network Address Translation
6.3.d (i) Static NAT, dynamic NAT, policy-based NAT, PAT
1
5
6.3.d (ii) NAT ALG
2
10
6.3.e Describe IPv6 Network Address Translation
6.3.e (i) NAT64
2
10
6.3.e (ii) NPTv6
2
10
6.4 Network optimization
6.4.a Implement and troubleshoot IP SLA
6.4.a (i) ICMP, UDP, jitter, VoIP
1
5
6.4.b Implement and troubleshoot tracking object
6.4.b (i) Tracking object, tracking list
1
5
6.4.b (ii) Tracking different entities (for example, interfaces, routes,
IPSLA, and so on)
1
5
6.4.c Implement and troubleshoot NetFlow
xxxix
Topics
Book
Volume
Book
Chapter
6.4.c (i) NetFlow v5, v9
1
5
6.4.c (ii) Local retrieval
1
5
6.4.c (iii) Export (configuration only)
1
5
6.4.d Implement and troubleshoot embedded event manager
6.4.d (i) EEM policy using applet
1
5
6.4.e Identify performance routing (PfR)
6.4.e (i) Basic load balancing
1
11
6.4.e (ii) Voice optimization
1
11
To give you practice on these topics, and pull the topics together, Edition 5 of the CCIE
Routing and Switching v5.0 Official Cert Guide, Volume 1 includes a large set of CD
questions that mirror the types of questions expected for the Version 5.0 blueprint. By
their very nature, these topics require the application of the knowledge listed throughout
the book. This special section of questions provides a means to learn and practice these
skills with a proportionally larger set of questions added specifically for this purpose.
These questions will be available to you in the practice test engine database, whether you
take full exams or choose questions by category.
About the CCIE Routing and Switching v5.0 Official
Cert Guide, Volume 1 , Fifth Edition
This section provides a brief insight into the contents of the book, the major goals, and
some of the book features that you will encounter when using this book.
Book Organization
This volume contains four major parts. Beyond the chapters in these parts of the book,
you will find several useful appendixes gathered in Part V .
Following is a description of each part’s coverage:

Part I , “LAN Switching” ( Chapters 1 – 3 )

This part focuses on LAN Layer 2 features, specifically Ethernet ( Chapter 1 ), VLANs
and trunking ( Chapter 2 ), and Spanning Tree Protocol ( Chapter 3 ).

Part II , “IP Networking” ( Chapters 4 – 5 )

This part covers details across the spectrum of the TCP/IP protocol stack. It includes
Layer 3 basics ( Chapter 4 ) and IP services such as DHCP and ARP ( Chapter 5 ).
xl CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1

Part III , “IP IGP Routing” ( Chapters 6 – 11 )

This part covers some of the more important topics on the exam and is easily the
largest part of this volume. It covers Layer 3 forwarding concepts ( Chapter 6 ), fol-
lowed by three routing protocol chapters, one each about RIPv2, EIGRP, OSPF, and
IS-IS ( Chapters 7 through 10 , respectively), and concludes with a discussion of IGP
redistribution and routing information optimization ( Chapter 11 ).

Part IV , “Final Preparation”

Chapter 12 , “Final Preparation,” contains instructions about using the testing soft-
ware on the CD to verify your knowledge, presents suggestions on approaching your
studies, and includes hints about further expanding your knowledge by participating
in the Cisco Learning Network.

Part V , “Appendixes”

Appendix A , “Answers to the ‘Do I Know This Already?’ Quizzes”—This appen-
dix lists answers and explanations for the questions at the beginning of each
chapter.

Appendix B , “Exam Updates”—As of the first printing of the book, this appen-
dix contains only a few words that reference the web page for this book, at
www.ciscopress.com/title/9781587143960 . As the blueprint evolves over time,
the authors will post new materials at the website. Any future printings of the
book will include the latest newly added materials in printed form in Appendix
B . If Cisco releases a major exam update, changes to the book will be available
only in a new edition of the book and not on this site.
Note Appendixes C, D, E, F, and G and the Glossary are in printable, PDF format on
the CD.

Appendix C , “Decimal to Binary Conversion Table” (CD-only)—This appendix
lists the decimal values 0 through 255, with their binary equivalents.

Appendix D , “IP Addressing Practice” (CD-only)—This appendix lists several
practice problems for IP subnetting and finding summary routes. The explana-
tions to the answers use the shortcuts described in the book.

Appendix E , “Key Tables for CCIE Study” (CD-only)—This appendix lists the
most important tables from the core chapters of the book. The tables have much
of the content removed so that you can use them as an exercise. You can print
the PDF file and then fill in the table from memory, checking your answers
against the completed tables in Appendix F .
■ Appendix G, “Study Planner” (CD-only)—This appendix is a spreadsheet with
major study milestones, where you can track your progress through your study.

Glossary (CD-only)—The Glossary contains the key terms listed in the book.
xli
Book Features
The core chapters of this book have several features that help you make the best use of
your time:

“Do I Know This Already?” Quizzes: Each chapter begins with a quiz that helps
you to determine the amount of time you need to spend studying that chapter. If
you score yourself strictly, and you miss only one question, you might want to skip
the core of the chapter and move on to the “Foundation Summary” section at the
end of the chapter, which lets you review facts and spend time on other topics. If
you miss more than one, you might want to spend some time reading the chapter or
at least reading sections that cover topics about which you know you are weaker.

Foundation Topics: These are the core sections of each chapter. They explain the
protocols, concepts, and configuration for the topics in that chapter.

