CCIE Flashcards
Memorize CCIE RS Commands
conform-action [set-prec-transmit $int] [transmit]
exceed-action [set-dscp-transmit $int]
violate-action [drop]
Three actions can be done when configuring a QoS policer and also actions such as marking can be linked to eaech of these actions. Mention them.
Configures the switch to automatically recover from a err-disable condition due to a specific reason in the specified time.
err-disable recovery cause $cause
err-disable recovery interval $int
Sets logs or debugs timestamps with the desired specified time format.
service timestamps log/debug uptime/datetime [msec/year]
A route-map matches the originator of a received
prefix.
match ip route-source $ACL/%PrefList
Permit an IGMP enabled interface to permit mcast hosts to join ONLY permitted mcast groups or specific S,G (extended ACLs)
ip igmp access-group $ACL
Selectively manipulate imported or exported NLRIs in order to get installed (or not) into a certain RIB.
export map $RMAP / import map $RMAP
Configures OSPF security as SHA-256 (Highest security encryption)
area $int authentication key-chain $string
A BGP prefix received will be installed from the specified neighbor even if its own AS number is included in the AS_PATH of that prefix.
neighbor x.x.x.x allowas-in
Configures a RIP enabled interface to send or receive specific RIP version packets.
ip rip send/receive version 1/2
Defines AS numbers that are to be considered confederation peerings.
bgp confederation peers $AS1 $AS2 $ASn…
Configures a police rate percent based and burst value
police rate percent % burst $ms
Enables CDP globally or in the interface, and configured CDP timers.
cdp enable/run
cdp timer $int
cdp holdtime $int
Sets the router as an Auto-RP RP candidate for specified groups.
ip pim send-rp announce $if scope $int group-list $ACL
Causes OSPF to form an adjacency with the specified peer but NOT advertise any prefix to it.
neighbor x.x.x.x database-filter all out
Sets the file system that will be used by the router to get the files requested by its HTTP clients.
ip http path $fs
Configures NAT to be applied to traffic ingressing a specific VRF interface.
ip nat inside source list $ACL interface $if [vrf $IngressVRF] [overload]
BGP TCP keepalive interval and timeout configuration.
bgp timers $Keepalives $Hold-time
Configures a vrf ospf instance to set a specific domain id when its prefixes are redistributed into MP-BGP.
domain-id x.x.x.x
Sets the maximum number of active HTTP connections in this router.
ip http max-connections $int
Sets the AD for inter, intra or external OSPF prefixes.
distance ospf inter/intra/external $int
Prune the specified VLANs from the trunk port.
switchport trunk pruning vlan $int….
{BGP} Advertises a set of prefixes to a specific neighbor if a route or a set of routes exist or not exist.
neighbor x.x.x.x advertise-map $RMAP exist-map/non-exist-map $RMAP
Configures a NAT rule to translate a whole network as another network space as in 1-1 translation
ip nat inside source static network $inLocal $inGlobal /xy
Configures the router to authenticate HTTP connections with the local user database.
ip http authentication local
Causes the potential OSPF adjacencies to ignore the MTU value as compatibility check.
ip ospf mtu-ignore
Configures an EIGRP stub router to not send any route to its EIGRP peers and only receive EIGRP prefixes from them
eigrp stub receive-only
Enables HTTP or HTTPS service on the router
ip http server / ip http secure-server
Configures the router to display the AS:NN format for prefix communities.
ip bgp-community new-format
Sets a NAT IP Addresses pool
ip nat pool $string $FirstIP $LastIP prefix-length $int
Enables the router to send communities to the BGP neighbor.
neighbor x.x.x.x send-community both
A switchport will passively wait to negotiate the trunk encapsulation with its neighbor.
switchport trunk encapsulation negotiate
Configures dynamic BGP. It will listen for peers with parameters as defined by the specified peer group.
bgp listen range $PrefixRange peer-group $name
Sets a syslog server where traps are to be sent. Also, the protocol and destination port number can be defined for this communication.
logging host $IPadd [transport tcp/udp] [port $int]
Signals the NSSA ABR to always translate type7 prefixes to type5 to the backbone network.
area $int nssa translate type7 always
Causes BGP best path selection process to always compare MED even if AS Path attribute is different among the competing prefixes.
bgp always-compare-med
Sets the Unique Local Address (ULA) to an interface.
ipv6 address FC00:x.x.x.x::/64
{BGP} Causes BGP session with an external peer to NOT be resetted in case the direct link to this peer goes down.
