Getting the Most Out of Your Continuing Education Money

If you’re working for a company that has a continuing education budget for it’s employees and you aren’t sure where to spend your money, figure out what you really want to do, find a resource that would benefit you the most and make a case for it.

I work for a small company but we have some great benefits. This blog is about making your continuing education dollars stretch.

My company give us ~$5200/year for continuing education. Most use that money to further themselves in a collegiate path, to get their masters or finish their bachelor degrees. I use it to chase certifications and further my career that way. I have been with my company for 3 years and have used the money each year a different way.

• $119 - Cisco Press: CCIE Written Official Certification Guide (http://www.ciscopress.com/store/cisco-ccie-routing-and-switching-v5.0-official-cert-9781587144929)
• $699 (6 months) - INE All Acess Pass (https://ine.com/pages/all-access-pass)
• $2500 - Cisco Live: Full Conference Pass
• $4K - $6K (5 - 8 days) - CCIE Bootcamps
• $149 - Boson: ExSim-Max for Cisco 400-101 CCIE R&S (http://www.boson.com/certification/ccie)
• $840 (year) - CBT Nuggets (https://www.cbtnuggets.com)

The first year I needed to complete the last part of CCNP, the TSHOOT. I used the money to buy scenario based labs from Cisco's learning site. I don't know if they currently offer the same ones I used because I think the platform they were using at the time was experimental. They kept asking for feedback and a lot of things were broken in the interface. It cost around $600. I found the labs beneficial and I definitely recommend them before anyone takes the CCNP TSHOOT, so you can build your own troubleshooting workflow. They aren't mandatory for passing the exam but if you don't regularly build labs or currently troubleshoot networking in your daily work, it's worth it to get some labs under your belt.

Later that year I also got 10 people within my company to use their money so we can get a group rate for CBT Nuggets. For many of our team studying for CCNA and CCNP, CBT Nuggets is an amazing resource. I really enjoyed it. Sadly, it isn't the strongest resource for CCIE level topics. The 1 year pass for CBT Nuggets group rate was around $800 (IIRC).

I did pass my CCNP TSHOOT earning me a CCNP Routing & Switching certification.

Even though I didn’t used the entire ~$5200 for my first year, it is use or loose and does not roll over.

The second year, I didn’t use my money throughout the year. I was pretty busy with work and was happy to put the CCNP behind me and take a study/certification break. Near the end of the year I was convinced to started studying for CCIE. I checked available resources and chose to take a bootcamp which was focused on the Written Exam topics. I took an INE bootcamp, you can read about it here: https://showipintbri.blogspot.com/2018/03/ccie-bootcamps-ine-or-micronics.html. I purchased the bootcamp in December, just before my ~$5200 went expired for the year, and booked the bootcamp for early the following year (February, IIRC). A bootcamp costs many thousands of dollars and nearly ate-up my entire allotment for the year. The February bootcamp was canceled by INE and I was allowed to reschedule to any other time and location. I ended up getting scheduled for late August. This was a really great experience and I really learned a lot.

Since I did not use my funds throughout the year, following my bootcamp in August I purchased another bootcamp but this time from Micronics. I purchased it before my funds ran out for the year in December. This bootcamp took place in March 2018, you can read about it here: https://showipintbri.blogspot.com/2018/03/ccie-bootcamps-ine-or-micronics.html. It was a great experience. This boot camp also is many thousands of dollars completely depleting my funds for the year. Since I made the purchase for this in December, when January came I had another ~$5200 to play with. I used this for purchasing a full-conference pass to Cisco Live which was in July 2018.

Between bootcamps, I personally purchased CCIE books, labs and continue to pay for an INE All Access Pass. This does not come out of my continuing education funds. 

After talking with folks from some of the bootcamps I’ve attended and also folks from Cisco Live, I realize how fortunate I am to work for a company that really takes care of it’s employees and wants to see us all grow. It truly is an enriching experience to meet people at these events and in the community. I've really learned alot over the years and have brought that knowledge and experience back to my company.

In conclusion, if you're a reader I would recommend the OCG books. Some sections are better than others, and you won't be 100% prepared for the CCIE Written exam after reading all of them, but there is alot of good material in them and worth the read.

