BGP RegEx Flashcards

IP address
Terms Definitions
Start of string
End of string
Range of characters
Used to specify range ( i.e. [0-9] )
( )
Logical grouping
Any single character
Zero or more instances
One or more instance
Zero or one instance
Comma, open or close brace, open or close parentheses, start or end of string, or space
Locally originated routes
Learned from AS 100
Originated in AS 100
Any instance of AS 100
Directly connected ASes
accept prefixes from [rtrX] that were originated by [AS501] or its directly connected ASes
permit ^501_[0-9]*$
AF11 DSCP 10
001010 is AF XX and DSCP XX
AF 22
AF 33
PFR - Create a Zone
zone security zonename
PFR - Assign a Zone to an interface
int fa0/0
zone-member security zone
PFR - Create a Zone Pair
zone-pair security zonename source z1 destination z2
zone-pair security zp source z1 destination z2
[command to apply policy p1]
service-policy type inspect p1
ZBF - Create a Zone
zone security ...
ZBF - Apply Zone to Interface
int fa0/0
zone-member security ...
ZBF - Zone Pair
zone-pair security ...
ZBF - Class Map
class-map type inspect

ZBF - Policy Map

policy-map type inspect


ZBF - Actions


class type inspect class-name
drop - Drops packets that are matched with the defined class
pass - Allows packets that are matched with the defined class.
police rate - Limits traffic matching within a firewall (inspect) policy.
inspect - Enables Cisco IOS stateful packet inspection.
Lock and Key - Local Username
username test password test
username test autocommand access-enable host timeout 10
Lock and Key - Interface Access-list
interface Ethernet0/0 
  ip address 
  ip access-group 101 in 
access-list 101 permit tcp any host eq telnet 
!--- 15 (minutes) is the absolute timeout.
access-list 101 dynamic testlist timeout 15 permit ip /24 /24
rip authentication
int fa0/x
ip rip auth mode md5
ip rip auth key-chain keychain
eigrp auth
ip auth mode eigrp 10 md5
ip auth key-chain eigrp 10 keychain
Reflexive ACLs - Apply to Interface
interface Ethernet0/1
 ip address
 ip access-group inboundfilters in
 ip access-group outboundfilters out 
ip access-list extended outboundfilters
permit icmp 
permit tcp reflect tcptraffic
ip access-list extended inboundfilters
permit icmp
evaluate tcptraffic
Reflexive ACLs - Global Options
ip reflexive-list timeout 120
First, we need a place for IPS configuration files to call home. IPS wants a folder. Lets make a directory on the router flash. Optionally if there were other IOS file systems present, we could use those writable file systems as well.
R6#mkdir ips
Create directory filename [ips]?
Created dir flash:/ips
IOS IPS uses a crypto key to verify the digital signature for the master signature file, which is signed using a private key. To verify the signature, we need a corresponding public key. This key is available as a text file on Cisco’s site. The file
R6(config)#crypto key pubkey-chain rsa
R6(config-pubkey-chain)#named-key signature
Translating ""
Enter a public key as a hexidecimal number ....
R6(config-pubkey)#$2A864886 F70D0101 01050003 82010F00 3082010A 02820101...
Let’s check the ips folder we created on flash. It should still be empty.
R6#cd ips
Directory of flash:/ips/
No files in directory
255967232 bytes total (187428864 bytes free)
R6#cd ..
Once we complete the IPS configuration, the router can monitor all traffic on the interface and direction we specify. If we want to limit the traffic that goes through the IPS processing, we can use an access-list to filter. Only traffic permitted in the
R6(config)#access-list 123 permit ip any host
Next we will create an IPS rule named “IOS-IPS”, and associate the ACL(123) we just created. In a later step, we will apply IPS rule to an interface.
R6(config)#ip ips name IOS-IPS list 123
IPS needs to know where to keep it’s signature definitions and configurations. It just so happens that we have a folder on flash we created earlier named “ips”. We will use that directory.
R6(config)#ip ips config location flash:/ips
IOS IPS - The router can send alerts using Security Device Event Exchange (SDEE) and/or Syslog. We will configure both, and allow up to 2 simultaneous SDEE managers to setup up requests for alerts called subscriptions. To use SDEE, http server must be en
R6(config)#ip ips notify sdee
R6(config)#ip sdee subscriptions 2
R6(config)#ip ips notify log
R6(config)#ip http server
IOS IPS - Before we apply the IPS rule to an interface, we are going to set up some safety. We will retire all the signatures, and then enable just the signatures in the “advanced” default set. If we un-retired the “all” category, it is possible t
R6(config)#ip ips signature-category
R6(config-ips-category)#category all
R6(config-ips-category-action)#retired true
R6(config-ips-category)#category ios_ips advanced
R6(config-ips-category-action)#retired false
Do you want to accept these changes? [confirm]
Applying Category configuration to signatures ...
Next we will apply the ips (name is IOS-IPS) rule we created to an interface. We also enable virtual-reassembly so that IPS can better analyze sessions and attacks that comprise multiple packets.
R6(config)#interface FastEthernet0/0
R6(config-if)#ip ips IOS-IPS in
R6(config-if)#ip virtual-reassembly
event manager applet EEM-NAME
 event cli pattern "tclsh" sync yes
 action 1.0 syslog msg "Attempted to tclsh at  $_event_pub_time"
 set 2.0 _exit_status 0

