ccie r&s lab_k3

CCIE LAB Routing & Switching (V4.0)

1 www.passccielab.com All rights reserved Created by lofrent - 1 -


Ver:K3

Update 2010-02-12

© www.passccielab.com All Rights Reserved.


VLAN VLAN Name

VLAN 4 VLAN_BB2

VLAN 5 VLAN_BB3

VLAN 13 VLAN_A

Hostname Loopback0 IP Address

YYR1 YY.YY.1.1/32

YYR3 YY.YY.3.3/32

YYR4 YY.YY.4.4/32

YYR5 YY.YY.11.11/32

YYSW1 YY.YY.7.7/24

YYSW2 YY.YY.8.8/24

YYSW3 YY.YY.9.9/24

YYSW4 YY.YY.10.10/24


Note1 : k3 is k1 update versions and k1 and k3

diagram/Pre-configuration and most of questions/ solutions

same with k1 , except few changed questions.

Note2.all solutions has been verified,you can pass ccie rs

exam the frist

Loop back IP Address & VLANS

• The equipment on the rack assigned to you is physically Cabled and should not be tempered

with.

• Router and Switch hostnames, basic ip addressing, 'no exec-timeout' and passwords on the

Con, AUX and VTYs have been preconfigured. Do not change these configurations.

• All preconfigured passwords are 'Cisco'. Do not change these passwords.

• If you need clarification on the meaning of a question, or, if you suspect hardware problems with

you equipment, contact the lab proctor as soon as possible.

• The following symbols are used throughout the exam: YY is your 2-digit rack number, for

example YY value for

• Rack3 is 03 and for Rackl 1 is 11. X is your router number, for example X Value for router 1 is 1. Z

is any number SW1 and SW2 refer to the Catalyst

YYR2 YY.YY.2.2/32



VLAN 15 VLAN_B

VLAN 24 VLAN_C

VLAN 26 VLAN_H

VLAN 46 VLAN_F

VLAN 47 VLAN_G

Frame Relay (R1-R2) R1: YY.YY.13.237, R2: YY.YY.13.236

BB1 150.1.YY.254/24

BB2 150.2.YY.254/24

BB3 150.3.YY.254/24

Pre-configured for CCIE LAB

R1

interface loopback 0

ip address YY.YY.1.1 255.255.255.255

!

interface fa0/1

ip address YY.YY.13.156

255.255.255.224

no shutdown

!

interface fa0/0

no ip address

shutdown

!

interface serial 0/0/0

no ip address

shutdown

!


no ip address

encapsulation ppp

shutdown

R2


ip address YY.YY.2.2 255.255.255.255

!



interface fa0/1

no ip address

shutdown

!

interface fa0/0 no ip address shutdown !


no ip address

shutdown

!


no ip address

shutdown

R3


ip address YY.YY.3.3 255.255.255.255

!

interface fa0/1


255.255.255.224

no shutdown

!


ip address YY.YY.13.240 255.255.255.252

encapusulation ppp

no shutdown

!

R4


ip address YY.YY.4.4 255.255.255.255

!

interface fa0/0

ip address YY.YY.13.60 255.255.255.224

no shutdown

!

interface fa0/1

ip address YY.YY.13.28 255.255.255.224

no shutdown

!



R5


ip address YY.YY.11.11 255.255.255.255

!

interface fa0/1

ip address YY.YY.13.92 255.255.255.224

no shutdown

!


ip address YY.YY.13.245 255.255.255.252

encapsulation ppp

no shutdown

!


ip address YY.YY.13.241 255.255.255.252

encapsulation ppp

no shutdown

SW1

vtp domain CCIE

vtp mode server

vtp password cisco

!

vlan 4

name VLAN_BB2

!

vlan 5

name VLAN_BB3

!

vlan 13

name VLAN_A

!

vlan 15

name VLAN_B

!

vlan 17

name VLAN_BB1

!

vlan 24

name VLAN_C

!

vlan 26

name VLAN_H



!

vlan 46

name VLAN_F

!

vlan 47

name VLAN_G

!

interface loopback 0 ip address YY.YY.7.7

255.255.255.255

!

interface fa0/3

switchport access vlan 5

switchport mode access

!

interface fa0/4



!

interface fa0/10

switchport access vlan17

!

interface fa0/19 -24

switchport trunk

encapsulation dot1q

switchport mode trunk

SW2

vtp mode client

vtp password cisco

!


ip address YY.YY.8.8 255.255.255.255

!

interface fa0/1



!

interface fa0/3





!

interface fa0/4



!

interface fa0/5



!

interface fa0/10 switchport access vlan 4


!


switchport trunk encapsulation dot1q switchport mode trunk

SW2

vtp mode client

vtp password cisco

!


ip address YY.YY.8.8 255.255.255.255

!

interface fa0/1



!

interface fa0/3



!

interface fa0/4



!

interface fa0/5



!

interface fa0/10





!


switchport trunk encapsulation dot1q


SW3:

vtp mode client

vtp password cisco

!


vtp mode client

vtp password cisco

!


ip address YY.YY.9.9 255.255.255.255

!

interface fa0/10



!




