Hi there I have been once at the lab exam and I think, there are tasks in the infrastructure section, that will be the same in EVERY lab exam, so I thought that we can start here some “exam best practices” conversations, so we can get these points for sure ;-) If someone is interested, just take part and help others to pass the exam. I would like to start with default port configurations:
- Trunking vs. Access - Spanning Tree portfast and bpduguard - QoS - etc. I know there can be variations in the questions, but as a general guideline and as a discussion base. But anyway, these are my proposals (some of the information I took out of the DSG from Jason!) for the different port types (by the way, sorry for the strange format, but I copied this out of my Wiki post, I hope you can read anyway): --- Switches --- <configuration start> port-channel load-balance src-dst-ip ! mls qos mls qos map cos-dscp 0 8 16 24 32 46 48 54 mls qos map dscp-cos 46 to 5 mls qos map dscp-cos 24 to 3 ! interface fastethernet x/x switchport trunk encapsulation dot1q switchport mode trunk switchport trunk native vlan x (if specified by the question) switchport trunk allowed vlan x,y,z priority-queue out mls qos trust cos ! <configuration end> --- WAN / Internet --- <configuration start> ip access-list extended ACL-RTP permit udp any range 16384 32767 any range 16384 32767 ! ip access-list extended ACL-SCCP permit tcp any eq 2000 any eq 2000 permit tcp any eq 2002 any eq 2002 ! class-map MAP-RTP match access-group name ACL-RTP ! class-map MAP-SCCP match access-group name ACL-SCCP ! policy-map POLICY-VOICE class MAP-RTP set dscp ef class MAP-SCCP set dscp cs3 ! interface fastethernet x/x no switchport ip address x.x.x.x y.y.y.y service-policy POLICY-VOICE in priority-queue out ! <configuration end> --- CME --- *If the question says, the CME already tags the packets with the right QoS marking, what do we have to configure on the port concerning QoS? <configuration start> interface fastethernet x/x switchport mode access switchport access vlan x spanning-tree portfast spanning-tree bpduguard enable priority-queue out <configuration end> --- WiSM --- *For the WiSM I would use the '''wism''' commands, but is it possible / necessary to add the '''spanning-tree portfast trunk''' or '''spanning-tree bpduguard''' commands (actually I don't have access to a 650x with WiSM module)? <configuration start> wism service-vlan z ! wism module x controller 1 native-vlan x (if management is not tagged) wism module x controller 1 allowed-vlan y,z wism module x controller 1 qos-trust cos ! wism module x controller 2 native-vlan x (if management is not tagged) wism module x controller 2 allowed-vlan y,z wism module x controller 2 qos-trust cos <configuration end> --- WLC (LAG) --- <configuration start> interface fastethernet x/x channel-group 1 mode on ! interface port-channel 1 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk native vlan x (if specified by the question) switchport trunk allowed vlan x,y,z spanning-tree portfast trunk spanning-tree bpduguard enable priority-queue out mls qos cos ! <configuration end> --- WLC (Connected to different switches, for example 4402 with 2 ports connected to both core switches) --- *I do not add '''spanning-tree bpduguard enable''' because I assume that on the WLC the STP is enabled *General question, I think it is necessary to enable the STP on WLCs that are connected to different switches, isn't it? <configuration start> interface fastethernet x/x switchport trunk encapsulation dot1q switchport mode trunk switchport trunk native vlan x (if specified by the question) switchport trunk allowed vlan x,y,z priority-queue out mls qos cos ! <configuration end> --- WLC (Service Port) --- *Are here any QoS commands needed, and if so, what will be trusted? <configuration start> interface fastethernet x/x switchport mode access switchport access vlan x spanning-tree portfast spanning-tree bpduguard enable ! <configuration end> --- LAP (Local) --- <configuration start> interface fastethernet x/x switchport mode access switchport access vlan x (always needed for management interface) spanning-tree portfast spanning-tree bpduguard enable priority-queue out mls qos trust dscp ! <configuration end> --- LAP (H-REAP) --- <configuration start> interface fastethernet x/x switchport trunk encapsulation dot1q switchport mode trunk switchport trunk native vlan x (always needed for management interface) switchport trunk allowed vlan x,y,z priority-queue out mls qos cos ! <configuration end> --- AAP (Multiple VLANs) --- *The management interface does not always have to be the native VLAN, does it? <configuration start> interface fastethernet x/x switchport trunk encapsulation dot1q switchport mode trunk switchport trunk native vlan x (if specified by the question) switchport trunk allowed vlan x,y,z spanning-tree portfast trunk spanning-tree bpduguard enable priority-queue out mls qos cos ! <configuration end> --- AAP (Single VLAN, for example if used for a WGB bridge and only one VLAN is transported) --- <configuration start> interface fastethernet x/x switchport mode access switchport access vlan x spanning-tree portfast spanning-tree bpduguard enable priority-queue out mls qos dscp ! <configuration end> --- Wired IP Phone--- *The questions says, you have to configure a port for future use of an wired IP phone? *You must not use Auto-QoS, this would give us something like this: <configuration start> interface fastethernet x/x srr-queue bandwidth share 10 10 60 20 priority-queue out mls qos trust device cisco-phone mls qos trust cos auto qos voip cisco-phone service-policy input AutoQoS-Police-CiscoPhone <configuration end> *I don' think, that srr-queue and service-policy configuration is expected in the CCIE Wireless track for a wired IP phone port (what do people say, that already passed?) *So I think this configuration could give the points we want (I add '''spanning-tree bpduguard enable''' because the IP phone will not send any BPDUs): <configuration start> interface fastethernet x/x switchport mode access switchport access vlan x switchport voice vlan y spanning-tree portfast spanning-tree bpduguard enable priority-queue out mls qos trust device cisco-phone mls qos trust cos ! <configuration end> And here are some general questions, I would like to know more about: *Would it be OK to add ''priority-queue out'' on every port? *On which ports would you use '''spanning-tree portfast''' and '''spanning-tree bpduguard enable'''? So I hope this can be used as a discussion base and I hope I get some interesting reactions on this ;-) Please feel free to criticize it. Regards Dominic
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