Foundation Summary: The “Foundation Summary” section of this book departs
from the typical features of the “Foundation Summary” section of other Cisco
Press Exam Certification Guides. This section does not repeat any details from the
“Foundation Topics” section; instead, it simply summarizes and lists facts related to
the chapter but for which a longer or more detailed explanation is not warranted.

Key topics: Throughout the “Foundation Topics” section, a Key Topic icon has been
placed beside the most important areas for review. After reading a chapter, when
doing your final preparation for the exam, take the time to flip through the chapters,
looking for the Key Topic icons, and review those paragraphs, tables, figures, and
lists.

Fill In Key Tables from Memory: The more important tables from the chapters have
been copied to PDF files available on the CD as Appendix E . The tables have most
of the information removed. After printing these mostly empty tables, you can use
them to improve your memory of the facts in the table by trying to fill them out.
This tool should be useful for memorizing key facts. That same CD-only appendix
contains the completed tables so that you can check your work.

CD-based practice exam: The companion CD contains multiple-choice questions
and a testing engine. The CD includes 200 questions unique to the CD. As part of
your final preparation, you should practice with these questions to help you get used
to the exam-taking process, as well as to help refine and prove your knowledge of
the exam topics.

Key terms and Glossary: The more important terms mentioned in each chapter
are listed at the end of each chapter under the heading “Definitions.” The Glossary,
found on the CD that comes with this book, lists all the terms from the chapters.
When studying each chapter, you should review the key terms, and for those terms
about which you are unsure of the definition, you can review the short definitions
from the Glossary.

Further Reading: Most chapters include a suggested set of books and websites for
additional study on the same topics covered in that chapter. Often, these references
will be useful tools for preparation for the CCIE Routing and Switching lab exam.
Blueprint topics covered in this chapter:
This chapter covers the following subtopics from the
Cisco CCIE Routing and Switching written exam
blueprint. Refer to the full blueprint in Table I-1 in the
Introduction for more details on the topics covered in
each chapter and their context within the blueprint.

Ethernet

Speed

Duplex

Fast Ethernet

Gigabit Ethernet

SPAN, RSPAN, and ERSPAN

Virtual Switch System (VSS)