SW4:

vtp mode client

vtp password cisco

!


ip address YY.YY.10.10 255.255.255.255

!




BB1-BB2

BB1-BB2#s run

Building configuration...

Current configuration : 7507 bytes

!



version 12.2

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname BB1-BB2

!

!

ip subnet-zero

no ip domain-lookup

!

interface Loopback10

ip address 197.68.4.1 255.255.255.0 secondary




ip address 197.68.1.1 255.255.255.0

!

interface Ethernet0














ip address 150.1.12.254 255.255.255.0

!

interface Ethernet1
















ip address 150.2.1.254 255.255.255.0

!

interface Serial0

no ip address

shutdown

!

interface Serial1

no ip address

shutdown

!

!

router bgp 254

no synchronization

bgp log-neighbor-changes

network 197.68.1.0

network 197.68.4.0

network 197.68.5.0

network 197.68.21.0

network 197.68.22.0

neighbor 150.1.1.1 remote-as 1

neighbor 150.1.1.1 prefix-list filter-bb out

neighbor 150.1.1.1 route-map addas out


























no auto-summary

!

ip classless

ip route 172.16.0.0 255.255.0.0 150.1.12.253

ip route 172.17.0.0 255.255.0.0 150.1.12.253

no ip http server

!

!

ip prefix-list filter-bb seq 5 permit 197.68.1.0/24





access-list 10 permit 150.100.1.0 0.0.0.255

access-list 10 deny 150.0.0.0 0.255.255.255

access-list 10 permit any

route-map addas permit 10

match ip address prefix-list filter-bb

set as-path prepend 253

!

!

!

line con 0

logging synchronous

login

line aux 0

line vty 0 4

login

!

end

BB3

BB3#s run



!

version 12.1



no service single-slot-reload-enable




service udp-small-servers

service tcp-small-servers

!

hostname BB3

!

!

!

!

!

!

ip subnet-zero

no ip domain-lookup

!

!

!

!

interface Loopback0








ip address 198.2.1.1 255.255.255.0

!






ip address 197.68.1.1 255.255.255.0

!

interface Ethernet0

description Connect to BBSW F0/5









ip address 150.3.0.254 255.255.255.0

no ip mroute-cache

!

interface Serial0

no ip address

shutdown

!

interface Serial1

no ip address

shutdown

!

interface BRI0

no ip address

shutdown

!

router eigrp 100

network 4.1.1.0 0.0.0.255

network 128.28.2.0 0.0.0.255

network 150.3.0.0

network 182.2.2.0 0.0.0.255

network 182.2.4.0 0.0.0.255

network 198.1.1.0

network 198.2.1.0

network 198.2.3.0

network 198.2.5.0

no default-information in

no default-information out

no auto-summary

no eigrp log-neighbor-changes

no eigrp log-neighbor-warnings

!

!

ip classless

ip http server

!

privilege exec level 0 show ip route

!

line con 0

logging synchronous

line aux 0

line vty 0 4

logging synchronous

login



!

end


Rack YY R1 YY.YY.1.1/32

Rack YYR3 YY.YY.3.3/32



Rack YYSW1 YY.YY.7.7/32



Rack YYSW4 YY.YY.1010/32


VLAN and IP Address

-vlan 2 name VLAN_BB2


-vlan 11 name VLAN_A

-vlan 13 name VLAN_B


-vlan 22 name VLAN_C

-vlan 24 name VLAN_H

-vlan 44 name VLAN_F

-vlan 45 name VLAN_G

-frame-realy: (R1-R2)

R1: YY.YY.15.242, R2: YY.YY.15.241

-BB1 is 150.1.YY.254/24

-BB2 is 150.2.YY.254/24

-BB3 is 150.3.YY.254/24

Loopback ip address

Host name Loopback 0 interface IP address

Unless specified above, all interface else must be 24 bit mask addressing.