no bgp fast-external-fallover
Sets EIGRP’s weight values
metric weight $arb $BW 0 $Delay 0 0
Configures all DNS parameters to function as DNS server, function as DNS client or respond to DNS queries when DNS server is not reachable.
ip dns server
ip domain-lookup
ip name-server /$IPadd
ip dns spoofing $IPadd
Configures the interface to be used as source for all NTP communication.
ntp source $if
Modifies an aggregate prefix attribute parameters.
aggregate-address x.x.x.x/y attribute-map $RMAP
NHRP CONFIGURATION
ip nhrp network-id $int
ip nhrp authentication $string
ip nhrp nhs $Priv
ip nhrp map $Priv $NBMA
ip nhrp map multicast $NBMA
Causes IPv6 redistribution to include connected prefixes.
redistribute $RoutingProtocol include-connected [$options]
BGP lowest RID is best.
In iBGP, which is better lower or higher RID for best path tiebreaker. What is used by eBGP instead of this condition?
Statically defines the RP address for all or a specific set of groups.
ip pim rp-address x.x.x.x [$ACL] [override]
{BGP} Originates a default route using the regular advertisement method.
network 0.0.0.0 mask 0.0.0.0
Configures the router as a ntp time source and its stratum number.
ntp master $stratum
Configures a route-map to match a prefix in the RIB or the originator of a prefix.
match ip address prefix $Prefix/$ACL
match ip route-source prefix $Prefix/$ACL
Configures the best possible bridge prioirity for the switch.
spanning-tree vlan $vlan priority 0
Permits packets with destination address as the subnet network address to be processed.
ip directed-broadcast
Configures the time the router will delay the removal of a prefix from whch its next-hop got lost as reported by the underlying IGP.
bgp next-hop trigger delay $int
Causes EIGRP to authenticate using SHA-256 encryption over the interface.
authentication mode hmac-sha-256 $password
Both commands are needed to enable RIPng in an interface.
ipv6 router rip $name
ipv6 rip $name enable
Disables split horizon in an EIGRPv3 enabled interface
no ipv6 split-horizon eigrp $AS
ipv6 mld join-group FF3x::/96 source-list $ACL
Causes an IPv6 enabled interface to join a specific S,G SSM group.
Configures the port to detect unidirectional links and send a warning message or shutdown the port.
udld port [aggresive]
{BGP} Suppresses only specific prefixes belonging to the aggregate route.
aggregate-address x.x.x.x/y supress-map $RMAP
Limits the logging of messages to the syslog servers to the specified level.
logging trap $level
Causes the destination SPAN port to accept ingress frames and forward them based on the specified VLAN.
monitor-session $int destination interface $if ingress encapsulation dot1q vlan $int
Sets the port which will be used by the router to listen for incoming HTTP connections.
ip http port $int
WRED will mark packets exceeding min threshold with ECN bit instead of dropping it.
random-detect ecn
Advertises a summary address in a RIPng enabled interface.
ipv6 rip $name summary-address x.x.x.x/y
Sets AD for prefixes received by RIP from the specified peers.
distance $int $GWAddress $ACL
Configures the fast convergence features for STP in the switch.
spanning-tree uplinkfast/backbonefast
Setsthe cost used for the default route sent by an OSPF ABR when running totally stub config
area $int default-cost $int
Causes a P2P link to avoid the generation of constant hello packets and paranoid flooding.
ip ospf demand-circuit
Configures an AS_PATH access list.
ip as-path access-list $int permit/deny $regex
Statically configures the RP which will be used for Bidirectional PIM for specified groups.
ip pim rp-address x.x.x.x $ACL bidir
Sets a community to a BGP prefix used to avoid AS border routers to advertise this prefix out of the AS.
set community no-export
Sets SOO feature for EIGRP prefixes advertiesed and received by the MPLS network. Used as a loop prevention mechanism.
ip vrf sitemap $PMAP
Advertises (or not) a specific OSPF external aggregated prefix instead of the individual most specific prefixes.
summary-address x.x.x.x/y [tag/not-advertise]
ISATAP address formatting.
ipv6 address WWWW:XXXX:YYYY:ZZZZ:0:5EFE:32bits_ipv4_hex_address/64
Configures the router as a TFTP server and which hosts are permitted to access it.
tftp-server $fs $ACL
Configures the maximum rate an access-list can log hits in pps or per number of hits
ip access-list log-update threshold $int/pkts
Configures the router to get prefixes from spoke routers known via CDP.
router odr
Instructs EIGRP to not accept EIGRP updates with a hop count higher than the one scpecified.