IOS-XE
Ethernet has been the mainstay LAN protocol for years, and that is not anticipated to
change anytime soon. More often than not, most people studying network and net-
work fundamentals are very familiar with the protocol operations, its limitations, and its
strengths. This level of familiarity often makes us complacent when it comes to determin-
ing a solid starting point for teaching technology. But when we consider how many tech-
nologies owe their capacity and capabilities to Ethernet, it becomes clear that this is the
best place to start any discussion about networking. Ethernet is so established and use-
ful that its role is expanding constantly. In fact, today it has even found its way into the
WAN. Ethernet WAN technologies like Metro-Ethernet have changed the way we build
geographically dispersed infrastructure and have paved the way for greater throughput in
what was traditionally a slow and restrictive mode of transport.
So with the understanding that the majority of readers are probably very familiar with
Ethernet based on working with it on a day-to-day basis, we still need to ensure that we
pay proper due diligence to the technology simply because it is so fundamental to the
creation of both the most basic and the most complex network environments, and even
though we are for the most part very knowledgeable about its operation, we might have
forgotten some of the nuisances of its operation. So in this chapter, the intention is to
outline those operations as clearly and succinctly as possible.
For exam preparation, it is typically useful to use all the refresher tools: Take the “Do I
Know This Already?” quiz, complete the definitions of the terms listed at the end of the
chapter, print and complete the tables in Appendix E , “Key Tables for CCIE Study,” and
certainly answer all the CD-ROM questions concerning Ethernet.
“Do I Know This Already?” Quiz
Table 1-1 outlines the major headings in this chapter and the corresponding “Do I Know
This Already?” quiz questions.
CHAPTER 1
Ethernet Basics
4 CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1
Table 1-1
“Do I Know This Already?” Foundation Topics Section-to-Question Mapping
Foundation Topics Section
Questions Covered in This
Section
Score
Ethernet Layer 1: Wiring, Speed, and Duplex 1–4
Ethernet Layer 2: Framing and Addressing
5–6
Switching and Bridging Logic
7
SPAN, RSPAN, and ERSPAN
8–9
Virtual Switch System
10–11
IOS Modernization
12
Total Score
To best use this pre-chapter assessment, remember to score yourself strictly. You can find
the answers in Appendix A , “Answers to the ‘Do I Know This Already?’ Quizzes.”
1.
Which of the following denotes the correct usage of pins on the RJ-45 connectors at
the opposite ends of an Ethernet crossover cable?
a.
1 to 1
b.
1 to 2
c.
1 to 3
d.
6 to 1
e.
6 to 2
f.
6 to 3
2.
Which of the following denotes the correct usage of pins on the RJ-45 connectors at
the opposite ends of an Ethernet straight-through cable?
a.
1 to 1
b.
1 to 2
c.
1 to 3
d.
6 to 1
e.
6 to 2
f.
6 to 3
Chapter 1: Ethernet Basics 5
3.
Which of the following commands must be configured on a Cisco IOS switch inter-
face to disable Ethernet autonegotiation?
a.
no auto-negotiate
b.
no auto
c.
Both speed and duplex
d.
duplex
e.
speed
4.
Consider an Ethernet crossover cable between two 10/100 ports on Cisco switches.
One switch has been configured for 100-Mbps full duplex. Which of the following is
true about the other switch?
a.
It will use a speed of 10 Mbps.
b.
It will use a speed of 100 Mbps.
c.
It will use a duplex setting of half duplex.
d.
It will use a duplex setting of full duplex.
5.
Which of the following Ethernet header type fields is a 2-byte field?
a.
DSAP
b.
Type (in SNAP header)
c.
Type (in Ethernet V2 header)
d.
LLC Control
6.
Which of the following standards defines a Fast Ethernet standard?
a.
IEEE 802.1Q
b.
IEEE 802.3U
c.
IEEE 802.1X
d.
IEEE 802.3Z
e.
IEEE 802.3AB
f.
IEEE 802.1AD
7.
Suppose a brand-new Cisco IOS–based switch has just been taken out of the box
and cabled to several devices. One of the devices sends a frame. For which of the
following destinations would a switch flood the frames out all ports (except the port
upon which the frame was received)?
a.
Broadcasts
b.
Unknown unicasts
c.
Known unicasts
d.
Multicasts
6 CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1
8.
Which of the following configuration issues will keep a SPAN session from becom-
ing active?
a.
Misconfigured destination port
b.
Destination port configured as a trunk
c.
Destination port shutdown
d.
Source port configured as a trunk
9.
Which of the following are rules for SPAN configuration?
a.
SPAN source and destination ports must be configured for the same speed and
duplex.
b.
If the SPAN source port is configured for 100 Mbps, the destination port must
be configured for 100 Mbps or more.
c.
In a SPAN session, sources must consist of either physical interfaces or VLANs,
but not a mix of these.
d.
Remote SPAN VLANs must be in the range of VLAN 1–66.
e.
Only three SPAN sessions can be configured on one switch.
10. What tool is available to reduce the complexity of a modern network infrastructure
that has direct impact on both Layer 2 and Layer 3 design?
a.
Spanning Tree Protocol
b.
Bridge Assurance
c.
Virtual Switch Design
d.
Virtual Switching System
e.
IOS-XR
11. In a Virtual Switch System configuration, what operational component is used to
transport Control, Management, and Data Plane traffic between peers?
a.
VPC-Link
b.
Sham-Link
c.
Virtual Switch Link
d.
Port-Channel
e.
Ether-Channel
Chapter 1: Ethernet Basics 7
12. Cisco IOS was expanded so that it could support modern enterprise deployments by
moving away from a monolithic architecture to a more modular design model. What
is this current version of IOS?
a.
CUOS
b.
IOS-NG
c.
LINUX
d.
IOS-XE
e.
IOS-version 2.0
8 CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1
Foundation Topics
Ethernet Layer 1: Wiring, Speed, and Duplex
Before you make an Ethernet LAN functional, end-user devices, routers, and switches
must be cabled correctly. To run with fewer transmission errors at higher speeds, and to
support longer cable distances, variations of copper and optical cabling can be used. The
different Ethernet specifications, cable types, and cable lengths per the various specifica-
tions are important for the exam, and are listed in the “Foundation Summary” section,
later in this chapter.
RJ-45 Pinouts and Category 5 Wiring
You should know the details of crossover and straight-through Category 5 (Cat 5), Cat
5e, or Cat 6 cabling for almost any networking job. The EIA/TIA defines the cabling
specifications for Ethernet LANs ( www.eia.org and http://www.tiaonline.org ), including
the pinouts for the RJ-45 connects, as shown in Figure 1-1 .

Figure 1-1
RJ-45 Pinouts with Four-Pair UTP Cabling
The most popular Ethernet standards (10BASE-T and 100BASE-TX) each use two twisted
pairs (specifically pairs 2 and 3 shown in Figure 1-1 ), with one pair used for transmission
in each direction. Depending on which pair a device uses to transmit and receive, either a
straight-through or crossover cable is required. Table 1-2 summarizes how the cabling and
pinouts work.
Table 1-2
Ethernet Cabling Types
Type of Cable
Pinouts
Key Pins Connected
Straight-through
T568A (both ends) or T568B (both ends)
1–1; 2–2; 3–3; 6–6
Crossover
T568A on one end, and T568B on the other
1–3; 2–6; 3–1; 6–2
Key
Topic