Please use these script Verify the entire network

Yyrack# tclsh

foreach i {

11.11.15.161

11.11.15.242

11.11.15.249

11.11.1.1

11.11.15.129

11.11.15.34

11.11.15.241

11.11.2.2

150.3.12.1

11.11.15.193



Hostname Loopback0 IP Address

YYR1 YY.YY.1.1/32

YYR2 YY.YY.2.2/32

YYR3 YY.YY.3.3/32

YYR4 YY.YY.4.4/32

YYR5 YY.YY.5.5/32

YYSW1 YY.YY.7.7/24

YYSW2 YY.YY.8.8/24


11.11.15.245

11.11.3.3

11.11.15.65

11.11.15.33

11.11.4.4

11.11.15.97

11.11.15.250

11.11.15.246

11.11.5.5

11.11.15.162

11.11.15.194

11.11.7.7

11.11.15.130

11.11.8.8

11.11.15.66

11.11.15.98

11.11.10.10

} { puts [exec "ping $i" ]}

Loop back IP Address & VLANS

• The equipment on the rack assigned to you is physically Cabled and should not be tempered

with.

• Router and Switch hostnames, basic ip addressing, 'no exec-timeout' and passwords on the

Con, AUX and VTYs have been preconfigured. Do not change these configurations.

• All preconfigured passwords are 'Cisco'. Do not change these passwords.

• If you need clarification on the meaning of a question, or, if you suspect hardware problems with

you equipment, contact the lab proctor as soon as possible.

• The following symbols are used throughout the exam: YY is your 2-digit rack number, for

example YY value for

• Rack3 is 03 and for Rackl 1 is 11. X is your router number, for example X Value for router 1 is 1. Z

is any number SW1 and SW2 refer to the Catalyst



YYSW3 YY.YY.9.9/24

YYSW4 YY.YY.10.10/24

VLAN VLAN Name

VLAN 4 VLAN_BB2

VLAN 5 VLAN_BB3

VLAN 13 VLAN_A

VLAN 15 VLAN_B

VLAN 24 VLAN_C

VLAN 26 VLAN_H

VLAN 46 VLAN_F

VLAN 47 VLAN_G

Frame Relay (R1-R2) R1: YY.YY.13.237, R2: YY.YY.13.236

BB1 150.1.YY.254/24

BB2 150.2.YY.254/24

BB3 150.3.YY.254/24

R1


ip address YY.YY.1.1 255.255.255.255

!

interface fa0/1


255.255.255.224

no shutdown

!

interface fa0/0

no ip address

shutdown

!


no ip address

shutdown

!


no ip address

encapsulation ppp

shutdown



R2


ip address YY.YY.2.2 255.255.255.255

!

interface fa0/1

no ip address

shutdown

!

interface fa0/0 no ip address shutdown !


no ip address

shutdown

!


no ip address

shutdown

R3


ip address YY.YY.3.3 255.255.255.255

!

interface fa0/1


255.255.255.224

no shutdown

!


ip address YY.YY.13.240 255.255.255.252

encapusulation ppp

no shutdown

!

R4


ip address YY.YY.4.4 255.255.255.255

!

interface fa0/0

ip address YY.YY.13.60 255.255.255.224

no shutdown

!

interface fa0/1



ip address YY.YY.13.28 255.255.255.224

no shutdown

!

R5


ip address YY.YY.5.5 255.255.255.255

!

interface fa0/1

ip address YY.YY.13.92 255.255.255.224

no shutdown

!


ip address YY.YY.13.245 255.255.255.252

encapsulation ppp

no shutdown

!


ip address YY.YY.13.241 255.255.255.252

encapsulation ppp

no shutdown

SW1

vtp domain CCIE

vtp mode server

vtp password cisco

!

vlan 4

name VLAN_BB2

!

vlan 5

name VLAN_BB3

!

vlan 13

name VLAN_A

!

vlan 15

name VLAN_B

!

vlan 17

name VLAN_BB1

!



vlan 24

name VLAN_C

!

vlan 26

name VLAN_H

!

vlan 46

name VLAN_F

!

vlan 47

name VLAN_G

!

interface loopback 0 ip address YY.YY.7.7

255.255.255.255

!

interface fa0/3



!

interface fa0/4



!

interface fa0/10


!


switchport trunk

encapsulation dot1q


SW2

vtp mode client

vtp password cisco

!


ip address YY.YY.8.8 255.255.255.255

!

interface fa0/1





!

interface fa0/3



!

interface fa0/4



!

interface fa0/5



!

interface fa0/10 switchport access vlan 4


!


switchport trunk encapsulation dot1q switchport mode trunk

SW2

vtp mode client

vtp password cisco

!


ip address YY.YY.8.8 255.255.255.255

!

interface fa0/1



!

interface fa0/3



!

interface fa0/4



!

interface fa0/5





!

interface fa0/10



!




SW3:

vtp mode client

vtp password cisco

!


vtp mode client

vtp password cisco

!


ip address YY.YY.9.9 255.255.255.255

!

interface fa0/10



!




