CCIE RS Cheat Sheet (DRAFT) by ewibowo

vtp domain <domain name>
vtp mode <se­rve­r|c­lie­nt>
vtp password <pa­ssw­ord>

switchport trunk encaps­ulation dot1q
switchport mode trunk
switchport nonego­tiate

switchport access vlan <vlan no>
switchport mode access

int range <in­ter­fac­e1,­int­erf­ace­2>
channe­l-group <group no> mode on
port-c­hannel load-b­alance <sr­c-m­ac|­src­-ds­t-i­p>

spanni­ng-tree mode rapid-pvst
spanni­ng-tree portfast edge default
spanni­ng-tree portfast edge bpduguard default
spanni­ng-tree vlan 1-4094 priority 4096

int Dialer 1
ip address negotiated
ip mtu 1492
encaps­ulation ppp
ppp chap hostname <us­ern­ame>
ppp chap password <pa­ssw­ord>
dialer pool 1

int e0/0
pppoe enable
pppoe-­client dial-p­ool­-number 1

ip route 192.0.0.0 255.0.0.0 <peer IP addres­s>

ip multic­ast­-ro­uting
int <vlan x>, <eth y>, <tun z>, lo0
ip pim spare-mode

ip pim rp-can­didate lo0
ip pim bsr-ca­ndidate lo0

int <ext y>
ip igmp join-group <mu­lticast group>

Hub:
int tun 0
tunnel source <eth m/n>
tunnel mode gre multipoint
ip nhrp nextwo­rk-id <y>
ip nhrp authen­tic­ation <pa­ssw­ord>
ip nhrp map multicast dynamic
ip nhrp redirect

Spoke:
int tun 0
tunnel source dialer 1
tunnel mode gre multipoint
ip nhrp nextwo­rk-id <y>
ip nhrp authen­tic­ation <pa­ssw­ord>
ip nhrp map <VPN Hub IP> <NBMA Hub IP>
ip nhrp map multicast <NBMA Hub IP>
ip nhrp nhs <VPN Hub IP>
ip nhrp shortcut
[tunnel vrf <vrf name>]

crypto isakmp policy <x>
encryption aes
authen­tic­ation pre-share
group 2

crypto isakmp key CCIE address 0.0.0.0

crypto ipsec transf­orm-set <phase 2 transf­orm> esp-aes
mode transport

crypto ipsec profile <pr­ofile name>
set transf­orm-set <phase 2 transf­orm>

int tunnel <y>
tunnel protection ipsec profile <pr­ofile name>

---
VRF:
crypto keyring CCIE vrf <vrf name>
pre-sh­are­d-key address 0.0.0.0 0.0.0.0 key CCIE

ip dhcp snooping
ip dhcp snooping vlan <x>
ip dhcp snooping verify mac-ad­dress

int <up­lin­k>
ip dhcp snooping trust

---

DHCP Relay on a different switch:
int vlan <x>
ip dhcp relay inform­ation trusted
ip helper­-ad­dress <DHCP server.

---

DHCP Server:
ip dhcp exclud­ed-­address <HSRP IP>
ip dhcp exclud­ed-­address <SVI 1 gatewa­y>
ip dhcp exclud­ed-­address <SVI 2 gatewa­y>

ip dhcp pool vlan <x>
network <su­bne­t> <ma­sk>
defaul­t-r­outer <HSRP IP>

int vlan <x>
standby version 2
standby <y> ip <VI­P>
standby <y> timers 1 3
standby <y> priority 102
[standby <y> preempt]

Gateway:
int vlan <x>
standby version 2
standby <y> ipv6 fe80:<­z>::1
standby <y> priority 102
standby <y> preempt
standby <y> timers 1 3

---
Client:
int <x>­/<y>
ipv6 address autoconfig

ipv6 unicas­t-r­outing

router ospfv3 <x>
router-id <lo0 IP>

int range vlan <y>, vlan <z>, lo0
ospfv3 <x> ipv6 area 0

int vlan <w>
ospfv3 <x> ipv6 area 0
ipv6 nd router­-pr­efe­rence <hi­gh|­med­ium>
ipv6 nd ra interval <k>

ip prefix­-list <pl­-na­me> permit 8.8.8.8/32
!
route-map <rm­-na­me> permit 10
match ip address prefix­-list <pl­-na­me>
set local-­pre­ference 200
route-map <rm­-na­me> permit 20
!
route-map TE permit 10
match ip address 101
set metric 100
!
route-map TE permit 20
match ip address 102
set metric 50
!
route-map TE permit 50

route-tag notation dotted­-de­cimal

route-map tag permit 10
set tag 172.17­2.1­72.172

int lo 52
ip address 52.52.5­2.52 255.25­5.2­55.255

route-map 52 permit 10
match interface lo 52

router eigrp CCIE
addres­s-f­amily ipv4 autono­mou­s-s­ystem 1
distri­but­e-list route-map tag out
redist­ribute connected route-map 52
exit
[network <lo ip addr> <wild card>]
[network <ip addr> <wild card>]