Key
Topic

Chapter 1: Ethernet Basics 9
Many Ethernet standards use two twisted pairs, with one pair being used for transmis-
sion in each direction. For example, a PC network interface card (NIC) transmits on pair
1,2 and receives on pair 3,6; switch ports do the opposite. So, a straight-through cable
works well, connecting pair 1,2 on the PC (PC transmit pair) to the switch port’s pair
1,2, on which the switch receives. When the two devices on the ends of the cable both
transmit using the same pins, a crossover cable is required. For example, if two connected
switches send using the pair at pins 3,6 and receive on pins 1,2, the cable needs to con-
nect the pair at 3,6 on one end to pins 1,2 at the other end, and vice versa.
Note Crossover cables can also be used between a pair of PCs, swapping the transmit
pair on one end (1,2) with the receive pins at the other end (3,6).
Cisco also supports a switch feature that lets the switch figure out whether the wrong
cable is installed: Auto-MDIX (automatic medium-dependent interface crossover) detects
the wrong cable and causes the switch to swap the pair it uses for transmitting and
receiving, which solves the cabling problem. (As of publication, this feature is not sup-
ported on all Cisco switch models.)
Autonegotiation, Speed, and Duplex
By default, each Cisco switch port uses Ethernet autonegotiation to determine the
speed and duplex setting (half or full). The switches can also set their duplex setting with
the duplex interface subcommand, and their speed with—you guessed it—the speed
interface subcommand.
Switches can dynamically detect the speed setting on a particular Ethernet segment by
using a few different methods. Cisco switches (and many other devices) can sense the
speed using the Fast Link Pulses (FLP) of the autonegotiation process. However, if auto-
negotiation is disabled on either end of the cable, the switch detects the speed anyway
based on the incoming electrical signal. You can force a speed mismatch by statically
configuring different speeds on both ends of the cable, causing the link to no longer
function.
Switches detect duplex settings through autonegotiation only. If both ends have auto-
negotiation enabled, the duplex is negotiated. However, if either device on the cable
disables autonegotiation, the devices without a configured duplex setting must assume a
default. Cisco switches use a default duplex setting of half duplex (HDX) (for 10-Mbps
and 100-Mbps interfaces) or full duplex (FDX) (for 1000-Mbps interfaces). To disable
autonegotiation on a Cisco switch port, you simply need to statically configure the speed
and the duplex settings.
Ethernet devices can use FDX only when collisions cannot occur on the attached cable; a
collision-free link can be guaranteed only when a shared hub is not in use. The next few
topics review how Ethernet deals with collisions when they do occur, as well as what is
different with Ethernet logic in cases where collisions cannot occur and FDX is allowed.
10 CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1
CSMA/CD
The original Ethernet specifications expected collisions to occur on the LAN. The media
were shared, creating a literal electrical bus. Any electrical signal induced onto the wire
could collide with a signal induced by another device. When two or more Ethernet
frames overlap on the transmission medium at the same instant in time, a collision occurs;
the collision results in bit errors and lost frames.
The original Ethernet specifications defined the Carrier Sense Multiple Access with
Collision Detection (CSMA/CD) algorithm to deal with the inevitable collisions.
CSMA/CD minimizes the number of collisions, but when they occur, CSMA/CD defines
how the sending stations can recognize the collisions and retransmit the frame. The fol-
lowing list outlines the steps in the CSMA/CD process:
1.
A device with a frame to send listens until the Ethernet is not busy (in other words,
the device cannot sense a carrier signal on the Ethernet segment).
2.
When the Ethernet is not busy, the sender begins sending the frame.
3.
The sender listens to make sure that no collision occurred.
4.
If there was a collision, all stations that sent a frame send a jamming signal to ensure
that all stations recognize the collision.
5.
After the jamming is complete, each sender of one of the original collided frames
randomizes a timer and waits that long before resending. (Other stations that did not
create the collision do not have to wait to send.)
6.
After all timers expire, the original senders can begin again with Step 1.
Collision Domains and Switch Buffering
A collision domain is a set of devices that can send frames that collide with frames
sent by another device in that same set of devices. Before the advent of LAN switches,
Ethernets were either physically shared (10BASE2 and 10BASE5) or shared by virtue of
shared hubs and their Layer 1 “repeat out all other ports” logic. Ethernet switches greatly
reduce the number of possible collisions, both through frame buffering and through their
more complete Layer 2 logic.
By definition of the term, Ethernet hubs

Operate solely at Ethernet Layer 1

Repeat (regenerate) electrical signals to improve cabling distances

Forward signals received on a port out all other ports (no buffering)
As a result of a hub’s logic, a hub creates a single collision domain . Switches, however,
create a different collision domain per switch port, as shown in Figure 1-2 .

Key
Topic

Key
Topic

Chapter 1: Ethernet Basics 11

Larry
Archie
Bob
SW1
Larry
1 Collision Domain
10BASE-T, using Shared hub
Multiple Collision Domain
10BASE-T, using Switch
Solid Lines Represent
Twisted Pair Cabling
Archie
Bob
Hub1
Figure 1-2
Collision Domains with Hubs and Switches
Switches have the same cabling and signal regeneration benefits as hubs, but switches do
a lot more—including sometimes reducing or even eliminating collisions by buffering
frames. When switches receive multiple frames on different switch ports, they store the
frames in memory buffers to prevent collisions.
For example, imagine that a switch receives three frames at the same time, entering three
different ports, and they all must exit the same switch port. The switch simply stores two
of the frames in memory, forwarding the frames sequentially. As a result, in Figure 1-2 ,
the switch prevents any frame sent by Larry from colliding with a frame sent by Archie
or Bob—which by definition puts each of the PCs attached to the switch in Figure 1-2 in
different collision domains.
When a switch port connects through cable to a single other nonhub device—for exam-
ple, like the three PCs in Figure 1-2 —no collisions can possibly occur. The only devices
that could create a collision are the switch port and the one connected device—and they
each have a separate twisted pair on which to transmit. Because collisions cannot occur,
such segments can use full-duplex logic.
Note NICs operating in HDX mode use loopback circuitry when transmitting a frame.
This circuitry loops the transmitted frame back to the receive side of the NIC so that when
the NIC receives a frame over the cable, the combined looped-back signal and received sig-
nal allows the NIC to notice that a collision has occurred.
Basic Switch Port Configuration
The three key configuration elements on a Cisco switch port are autonegotiation, speed,
and duplex. Cisco switches use autonegotiation by default; it is then disabled if both the
speed and duplex are manually configured. You can set the speed using the speed { auto
| 10 | 100 | 1000 } interface subcommand, assuming that the interface supports multiple
Key
Topic

12 CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1
speeds. You configure the duplex setting using the duplex { auto | half | full } interface sub-
command.
Example 1-1 shows the manual configuration of the speed and duplex on the link
between Switch1 and Switch4 from Figure 1-3 , and the results of having mismatched
duplex settings. (The book refers to specific switch commands used on IOS-based
switches, referred to as “Catalyst IOS” by the Cisco CCIE blueprint.)