What does the sync yes do?
When you use the sync yes option in the event cli command, the EEM applet runs before the CLI command is executed. 
event manager applet EEM-NAME
 event cli pattern "tclsh" sync yes
 action 1.0 syslog msg "Attempted to tclsh at  $_event_pub_time"
 set 2.0 _exit_status 0

What does the _exit_status 0 do?
The EEM applet should set the _exit_status variable to indicate whether the CLI command should be executed (_exit_status set to one) or not (_exit_status set to zero).
Make sure that it‟s not possible to use the “tclsh” feature on R9. Also make sure that the when the “tclsh” feature is trying to be used a syslog message is generated and this is sent to the logging server. The syslog message needs to be: "Att
event manager applet EEM-NAME
 event cli pattern "tclsh" sync yes
 action 1.0 syslog msg "Attempted to tclsh at $_event_pub_time"
 set 2.0 _exit_status 0
With the sync no option, the EEM applet is executed in
background in parallel with the CLI command. 
As the CLI command starts at the same time as the EEM applet, you cannot use the _exit_status variable anymore; you have to specify whether you want the CLI command to execute with the
skip yes|no option of the event cli command. 
Name it NoReload.
Ensure that when this command is entered EEM kicks in in-Parrallel but the command does not execute. A syslog msg with a priority of "errors" and a message about what you cannot do should appear
event manager applet NoReload
 event cli pattern "reload" sync no skip yes
 action 1.0 syslog priority errors msg "Cannot reload this router"
Name the applet EEM-NAME
when a user enters "tclsh" the router should execute EEM before the command takes place. A syslog message should say "Attempted to tclsh at " with the last word a variable that puts the time when the event occured. The comma
event manager applet EEM-NAME
event cli pattern "tclsh" sync yes
action 1.0 syslog msg "Attempted to tclsh at $_event_pub_time"
set 2.0 _exit_status 0
If R7 receives the prefix from OSPF and it is added to the routing table. R7 should fire a log message saying: “Evil prefix received”
After bootup R7 should wait 5 minutes before enabling the routing Event Detector.
event manager applet 63
 event routing prot ospf netw type add
 action 1 syslog msg “Evil prefix received”
event manager detector routing bootup-delay 300
Loopback0 interface on R1 must always be up. Configure appropriate feature on R1 to monitor if
Loopback0 is disabled and reconfigure it if it happens.
first action "Re-Enabling Loopback0"
next actions  - turn it back on
event syslog occurs 1 pattern "Loopback0.*down"
 action 1.0 syslog msg "Re-Enabling Loopback0"
 action 1.1 cli command "enable"
 action 1.2 cli command "configure terminal"
 action 1.3 cli command "interface Loopback0"
 action 1.4 cli command "no shutdown"
PPPoE - Client
int fa0/0
 no ip address
 pppoe enable
 pppoe-client dial-pool-number 1
int dialer1
 mtu 1492
 encapsulation ppp
 ip add negotiated
 dialer pool 1
PPPoE - Server
bba-group pppoe global
 virtual-template 1
int virtual-template 1
 mtu 1492
 encapsulation ppp
 ip add
 peer default ip address pool pool1

