Get Started. It's Free
or sign up with your email address
CCIE by Mind Map: CCIE

1. QoS

1.1. RSVP

1.1.1. Messages PATH = ask for resources RESV = Confirm resource reservation RESV-CONF = Last confirmation Order Source send PATH Destination send RESV Destination send PATH Source send RESV Destination send RESV-CONF

1.1.2. Configuration Interface ip rsvp bandwidth <total> <flow> ip rsvp bandwidth <total> <flow> LLQ ip rsvp pq-profile <max-rate> <max-burst> <peak-to-avg-ratio-%> fair-queue must be enabled. Frame-Relay fair-queue Source ip rsvp sender-host <ip-dest> <ip-src> [tcp | udp] <dst-port> <src-port> <bw> <peak> The "-host" generates PATH msg; without it the router waits for traffic to send it. show ip rsvp sender Destination ip rsvp reservation-host <ip-dest> <ip-src> [tcp | udp] <dst-port> [ff | sw | wf] rate <bw> <peak> The "-host" generates RESV msg; without it the router waits for traffic to send it. ff (fixed filter)= Only one source can use the reservation se (shared explicit) = shared with some specified sources wf (wildcast filter) = shared with any source show ip rsvp reservation show ip rsvp installed [detailed]

1.2. FRTS

1.2.1. Generic Traffic Shape traffic-shape rate <bit-rate> <burst-size> <excess-burst-size>

1.2.2. Frame Relay Traffic Shapping Config Interface <if> frame-relay trafic-shapping DLCI only (optional) frame-relay class <class-name>

1.2.3. Class-Based Traffic Shapping Can be combined with MQC Traffic classes Configuration interface <if-fr> frame-relay interface-dlci <dlci> service-policy <policy-map-name> policy-map <policy-map-name> class <class-name> shape class-map <class-name> match

1.3. MQC

1.3.1. interface <if>

1.3.2. service-policy [input | output] <policy-name>

1.3.3. policy-map <policy-name>

1.3.4. class <class-name>

1.3.5. set ip precedence ip dscp cos

1.3.6. class-map <class-name>

1.3.7. match (qos, acl, mac)

1.3.8. match protocol nbar

1.3.9. match any

1.4. Switch QoS (MLS)

1.4.1. mls qos behavior no mls qos QoS disabled COS = 0 COS = 5 Untagged mls qos QoS enabled COS = 0 COS = 5 Untagged mls qos (if) mls qos trust cos COS = 0 COS = 5 Untagged mls qos (if) mls qos cos X override COS = 0 COS = 5 Untagged

1.4.2. Layer 2 to Layer 3 mapping Inbound cos-dscp map Outbound cos-dscp map show mls qos map [dscp]

1.4.3. Port trust (if) # mls qos trust [dscp | cos | ip-prec] if trust COS, DSCP is modified, based on COS-to-DSCP map To avoid, use DSCP transparency Maps COS = 0 to 7 IP Precendence = 0 to 7 DSCP = 0 to 63 COS-to-DSCP map IP Prec-to-DSCP map DSCP-to-COS map DSCP to DSCP mapping (aka DSCP Mutation)

1.4.4. 3560 SRR sharing shaping Two ingress queues Only support SRR sharing Normal Expedite Four egress gueues Uses queue-set Assign queue-set to interface Set queue-set threshold and buffers Map DSCP/CoS to queue Set SRR shape or share to queue. Expedite (queue 1) Limit bandwitch for interface

1.4.5. Use MQC to apply QoS to interface inbound only interface X/Y service-policy input <pmQOS> policy-map <pmQOS> class <cmA> trust [cos | dscp | ip-prec] set [dscp | ip-prec] police [rate-bps] [burst-byte] exceed-action [drop | policied-dscp-transmit] class-map cmA match [acl | ip dscp | ip prec | input-interface] OR

2. Security

2.1. Switch security

2.1.1. Control DHCP packets DHCP Snooping Only allow DCHP responses from a trusted port ip dhcp snooping [vlan [vlans]] DHCP server must be connected to a trusted port