If you prefer Video Based Learning for the CCIE level I would recommend INE's All Access Pass. It gives you access to their entire library, which is great because there really is alot of content on there. Also, I have found some instructors deliver the material better than other so I tend to watch videos by my preferred instructors. If your studying for the CCNA or CCNP level I would recommend CBT Nuggets, its Video Based Learning and really popular.

I would not start your journey doing any bootcamps. They cost alot of money and if your aren't ready it ill be a waste of your time and effort but, if you are ready I really think the absolute best experiences have come from bootcamps. I have learned so much in those short periods of time but, that's how I learn, I don't get overwhelmed I get excited.

For gauging yourself throughout your journey especially leading up to the CCIE Written the Boson ExSim was a good litmus test. Their software is really nice compared to others and doesn't feel cheap. The answer key's give in depth explanations and links to the Cisco docs. 

No single product from above will get you to pass anything by itself. 

• You have to put in hard work... alot of it. 
• You have to fail... and keep going.

Ultimately, you’ll need to have a discussion with your manager. Unfortunately, there isn’t a single word answer or way to do this. It will have to be a discussion and negotiation.

Challenge: BGP - UPDATE!

After posting my original solution to the BGP challenge ( https://www.youtube.com/watch?v=YxUgYVb-91I ) I was called out by none other than the man himself, Mr. Vinit Jain!

I went back and took another look at his video and he alludes to the answer at around 1:35 (1 hour, 35 minute) ( https://www.ciscolive.com/global/on-demand-library/?search=BRKRST%203320#/video/1519328378542002IVEW ).

The Challenge:

The Solution:

The Configs:

R1:

hostname R1 interface Loopback100  ip address 100.1.1.1 255.255.255.255 interface FastEthernet0/0  description "To R2"  ip address 10.1.12.1 255.255.255.0 router bgp 100  bgp log-neighbor-changes  network 100.1.1.1 mask 255.255.255.255  neighbor 10.1.12.2 remote-as 200

R2:

hostname R2 interface FastEthernet0/0  description "To R1"  ip vrf forwarding 200  ip address 10.1.12.2 255.255.255.0 interface FastEthernet1/0  description "To R3"  ip vrf forwarding 200  ip address 10.1.23.2 255.255.255.0 router bgp 200  bgp log-neighbor-changes  neighbor 10.1.12.1 remote-as 100  neighbor 10.1.23.3 remote-as 200  neighbor 10.1.23.3 next-hop-self

R3:

hostname R3 interface FastEthernet0/0  description "To R4"  ip address 10.1.34.3 255.255.255.0 interface FastEthernet1/0  description "To R2"  ip address 10.1.23.3 255.255.255.0 router bgp 200  bgp log-neighbor-changes  bgp inject-map INJECT exist-map EXIST  neighbor 10.1.23.2 remote-as 200  neighbor 10.1.34.4 remote-as 200  neighbor 10.1.34.4 route-reflector-client ip prefix-list LEARNED seq 5 permit 100.1.1.1/32 ip prefix-list NEIGHBOR seq 5 permit 10.1.23.2/32 ip prefix-list ORIGINATE seq 5 permit 100.1.1.1/32 route-map INJECT permit 10  set ip address prefix-list ORIGINATE  set ip next-hop 10.1.34.3 route-map EXIST permit 10  match ip address prefix-list LEARNED  match ip route-source prefix-list NEIGHBOR Verify: R3#sho ip bgp injected-paths BGP table version is 3, local router ID is 10.1.34.3 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,               r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,               x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found      Network          Next Hop            Metric LocPrf Weight Path  *>i 100.1.1.1/32     10.1.34.3                              0 ? R3#sho ip bgp BGP table version is 3, local router ID is 10.1.34.3 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,               r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,               x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found      Network          Next Hop            Metric LocPrf Weight Path  *>i 100.1.1.1/32     10.1.34.3                              0 ?  * i                  10.1.23.2                0    100      0 100 i

R4:

hostname R4 interface FastEthernet0/0  description "To R3"  ip address 10.1.34.4 255.255.255.0 interface FastEthernet1/0  description "To R5"  ip address 10.1.45.4 255.255.255.0 router bgp 200  bgp log-neighbor-changes  neighbor 10.1.34.3 remote-as 200  neighbor 10.1.45.5 remote-as 300 Verify: R4#sho ip bgp BGP table version is 2, local router ID is 10.1.45.4 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,               r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,               x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found      Network          Next Hop            Metric LocPrf Weight Path  *>i 100.1.1.1/32     10.1.34.3                     100      0 ?