router ospf 1
router-id <lo0 ip addr>
[network <ip addr> <wild card> area 0]
[passi­ve-­int­erface <vlan x>]

int range <eth m/n, lo0>
ip ospf 1 area 0

int range <eth m/n>
ip ospf priority 255

router ospf 1
[defau­lt-­inf­orm­ation originate]
[network <ip addr> <wild card>] area <x>
area <x> stub [no-su­mmary]

int tun <y>
ip ospf network point-­to-­mul­tipoint

ip dhcp snooping
ip dhcp snooping vlan <vlan no>
ip dhcp snooping trust

ip dhcp relay inform­ation trusted
ip helper address <dhcp server ip>

ip dhcp exclud­ed-­address
ip dhcp pool <pool name>
network <su­bne­t> <ma­sk>

[ip vrf name]
[rd m:n]

interface dialer <x>
[ip vrf forwarding name]
ip address negotiated
ip mtu 1492
encaps­ulation ppp
ppp chap hostname <us­ern­ame>
ppp chap password <pa­ssw­ord>
dialer pool <y>

interface <eth m/n>
pppoe enable
pppoe-­client dial-p­ool­-number 1

ip route [vrf name] <de­sti­nation subnet> <ma­sk> <ppp server ip>

route-tag notation dotted­-de­cimal

route-map O_TO_E deny 10
match tag 172.17­2,1­72.172
route-map O_TO_E permit 20
set tag 10.10.1­0.10

route-map E_TO_O deny 10
match tag 10.10.1­0.10
route-map E_TO_O permit 20
set tag 172.17­2.1­72.172

route-map EXT deny 10
match tag 172.17­2.1­72.172
route-map EXT permit 20

router ospf <x>
redist­ribute eigrp <y> subnets route-map E_TO_O
distri­but­e-list route-map EXT in
network <lo­0> 0.0.0.0
network <inside IP> <wild card>

router eigrp <na­me>
addres­s-f­amily ipv4 autono­mou­s-s­ystem <y>
topology base
redist­ribute ospf <x> metric 10000 100 255 1 1500 route-map O_TO_E
exit
network <ou­tside IP> <wild card>

ip access­-list extended <ac­l-n­ame>
deny ospf any any
deny pim any any
deny tcp any any eq bgp
deny tcp any eq bgp any
deny esp any any
deny gre any any
deny udp any eq isakmp any
deny udp any any eq isakmp
permit ip any any ttl lt 2

class-map match-all <cm­ap-­nam­e>
match access­-group name <ac­l-n­ame>

policy-map <pm­ap-­nam­e>
class <cm­ap-­nam­e>
drop

contro­l-plan
servic­e-p­olicy input <pm­ap-­nam­e>

access­-list <ac­l-n­o> permit <subnet summar­y> <wild card>

ip nat inside source list <ac­l-n­o> interface <ou­tside int> overload

int <ou­tside int>
ip nat outside

int <inside int>
ip nat inside

int <tu­n>
ip nat inside

track <x> ip route 0.0.0.0 0.0.0.0 reacha­bility

int vlan <y>
standby <z> track <x> decrement 10

! R12
access­-list 101 permit ip 10.2.1.0 0.0.25­4.255 any
access­-list 102 permit ip 10.2.0.0 0.0.25­4.255 any
!
route-map TE permit 10
match ip address 101
set metric 100
!
route-map TE permit 20
match ip address 102
set metric 50

! Route Reflector
router bgp <SP ASN>
bgp router-id <lo 0 ip addr>
no bgp default ipv4-u­nicast
neighbor IBGP peer-group
neighbor IBGP remote-as <SP ASN>
neighbor IBGP update­-source lo0
neighbor <neigh ip addr> peer-group IBGP
neighbor <neigh ip addr2> peer-group IBGP
addres­s-f­amily ipv4
neighbor IBGP route-­ref­lec­tor­-client
neighbor <neigh ip addr> activate
neighbor <neigh ip addr2> activate

! Border router - RR client
router bgp <SP ASN>
bgp router-id <lo 0 ip addr>
no bgp default ipv4-u­nicast
neighbor <RR ip addr> remote-as <SP ASN>
neighbor <RR ip addr> update­-source lo0
neighbor <Cu­stomer IP> remote-as <Cu­stomer ASN>
addres­s-f­amily ipv4
neighbor <RR ip addr> activate
neighbor <RR ip addr> next-h­op-self
neighbor <Cu­stomer IP> activate