2.1.2. Control frames based on source Filter frames IP Source Guard Filter ARP packets ARP inspection

2.1.3. Filter specific frames vlan filter <amVLAN> vlan-list <vlan-range> vlan access-map <amVLAN> Match Action

2.1.4. Control VLAN/interface traffic Port Blocking Unknow destination MACs packets are forwarded to all ports. To prevent: interface <blocked-if> switchport block unicast switchport block multicast Port Security Restric how many and which ones mac-address have access to an interface interface <secured-if> Enable Port Security Maximum mac-address learned How to react Static MAC assignment Learn MACs and don't forget on reload Static MACS and don't forget on reload Port protected One protected port don't talk with another protected port interface <protected-if> switchport protected Private VLANs Port modes VLAN modes Configuration

2.2. IP Options

2.2.1. Drop all packets with options marked ip options drop

2.2.2. Ignore the option parameters ip options ignore

3. IP Services

3.1. SPAN

3.1.1. Up to two source sessions

3.1.2. Up to 64 destination ports

3.1.3. Source port = Physical, Trunk, Routed, Voice

3.1.4. monitor session X source [interface | vlan] [rx | tx | both]

3.1.5. monitor session X filter vlan [range]

3.1.6. monitor session X destination [interface | remote vlan]

3.1.7. RSPAN vlan Y remote-span monitor session X source [remote vlan] Z monitor session X destination [interface] Destination switch Intermediate switches

3.1.8. Source switches

3.2. Reflexive ACL

3.2.1. Config interface <if-inside> ip access-group <acl-in> in ip access-list extended <acl-in> evaluate <tcp-temp-name> ip access-group <acl-out> out ip access-list extended <acl-out> permit tcp any any reflect <tcp-temp-name> Can be done one in each interface (in/out)

3.3. EEM

3.3.1. Event Detector Monitors: CLI Command Events Object track SNMP Events Syslog messages Interface counters Timers

3.3.2. Event Manager

3.3.3. Policy Director Applet Policy event manager applet <appNAME> event <monitor> action x.x <action> action 1.0 cli command "cli command" action 1.1 mail server <server> from <from> to <to> action 1.2 syslog message "message" TCL Policy event manager enviroment <variable> event manager directoy user policy <path> event manager policy <filename>

3.4. WCCP

3.4.1. UDP Port 2048

3.4.2. Basic config ip wccp version [1 | 2] Version 1 = 1 router, Cluster HTTP only Version 2 = Multiple routers; Clusters ip wccp web-cache TCP Promiscuous mode ip wccp 61 ip wccp 62 From which interfaces? interface X/Y Standard web service TCP Promiscuous mode Except:

3.4.3. Who will be redirected? ip wccp web-cache redirect-list <acl>

3.4.4. To which web caches? ip wccp web-cache group-list <acl>

3.4.5. Group web caches ip wccp web-cache group-add <mcast-address> password <pw>

3.4.6. And if web cache is not available? block ip wccp mode closed passthrough ip wccp mode open

3.4.7. 3560 sdm prefer extended reload

3.5. IP SLA

3.5.1. Configuration Probe ip sla <oper-number> [probe-type]<dest-IP> <dest-port> interval <interval> frequency <seconds> ip sla schedule <oper-number> life [forever | <seconds>] [start-time <time> | pending | now] show ip sla configuration <oper-number> show ip sla statistics Responder ip sla ip sla responder udp-echo ipaddress <ip-address> port <port> Authentication ip sla key-chain <key>

3.6. IP Traffic Export

3.6.1. Similar to SPAN on switches

3.6.2. Profile ip traffic-export profile <profile-name> mode [capture | export] Capture = store in router flash Export = Send interface <export-interface> mac-address <export-host> incoming [access-list <acl> | sample on-in-every <number>] outgoing [access-list <acl> | sample on-in-every <number>] bidirectional

3.6.3. Apply interface <monitored-interface> ip traffic-export apply <profile-name> size <capture-buffer>

3.7. SNMP

3.7.1. Security Models noAuth noPriv Auth Priv Auth noPriv

3.7.2. Config v3 What? Which? Who? Traps Engine v1/v2 What? Community

3.8. NetFlow

3.8.1. Flow = Source IP Dest IP Source Port Dest Port Layer 3 ToS Input Interface

3.8.2. Flows can be on Collector Local cache

3.8.3. Config Basic ip flow-export destination <collector-ip> <udp-port> ip flow-export version 9 interface <if> Aggregation cache ip flow aggregation-cache [prefix | protocol | etc] Filter and sampling Filter AND Sampling Sampling only