R5:

hostname R5 interface FastEthernet1/0  description "To R4"  ip address 10.1.45.5 255.255.255.0 router bgp 300  bgp log-neighbor-changes  neighbor 10.1.45.4 remote-as 200 R5 - Verify: R5#sho ip bgp BGP table version is 2, local router ID is 10.1.45.5 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,               r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,               x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found      Network          Next Hop            Metric LocPrf Weight Path  *>  100.1.1.1/32     10.1.45.4                              0 200 ? R5#

Challenge: BGP

I was hanging out in theLANtamer's Discord server and a friend showed me this challenge.

I later found out after I had completed the challenge, it was a BGP challenge from the Great Vinit Jain (https://twitter.com/vinugenie) from his Cisco Live presentation, at around 12 minutes in: ( https://www.ciscolive.com/global/on-demand-library/?search=BRKRST%203320#/video/1519328378542002IVEW )

The Challenge:

The Solution:

The Configs:

R1:

hostname R1 interface Loopback100  ip address 100.1.1.1 255.255.255.255 interface FastEthernet0/0  description "To R2"  ip address 10.1.12.1 255.255.255.0 router bgp 100  bgp log-neighbor-changes  network 100.1.1.1 mask 255.255.255.255  neighbor 10.1.12.2 remote-as 200

R2:

hostname R2 ip vrf 200  rd 200:200 interface FastEthernet0/0  description "To R1"  ip vrf forwarding 200  ip address 10.1.12.2 255.255.255.0 interface FastEthernet1/0  description "To R3"  ip vrf forwarding 200  ip address 10.1.23.2 255.255.255.0 router bgp 200  bgp log-neighbor-changes  !  address-family ipv4 vrf 200   neighbor 10.1.12.1 remote-as 100   neighbor 10.1.12.1 activate   neighbor 10.1.23.3 remote-as 100   neighbor 10.1.23.3 activate   neighbor 10.1.23.3 as-override  exit-address-family

R3:

hostname R3 interface FastEthernet0/0  description "To R4"  ip address 10.1.34.3 255.255.255.0 interface FastEthernet1/0  description "To R2"  ip address 10.1.23.3 255.255.255.0 router bgp 250  bgp log-neighbor-changes  neighbor 10.1.23.2 remote-as 200  neighbor 10.1.23.2 local-as 100 no-prepend replace-as  neighbor 10.1.34.4 remote-as 200  neighbor 10.1.34.4 local-as 200 no-prepend replace-as

R4:

hostname R4 interface FastEthernet0/0  description "To R3"  ip address 10.1.34.4 255.255.255.0 interface FastEthernet1/0  description "To R5"  ip address 10.1.45.4 255.255.255.0 router bgp 200  bgp log-neighbor-changes  neighbor 10.1.34.3 remote-as 200  neighbor 10.1.45.5 remote-as 300

R5:

hostname R5 interface FastEthernet1/0  description "To R4"  ip address 10.1.45.5 255.255.255.0 router bgp 300  bgp log-neighbor-changes  neighbor 10.1.45.4 remote-as 200

R5 - Verify:

R5#sho ip bgp BGP table version is 13, local router ID is 10.1.45.5 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,               r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,               x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found      Network          Next Hop            Metric LocPrf Weight Path  *>  100.1.1.1/32     10.1.45.4                              0 200 200 200 i R5#

Challenge: RIP - GET-VPN - ANSWERS

This is a back-to-basics lesson rolled up with a VPN topic. This will test your understanding of Cisco's default behavior when configuring RIPv1 and RIPv2. This is the solution to my previous blogpost: https://showipintbri.blogspot.com/2018/04/challenge-rip-get-vpn.html

An excellent Cisco resource that I found very useful in preparing for this lab was:

https://www.cisco.com/c/en/us/products/collateral/security/group-encrypted-transport-vpn/deployment_guide_c07_554713.html

The Topology:

The Requirements:

1. All routers interfaces must be configured using the ip schema from the topology diagram.

2. You must run RIP protocol between all routers and no other routing protocol

• Advertise all your connected networks
• R2 must run RIP version 2
• All other routers must run RIP version 1, and should see R2's loopback with its real mask

3. You must have routes representing all the subnets(classful or better) from the topology in all your routing tables.

4. configure GET VPN between all routers WAN interfaces

• R1 must be the key-server

5. pings sourced from the loopbacks of the group members to other group members must be encrypted

• All other traffic should not be encrypted.