ip local pool pool1
PPP Authentication
(plain text)
- Configure a maximum of 3 bad authentication retries
- configure Link control and IP control to predict peer responses
Your router hostname is R1
int s0/0/0
 ip add
 encapsulation ppp
 ppp authentication pap
 ppp pap sent-username R1 password ipexpert
 ppp lcp predictive
 ppp ipcp predictive
 ppp max-bad-auth 3
 no shut
PPP over Frame Relay
Username to use for chap authentication: T3ST123
username T3ST123 password ipexpert
int s0/0/0
 encapsulation frame-relay
 frame-relay interface-dlci 102 ppp virtual-template 1
int virtual-template 1
 ip add
 ppp authentication chap
 ppp chap hostname T3ST123
MPLS Password Configuration
-Configure the MPLS password for your neighbor. do not use "neighbor password" command. Ensure Both sides require authentication. Use a source of the loopback.
ip cef
mpls label protocol ldp
mpls ldp password option 1 for 1 cisco
mpls ldp router-id lo0
mpls ldp password required
access-list 1 permit
int fa0/0
mpls ip
PPP authentication using PAP with same username (from remote host) configured locally.
no ppp chap ignoreus
[/32] (ppp: ip address negotiated)--[/24]
Using RIP authentication neighbor does not form.
To correct this...
no validate-update-source
Make this acl as small as possible:
access-list 5 permit
access-list 5 permit
access-list 5 permit
access-list 5 permit
access-list 5 permit
access-list 5 deny
access-list 5 deny
access-list 5 permit
area 256 virtual-link [authentication practice]
OSPF rfc1587
configure this area according to this RFC
area x nssa
configuring a router to OSPF with a switch
what should you ALWAYS DO!!??
int fa0/0
ip ospf mtu-ignore
OSPF Frame Relay Network
R1 - Serial s0/1/0
R2  Serial s0/1/0 (hub)
R3 - Serieal s0/1/0.1 multipoint
What are the network types and priorities
R1 - ip ospf network broadcast (pri 0)
R2 - ip ospf network broadcast (pri 255)
R3 - ip ospf network broadcast (pri 0)
set mtu on switch just for routing protocols
system mtu routing
quick way for pinging
variable IP
foreach IP {
} { ping $IP }
When you configure an OSPF area to NSSA (ABR R2) then in another part of the network you configure EIGRP and redistribute that into the OSPF network, the NSSA area would NOT see the routes.
Why not?
What would you need to configure to fix this
The routes would be type 5 LSA and not propagated in the  area.
Configure ABR (R2) to: nssa no-summary
on two interfaces running EIGRP
int s0/0/0
int s0/1/0
how would you balance traffic accross both links per packet?
int s0/0/0
ip load-sharing per-packet
int s0/1/0
ip load-sharing per-packet
For Multicast
R2 is loopback is RP
what do you configure under the interface?
ip pim sparse-mode
For Multicast
For A multicast network; a router R3 has the following config:
int lo1
ip igmp join-group
Do we configure pim on this interface?
no; do not put "ip pim sparse-mode"
Multicast over a frame-relay hub and spoke configuration; what do you configure on the interface going to the frame cloud?
ip pim nbma
This will help prevent failures and treat each connection to the spokes (for multicast) as point-to-point connections.
ipv6 link local
starts with
use ::2
ipv6 add ?
ipv6 add fe80::2 link-local
with ospf and eigrp ipv6 under the routing process you should ALWAYS set:
a router-id
ipv6 router eigrp 256
 eigrp router-id
QoS - Set the precedence to 5 under a class map
class-map test
set precedence 5
icmp type 0
icmp echo-reply
icmp type 8
icmp echo
The “rotary” command, when applies to a “line vty” paragraph, sets that router’s telnet daemon listening on port