0/13
000a.b7dc.b78d
0200.3333.3333
0200.4444.4444
000f.2343.87cd
0/13
0/6
0/4
0/3
0010.a49b.6111
SW1
SW4
PC1
R4
R3
Figure 1-3
Simple Switched Network with Trunk
Example 1-1
Manual Setting for Duplex and Speed, with Mismatched Duplex
switch1# show interface fa 0/13
FastEthernet0/13 is up, line protocol is up
Hardware is Fast Ethernet, address is 000a.b7dc.b78d (bia 000a.b7dc.b78d)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s
! remaining lines omitted for brevity
! Below, Switch1's interface connecting to Switch4 is configured for 100 Mbps,
! HDX. Note that IOS rejects the first duplex command; you cannot set duplex until
! the speed is manually configured.
switch1# conf t
Enter configuration commands, one per line. End with CNTL/Z.
switch1(config)# int fa 0/13
switch1(config-if)# duplex half
Duplex will not be set until speed is set to non-auto value
switch1(config-if)# speed 100
05:08:41: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/13, changed
state þto down
Chapter 1: Ethernet Basics 13
05:08:46: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/13, changed
state þto up
switch1(config-if)# duplex half
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
! NOT SHOWN: Configuration for 100/half on Switch4's int fa 0/13.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
! Now with both switches manually configured for speed and duplex, neither will be
! using Ethernet auto-negotiation. As a result, below the duplex setting on Switch1
! can be changed to FDX with Switch4 remaining configured to use HDX.
switch1# conf t
Enter configuration commands, one per line. End with CNTL/Z.
switch1(config)# int fa 0/13
switch1(config-if)# duplex full
05:13:03: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/13, changed
state to down
05:13:08: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/13, changed
state to up
switch1(config-if)# ̂Z
switch1# sh int fa 0/13
FastEthernet0/13 is up, line protocol is up
! Lines omitted for brevity
Full-duplex, 100Mb/s
! remaining lines omitted for brevity
! Below, Switch4 is shown to be HDX. Note
! the collisions counters at the end of the show interface command.
switch4# sh int fa 0/13
FastEthernet0/13 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is 000f.2343.87cd (bia 000f.2343.87cd)
MTU 1500 bytes, BW 100000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Half-duplex, 100Mb/s
! Lines omitted for brevity
5 minute output rate 583000 bits/sec, 117 packets/sec
25654 packets input, 19935915 bytes, 0 no buffer
Received 173 broadcasts (0 multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 173 multicast, 0 pause input
0 input packets with dribble condition detected
26151 packets output, 19608901 bytes, 0 underruns
54 output errors, 5 collisions, 0 interface resets
0 babbles, 54 late collision, 59 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
14 CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1
02:40:49: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/13
(not full duplex), with Switch1 FastEthernet0/13 (full duplex).
! Above, CDP messages have been exchanged over the link between switches. CDP
! exchanges information about Duplex on the link, and can notice (but not fix)
! the mismatch.
The statistics on Switch4 near the end of the example show collisions (detected in the
time during which the first 64 bytes were being transmitted) and late collisions (after
the first 64 bytes were transmitted). In an Ethernet that follows cabling length restric-
tions, collisions should be detected while the first 64 bytes are being transmitted. In this
case, Switch1 is using FDX logic, meaning that it sends frames anytime—including when
Switch4 is sending frames. As a result, Switch4 receives frames anytime, and if sending
at the time, it believes a collision has occurred. Switch4 has deferred 59 frames, meaning
that it chose to wait before sending frames because it was currently receiving a frame.
Also, the retransmission of the frames that Switch4 thought were destroyed because of
a collision, but might not have been, causes duplicate frames to be received, occasionally
causing application connections to fail and routers to lose neighbor relationships.
Ethernet Layer 2: Framing and Addressing
In this book, as in many Cisco courses and documents, the word frame refers to the bits
and bytes that include the Layer 2 header and trailer, along with the data encapsulated by
that header and trailer. The term packet is most often used to describe the Layer 3 header
and data, without a Layer 2 header or trailer. Ethernet’s Layer 2 specifications relate to
the creation, forwarding, reception, and interpretation of Ethernet frames.
The original Ethernet specifications were owned by the combination of Digital
Equipment Corp., Intel, and Xerox—hence the name “Ethernet (DIX).” Later, in the
early 1980s, the IEEE standardized Ethernet, defining parts (Layer 1 and some of Layer
2) in the 802.3 Media Access Control (MAC) standard, and other parts of Layer 2 in
the 802.2 Logical Link Control (LLC) standard. Later, the IEEE realized that the 1-byte
Destination Service Access Point (DSAP) field in the 802.2 LLC header was too small. As
a result, the IEEE introduced a new frame format with a Sub-Network Access Protocol
(SNAP) header after the 802.2 header, as shown in the third style of header in Figure
1-4 . Finally, in 1997, the IEEE added the original DIX V2 framing to the 802.3 standard
as well, as shown in the top frame in Figure 1-4 .
Table 1-3 lists the header fields, along with a brief explanation. The more important fields
are explained in more detail after the table.
Key
Topic

