My comments on the below configurations... For Switches: I think it looks good but I am not sure if priority-queue out should be required on these trunk links. It is probably safe to put it there though. I think that just mls qos trust cos or mls qos trust dscp could work. I personally would choose mls qos trust dscp unless the problem explicitly stated otherwise.
WAN/Internet: I think this one looks good. CME: CME makes both CoS and DSCP values of the packets it transmits so you could trust either value. Need to look at the requirements to be sure but I would probably trust dscp unless otherwise stated. Rest looks fine. WISM Module: It is not possible to add additional commands like bpduguard enable IF you choose to use the new method of configuration. The mls qos trust command is where your control ends. Personally I hate the fact that the WISM commands eat my interfaces and make them disappear so unless the question explicitly says I have to use the wism module commands I will avoid using and go old school. If you configure the old way - by creating a port channel with the 4 ports - you have a lot more flexibility of what you can do with the ports such as enabling bpduguard etc. Either way - I think it is important to know how to do it both ways because who knows what restrictions there may be on the test about how CISCO wants you to configure it. WLC (without LAG) looks fine. WLC with LAG: Spanning-tree is never used with LAG. I think it is fine to enable bpduguard in this case as well. WLC service port: I would not enable QoS on this port. Your config is fine. LAP Local and H-REAP look good. AAP looks good. The management interface does NOT have to be the native VLAN. It correlates to whichever F0 subinterface is tied to bridge-group 1. I would normally try to make it the native interface though because of some of the restrictions I have run into with configuring the infrastructure role in SSID. I know I have several times in the past received a message telling me that the SSID VLAN for which I configure the infrastructure mode on must be the native VLAN. Not sure if anyone else can speak to this but I know I have run into it multiple times. I think the very last config for the phone also looks good but again I would trust DSCP unless otherwise directed in the question. From: [email protected] [mailto:[email protected]] On Behalf Of Stalder Dominic Sent: Saturday, February 19, 2011 7:14 AM To: [email protected] Subject: [CCIE Wireless] "Exam Best Practices" - Port Configurations Hi there I have been once at the lab exam and I think, there are tasks in the infrastructure section, that will be the same in EVERY lab exam, so I thought that we can start here some "exam best practices" conversations, so we can get these points for sure ;-) If someone is interested, just take part and help others to pass the exam. I would like to start with default port configurations: - Trunking vs. Access - Spanning Tree portfast and bpduguard - QoS - etc. I know there can be variations in the questions, but as a general guideline and as a discussion base. But anyway, these are my proposals (some of the information I took out of the DSG from Jason!) for the different port types (by the way, sorry for the strange format, but I copied this out of my Wiki post, I hope you can read anyway): --- Switches --- <configuration start> port-channel load-balance src-dst-ip ! mls qos mls qos map cos-dscp 0 8 16 24 32 46 48 54 mls qos map dscp-cos 46 to 5 mls qos map dscp-cos 24 to 3 ! interface fastethernet x/x switchport trunk encapsulation dot1q switchport mode trunk switchport trunk native vlan x (if specified by the question) switchport trunk allowed vlan x,y,z priority-queue out mls qos trust cos ! <configuration end> --- WAN / Internet --- <configuration start> ip access-list extended ACL-RTP permit udp any range 16384 32767 any range 16384 32767 ! ip access-list extended ACL-SCCP permit tcp any eq 2000 any eq 2000 permit tcp any eq 2002 any eq 2002 ! class-map MAP-RTP match access-group name ACL-RTP ! class-map MAP-SCCP match access-group name ACL-SCCP ! policy-map POLICY-VOICE class MAP-RTP set dscp ef class MAP-SCCP set dscp cs3 ! interface fastethernet x/x no switchport ip address x.x.x.x y.y.y.y service-policy POLICY-VOICE in priority-queue out ! <configuration end> --- CME --- *If the question says, the CME already tags the packets with the right QoS marking, what do we have to configure on the port concerning QoS? <configuration start> interface fastethernet x/x switchport mode access switchport access vlan x spanning-tree portfast spanning-tree bpduguard enable