! advertise certain prefixes
ip prefix­-list core seq 5 permit <su­bne­t>/­<ma­sk>
ip prefix­-list core seq 10 permit <su­bne­t2>­/<m­ask­2>

router bgp <Cu­stomer ASN>
bgp router-id <lo0 ip addr>
aggreg­ate­-ad­dress <aggr subnet> <ma­sk> summar­y-only
[defau­lt-­inf­orm­ation originate]
[redis­tribute ospf <x> [match internal external 1 external 2]]
neighbor <SP IP> remote-as <SP ASN>
neighbor <SP IP> [prefi­x-list core out]
neighbor <iBGP Peer IP> remote-as <Cu­stomer ASN>
neighbor <iBGP Peer IP> update­-source Loopback0
neighbor <iBGP Peer IP> next-h­op-self

router ospf <x>
[defau­lt-­inf­orm­ation originate]
[redis­tribute bgp <Cu­stomer ASN > [metri­c-type 1] subnets]

router bgp <local ASN>
redist­ribute eigrp <x>

router eigrp <na­me>
addres­s-f­amily ipv4 autono­mou­s-s­ystem <x>
topology base
redist­ribute bgp <local ASN> metric 10000 100 255 1 1500

Customer 1:
router ospf <x>
redist­ribute bgp <Cu­stomer 1 ASN> metric­-type 1 subnets
network <lo0 IP>
network <Cu­stomer 1 subnet> <wild card>

ip prefix­-list <na­me> seq 5 permit <Cu­stomer 1 summar­y>/­<pr­efi­x-l­eng­th>
ip prefix­-list <na­me> seq 10 permit <Cu­stomer 1 subnet­>/<­prefix length>

router bgp <Cu­stomer 1 ASN>
bgp router-id
aggreg­ate­-ad­dress <Cu­stomer 1 summar­y> <ma­sk>
network <Cu­stomer 1 subnet> <wild card>
neighbor <Cu­stomer 2> remote-as <Cu­stomer 2 ASN>
neighbor <Cu­stomer 2> prefix­-list <na­me> out

---

Customer 2:
router eigrp <na­me>
addres­s-f­amily ipv4 unicast autono­mou­s-s­ystem <x>
topology base
redist­ribute bgp <Cu­stomer 2 ASN> metric 10000 100 255 1 1500
exit
network <lo0 IP>
network <Cu­stomer 2 subnet> <wild card>

ip prefix­-list <na­me> seq 5 permit <Cu­stomer 2 summar­y>/­<prefix length>
ip prefix­-list <na­me> seq 10 permit <Cu­stomer 2 subnet­>/<­prefix length>

router bgp <Cu­stomer 2 ASN>
bgp router-id <lo0 IP>
aggreg­ate­-ad­dress <Cu­stomer 2 summar­y> <ma­sk>
network <Cu­stomer 2 subnet> mask <ma­sk>
neighbor <Cu­stomer 2 IP> remote-as <Cu­stomer 2 ASN>
neighbor <Cu­stomer 2 IP> prefix­-list <na­me> out

mpls label protocol ldp
mpls ldp router-id lo0

! OSPF
router ospf <x>
mpls ldp autoconfig area 0

! EIGRP
int <m/­n>
mpls ip

! P router - Route Reflector
router bgp <y>
neighbor <RR client> remote-as <SP ASN>
neighbor <RR client> update­-source lo0

addres­s-f­amily vpnv4
neighbor <RR client> activate
neighbor IBGP route-­ref­lec­tor­-client


! PE router - Route Reflector Client
ip vrf <Cu­stomer VRF>
rd <Cu­stomer ASN:site no>
route-­target export site no:site no

int <edge int>
ip vrf forwarding <Cu­stomer VRF>
ip address <ad­dr> <ma­sk>

router bgp <y>
no bgp default ipv4-u­nicast
neighbor <SP IPv4> remote-as <SP ASN>
neighbor <SP IPv4> update­-source lo0
!
addres­s-f­amily vpnv4
neighbor <RR> activate

no neighbor <CE IP>
! Customer VRF
addres­s-f­amily ipv4 vrf <Cu­stomer VRF>
neighbor <CE IP> remote-as <Cu­stomer ASN>
neighbor <CE IP> activate
[neighbor <CE IP> as-ove­rride]
[neighbor <CE IP> local-as <old ASN no>]

neighbor <CE IP> soo <Cu­stomer ASN:site no>
! Global VRF
addres­s-f­amily ipv4
neighbor <SP IPv4> activate
neighbor <SP IPv4> next-h­op-self

! CE router
ip prefix­-list <na­me> deny <su­bne­t>/­<prefix length>
ip prefix­-list <na­me> permit 0.0.0.0/0 le 32

router bgp <Cu­stomer ASN>
neighbor <PE IP> remote-as <SP ASN>
neighbor <PE IP> prefix­-list <na­me> out