metric maximum-hops $int
Configures the software clock to synchronize a peer or to be synchronized by a peer.
ntp peer $IPadd
Configures OSPF timers for values less than 1 for fast convergence time
ip ospf dead-interval minimal hello-multiplier $int
Avoids sending link state changes as a trap to snmp server(s).
no snmp trap link-states
Configures DSCP based WRED in a class based queue
random-detect dscp-based
random-detect dscp $DSCP $minT $MaxT
Configures an NTP client to synchronize time with the specified server and using the specified key.
ntp server $IPadd key $int
Causes to stop the default delay used by BGP to import NLRIs to the proper VRFs.
import path selection all
Sets a snmp-server to connect via SNMP and specifies SNMP parameters.
snmp-server host $IPadd [vrf $name] [traps] $community [version $1/2c/3]
Causes the router to send RA messages in the specified time in seconds or msecs.
ipv6 nd ra interval $int
Matches specific packet flows in a class-map based on an ACL.
match access-group [name] $ACL
Adds a PBR policy for local originated traffic.
ip local policy route-map $RMAP
Sets a distribute list in the router based on a route-map match.
distribute-list route-map in/out interface $if
Sets a community list for community attribute manipulation.
ip community-list [standard/extended] $int [permit/deny] $regex
Will cause the mrouter to withdraw the IGMP group as soon as an IGMP leave is received from a member of the specified group(s).
ip igmp immediate-leave group-list $ACL (Global/Interface)
{BGP} Performs prefix filtering based on an AS_PATH ACL match for ingress or egress direction.
neighbor x.x.x.x filter-list $AS_PATH ACL in/out
Causes an IPv6 enabled interface to join a specific MLD group.
ipv6 mld join-group FF02::x
Will move the port to err-disable condition if the amount of specified type of traffic exceeds the specified threshold.
storm-control unicast/broadcast/multicast $val
Configures the route-map to set bgp dampening values.
set dampening $halflife $reuse $supressval $maxsupresstime
Sets the router as an Auto-RP multicast announcer.
ip pim send-rp-discovery $if scope $int
A router will unicast forward the IGMP reports/leaves received in the interface to the specified IP address.
ip igmp helper-address $IPadd
Sets the unique global address to an interface.
ipv6 address 2001::/3
Sets the maximum number limit of AS numbers in the AS_PATH attribute that a prefix received must have in order to be processed.
bgp maxas-limit $int
Sets RIB scale value for EIGRP named mode
metric rib-scale $int
Configures a NAT rule, where packets hitting the specified interface are sent to the specified inside local address.
ip nat inside source static $insideLocal interface $if
Sets the cluster ID for Cluster Path when the router advertises a prefix to its RR client.
bg cluster-id x.x.x.x
Sets the port which will be used by the router to listen for incoming HTTPS connections.
ip http secure-port $int
Stops the automatic BGPv4 session to be automatically established if a peering through another AFI is desired.
np bgp default ipv4-unicast
Configures the router to CEF load balance BGP ECMPs based on interfaces bandwidth.
bgp dmzlink-bw
neighbor x.x.x.x dmzlink-bw
Causes the switch to configure portfast in all the access-ports.
spanning-tree portfast default
*** VRRP Configuration ***
vrrp $int ip $IPadd
vrrp $int priority $int
vrrp $int timers advertise $int
vrrp $int authentication text/md5 $string
Sets the maximum number of LSAs an OSPF process will accept.
max-lsa $int [threshold $int] [warning-only]
Configures an HSRP group to be able to use its own burned in address as group address
standby use-bia
Enables the router to use bidirectional PIM.
ip pim bidir-enable
Enables the generation of keepalive packets on idle outgoing network connections.
service tcp-keepalives in/out
An alternative to delete all matched prefixes communities, other than comm-list delete.
set community none
*** DHCP specific host address assignment ***
- Server -
ip dhcp pool $string
host $network $mask
client-identifier %hexStr
lease $days
- Client -
ip dhcp client client-id ascii $str
ip address dhcp
Limit the amount of messages per second that can be logged for specified level.
logging rate-limit [console] [$levels/all] $int
Sets the tunnel encapsulation as a VTI (Mcast capable IPsec). Note: VTIs automatically adjust their MTUs, only TCP MSS should be adjusted.
tunnel mode ipsec ipv4
Configures an ISAKMP pre-shared key authentication peering to a peer known over a VRF.
crypto keyring $name vrf $VRF
pre-shared address $peer key $string
Configures an offset-list for prefixes received via RIP.