for port 3005 the config is:
 3000 + the rotary number

line vty 0 5
rotary 5
ZBF - To police
class type inspect ftp
police rate 2000000 bursts 250000
what must be put in the class first?
class type inspect ftp
 police rate 2000000 burst 250000
ZBF - Even loopback interface should be on the inside network
int lo1
zone-member security inside
int lo1
zone-member security inside
ZBF - p2p
there are how many?
class-map type inspect match-any p2p
match protocol bittorrent
match protocol edonkey
match protocol fasttrack
match protocol gnutella
match protocol kazaa2
ZBF - Drop then log under a p2p class
class type inspect p2p
 drop log
Custom Queu 8.4 Qos Lab 1
Pri Queu
ZBF with http & local traffic example (see favorites)
ford (show command placement)
Configure a switchport where
"I want to be a trunk, but if you don't want to, then I won't"
ensure that if trunking is enable, the trunking will be dot1q
int fa0/0
switchport mode dynamic desirable
switchport trunk encapsulation dot1q
Configure a switchport where, "It's all up to you, I don't want to be a trunk but if you insist, I will"
int fa0/0
switchport mode dynamic auto
On a switchport, how do you remove a VLAN from an existing list of allowed vlans?
int fa0/0
switchport trunk allowed vlan remove x
On a switchport, how do you allow all vlans on a port but not vlans 3 and 4
int fa0/0
switchport trunk allowed vlan except 3,4
Disable flow control on an ethernet interface
int fa0/0
flowcontrol receive off
After reviewing a CCIE lab you see that EXTENDED VLANs will be used throught, which VTP mode MUST you use?
vtp mode transparent
What's the default VTP version of a switch
VTP version 1
Your using MST - -'optimize' BPDU transmission in the network. there are never going to be any addional switches added to any interfaces. there are 4 switches (1 is root)
spanning-tree mst 0 root primary diameter 3
ensure all devices can communicate immediately when their interfaces are enabled (even in trunk mode)
int fa0/0
spanning-tree portfast trunk
practice this:
configure spanning-tree that uses less CPU
all VLANs should be mapped to the default
set the revision to be 1
spanning-tree mode mst
spanning-tree mst configuration
instance 0 vlan 1-4094
revision 1
on a multilink with an mu69 interface with two s0/0/0 / s0/0/1 interfaces part of the bundle.
Where do you apply the configuration to not automatically create a /32 route for the neighbor
int mu69
no peer neighbor-route
you have a point-to-point PPP interface s0/0/0 and you want to ensure that a /32 route for your neighbor does not appear. where and what do you configure? 
int s0/0/0
no peer neighbor-route
If you have an area 1332 and a virtual link between that area (R1 > R2) and you need to make the area a stub, how do you do it?
-you can't, virtual-links can't traverse stub areas
Your requirements: all redistributed routes should have a tag of 1
router ospf 1
redistribute static subnets tag 1
You need to know create a summary route for those redistributed /24's. The summary would be a /23, How
router ospf 1
summary-address tag 1
You advertised a summary address via EIGRP, how do you prevent the null0 from appearing in the routing table?
it's a switch. Your interface is vlan 1122. That's the same as your routing protocol
int vlan 1122
ip summary-address eigrp 1122 255
- where 255 is the AD 
router rip
redistribute connecte route-map loopback
route-map loopback permit 10
match interface lo0
set tag 77
int lo0
ip add
would you/your neighbors see the tag?
Nope! - they are covered by network statement
whenever doing mutual redistribution in more than one place - that means your opening up the possibility of a ____. what do you need to do?
opens a possibility of routing loops
we need to tag and filter
BGP Template
router bgp 1220
bgp router-id
template peer-session AS1220-session
 remote-as 1220
 update-source lo0
 password ipexpert
template peer-policy AS1220-policy
neighbor inherit peer-session AS1220-session
neighbor inherit peer-policy AS1220-policy
neighbor inherit peer-session AS1220-session
neighbor inherit peer-policy AS1220-policy
neighbor password ipexpert?
when they say peer using minimal configuration on all routers
if it's one neighbor - don't use peer groups
more than one - use peer-groups (but not always)
Prevent BGP transit using community
route-map no-transit permit 10
set community no-export
what's the wild card
configure this router's loopback 0 interface as a BSR RP
ip pim bsr-candidate lo0 ( me first)
ip pim rp-candidate lo0   (To be a PIMv2 RP candidate)
(To be a PIMv2 RP candidate)
ip pim rp-candidate          To be a PIMv2 RP candidate
R7(config-pmap-c)#int fa0/0.789
R7(config-subif)#service-policy output allocate-SMTP
 CBWFQ : Not supported on subinterfaces
what do we do?
int fa0/0
service-policy output allocate-SMTP
set your ntp server to be
ntp server prefer
configure router 1 on interface fa0/0 to be a learn it's time using the multicast address
ip multicast-routing
int fa0/0
ntp multicast client
ip pim sparse-dense-mode
Jul 23 01:27:36.487: OSPF: Rcv pkt from, Serial0/1/0, area
      mismatch area in the header
but no virtual links created?
All routers have frame-relay connected between them and getting the error from an unused pvc!
.9 [ r9 ] ---s0/2/0--- [ r6] .6 (

