My CCNP TSHOOT Lab: The Overall Picture

During the last few weeks I published a couple of blogposts concerning routing protocols such as BGP, OSPFv3, and EIGRP. (Use the “Cisco Router” tag on my blog to list all of them.) They are all part of my current Cisco lab that I am using for my CCNP TSHOOT exam preparation. While I depicted only the details of the routing protocols in those blogposts, I am showing my overall lab with all of its Cisco IOS configs here. Just to have the complete picture. There are a couple of not-yet-blogged configs such as VRRP, GLBP, NTP authentication, embedded event manager (EEM), or route-maps and distribute/prefix lists though.

This is the complete lab as already shown in all the other blogposts:


Some quick notes about them (read: reminder to myself):

  • The default config for all routers is based on this post: Basic Cisco Configuration. That is: timestamps, banner, SSH with ACLs, SSH public key authentication, SNMP with ACLs, NTP, logging, archive.
  • R4 and R5 use three different FHRPs in sum. ;) On interfaces gi0/0 it is VRRP for legacy IP and HSRP for IPv6 (since my VRRP version is not able to handle IPv6 as well), while GLBP on interfaces gi0/1 for both Internet protocols. All four processes use MD5 authentication.
  • All routers use NTP via IPv6 with MD5 authentication (since SHA-1 is not supported).
  • On R2 there is an “event manager applet CONFIG-STARTED” that generates a syslog message and sends an email if an admin starts a configure session.
  • Two GRE tunnels between R1 and R3, one over IPv6 and another over legacy IP. The latter uses a “keepalive” which is not possible for IPv6. No routing over those tunnels though.
  • Route-Maps on R4 and R5 for BGP to set the local-preference for some networks to 200 to force only one router to be used. Sent to the Palo Alto firewall “out”. R4 with a route-map for IPv4 and R5 for IPv6.
  • Just for fun: R2 uses an ACL for IPv4 and a prefix-list for IPv6 to filter outgoing EIGRP updates to R1. However, all networks are explicitly permitted, hence it’s just added security in case of misconfigurations on R3.
  • On S2 there are two Raspberry Pis on ports 3 and 4 with PoE adapters.
  • For all other details about the dynamic routing protocols refer to my previous blogposts.
  • For even more protocols related to layer 2 refer to my CCNP SWITCH / Wireshark challenges post listing 22 protocols and 46 challenges around them.

Here are the full configurations for the five involved Cisco routers, from left to right according to the lab overview:

R4, iBGP to the left, OSPF to the right:


R5, same like R4: iBGP to the left, OSPF to the right:


R1, OSPF to the left, EIGRP to the right:


R2, running only EIGRP:


R3, running only EIGRP, connecting several client subnets:



At least for those FHRP protocols I have not yet shown any details in other blogposts. I won’t open another big thing here but want to list a few show commands for them. As already described above I am using VRRP for IPv4 and HSRP for IPv6 on the gi0/0 interfaces from R4 and R5, while two instances of GLBP for IPv6 and IPv4 on the gi0/1 interfaces.







That’s It

This was my last blogpost concerning CCNP exam topics. At least for now. I got the certificate on Feb 27, 2018. :D

Thanks for watching. ;) “And don’t forget to hit the subscribe button!”

For more posts about routing/switching you can follow the Routing” or “Switching” categories concerning various firewall/router vendors, or the “Cisco Router“/”Cisco Switch” tags for posts related to Cisco stuff.

Featured image “Frankfurt Main Panorama” by tausend und eins, fotografie is licensed under CC BY 2.0.

Leave a Reply

Your email address will not be published. Required fields are marked *