Chapter 1: Ethernet Basics 15
Table 1-3
Ethernet Header Fields
Field
Description
Preamble (DIX)
Provides synchronization and signal transitions to allow proper
clocking of the transmitted signal. Consists of 62 alternating 1s
and 0s, and ends with a pair of 1s.
Preamble and Start of
Frame Delimiter (802.3)
Same purpose and binary value as DIX preamble; 802.3 simply
renames the 8-byte DIX preamble as a 7-byte preamble and a
1-byte Start of Frame Delimiter (SFD).
Type (or Protocol Type)
(DIX)
2-byte field that identifies the type of protocol or protocol
header that follows the header. Allows the receiver of the frame
to know how to process a received frame.
Length (802.3)
Describes the length, in bytes, of the data following the Length
field, up to the Ethernet trailer. Allows an Ethernet receiver to
predict the end of the received frame.
Destination Service
Access Point (802.2)
DSAP; 1-byte protocol type field. The size limitations, along
with other uses of the low-order bits, required the later addition
of SNAP headers.
Source Service Access
Point (802.2)
SSAP; 1-byte protocol type field that describes the upper-layer
protocol that created the frame.
Control (802.2)
1- or 2-byte field that provides mechanisms for both
connectionless and connection-oriented operation. Generally
used only for connectionless operation by modern protocols,
with a 1-byte value of 0x03.
Key
Topic

Dest.
Address
Preamble
Source
Address
Type/
Length
FCS
Data
Ethernet (DIX) and Revised (1997) IEEE 802.3

8
6
6
2 Variable 4
Original IEEE Ethernet (802.3)
IEEE 802.3 with SNAP Header

7
1
6
6
2
1 1
1-2 Variable 4
Dest.
address
Preamble
D
S
A
P
S
S
A
P
Source
address
FCS
Data
SFD
Length
Control
802.3
802.2
802.3

7
1
6
6
2
1 1
1-2
3 2 Variable 4
Dest.
address
Preamble
D
S
A
P
S
S
A
P
Source
address
FCS
Data
SFD
Length
Control
TYPE
OUI
802.3
802.2
802.3
SNAP
Figure 1-4
Ethernet Framing Options
Key
Topic

16 CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1
Field
Description
Organizationally Unique
Identifier (SNAP)
OUI; 3-byte field, generally unused today, providing a place
for the sender of the frame to code the OUI representing the
manufacturer of the Ethernet NIC.
Type (SNAP)
2-byte Type field, using same values as the DIX Type field,
overcoming deficiencies with size and use of the DSAP field.
Types of Ethernet Addresses
Ethernet addresses, also frequently called MAC addresses, are 6 bytes in length, typically
listed in hexadecimal form. There are three main types of Ethernet address, as listed in
Table 1-4 .
Table 1-4
Three Types of Ethernet/MAC Address
Type of Ethernet/
MAC Address
Description and Notes
Unicast
Fancy term for an address that represents a single LAN interface. The
I/G bit, the least significant bit in the most significant byte, is set to 0.
Broadcast
An address that means “all devices that reside on this LAN right now.”
Always a value of hex FFFFFFFFFFFF.
Multicast
A MAC address that implies some subset of all devices currently on
the LAN. By definition, the I/G bit is set to 1.
Most engineers instinctively know how unicast and broadcast addresses are used in a
typical network. When an Ethernet NIC needs to send a frame, it puts its own unicast
address in the Source Address field of the header. If it wants to send the frame to a
particular device on the LAN, the sender puts the other device’s MAC address in the
Ethernet header’s Destination Address field. If the sender wants to send the frame to
every device on the LAN, it sends the frame to the FFFF.FFFF.FFFF broadcast destina-
tion address. (A frame sent to the broadcast address is named a broadcast or broadcast
frame , and frames sent to unicast MAC addresses are called unicasts or unicast frames .)
Multicast Ethernet frames are used to communicate with a possibly dynamic subset
of the devices on a LAN. The most common use for Ethernet multicast addresses
involves the use of IP multicast. For example, if only 3 of 100 users on a LAN want to
watch the same video stream using an IP multicast–based video application, the applica-
tion can send a single multicast frame. The three interested devices prepare by listening
for frames sent to a particular multicast Ethernet address, processing frames destined for
that address. Other devices might receive the frame, but they ignore its contents. Because
the concept of Ethernet multicast is most often used today with IP multicast, most of the
rest of the details of Ethernet multicast are covered in Volume 2, Chapter 7 , “Introduction
to IP Multicasting.”
Key
Topic

Chapter 1: Ethernet Basics 17
Ethernet Address Formats
The IEEE intends for unicast addresses to be unique in the universe by administer-
ing the assignment of MAC addresses. The IEEE assigns each vendor a code to use
as the first 3 bytes of its MAC addresses; that first half of the addresses is called the
Organizationally Unique Identifier (OUI) . The IEEE expects each manufacturer to use
its OUI for the first 3 bytes of the MAC assigned to any Ethernet product created by that
vendor. The vendor then assigns a unique value in the low-order 3 bytes for each Ethernet
card that it manufactures—thereby ensuring global uniqueness of MAC addresses. Figure
1-5 shows the basic Ethernet address format, along with some additional details.

