Hi there

I have been once at the lab exam and I think, there are tasks in the 
infrastructure section, that will be the same in EVERY lab exam, so I thought 
that we can start here some “exam best practices” conversations, so we can get 
these points for sure ;-) If someone is interested, just take part and help 
others to pass the exam. I would like to start with default port configurations:

- Trunking vs. Access
- Spanning Tree portfast and bpduguard
- QoS
- etc.

I know there can be variations in the questions, but as a general guideline and 
as a discussion base. But anyway, these are my proposals (some of the 
information I took out of the DSG from Jason!) for the different port types (by 
the way, sorry for the strange format, but I copied this out of my Wiki post, I 
hope you can read anyway):


--- Switches ---

<configuration start>
port-channel load-balance src-dst-ip
!
mls qos
mls qos map cos-dscp 0 8 16 24 32 46 48 54
mls qos map dscp-cos 46 to 5
mls qos map dscp-cos 24 to 3
!
interface fastethernet x/x
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport trunk native vlan x (if specified by the question)
 switchport trunk allowed vlan x,y,z
 priority-queue out
 mls qos trust cos
!
<configuration end>



--- WAN / Internet ---

<configuration start>
ip access-list extended ACL-RTP
 permit udp any range 16384 32767 any range 16384 32767
!
ip access-list extended ACL-SCCP
 permit tcp any eq 2000 any eq 2000
 permit tcp any eq 2002 any eq 2002
!
class-map MAP-RTP
 match access-group name ACL-RTP
!
class-map MAP-SCCP
 match access-group name ACL-SCCP
!
policy-map POLICY-VOICE
 class MAP-RTP
  set dscp ef
 class MAP-SCCP
  set dscp cs3
!
interface fastethernet x/x
 no switchport
 ip address x.x.x.x y.y.y.y
 service-policy POLICY-VOICE in
 priority-queue out
!
<configuration end>



--- CME ---
*If the question says, the CME already tags the packets with the right QoS 
marking, what do we have to configure on the port concerning QoS?

<configuration start>
interface fastethernet x/x
 switchport mode access
 switchport access vlan x
 spanning-tree portfast
 spanning-tree bpduguard enable
 priority-queue out
<configuration end>



--- WiSM ---
*For the WiSM I would use the '''wism'''  commands, but is it possible / 
necessary to add the '''spanning-tree portfast trunk'''  or '''spanning-tree 
bpduguard'''  commands (actually I don't have access to a 650x with WiSM 
module)?

<configuration start>
wism service-vlan z
!
wism module x controller 1 native-vlan x (if management is not tagged)
wism module x controller 1 allowed-vlan y,z
wism module x controller 1 qos-trust cos
!
wism module x controller 2 native-vlan x (if management is not tagged)
wism module x controller 2 allowed-vlan y,z
wism module x controller 2 qos-trust cos
<configuration end>



--- WLC (LAG) ---

<configuration start>
interface fastethernet x/x
 channel-group 1 mode on
!
interface port-channel 1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport trunk native vlan x (if specified by the question)
 switchport trunk allowed vlan x,y,z
 spanning-tree portfast trunk
 spanning-tree bpduguard enable
 priority-queue out
 mls qos cos
!
<configuration end>



--- WLC (Connected to different switches, for example 4402 with 2 ports 
connected to both core switches) ---
*I do not add '''spanning-tree bpduguard enable'''  because I assume that on 
the WLC the STP is enabled
*General question, I think it is necessary to enable the STP on WLCs that are 
connected to different switches, isn't it?

<configuration start>
interface fastethernet x/x
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport trunk native vlan x (if specified by the question)
 switchport trunk allowed vlan x,y,z
 priority-queue out
 mls qos cos
!
<configuration end>



--- WLC (Service Port) ---
*Are here any QoS commands needed, and if so, what will be trusted?

<configuration start>
interface fastethernet x/x
 switchport mode access
 switchport access vlan x
 spanning-tree portfast
 spanning-tree bpduguard enable
!
<configuration end>



--- LAP (Local) ---

<configuration start>
interface fastethernet x/x
 switchport mode access
 switchport access vlan x (always needed for management interface)
 spanning-tree portfast
 spanning-tree bpduguard enable
 priority-queue out
 mls qos trust dscp
!
<configuration end>



--- LAP (H-REAP) ---

<configuration start>
interface fastethernet x/x
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport trunk native vlan x (always needed for management interface)
 switchport trunk allowed vlan x,y,z
 priority-queue out
 mls qos cos
!
<configuration end>



--- AAP (Multiple VLANs) ---
*The management interface does not always have to be the native VLAN, does it?

<configuration start>
interface fastethernet x/x
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport trunk native vlan x (if specified by the question)
 switchport trunk allowed vlan x,y,z
 spanning-tree portfast trunk
 spanning-tree bpduguard enable
 priority-queue out
 mls qos cos
!
<configuration end>



--- AAP (Single VLAN, for example if used for a WGB bridge and only one VLAN is 
transported) ---

<configuration start>
interface fastethernet x/x
 switchport mode access
 switchport access vlan x
 spanning-tree portfast
 spanning-tree bpduguard enable
 priority-queue out
 mls qos dscp
!
<configuration end>



--- Wired IP Phone---
*The questions says, you have to configure a port for future use of an wired IP 
phone?
*You must not use Auto-QoS, this would give us something like this:

<configuration start>
interface fastethernet x/x
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 service-policy input AutoQoS-Police-CiscoPhone
<configuration end>

*I don' think, that srr-queue and service-policy configuration is expected in 
the CCIE Wireless track for a wired IP phone port (what do people say, that 
already passed?)
*So I think this configuration could give the points we want (I add 
'''spanning-tree bpduguard enable'''  because the IP phone will not send any 
BPDUs):

<configuration start>
interface fastethernet x/x
 switchport mode access
 switchport access vlan x
 switchport voice vlan y
 spanning-tree portfast
 spanning-tree bpduguard enable
 priority-queue out
 mls qos trust device cisco-phone
 mls qos trust cos
!
<configuration end>



And here are some general questions, I would like to know more about:
*Would it be OK to add ''priority-queue out'' on every port?
*On which ports would you use '''spanning-tree portfast'''  and 
'''spanning-tree bpduguard enable'''?

So I hope this can be used as a discussion base and I hope I get some 
interesting reactions on this ;-) Please feel free to criticize it.

Regards
Dominic
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Reply via email to