6. You should have full reachability to all loopbacks in the topology 

My Solution:

The Configs:

R1: int fa0/0 ip add 10.0.0.1 255.255.255.0 no shut int lo 1 ip add 1.1.1.1 255.255.255.255 no shut router rip network 10.0.0.1 network 1.1.1.1 no auto-summary exit R2: int fa0/0 ip add 10.0.0.2 255.255.255.0 ip rip receive 1 2 no shut int lo 2 ip add 2.2.2.2 255.255.255.255 no shut router rip network 10.0.0.2 network 2.2.2.2 version 2 no auto-summary R3: int fa0/0 ip add 10.0.0.3 255.255.255.0 no shut int lo 2 ip add 2.2.2.2 255.255.255.255 no shut router rip network 10.0.0.3 network 3.3.3.3 no auto-summary R4: int fa0/0 ip add 10.0.0.4 255.255.255.0 no shut int lo 2 ip add 4.4.4.4 255.255.255.255 no shut router rip network 10.0.0.4 network 4.4.4.4 no auto-summary

GET-VPN Configs:

Key Server: crypto key generate rsa modulus 1024 label GETVPN_KEY ip access-list extended 100  permit icmp any any crypto isakmp policy 10  encr 3des  hash md5  authentication pre-share  group 2 crypto isakmp key CISCO address 0.0.0.0 crypto ipsec transform-set GETVPN_TRANS esp-3des esp-md5-hmac crypto ipsec profile GETVPN_PROFILE  set transform-set GETVPN_TRANS crypto gdoi group GETVPN_GROUP  identity number 123  server local   rekey authentication mypubkey rsa GETVPN_KEY   rekey transport unicast   sa ipsec 1    profile GETVPN_PROFILE    match address ipv4 100    replay counter window-size 64   address ipv4 10.0.0.1 Group Members: crypto isakmp policy 10  encr 3des  hash md5  authentication pre-share  group 2 crypto isakmp key CISCO address 10.0.0.1 crypto ipsec transform-set GETVPN_TRANS esp-3des esp-md5-hmac crypto ipsec profile GETVPN_PROFILE  set transform-set GETVPN_TRANS crypto gdoi group GETVPN_GROUP  identity number 123  server address ipv4 10.0.0.1 crypto map GETVPN_MAP 10 gdoi  set group GETVPN_GROUP int fa0/0 crypto map GETVPN_MAP exit

Verification:

foreach address { 1.1.1.1 2.2.2.2 3.3.3.3 4.4.4.4 } { ping $address repeat 1 source 1.1.1.1 }

! Change the 'source x.x.x.x' to the appropriate source IP

Configlet: Cisco 3850 Switch Stacking

In this configlet I'll show the few steps needed for a bare minimum switch stack.

A switch stack is when multiple switch are connected via a backplane (stackwise cables) and act as one larger switch. They share a common config and all the interfaces of all the switches are configured via a single running-config.

One of the switches has to be a "master". In this example I'm forcing one switch to be a master by making it's priority the highest value. There is an order that Cisco switches will try, to determine who should be the master, if you don't set any value's manually:

1. The switch that is currently the active switch.
2. The switch with the highest stack member priority value.
3. The switch with the shortest start-up time.
4. The switch with the lowest MAC address.

From Cisco's website:

Some resources from Cisco's website:

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/hardware/installation/guide/b_c3850_hig/b_c3850_hig_chapter_010.html#concept_BACF415ABB244A479BB6C803B181560F

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/ha_stack_manager/configuration_guide/b_hastck_3se_3850_cg/b_hastck_3se_3850_cg_chapter_010.html#concept_6E38EA556E8A4A198FD7BBDC159F4B07

Before you begin:

• In this scenario I have 2 switches. 
• The switch I intend to be the master is powered on and running. It currently has an operational running-config.
• The switch I intend to be the non-master is powered off.
• I do NOT care about the configs on the non-master switch.