1st Byte
1st Byte
2nd Byte 3rd Byte 4th Byte 5th Byte 6th Byte
I/G
Bit
OUI
Most
Significant
Bit
Most
Significant Byte
Least
Significant
Bit
U/L
Bit
Least
Significant Byte
Vendor-Assigned
Figure 1-5
Ethernet Address Format
Note that Figure 1-5 shows the location of the most significant byte and least significant
bit in each byte. IEEE documentation lists Ethernet addresses with the most significant
byte on the left. However, inside each byte, the leftmost bit is the most significant bit,
and the rightmost bit is the least significant bit. Many documents refer to the bit order as
canonical . Regardless of the term, the bit order inside each byte is important for under-
standing the meaning of the two most significant bits in an Ethernet address:

The Individual/Group (I/G) bit

The Universal/Local (U/L) bit
Table 1-5 summarizes the meaning of each bit.
Key
Topic

18 CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1
Table 1-5
I/G and U/L Bits
Field
Meaning
I/G
Binary 0 means that the address is a unicast; Binary 1 means that the address is a
multicast or broadcast.
U/L
Binary 0 means that the address is vendor assigned; Binary 1 means that the
address has been administratively assigned, overriding the vendor-assigned
address.
The I/G bit signifies whether the address represents an individual device or a group
of devices, and the U/L bit identifies locally configured addresses. For example, the
Ethernet multicast addresses used by IP multicast implementations always start with
0x01005E. Hex 01 (the first byte of the address) converts to binary 00000001, with the
least significant bit being 1, confirming the use of the I/G bit.
Note Often, when overriding the MAC address to use a local address, the device or
device driver does not enforce the setting of the U/L bit to a value of 1.
Protocol Types and the 802.3 Length Field
Each of the three types of Ethernet header shown in Figure 1-4 has a field identifying the
format of the Data field in the frame. Generically called a Type field, these fields allow
the receiver of an Ethernet frame to know how to interpret the data in the received frame.
For example, a router might want to know whether the frame contains an IP packet, an
IPX packet, and so on.
DIX and the revised IEEE framing use the Type field, also called the Protocol Type field.
The originally defined IEEE framing uses those same 2 bytes as a Length field. To distin-
guish the style of Ethernet header, the Ethernet Type field values begin at 1536, and the
length of the Data field in an IEEE frame is limited to decimal 1500 or less. That way, an
Ethernet NIC can easily determine whether the frame follows the DIX or original IEEE
format.
The original IEEE frame used a 1-byte Protocol Type field (DSAP) for the 802.2 LLC
standard type field. It also reserved the high-order 2 bits for other uses, similar to the I/G
and U/L bits in MAC addresses. As a result, there were not enough possible combinations
in the DSAP field for the needs of the market—so the IEEE had to define yet another
type field, this one inside an additional IEEE SNAP header. Table 1-6 summarizes the
meaning of the three main Type field options with Ethernet.
Key
Topic

Chapter 1: Ethernet Basics 19
Table 1-6
Ethernet Type Fields
Type Field
Description
Protocol Type
DIX V2 Type field; 2 bytes; registered values now administered by the
IEEE
DSAP
802.2 LLC; 1 byte, with 2 high-order bits reserved for other purposes;
registered values now administered by the IEEE
SNAP
SNAP header; 2 bytes; uses same values as Ethernet Protocol Type;
signified by an 802.2 DSAP of 0xAA
Switching and Bridging Logic
In this chapter so far, you have been reminded about the cabling details for Ethernet
along with the formats and meanings of the fields inside Ethernet frames. A switch’s ulti-
mate goal is to deliver those frames to the appropriate destination(s) based on the destina-
tion MAC address in the frame header. Table 1-7 summarizes the logic used by switches
when forwarding frames, which differs based on the type of destination Ethernet address
and on whether the destination address has been added to its MAC address table.
Table 1-7
LAN Switch Forwarding Behavior
Type of Address
Switch Action
Known unicast
Forwards frame out the single interface associated with the
destination address
Unknown unicast
Floods frame out all interfaces, except the interface on which the
frame was received
Broadcast
Floods frame identically to unknown unicasts
Multicast
Floods frame identically to unknown unicasts, unless multicast
optimizations are configured
For unicast forwarding to work most efficiently, switches need to know about all the
unicast MAC addresses and out which interface the switch should forward frames sent to
each MAC address. Switches learn MAC addresses, and the port to associate with them,
by reading the source MAC address of received frames. You can see the learning process
in Example 1-2 , along with several other details of switch operation. Figure 1-6 lists the
devices in the network associated with Example 1-2 , along with their MAC addresses.
Key
Topic

Key
Topic

20 CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1

VLAN 1:
IP Address 10.1.1.1
MAC Address 000a.b7dc.b780
VLAN 1:
IP Address 10.1.1.4
MAC Address 000f.2343.87c0
R4
0/13
000a.b7dc.b78d
0200.3333.3333
0200.4444.4444
000f.2343.87cd
0/13
R3
0/6
0/4
0/3
0010.a49b.6111
SW1
SW4
PC1
Figure 1-6
Sample Network with MAC Addresses Shown
Example 1-2
Command Output Showing MAC Address Table Learning (Continued)
Switch1# show mac-address-table dynamic
Mac Address Table
------------------------------------------

Vlan Mac Address Type Ports
---- ----------- ---- -----
1 000f.2343.87cd DYNAMIC Fa0/13
1 0200.3333.3333 DYNAMIC Fa0/3
1 0200.4444.4444 DYNAMIC Fa0/13
Total Mac Addresses for this criterion: 3
! Above, Switch1's MAC address table lists three dynamically learned addresses,
! including Switch4's FA 0/13 MAC.
! Below, Switch1 pings Switch4's management IP address.
Switch1# ping 10.1.1.4