.9 [ r9 ] ---s0/2/1--- [ r6] .6 (
We need to configure back-to-back frame-relay!
This would allow each (chosen dlci) to be in it's own VRF/etc!
Less commands on R9!

R6 (switch/server)
frame-relay switching
default int s0/2/0
deault int s0/2/1

int s0/2/0
encapsulation frame-relay
frame-relay intf-type dce
no shut

int s0/2/0.609 point-to-point
ip add
frame-relay interface-dlci 609

int s0/2/1
encapsulation frame-relay
frame-relay intf-type dce
no shut

int s0/2/1.906 point-to-point
ip add
frame-relay interface-dlci 906
default int s0/2/0
default int s0/2/1

int s0/2/0
encapsulation frame-relay
no shut
int s0/2/1
encapsulation frame-relay
no shut

int s0/2/0.609 point-to-point
ip add
frame-relay interface-dlci 609
int s0/2/1.906 point-to-point
ip add
frame-relay interface-dlci 906
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
This is the default metric weights. What are the values K1 , and K3?
K1 = Bandwidth = 1
K2 = load = 0 
K3 = Delay = 1
K4 = Reliability = 0
K5 = MTU = 0
make sure eigrp takes bandwidth, delay ,  reliability, load into account when calculating metric > metric weights tos k1 k2 k3 k4 k5
answer: metric weights 0 1 1 1 1 1
bgp - 
using confederations
you are asked to prepend your local are in sub-as 6. your loop back is Your pre-pend is supposed to be 66. What will your bgp confederation configuration look like? Your real as is 55 and your nei
router bgp 55
bgp bestpath med missing-as-worst
bgp confederation identifier 66 4678
bgp confederation peers 478
bgp router-id
r6 should not accept peering sessions from as478 is hold-time is configured to a value lower than 30 seconds.
your neighbor is
Do you configure this on r6 only or on r6 and it's neighbor?
neighbor timers 60 180 30
r6 only!
bgp - with confederation sub-as eBGP peering should you set the next-hop-self?
bgp - on your router loopback 0 ( needs to be advertised using bgp. 
Also you need to pre-pend as 77 to it.
How would you do it?
router bgp as
 network mask
 neighbor route-map my-as out
ip prefix-list loopback0 permit
route-map my-as permit 10
 match ip address prefix-list loopback0
 set as-path prepend 77
route-map my-as permit 20
bgp - always watch out for what when peering?
neighbor [n] next-hop-self
configuration to join the group on loopback0
int lo0
ip pim sparse-mode
ip igmp join-group
R7(config)#ip pim bsr-candidate lo0 ?
  <0-32>  Hash Mask length for RP selection
ip pim bsr-candidate lo0 0 255
R7(config)#ip pim bsr-candidate lo0 0 ?
  <0-255>  Priority value for candidate bootstrap router
Default boostrap priority?
Do not initiate BGP sessions to BB1 but wait for BB1 ( to initiate it. Your as is 478.
router bgp 478
neighbor transport connection-mode passive
Filter pim neighbors to specific ip. What is the command?
access-list 1 permit host
int fa0/1.821
ip pim neighbor-filter 1
Re: Police vs police cir vs police rate
1st option
police 96(Kbps i.e)
This means SINGLE RATE TWO COLOR(One Bucket)
in this option u define only
confirm action = (mostly transmite)
exced action= (mostly  drop)
2nd Option
Police CIR 96(kbps ie) bc xxxx be xxxx
This is called Single Rate Three Color Policer (Two Buckets)
in this option u define
police cir xxx bc xxx be
confirm action, Exced action violate action