SW4:

vtp mode client

vtp password cisco

!


ip address YY.YY.10.10 255.255.255.255

!






BB1-BB2

BB1-BB2#s run



!

version 12.2




!

hostname BB1-BB2

!

!

ip subnet-zero

no ip domain-lookup

!






ip address 197.68.1.1 255.255.255.0

!

interface Ethernet0














ip address 150.1.12.254 255.255.255.0

!

interface Ethernet1
















ip address 150.2.1.254 255.255.255.0

!

interface Serial0

no ip address

shutdown

!

interface Serial1

no ip address

shutdown

!

!

router bgp 254

no synchronization


network 197.68.1.0

network 197.68.4.0

network 197.68.5.0

network 197.68.21.0

network 197.68.22.0





























no auto-summary

!

ip classless

ip route 172.16.0.0 255.255.0.0 150.1.12.253

ip route 172.17.0.0 255.255.0.0 150.1.12.253

no ip http server

!

!







access-list 10 deny 150.0.0.0 0.255.255.255

access-list 10 permit any

route-map addas permit 10

match ip address prefix-list filter-bb

set as-path prepend 253

!

!

!

line con 0

logging synchronous

login

line aux 0

line vty 0 4

login

!

end

BB3

BB3#s run





!

version 12.1

no service single-slot-reload-enable




service udp-small-servers

service tcp-small-servers

!

hostname BB3

!

!

!

!

!

!

ip subnet-zero

no ip domain-lookup

!

!

!

!

interface Loopback0








ip address 198.2.1.1 255.255.255.0

!






ip address 197.68.1.1 255.255.255.0

!

interface Ethernet0

description Connect to BBSW F0/5









ip address 150.3.0.254 255.255.255.0

no ip mroute-cache

!

interface Serial0

no ip address

shutdown

!

interface Serial1

no ip address

shutdown

!

interface BRI0

no ip address

shutdown

!

router eigrp 100

network 4.1.1.0 0.0.0.255

network 128.28.2.0 0.0.0.255

network 150.3.0.0

network 182.2.2.0 0.0.0.255

network 182.2.4.0 0.0.0.255

network 198.1.1.0

network 198.2.1.0

network 198.2.3.0

network 198.2.5.0

no default-information in

no default-information out

no auto-summary

no eigrp log-neighbor-changes

no eigrp log-neighbor-warnings

!

!

ip classless

ip http server

!

privilege exec level 0 show ip route

!

line con 0



logging synchronous

line aux 0

line vty 0 4

logging synchronous

login

!

end

SECTION1:DataLinkLayer(L2 Technologies)

Pre-Configuration on your exam

VLAN Trunking Protocol VTP Domain CCIE + YY

PPP serial link R1 through R5 and R3 through R5

For example,the rack number of 3 would have a VTP domain of 802.1q trunk between all fout

switches

2.1 Layer 2 Troubleshoot

Errors in the initial config

SW1 vtp domain name is ccieroutingandswitchingyy and the others are

ccieroutingandswitching.

Solution :change SW1 vtp domain name to ccieroutingandswitching

SW1 VTP password is cisc0 and the others are cisco.

Solution :change SW1 vtp password to cisco

On SW2 fastethernet0/10 config “switchport backup f0/4”, this command will cause interface

fasterthernet 0/4 down.

Solution :remove it

2.1 Troubleshoot layer 2 switching

One-two(or four) faults have been injected into the pre-configurations. these issues may impede a

working solution for certain portions of this labs exam and affect any labs exam section. You

must verify that all of your configurations work as expected. If something is not working as

expected then you must fix the underlying problem

Point will be awarded for solving each problem. However, if you fail to solve a particular problem ,

and the injected fault prevents you from having a working solutions of this lab, then you will lose

points for the fault and the lab that is not working


VLAN ID VLAN Name Interface

5 VLAN_BB3 R3 Fa0/0

13 VLAN_A R1 Fa0/1

15 VLAN_B R3 Fa0/1

17 VLAN_BB1 R5 Fa0/1

24 VLAN_C R2 Fa0/1

26 VLAN_H R2 Fa0/1, R4 Fa0/1

46 VLAN_F R4 Fa0/0

47 VLAN_G R5 Fa0/1


SW1:

vtp domain CCIERoutingandSwitching

vtp password cisco

SW2:

interface f0/10

no switchport backup f0/4

R1:

Interface s0/0

ip add 5.5.15.249 255.255.255.252

no peer neighbor-route

R3:

Interface s0/1

ip add 5.5.15.245 255.255.255.252


R5:

Interface s0/0

ip add 5.5.15.250 255.255.255.252


Interface s0/1

ip add 5.5.15.246 255.255.255.252


2.2 Access-Switch Ports of Switched Network Configuration

4 VLAN_BB2 SW2 F0/10


Note: The default timeout interval is 300 seconds and, by default, the timeout feature is disabled.