3.9. NAT

3.9.1. Interfaces interface <if-inside> ip nat inside interface <if-outside> ip nat outside

3.9.2. Static or Dynamic?

3.9.3. Source or Destination?

3.9.4. ip nat [inside | outside] [source | destination] static <from> <to> When the packet hit the [inside | outside] interface Change the [source | destination] From <from> To <to> nat outside source = nat inside destination

3.9.5. ip nat pool <pool-name> <start-IP> <end-IP> [netmask | prefix-length]

3.9.6. access-list <acl-number> permit <source-address> <source-wildcard>

3.9.7. ip nat inside source list <acl-number> pool <pool-name> [overload]

3.9.8. Load balance ip nat pool <pool-name> <start-IP> <end-IP> [netmask | prefix-length] type rotary ip nat inside destination-list <acl-name> pool <pool-name> Pool = real hosts ACL = Virtual address

3.9.9. Select which IPs get translated. ip nat inside source static <from> <to> route-map <rm-name>

3.9.10. Stateful NAT Use for asymmetrical routing and redundancy With HSRP ip nat inside source static <from> <to> redundancy <group-name> standby <group> name <group-name> Configuration ip nat stateful <id> Primary Secondary peer <other-router-IP> mapping-id <map-id> ip nat source static route-map <rm-name> pool <pool-name> mapping-id <map-id>

3.10. DHCP

3.10.1. RARP = Layer 2 header

3.10.2. BOOTP = Layer 3 header

3.10.3. DHCP = More options (lease time, extra fields, dynamic range)

3.10.4. DHCP Relay interface <if> interface that receives de DHCP request ip helper-address <dhcp-server>

3.10.5. DHCP Server Config service dhcp ip dhcp excluded-address <start-ip> <end-ip> ip dhcp pool <pool-name> Network Host domain <domain-name> dns-server <server-IP> default-router <gw-ip> lease [days [hours] [minutes] | infinite] Troubleshooting clear ip dhcp dinding * show ip dhcp binding show dhcp lease

3.11. Lock and Key Security

3.11.1. Lock the traffic interface <if-traffic> ip access-group <acl> in access-list <acl> permit <always-allowed-traffic> access-list <acl> dynamic <temprary-acl-name> timeout <absolut-seconds> permit <temporary-traffic>

3.11.2. Telnet to enable line vty 0 autocommand access-enable <host> timeout <inactivity-seconds>

3.12. NTP

3.12.1. Client/Server Pull method, from client to server Server ntp master [stratum] Access Control Authentication Client ntp server <ip-address> ntp access-group peer <aclSERVER> Authentication

3.12.2. Peer Push/Pull method ntp peer <ip-address> ntp access-group peer <aclPEER>

3.12.3. UDP port 123

3.13. RMON

3.13.1. Configuration Interface rmon [native | promiscuous] rmon queuesize <size> rmon alarm <number> <varable> <interval> [delta | absolute] rising-threshold <value> falling-threshold <value> show rmon show rmon alarms show rmon events

4. Misc

4.1. Regular Expression

4.1.1. ( ) Parenthesis Grouping

4.1.2. | (pipe) OR expression

4.1.3. ? (question mark) 0 or 1 occurrence of previous

4.1.4. * (asterisk) 0 or more occurrences of previous

4.1.5. + (Plus sign) 1 or more occurrences of previous

4.1.6. \ (backslash) Escape special characters

4.1.7. [ ] (brackets) Any character from range

4.1.8. ^ (Circumflex ) Start of line

4.1.9. $ (dollar sign) End of line

4.1.10. _ (underline) Can be replaced by comma (,), space ( ), start of line (^), end of line ($), rigt or left brace ({})

4.2. SSH

4.2.1. Configuration Generate keys crypto key generate rsa Enable SSH server ip ssh [version <version-number> | timeout <seconds> | authentication-retries <number>]

4.2.2. show crypto key mypubkey rsa

4.3. Bridge

4.3.1. Ethernet and Frame-Relay example R5 interface Ethernet0/0.40 encapsulation dot1Q 40 ip address R2 Global configuration Ethernet Serial FR R3 interface Serial1/0 no ip address encapsulation frame-relay frame-relay map bridge 302 broadcast bridge-group 1

5. Layer 2

5.1. LAN

5.1.1. Trunk Interfaces Trunk Mode Dynamic ? Don't work: Trunk Encapsulation Dynamic?

5.1.2. Etherchannel Modes Dynamic ? Configuration shutdown [switchport | no switchport] channel-group <channel-number> mode [on | desirable | auto | active | passive] interface port-channel <channel-number> switchport mode [access | trunk] ... other configurations ... no shutdown interface range <first-if> <last-if> no shutdown