3rd Option
Two Rate Three-color policer(Two Buckets)
in this u define CIR and PIR
police rate (cir)xxxx (pir) xxxx and than confirm action, Exced action violate action
Your on a switch:
you issue the command - 
interface FastEthernet0/7
mls qos trust dscp
Is QoS enabled on this switch globally?
Cat2#sh mls qos
QoS is disabled
QoS ip packet dscp rewrite is enabled
configure netflow export on r2 [].
export version 5 packets using fully reliable method and port 3434. if the primary server is not reachable in 3 seconds, use [] as destination. When the primary server comes back into operati
ip flow-export version 5
ip flow-export source lo0
ip flow-export destination 3434 sctp
reliability full
backup mode fail-over
backup destination 3434
backup fail-over 3000
backup restore-time 30
int s0/1/0.204
 ip flow ingress
int s0/1/0.206
 ip flow ingress
MTU: 1500
Realiability: Maximum
load: minimum
delay: 10 milliseconds
bandwidth: 100 mb/s
what's the default metric?
default-metric 100000 1000 255 1 1500
Eigrp 10 milliseconds is expressed as?
If you have a "frame-relay MESH"
the interfaces should be either what or what?
also should have the appropriate?
as well as have what disabled?
multipoint sub interfaces or main interfaces
appropriate map statements
inverse arp disabled
using a class-map; this PVC has 48 Kb/s CIR guarantee, with CIR peak to 64 Kb/s.
map-class frame-relay FR-QoS
 frame-relay cir 64000
 frame-relay mincir 48000
Practice conversion from milliseconds/microseconds bits/bits/mbits etc.
when you see:
router ospf 1
distance ospf intra-area 255 external 109
how would you remove this line of command?
router ospf 1
default distance ospf
neighbor local-as 2 no-prepend replace-as dual-as

What does each bold item do?
no-prepend  Do not prepend local-as to updates from ebgp peers
replace-as  Replace real AS with local AS in the EBGP updates
dual-as  Accept either real AS or local AS from the ebgp peer
show ip bgp longer-prefixes
shows what?
all BGP routes in the bgp table that start with 86.87.0.
Configure a kron policy name Save
this should reoccur every 3 minutes
the config should be saved
the router should be reloaded
kron occurrence Save in 3 recurring
 policy-list Save
kron policy-list Save
 cli write memory
 cli reload running-config
spanning-tree mode mst
spanning-tree mst configuration
What's missing?
spanning-tree mode mst
spanning-tree mst configuration
 name IPexpert
 revision 1
Rate Limit
2000 Kb/s
rate-limit output 2000000 a b
a = <1000-512000000>  Normal burst bytes
b = <2000-1024000000>  Maximum burst bytes
What is the result of a and b? What is the formula?
rate-limit output 2000000 375000 750000
Normal burst bytes: CAR x (1/8) x 1.5
Maximum burst bytes: double the above value
Rate Limit
you have a router r8
[fa0/0]--attached to interface dialer1
Where do you place the rate-limit command?
on the interface fa0/0
r7 should perform equal-cost load-sharing traffic to lo0 of r4
How do we solve this?
equal-cost!!!! Means we DO NOT use variance
/ 140

Leave a Comment ({[ getComments().length ]})

Comments ({[ getComments().length ]})


{[ comment.comment ]}

View All {[ getComments().length ]} Comments
Ask a homework question - tutors are online