As per on SW1,SW2,SW3 should configure all of the appropriate nontrunking access switch ports

according to the below requirements.

As per the VLAN tables configure the VLANs for the access switch ports

Also Include the ports to BB1,BB2,and BB3

Trunk between SW2-Fa0/2 and R2-Fa0/1 should be configured

In the access switch port avoid transmitting BPDUs. When BPDU is received in any of these

ports, the port should transmit back to the listening, learning and forward process.

In the routers including trunk configuration should add any special

Layer2 commands which are required

For These access switch ports, by passing the listening and learning states ,the spanning

tree enters the forward state immediately and ensure this.

SW1

interface fa0/3



!

interface fa0/4



!

interface fa0/5



!

interface fa0/10


!

interface vlan 13

ip address YY.YY.13.157 255.255.255.224

no shutdown

!

interface vlan 15

ip address YY.YY.13.189 255.255.255.224

no shutdown

SW3 ~ SW3

spanning-tree portfast default

spanning-tree portfast bpduguard default

errdisable recovery cause bpduguard

errdisable recovery interval 300



SW2

interface fa0/1



!

interface fa0/2


switchport trunk allowed vlan 22,24


!

interface fa0/3



!

interface fa0/4



!

interface fa0/5



!

interface fa0/10



!

interface vlan 4

ip address 150.2.YY.1 255.255.255.0

!

interface vlan 24

ip address YY.YY.13.125 255.255.255.224

no shutdown

SW3

interface fa0/10



SW4

interface vlan 46

ip address YY.YY.13.61 255.255.255.224

no shutdown

!



interface vlan 47

ip address YY.YY.13.93 255.255.255.224

no shutdown

R2

interface fa0/1

no shutdown

!

interface fa0/1.24

encapsulation dot1q 24

ip address YY.YY.13.124 255.255.255.224

!

interface fa0/1.26

encapsulation dot1q 26

ip address YY.YY.13.29 255.255.255.224

R3

interface fa0/0

ip address 150.3.YY.1 255.255.255.0

no shutdown

R5

interface fa0/0

ip address 150.1.YY.1 255.255.255.0

no shutdown

!

2.3 Frame Relay Configuration

Consider the points to configure R1 and R2 for frame relay and R4 as the frame relay switch Use

auto-sensing on R1 & R2 and ANSI LMI on Frame Relay switch Avoid any static Inverse Address

Resolutions Protocol or Frame Relay maps. For encapsulation use RFC1490/RFC2427

The below table should used for data-link connection identifier(DLCI)

assignments.

Frame Relay DLCI details

R1 Frame Relay interface 101

R2 Frame Relay interface 201

R1


encapsulation frame-relay IETF

no fram-relay inverse-arp

no shutdown



ip address YY.YY.13.237 255.255.255.252

frame-relay map ip YY.YY.13.236 100 broadcast

frame-relay map ip YY.YY.15.242 100

clock rate 256000

no shutdown

!

interface serial 0/0/0/101

point-to-point

ip address YY.YY.13.237 255.255.255.252

!

R2


encapsularion frame-relay IETF

no fram-relay inverse-arp

no shutdown

!

interface serial 0/0/0/201

point-to-point

ip address YY.YY.13.236 255.255.255.252

R4

frame-relay switching

!


encapsularion frame-relay

clock rate 256000

frame-relay lmi-type ansi

frame-relay intf-type dce

frame-relay route 101

interface serial 0/1/0 201

no shutdown

!


encapsulation frame-relay

clock rate 256000

frame-relay lmi-type ansi

frame-relay intf-type dce

frame-relay route 201

interface serial 0/0/0 101

no shutdown



2.4 Backbones Traffic

Your network should be protected from broadband storm by configuring traffic control on three

backbone links. This should be effective where broadcast traffic is 50% available bandwidth.

During this time the port should remain functioning . Answer:

SW1 ~ SW3

interface Fa0/10

strom-control broadcast level 50

2.5 Manipulation Trunking

Dual trunk port should be configured between Sw1, Sw2, Sw3 and Sw4 according to below needs.