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
! Below Switch1 now knows the MAC address associated with Switch4's management IP
! address. Each switch has a range of reserved MAC addresses, with the first MAC
! being used by the switch IP address, and the rest being assigned in sequence to
! the switch interfaces – note 0xcd (last byte of 2 nd address in the table above)
! is for Switch4's FA 0/13 interface, and is 13 (decimal) larger than Switch4's
! base MAC address.
Chapter 1: Ethernet Basics 21
Switch1# show mac-address-table dynamic
Mac Address Table
------------------------------------------

Vlan Mac Address Type Ports
---- ----------- ---- -----
1 000f.2343.87c0 DYNAMIC Fa0/13
1 000f.2343.87cd DYNAMIC Fa0/13
1 0200.3333.3333 DYNAMIC Fa0/3
1 0200.4444.4444 DYNAMIC Fa0/13
Total Mac Addresses for this criterion: 4
! Not shown: PC1 ping 10.1.1.23 (R3) PC1's MAC in its MAC address table
------------------------------------------

Vlan Mac Address Type Ports
---- ----------- ---- -----
1 000f.2343.87c0 DYNAMIC Fa0/13
1 000f.2343.87cd DYNAMIC Fa0/13
1 0010.a49b.6111 DYNAMIC Fa0/13
1 0200.3333.3333 DYNAMIC Fa0/3
1 0200.4444.4444 DYNAMIC Fa0/13
Total Mac Addresses for this criterion: 5
! Above, Switch1 learned the PC's MAC address, associated with FA 0/13,
! because the frames sent by the PC came into Switch1 over its FA 0/13.
! Below, Switch4's MAC address table shows PC1's MAC off its FA 0/6
switch4# show mac-address-table dynamic
Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports
---- ----------- -------- -----
1 000a.b7dc.b780 DYNAMIC Fa0/13
1 000a.b7dc.b78d DYNAMIC Fa0/13
1 0010.a49b.6111 DYNAMIC Fa0/6
1 0200.3333.3333 DYNAMIC Fa0/13
1 0200.4444.4444 DYNAMIC Fa0/4
Total Mac Addresses for this criterion: 5
! Below, for example, the aging timeout (default 300 seconds) is shown, followed
! by a command just listing the mac address table entry for a single address.
switch4# show mac-address-table aging-time
Vlan Aging Time
---- ----------
1 300
switch4# show mac-address-table address 0200.3333.3333
Mac Address Table
22 CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1
-------------------------------------------

Vlan Mac Address Type Ports
---- ----------- -------- -----
1 0200.3333.3333 DYNAMIC Fa0/13
Total Mac Addresses for this criterion: 1
SPAN, RSPAN, and ERSPAN
Cisco Catalyst switches support a method of directing all traffic from a source port or
source VLAN to a single port. This feature, called SPAN (for Switch Port Analyzer) in the
Cisco documentation and sometimes referred to as session monitoring because of the
commands used to configure it, is useful for many applications. These include monitor-
ing traffic for compliance reasons, for data collection purposes, or to support a particu-
lar application. For example, all traffic from a voice VLAN can be delivered to a single
switch port to facilitate call recording in a VoIP network. Another common use of this
feature is to support intrusion detection/prevention system (IDS/IPS) security solutions.
SPAN sessions can be sourced from a port or ports, or from a VLAN. This provides great
flexibility in collecting or monitoring traffic from a particular source device or an entire
VLAN.
The destination port for a SPAN session can be on the local switch, as in SPAN opera-
tion. Or it can be a port on another switch in the network. This mode is known as
Remote SPAN, or RSPAN. In RSPAN, a specific VLAN must be configured across the
entire switching path from the source port or VLAN to the RSPAN destination port. This
requires that the RSPAN VLAN be included in any trunks in that path, too. See Figure
1-7 for the topology of SPAN, Figure 1-8 for that of RSPAN, and Figure 1-9 for that of
Encapsulated Remote SPAN (ERSPAN).

Egress
Traffic
Ingress
Traffic
Source Span
Ports
Destination Span
Port
Sniffer
Switch
Figure 1-7
SPAN Topology
Chapter 1: Ethernet Basics 23

Switch S1
6/1
Sniffer
Switch S2
ISL TRUNK
5/1
5/2
A
Figure 1-8
RSPAN Topology

IP/MPLS Cloud
SPAN
Source
Device
Network Analyzer
Device
SPAN
Destination
Host A
Host B
GRE-Encapsulated
Monitored Traffic
Figure 1-9
ERSPAN Topology
The information in this section applies specifically to the Cisco 3560 switching platform;
the Cisco 3750 and many other platforms use identical or similar rules and configuration
commands.
Core Concepts of SPAN, RSPAN, and ERSPAN
To understand SPAN, RSPAN, and ERSPAN, it helps to break them down into their fun-
damental elements. This also helps you understand how to configure these features.
In SPAN, you create a SPAN source that consists of at least one port or at least one
VLAN on a switch. On the same switch, you configure a destination port. The SPAN
source data is then gathered and delivered to the SPAN destination.
In RSPAN, you create the same source type—at least one port or at least one VLAN. The
destination for this session is the RSPAN VLAN, rather than a single port on the switch.
At the switch that contains an RSPAN destination port, the RSPAN VLAN data is deliv-
ered to the RSPAN port.