priority-queue out <configuration end> --- WiSM --- *For the WiSM I would use the '''wism''' commands, but is it possible / necessary to add the '''spanning-tree portfast trunk''' or '''spanning-tree bpduguard''' commands (actually I don't have access to a 650x with WiSM module)? <configuration start> wism service-vlan z ! wism module x controller 1 native-vlan x (if management is not tagged) wism module x controller 1 allowed-vlan y,z wism module x controller 1 qos-trust cos ! wism module x controller 2 native-vlan x (if management is not tagged) wism module x controller 2 allowed-vlan y,z wism module x controller 2 qos-trust cos <configuration end> --- WLC (LAG) --- <configuration start> interface fastethernet x/x channel-group 1 mode on ! interface port-channel 1 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk native vlan x (if specified by the question) switchport trunk allowed vlan x,y,z spanning-tree portfast trunk spanning-tree bpduguard enable priority-queue out mls qos cos ! <configuration end> --- WLC (Connected to different switches, for example 4402 with 2 ports connected to both core switches) --- *I do not add '''spanning-tree bpduguard enable''' because I assume that on the WLC the STP is enabled *General question, I think it is necessary to enable the STP on WLCs that are connected to different switches, isn't it? <configuration start> interface fastethernet x/x switchport trunk encapsulation dot1q switchport mode trunk switchport trunk native vlan x (if specified by the question) switchport trunk allowed vlan x,y,z priority-queue out mls qos cos ! <configuration end> --- WLC (Service Port) --- *Are here any QoS commands needed, and if so, what will be trusted? <configuration start> interface fastethernet x/x switchport mode access switchport access vlan x spanning-tree portfast spanning-tree bpduguard enable ! <configuration end> --- LAP (Local) --- <configuration start> interface fastethernet x/x switchport mode access switchport access vlan x (always needed for management interface) spanning-tree portfast spanning-tree bpduguard enable priority-queue out mls qos trust dscp ! <configuration end> --- LAP (H-REAP) --- <configuration start> interface fastethernet x/x switchport trunk encapsulation dot1q switchport mode trunk switchport trunk native vlan x (always needed for management interface) switchport trunk allowed vlan x,y,z priority-queue out mls qos cos ! <configuration end> --- AAP (Multiple VLANs) --- *The management interface does not always have to be the native VLAN, does it? <configuration start> interface fastethernet x/x switchport trunk encapsulation dot1q switchport mode trunk switchport trunk native vlan x (if specified by the question) switchport trunk allowed vlan x,y,z spanning-tree portfast trunk spanning-tree bpduguard enable priority-queue out mls qos cos ! <configuration end> --- AAP (Single VLAN, for example if used for a WGB bridge and only one VLAN is transported) --- <configuration start> interface fastethernet x/x switchport mode access switchport access vlan x spanning-tree portfast spanning-tree bpduguard enable priority-queue out mls qos dscp ! <configuration end> --- Wired IP Phone--- *The questions says, you have to configure a port for future use of an wired IP phone? *You must not use Auto-QoS, this would give us something like this: <configuration start> interface fastethernet x/x srr-queue bandwidth share 10 10 60 20 priority-queue out mls qos trust device cisco-phone mls qos trust cos auto qos voip cisco-phone service-policy input AutoQoS-Police-CiscoPhone <configuration end> *I don' think, that srr-queue and service-policy configuration is expected in the CCIE Wireless track for a wired IP phone port (what do people say, that already passed?) *So I think this configuration could give the points we want (I add '''spanning-tree bpduguard enable''' because the IP phone will not send any BPDUs): <configuration start> interface fastethernet x/x switchport mode access switchport access vlan x switchport voice vlan y spanning-tree portfast spanning-tree bpduguard enable priority-queue out mls qos trust device cisco-phone mls qos trust cos ! <configuration end> And here are some general questions, I would like to know more about: *Would it be OK to add ''priority-queue out'' on every port? *On which ports would you use '''spanning-tree portfast''' and '''spanning-tree bpduguard enable'''? So I hope this can be used as a discussion base and I hope I get some interesting reactions on this ;-) Please feel free to criticize it. Regards Dominic
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