For each switch on the six distribution ports DTP should be disabled. Allow the particular VLANs

5, 13, 15, 46, 47 only can receive and send traffic on these interfaces in tagged format to be set

SW1/SW2/SW3/SW4:

interface FastEthernet0/19


switchport trunk allowed vlan 3,11,13,44,45


switchport nonegotiate






















Notes:

After completion of configuration,please checking client is synchronized with the server,and

you can find vlan has been configed

Use command: do show inter trunk, checking vlan relay is correct and checking f0/19 -24

OSPF:

R3:

Interface 10

Ip address 11.11.3.3 255.255.255.255

router ospf 11







State is UP

SECTION 2 : Network Layer ( L3 Technologies)

2.1 Implement IPV4 OSPF

Configure open shortest path first ( OSPF)

Updates should be advertised only out of the interfaces that are indicated in the IGP

topology diagram

Don’t manually change the router ID

Don’t create additional ospf areas

Configure ospf area 2 such that there are no TYPE5 Advertisements (LSA) in the area, R1

should generate a default route.

Configure OSPF over frame relay between R1 and R2 choosing a network type that requires

designate router(DR) and backup designate router(BDR) negotiations and has the fatest

recover times

R1:

interface Serial0/0.12 point-to-point

ip ospf network broadcast

ip ospf dead-interval minimal hello-multiplier 5

router ospf 5

area 2 nssa default-information-originate

network 11.11.15.161 0.0.0.0 area 0

network 11.11.15.242 0.0.0.0 area 2



network 11.11.15.193 0.0.0.0 area 0

SW1:

Ip routing

Interface 10

Ip address 11.11.7.7 255.255.255.255

router ospf 11

network 11.11.7.7 0.0.0.0 area 0

network 11.11.15.162 0.0.0.0 area 0

network 11.11.15.194 0.0.0.0 area 0

R1

interface 10

Ip address 11.11.11.11 255.255.255.255

router ospf11

network 11.11.15.161 0.0.0.0 area 0

network 11.11.15.242 0.0.0.0 area 2

area 2 nssa

int s0/0.1



R2

int l0

ip add 11.11.2.2 255.255.255.255

router ospf 11

network 11.11.15.241 0.0.0.0 area 2

network 11.11.15.129 0.0.0.0 area 2

network 11.11.2.2 0.0.0.0 area 2

area 2 nssa

int s0/0.2



SW2:

Ip routing

Interface loopback0

ip add 11.11.8.8 255.255.255.255

router ospf 11

area 2 nssa

network 11.11.8.8 0.0.0.0 area 2

network 11.11.15.111 0.0.0.0 area 2

area 2 nssa



Notes: All loopback address has been configured in real lab exam

2.2 Implement IPV4 EIGRP

Configure EIGRP 100 and EIGRP YY per the IGP topology diagram

Eigrp updates should be advertise only out to the interface per the IGP topology diagram

On R1 , redistribute between ospf and eigrp YY. However all of the routes that are indicated below

from backone3 (EIGRP100) should not be redistributed between both protocols

Use route maps to accomplish this requirement. All route-maps should utilize the same access

lists

On R3, redistrubte from EIGRP 100 into OSPF

On R3, redistribute from EIGRP 100 into eigrp YY. However three networks 198.2.1.0/24,

198.2.3.0/24, 198.2.5.0/24 should be aggregated into a single address with the most specific mask

possible

eigrp 11: R1:

interface s0/1

router eigrp 11

network 11.11.1.1 0.0.0.0

network 11.11.15.249 0.0.0.0

no auto-summary

R3:

interface s0/1

router eigrp 11

network 11.11.15.245 0.0.0.0

network 11.11.3.3 0.0.0.0

no auto-summary

R5:

Interface loopback0

ip add 11.11.11.11 255.255.255.255 router eigrp 11

no auto-summary

network 11.11.11.11 0.0.0.0

network 11.11.15.97 0.0.0.0

network 11.11.15.246 0.0.0.0

network 11.11.15.250 0.0.0.0

SW4:

Ip routing



Interface loopback0

ip add 11.11.10.10 255.255.255.255

router eigrp 11

no auto-summary

network 11.11.10.10 0.0.0.0

network 11.11.15.98 0.0.0.0

EIGRP 100

R3:

router eigrp 100

network 150.3.11.1 0.0.0.0

no auto-summary

Redistribution ：

router eigrp 11

Redistribution eigrp 100 metric 10000 100 255 1 1500

int s0/0

ip summay eigrp 11 198.2.0.0 255.255.248.0

router ospf 11

redistribute eigrp 100 metric-type 1 subnets

R1:

ip access-list extra 127

permit ip host 198.1.1.4 host 255.255.255.252










route-map filter deny 10

match ip add 127

route-map filter per 20

router ospf 11

redistribute eigrp 11 metric 50 metric-t 1 s route-map filter

area 2 nssa default-information-originate

router eigrp 11

redistribute ospf 11 metric 10000 100 255 1 1500 route-map filter

2.3 Implement RIP Version 2



Configure RIP version 2 (RIP V2) per the IGP topology diagram

RIP updates should be advertise only out the interface per the IGP topology diagram