Check the current priority of the intended master:

Switch01#show switch Switch/Stack Mac Address : 0000.aaaa.aaaa - Local Mac Address Mac persistency wait time: Indefinite                                              H/W   Current Switch#   Role    Mac Address     Priority Version  State ------------------------------------------------------------ *1       Active   0000.aaaa.aaaa     1      V06     Ready

You can see from the above output the priority value is 1 (the lowest). I want this switch to become the master everytime so I will change it to the maximum value of 15 (the highest).

Change the priority on the intended master:

NOTE: These commands are from Privileged-Exec NOT Global Config. You cannot see these configurations in the running-config. Switch01#switch ?   <1-9>  Switch Number Switch01#switch 1 ?   priority  Set the priority of the specified switch   renumber  Renumber the specified switch number   stack     Stack port enable or disable Switch01#switch 1 priority ?   <1-15>  Switch Priority Switch01#switch 1 priority 15 ?   <cr> Switch01#switch 1 priority 15 WARNING: Changing the switchpriority may result in a configuration change for that switch. Do you want to continue?[y/n]y Switch01# Switch01# Switch01#

Verify the priority has changed for intended master:

Switch01#sho switch Switch/Stack Mac Address : 0000.aaaa.aaaa - Local Mac Address Mac persistency wait time: Indefinite                                              H/W   Current Switch#   Role    Mac Address     Priority Version  State ------------------------------------------------------------ *1       Active   0000.aaaa.aaaa     15     V06     Ready

Connect the StackWise cables and power up the second switch. You'll see some console messages similar to what is below.

Nov 11 01:14:07.116: %STACKMGR-1-STACK_LINK_CHANGE: 1 stack-mgr:  Stack port 2 on switch 1 is up Nov 11 01:14:26.152: %STACKMGR-6-SWITCH_ADDED: 1 stack-mgr:  Switch 2 has been added to the stack. Nov 11 01:14:37.742: %STACKMGR-6-SWITCH_READY: 1 stack-mgr:  Switch 2 is ready. Nov 11 01:14:37.748: Starting SWITCH-ADD sequence, switch 2 Nov 11 01:14:39.047: %NGWC_USB_CONSOLE-6-CONFIG_ENABLE: Switch 2: Console media-type changed to default Nov 11 01:14:42.836: %NGWC_PLATFORM_FEP-6-FRU_PS_OIR: Switch 2: FRU power supply A inserted Nov 11 01:14:42.837: %NGWC_PLATFORM_FEP-6-FRU_PS_OIR: Switch 2: FRU power supply B inserted Nov 11 01:15:01.239: SWITCH-ADD sequence complete, switch 2 Nov 11 01:15:03.832: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/1/1, changed state to down Nov 11 01:15:03.832: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/1/2, changed state to down Nov 11 01:15:03.832: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/1/3, changed state to down Nov 11 01:15:03.832: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/1/4, changed state to down Nov 11 01:15:03.833: %LINEPROTO-5-UPDOWN: Line protoc Switch01#ol on Interface TenGigabitEthernet2/1/1, changed state to down Nov 11 01:15:03.833: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet2/1/2, changed state to down Nov 11 01:15:03.833: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet2/1/3, changed state to down Nov 11 01:15:03.833: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet2/1/4, changed state to down Nov 11 01:15:04.769: %PLATFORM_PM-6-FRULINK_INSERTED: 4x1G uplink module inserted in the switch 2 slot 1

The above syslog messages and 'convergence' takes a few minutes. After all the line protocol messages are finished you can from the master switch verify they are stacked.