5.1.3. FlexLinks Link level redundancy Alternative to STP Automatically disables STP Configuration interface <active-interface-L2> switchport backup interface <backup-interface-L2> switchport backup interface <backup-interface-L2> preemption mode [forced | bandwidth | off] switchport backup interface <backup-interface-L2> preemption delay <msec>

5.1.4. Spanning Tree STP (802.1d) Cisco PVSTP+ Port states Rules Port Roles BDPU Types Elections Rapid STP (802.1w) Cisco RPVSTP spanning-tree mode rapid-pvst Standardize BackboneFast, UplinkFast, PortFast Port states Port Roles MST (802.1s) Automatically enables RSTP Enable MST Create MST instances and map VLAN to instance Define root, cost, priority Features Can be enabled on PVST+, rapid PVST_ and MST Can be enabled on PVST+

5.1.5. udld modes normal aggressive

5.2. WAN

5.2.1. PPP over Frame-relay interface Virtual-Template <if> ip unnumbered <interface> encapsulation ppp CHAP ppp authentication chap ppp chap username <usernameB> ppp chap password <passwordB> PAP ppp authentication pap ppp pap sent-username <usernameB> password <passwordB> username <usernameA> password <passwordA> interface <Serial> encapsulation frame-relay frame-relay interface-dlci <dlci> ppp Virtual-Template <if> Multilink interface Multilink ppp multilink ppp multilink group <num> interface Virtual-Template ppp multilink group <num>

6. IGP and PBR

6.1. EIGRP

6.1.1. Administrative Distance router egirp <as> distance <ad> <source-IP> <source-wildcard> <acl> Don't match external prefixes, only internal Set the neighbor, don't let any ( distance eigrp <internal-ad> <external-ad> Change all routes, can't be selective

6.1.2. Metric BW-Metric = 10.000.000/interface-BW(kbps) Delay-Metric = sum [delays (tens of us)] * 256 Metric = BW-Metric + Delay-Metric

6.1.3. Load Balance Proportional to metrics Range = Variance multiplier router eigrp <eigrp-as> variance <multiplier>

6.1.4. Neighbors passive-interface <interface> Disable send and receive hellos on interface Neighbors don't establish neighbor <ip-addr> <interface> Suppress multicast hellos on the interface Send unicast hellos

6.2. RIP

6.2.1. Basic config router rip version 2 no auto-summary passive default network <classful-network>

6.2.2. Destination Format Multicast Default Unicast neighbor <neighbor-ip> passive-interface <interface> Broadcast ip rip v2-broadcast

6.2.3. Filtering Distribute List distribute-list <acl> [in | out] <interface> acl Offset List offset-list <acl> [in | out] <additive-metric> Metric 16 means invalid route acl Administrative Distance distance <adm-distance> <source-ip> <source-wildcard> <acl> Administrative Distance 255 means invalid route source-ip = RIP Neighbor IP acl

6.2.4. Authentication interface <if> ip rip authentication key-chain <key-chain> ip rip authentication mode [text | md5]

6.2.5. Default route router rip default-information originate Conditional Only send default route if there is a specific prefix in route table router rip default information originate route-map <condition-route-map>

6.2.6. Summarization interface <if> ip summary-address rip <summary-ip> <mask>

6.3. OSPF

6.3.1. Basic config Router process router ospf <process-id> network <ip-address> <wildcard-mask> area <area-id> Interface interface <if> ip ospf <process-id> area <area-id>

6.3.2. Network types Elects DR/BDR ? Y N Configuration ip ospf network-type <type> ip ospf priority <priority-value> Default Types by interface Frame-Relay Ethernet Loopback Tunnel

6.3.3. Area types LSAs Type 1 Type 2 Type 3 Type 4 Type 5 Type 7 Totally Stub or Totally NSSA (5 -> 7) Stub or NSSA (5 -> 7) Stub Stub Totally Stub Not-so-stubby (NSSA) Not-so-stubby Totally Stub NSSA no-redistribution NSSA Suppress-FA

6.3.4. Route types In order of preference O Intra-area O IA Inter-area O E1 Metric = External Cost + Internal Cost O E2 Default when redistributing Metric = External cost only; don't change through area External routes