All rip updates should be unicast

All rip updates must be able to receive and process RIPV1 packets

Mutually resditribute between RIP and ospf on R2 and sw4, R4 learned routes should be preferred

EIGRP

R2:

interface Ethernet0/1.24

ip rip receive version 1 2

router rip

version 2

no auto-summary

network 11.0.0.0

passive-interface default

neighbor 11.11.15.33

R4:

interface loopback0

ip add 11.11.4.4 255.255.255.255

router rip

version 2

no auto-summary

network 11.0.0.0

passive-interface default



int e0/1


int e0/0


Mutually redistribute between Rip and ospf YY on R2 Mutually redistribute between Rip and

EIGRP YY on SW4 ，EIGRP learned routes preferred over ospf within RIP area

R2:

router ospf 11

redistribute eigrp 11 metric 50 metric-t 1 s route-map filter

ip prefix-list nssa per 0.0.0.0/0

route-map filter deny 10

match ip add filter nssa

route-map filter per 20

access-list 10 deny 11.11.2.2


R2-s0/0.Z and R1-s0/0.Z FC01:DB8:74:A::/64 eui-64

R1-G0/1 and SW1 –SVI 11 FC01:DB8:74:B::/64 eui-64

Configure ospfv3 per the IPV6 topology Ensure that R4 can ping sw1 using IPV6

R4:

Ipv6 unicast-routing

ipv6 router ospf 11

router-id 11.11.4.4

interface Ethernet0/1

ipv6 address FC01:DB8:74:9::/64 eui-64


access-list 10 per any

router rip

redi ospf 11 metric 3 route-map filter

offset-list 10 out 3 e0/1.24

access-list 20 per 11.11.4.4



router ospf 11

distance 125 11.11.1.1 0.0.0.0 20

SW4:




access-list 10 per any

router rip

redi ospf 11 metric 2

distance 175 11.11.15.65 0.0.0.0 10

ip prefix-list rip per 11.11.2.2/32




route-map perrip permit 10

match ip add prefix rip

router eigrp 11

redi rip metric 10000 100 255 1 1500 route-map perrip

3.4 Implement IPV6

Internte protocol version 6 ( IPV6) to configure IPV6 unique local unicast address using the eui-64

interface identifier

R4-G0/1 and R2-G0/1.Z(vlan 24) FC01:DB8:74:9::/64 eui-64



ipv6 ospf 11 area 0

R2:


ipv6 router ospf 11

router-id 11.11.2.2

interface Ethernet 0/1.24

ipv6 address FC01:DB8:74:9::/64 eui-64

ipv6 ospf 11 area 0

interface serial0/0.2

ipv6 address FC01:DB8:74:b::/64 eui-64

ipv6 ospf 11 area 1

R1:


ipv6 router ospf 11

router-id 11.11.1.1


ipv6 address FC01:DB8:74:a::/64 eui-64

ipv6 ospf 11 area 0

SW1:

Sdm prefer dual-ipv4-and-ipv6 default


ipv6 router ospf 11

router-id 11.11.7.7

interface vlan 11

ipv6 address FC01:DB8:74:a::/64 eui-64

ipv6 ospf 11 area 1

3.5 Implement IPV4 BGP

Refer to the BGP routing diagram ，configure BGP with these parameters：

Configure two bgp confederations R1 R3 R5 and SW4（ASYY1）and R2 and SW2（ASYY2）

The confederation peers should neighbor between R1 and R2 and between SW4 and R2

EBGP ：SW2 EBGP peer with the router 150.2.YY.254 on backone 2 in AS 254 .This router

advertise five routes with format 197.68.X.0/24 and AS path 254

EBGP:R5 EBGP peer with the router 150.2.YY.254 on backone 1 in AS 254 , This router advertise

five routes with format 197.68.X.0/24 and AS path 254 253

The BGP devices should all prefer the path through R5 (150.1.YY.254) for network

197.68.21.0/24 and 197.68.22.0/24 .The internal board gateway protocol (IBGP) devices should



all prefer the path through SW2（150.2.YY.254）for network 197.68.1.0/24 197.68.4.0/24 and