Verify the Switch Stack:

Switch01#sho switch Switch/Stack Mac Address : 0000.aaaa.aaaa - Local Mac Address Mac persistency wait time: Indefinite                                              H/W   Current Switch#   Role    Mac Address     Priority Version  State ------------------------------------------------------------ *1       Active   0000.aaaa.aaaa     15     V06     Ready  2       Member   0000.bbbb.bbbb     1      V07     Ready Switch01#sho switch neighbors   Switch #    Port 1       Port 2   --------    ------       ------       1        None           2       2         1            None Switch01#sho switch detail Switch/Stack Mac Address : 0000.aaaa.aaaa - Local Mac Address Mac persistency wait time: Indefinite                                              H/W   Current Switch#   Role    Mac Address     Priority Version  State ------------------------------------------------------------ *1       Active   0000.aaaa.aaaa     15     V06     Ready  2       Member   0000.bbbb.bbbb     1      V07     Ready          Stack Port Status             Neighbors Switch#  Port 1     Port 2           Port 1   Port 2 --------------------------------------------------------   1       DOWN         OK             None       2   2         OK       DOWN               1      None Switch01#

Challenge: RIP - GET-VPN

UPDATE (4/20/2018) : I posted the answers a day early: https://showipintbri.blogspot.com/2018/04/challenge-rip-get-vpn-answers.html

As I was working through some studies I had a challenge idea.

This is not a "stump the chump" instead this is a back to basics.

Answers will be posted April 21, 2018.

Topology:

Requirements:

1. All routers interfaces must be configured using the ip schema from the topology diagram.

2. You must run RIP protocol between all routers and no other routing protocol

• Advertise all your connected networks
• R2 must run RIP version 2
• All other routers must run RIP version 1, and should see R2's loopback with its real mask

3. You must have routes representing all the subnets(classful or better) from the topology in all your routing tables.

4. configure GET VPN between all routers WAN interfaces

• R1 must be the key-server

5. pings sourced from the loopbacks of the group members to other group members must be encrypted

• All other traffic should not be encrypted.

6. You should have full reachability to all loopbacks in the topology 

LinkedIn Challenge - VXLAN Alternatives

Now, I would not say these are alternatives to VXLAN in production environments but these are alternative solutions to solving the networking challenge.

Original Linked Challenge Post: https://www.linkedin.com/feed/update/urn:li:activity:6384425951123554304

Sorry for taking so long to get these out I sat for my CCIE Written this week, that took a higher priority than this. Never the less here we are.

I could not execute the challenge as designed for a few reasons:

1. I don't have the proper images that support VXLAN
2. I have never used VXLAN and am not familiar with the particulars

I proposed two alternative solutions to this challenge, these are solutions I am familiar with. They share a similar config's but achieve the solution differently.

1. AToM - Any Transport over MPLS
2. L2TPv3 - Layer 2 Tunneling Protocol v3

The Challenge:

My Solution:

My Topology:

Solution #1: AToM

R1: int gi0/0  ip add 10.1.14.1 255.255.255.0  no shut exit R4: int gi0/0  ip add 10.1.14.4 255.255.255.0  no shut exit R2: mpls label protocol mpls mpls ldp router-id Gi0/1 force int gi0/1  ip add 10.1.23.2 255.255.255.0  mpls ip no shut pseudowire-class LAB1  encapsulation mpls exit int gi0/0  xconnect 10.1.23.3 1 pw-class LAB1 no shut exit R3: mpls label protocol mpls mpls ldp router-id Gi0/1 force int gi0/1  ip add 10.1.23.3 255.255.255.0  mpls ip no shut pseudowire-class LAB1  encapsulation mpls exit int gi0/0  xconnect 10.1.23.2 1 pw-class LAB1 no shut exit

Solution #2: L2TPv3

R1: int gi0/0  ip add 10.1.14.1 255.255.255.0  no shut exit R4: int gi0/0  ip add 10.1.14.4 255.255.255.0  no shut exit R2: int gi0/1  ip add 10.1.23.2 255.255.255.0 no shut pseudowire-class LAB2  encapsulation l2tpv3  ip local interface GigabitEthernet0/1 exit int gi0/0  xconnect 10.1.23.3 1 pw-class LAB2 no shut exit R3: int gi0/1  ip add 10.1.23.3 255.255.255.0 no shut pseudowire-class LAB2  encapsulation l2tpv3  ip local interface GigabitEthernet0/1 exit int gi0/0  xconnect 10.1.23.2 1 pw-class LAB2 no shut exit