6.3.5. Summarization Inter-area (ABR) area <area-id> range <summary-ip> <mask> External (ASBR) summary-address <summary-ip> <mask>

6.3.6. Virtual-link Required for areas not connected to area 0 area <not-area-0-id> virtual-link <dest-ospf-router-id> Not allowed through stub areas

6.3.7. Filtering Type-3 LSA filter Only can be done on the ABR router ospf <process-id> area <area-id> filter-list <prefix-list> [in | out] Prevent LSA from being installed on routing table ip prefix-list <pl-filter> permit <net-to-be-filtered> route-map <route-map-filter> deny 10 match ip address prefix <pl-filter> route-map flter <route-map-filter> permit 20 router ospf <process> distribute-list route-map <route-map-filter> in

6.3.8. Authentication Enable and set type Interface Area Virtual-Link Password Text MD5 Virtual-link

6.3.9. MPLS Sham-Link Avoid routing outside MPLS Core Created in PE routers, when backdoor link exists between two sites. area <area-id> sham-link <src-add> <dst-addr> cost <cost> Use loopback interface for source/destination show ip ospf sham-link Domain-id 8-byte value of BGP update that identify OSPF domain Routes received from far-end CPE are classified as: router ospf <process-id> domain-id <ip-address-format-id> VRF-Lite OSPF routes received by CPEs have the down-bit set Down-bit don't let OSPF routes be re-learned bt BGP; Avoid loops Don't let routes be installed on VRF either To enable VRF use on CE: router ospf <process-id> capability vrf-lite

6.3.10. Administrative Distance distance <ad> <source-IP> <source-wildcard> <acl> It's not possible to change AD from only one neighbor, it must change for all neighbors for that process distance ospf external <O-EX-distance> inter-area <O-IA-distance> intra-area <O-distance>

6.4. PBR

6.4.1. ip local policy route-map <map-name> Local packets are not subject to PBR. Local policy fix this.

6.4.2. interface <if> interface where the packet would pass by

6.4.3. ip policy route-map <map-name>

6.4.4. route-map <map-name>

6.4.5. match ip address <acl>

6.4.6. set ip next-hop <ip>

6.5. PFR/OER

6.5.1. Configuration guide Master Key chain Border Measure Learn Route Prefixes Border Key chain Master NAT

6.6. 1st hop redundancy

6.6.1. Cisco Proprietary? Y Load balance N VRRP

6.6.2. Configuration HSRP = standby VRRP = vrrp GLBP = glbp standby <group> IP <ip-address> standby <group> priority <priority-number> Higher wins standby <group> preempt standby <group> track <track> decrement <priority-decrement>

7. IPv6

7.1. Addressing

7.1.1. Loopback ::1

7.1.2. empty ::

7.1.3. Default route ::/0

7.1.4. Link-Local FE80::/64

7.1.5. Unique-local FC00::/7

7.1.6. Global 2000::/3

7.2. ICMPv6

7.2.1. Combines several IPv4 funtions: ICMPv4, IGMP and ARP

7.3. Configuration

7.3.1. ipv6 unicast-routing

7.3.2. Interface ipv6 enable Auto-generate link-local, even if the interface don't have IPv6 unique/global address ipv6 address <ipv6-address> ipv6 address <link-local-add> link-local ipv6 address <prefix-only> eui-64

7.3.3. Routing Static ipv6 route <ipv6-network/length> <next-hop-address> ipv6 route <ipv6-network/length> <next-hop-link-local-add> <exit-interface> The routing process is automatically created when assigned to interface RIP interface <if> ipv6 rip <process-name> enable ipv6 rip <process-name> default-information originate ipv6 router rip <process-name> EIGRP Uses FF02::A (all EIGRP routers) interface <if> ipv6 eigrp <as-number> ipv6 router eigrp <as-number> OSPF interface <if> ipv6 ospf <process> area <area-number> ipv6 router ospf <process>

7.4. Tunnels

7.4.1. Tunnels source and destination are always IPv4

7.4.2. Manual Manual Tunnel IPv6 -> IPv4::IPv6 -> IPv6 interface tunnel <if> ipv6 address <ipv6> tunnel source <ipv4> tunnel destination <ipv4> tunnel mode ipv6ip IPv6 over GRE IPv6 -> IPv4::GRE::IPv6 -> IPv6 Can carry non-IP packets, like IS-IS interface tunnel <if> ipv6 address <ipv6> tunnel source <ipv4> tunnel destination <ipv4> tunnel mode gre ip