offset-list $ACL in/out $offset $if
Configures rotary TCP flows NAT load balancing. Why is IP aliasing important here?
ip nat pool $string prefix-length $int type rotary
address $FirstIPadd LastIPadd
ip nat inside destination $ACL pool $string
ip alias x.x.x.x
Causes a router interface to join a specified MLD group.
ipv6 mld join-group FF08::/16
Disable paranoid flooding to occur in the interface.
ip ospf flood-reduction
Permits an EIGRP stub router to advertise specified non-stub prefixes to its peers.
eigrp stub $options leak-map $RMAP
*** PE ***
ipv6 dhcp pool $name1
> prefix-delegation pool $name2
ipv6 local pool $name2 $PrefixLength $Lifetime
interface $ifToCE
ipv6 dhcp server $name1
*** CE ***
interface $ifToPE
ipv6 client pd $anyName3
interface $ifToClient
ipv6 address $Name3 ::$host/xy
Configures IPv6 prefix delegation feature in CE and PE routers
ABR filters OSPF received or sent prefixes from area to area.
area $int filter-list prefix $PrefixList in/out
crypto keyring $name vrf $VRF
pre-shared address $peer key $string
Configures an ISAKMP pre-shared key authentication peering to a peer known over a VRF.
Configures the 3 must have MST parameters in order for the switches to have the same BPDU hashing.
instance $int vlan $vlan-range
name $name
revision $revision
Sets OSPF MD5 authentication for peers discovered over this interface.
ip ospf authentication message-digest
ip ospf authentication message-digest-key $int md5 $string
Configures the tunnel to classify and apply QoS actions to traffic before being GRE encapsulated.
qos pre-classify
Replaces AS ID in OpenSent messages. With option to also replace AS_PATH attribute in the update messages or use both AS_PATHs, the original and the new one.
neighbor x.x.x.x local-as $newAS [no-prepend] [replace-as] [dual-as]
Causes the router to install a default route with next hop to the router used for autoconfig in the interface.
ipv6 address autoconfig default
Causes the NSSA ABR to supress the forwarding address from Type7 to Type5 translated prefixes.
area $int nssa translate type7 supress-fa
Configures NBAR to match specific string in an web based traffic flow.
match protocol http url $regex
Causes the interface prefix to not be advertised as RA to hosts.
ipv6 nd prefix $Prefix no-advertise
A route map matches the next hop address of prefixes to be redistributed
match ip next-hop prefix $Pref
Sets statically the RPF interface for a given source address.
ip mroute $srcAddress $mask $NH/$if [AD]
Causes the NSSA ABR to redistribute the prefixes to the backbone area ONLY, these prefixes will not be injected over the NSSA interfaces.
area $int nssa no-redistribution
Will forward broadcast traffic (from permitted forward protocols configured) as mcast traffic using the specified mcast group address.
ip multicast-helper-map broadcast $McastGroup $ACL
{BGP} Selects which specific prefixes should be affected by the dampening parameters.
bgp dampening route-map $RMAP
Causes BGP to advertise summarized prefixes in regular advertisements (locally originated) and when redistributing.
{BGP} auto-summary
Causes the switch to configure BPDU guard or BPDU filter in all interfaces that have portfast configured.
spanning-tree portfast bpduguard/bpdufilter default
Causes the router to accept only Join messages for the specified RP and only for the specified mcast groups.
ip pim accept-rp $RP $ACL
*** CHAP Configuration ***
username $PEER_HOSTNAME password $ARB1
interface serial x/x
ppp authentication chap
*** Password MUST match in both peer’s login DB ***
Sets a router as an MSDP peer.
ip msdp peer x.x.x.x [remote-as $AS] [connection-source $if] [originator-id x.x.x.x]
Configures Dynamic NAT based on an IP Address pool.
ip nat inside source list $ACL pool $string
The interface will directly filter all auto-rp packets being received or to be forwarded.
ip multicast boundary filter-autorp
{BGP} Performs prefix filtering based on a Route-Map match for ingress or egress direction.
neighbor x.x.x.x route-map $RMAP in/out
Causes the switchport to negotiate the voice VLAN marking with the phone based on the COS value.
switchport voice vlan dot1p
Causes a GRE tunnel to use IPv6 signaling to set the tunneling encapsulation. IPv6 address encapsulation.
tunnel mode ipv6/ipv6ip
{Set in a route-map} Adds specified communities to a prefix.
set community $AS:NN additive
Sets the source interface for telnet communication.
ip telnet source-interface $if