7.4.3. Automatic 6to4 IPv6 -> IPv4::IPv6 -> IPv6 2002:[IPv4-in-hex]::/48 interface tunnel <if> ipv6 address 2002::[IPv4]:: tunnel source <ipv4> tunnel mode ipv6ip 6to4 ipv6 route 2002::/16 tunnel<if> Destination is extracted from the IPv6 data packet destination IP No Multicast Support ISATAP IPv6 -> IPv4::IPv6 -> IPv6 [64-bit-prefix]:0000:5ef3:[IPv4-in-hex]/64 interface tunnel <if> ipv6 address [64-bit-prefix]::/64 eui-64 tunnel source <ipv4> no ipv6 nd suppress-ra tunnel mode ipv6ip isatap Destination is extracted from the IPv6 data packet destination IP 6rd 6rd utilises an SP's own IPv6 address prefix - avoids well-known prefix (2002::/16) CE BR Dual Stack Lite Dual stack endpoints IPv6 Backbone Based on Carrier Grade NAT

7.5. IPV6 NAT

7.5.1. NAT-PT Interfaces IPV6 side IPv4 side Static NAT ipv6 nat v4v6 source <ipv4-address> <ipv6-address> ipv6 nat v6v4 source <ipv6-address> <ipv4-address> Dynamic NAT ipv6 nat v4v6 source list <acl-ipv4> pool <pool-ipv6> ipv6 nat v6v4 source list <acl-ipv6> pool <pool-ipv4> ipv6 nat prefix Installs the connected prefix in the IPv6 routing table ipv6 nat prefix <prefix-ipv6>

8. BGP

8.1. Path attributes {Order of choice}

8.1.1. Must be know? Y Present in all updates? N Must forward?

8.1.2. Local Info {1} Weight Local information to the router, never send in updates Higher wins

8.2. Configuration

8.2.1. Basic router bgp <as-number> neighbor <ip-address> remote-as no auto-summary Synchronization? Y N Peer-group neighbor <pgNAME> peer-group neighbor <pgNAME> ... neighbor <ip-address> peer-group <pgNAME> Direct connection? N iBGP Not fully-meshed? Community ip bgp-community new-format neighbor <ip-address> send-community [standard | extended | both] iBGP to IGP redistribution Disabled by default To enable: router bgp <as-number> bgp redistribute internal

8.2.2. Inject routes network network <ip-address> mask y.y.y.y network <ip-address> mask y.y.y.y backdoor default neighbor <ip-address> default-originate Don't need to have the default-route Don't supress more specific Summarization aggregate-address Conditional Injection Advertising

8.2.3. Control advertisement neighbor <ip-address> distribute-list <acl-number> [out | in] neighbor <ip-address> filter-list <ip-as-path-acl-number> [out | in] neighbor <ip-address> route-map <rmBGP> [out | in] route-map <rmBGP> match ip address <acl-number> match as-path <ip-as-path-acl-number> match community <community-list-number> set local-preference set metric set as-path prepend set community Manipulate prefixes Filter private ASs Change local AS Change next-hop for all? Propagate prefix-list Sender Receiver SET Match

8.2.4. Syncronization Disable syncronization no synchronization

9. Multicast

9.1. PIM Mode

9.1.1. Dense Mode Flood & Prune ip pim dense-mode

9.1.2. Sparse Mode Any Source Multicast (ASM) Uses RP Shared -> Source Specific (*,G -> S.G) ip multicast-routing Static RP? Use (S,G) ? Y N

9.1.3. MSDP (Multicast source discovery protocol) Allow RPs to excahnge information about groups sources ip msdp peer <ip-address> ip msdp originator-id <loopback-if> ip msdp mesh-group <group-name <neighbors-IP-address> Used if there are more than two RP fully-meshed, to avoid loops

9.1.4. NBMA networks RPF rules prevent traffic from spoke to hub to be replicated to other spokes Use NBMA mode Create tunnel between spokes and routers

9.2. IGMP

9.2.1. v1 Old Slow leave

9.2.2. v2 Join to mcast group address Fast leave Querier

9.2.3. v3 Join to Easy to Layer2 snooping Source filter Enable SSM

9.2.4. IGMP Snooping ip igmp snooping <vlan> <interface connected to mcast router>