197.68.5.0/24 .This manipulationshould be accomplished only on one router suing

route-map that refer to a single access-list

Configure only the loopback0 ip address to propagate BGP route information

R1:

router bgp 111

bgp router-id 11.11.1.1


bgp confederation identifier 11

bgp confederation peers 112


neighbor 11.11.2.2 update-source Loopback0


neighbor 11.11.1.1 ebgp-multihop 255



no auto-summary

R3:

router bgp 11

no synchronization




no auto-summary

sw4:

router bgp 11


bgp confederation identifier11



eighbor 11.11.2.2 ebgp-multihop 10


no auto-summary

R5:

router bgp 11

no synchronization




neighbor ibgp peer-group

neighbor ibgp remote-as 111



neighbor ibgp Loopback0

neighbor as52 route-reflector-client

neighbor as52 next-hop-self

neighbor 11.11.1.1 peer-group ibgp



neighbor 150.111.254 remote-as ibgp

neighbor 150.1.11.254 route-map loc in

no auto-summary

ip access-list extra 127



route-map loc permit 10

match ip address 127

set local-preference 200

SW2:

router bgp 112

no synchronization





neighbor 11.11.2.2 next-hop-self


no auto-summary

R2:

router bgp112

no synchronization





neighbor ebgp peer-grup

neighbor ebgp remote-as 111

neighbor ebgp update-source Loopback0

eighbor 11.11.2.2 ebgp-multihop 10

no auto-summary

neighbor 11.11.1.1 peer-group ebgp

neighbor 11.11.10.10 peer-group ebgp



neighbor 11.11.8.8 r remote-as 112

neighbor ebgp update-source Loopback0

SECTION 3 : Services

4.1 secure HTTP access

Enable secure HTTP access for R5 , Enalbe authentication using the list “HTTP”

which utilizes local user authentication . Configure two different users for access to

R5 ,the user cisco (password cisco) ,who only has privilege 1 access to R5 ; and the

user ADMIN(password CISCO) who has privilege 15 access to R5 .

Dno’t change console and vty password

NO ip http server

ip http secure-server

aaa authentication login default line

aaa authentication login HTTP local none

aaa authorization exec HTTP local

ip http authentication aaa login-authentication HTTP

ip http authentication aaa exec-authorization HTTP

username ADMIN privilege 15 pass ADMIN

username cisco privilege 1 pass cisco

4.2 secure the WAN PPP LINKS

Configure challenge handshake atuthentication protocol(CHAP)on R5 for the link to R1 and R3,

according to the following requirements

An authentication, authorization, and according (AAA) list named R1 and R3 for R1 and R3

respectively

Authentication for R1 should first try the radius server 198.2.3.128 using a key of cisco and fall

back to local login in the event of a failure to connect to the radius server

R1 should present itself to R5 as RACKYYR1 with a shared password cisco,

Authentication for R3 should first try the TACAS server 198.2.3.129 using a key of cisco and fall

back to local login in the event of a failure to connect to the TACAS server

R3 should present itself to R5 as BACKUP with a shared password of CISCO

R5:

aaa new-model

aaa authentication ppp R1 group radius local-case

aaa authentication ppp R3 group tacacs+ local-case

username RackYYR1 password cisco

username BACKUP password CISCO



radius-server host 198.2.5.128 key cisco

tacacs-server host 198.2.5.129 key cisco

interface s0/0

ppp authentication chap R1

interface s0/1

ppp authentication chap R3

R1:

interface s0/0

ppp chap hostname RackYYR1

ppp chap password cisco

R3:

interface s0/1

ppp chap hostname BACKUP

ppp chap password CISCO

4.3 MQC-Based FRTS

Configure parent class-default committed information (CIR ) as 64KB (when no backward explicit

congestion notification are present and 32KB.

• Differentiate between voice & data packet

• Guaranteed bandwidth 40% voice

• Guaranteed bandwidth 35% data

• Voice packets are marked EF

• Class 1 and 2 ( E11or E12) enable CBWFQ for SUB class-default

R2：

class-map match-all D1

match ip dscp af11

class-map match-all D2

match ip dscp af21

class-map match-all D

match class-map D1

match class-map D2

class-map match-all VOICE

match ip precedence 5

match ip dscp ef

policy-map CBWFQ

class D

bandwidth percent 35

class VOICE

bandwidth percent 40



class class-default

fair-queue

!

map-class frame-relay FRTS

frame-relay cir 64000

frame-relay mincir 32000

frame-relay adaptive-shaping becn

service-policy output CBWFQ

Interface s0/0

Frame-relay traffic-shaping

Interface s0/0.2

fram int 200

class FRTS

4.4 AutoQOS over PPP

To 4.3 continue to address voip quality of service (QOS) by configuring cisco autoQOS over PPP

link between R1 and R5

R1:

Interface s0/0/1

auto discovery qos

auto qos voip

R5:

Interface s0/0

auto discovery qos

auto qos voip

4.5 First Hop Redundancy

To facilitate load balancing and backup for hosts off of VLAN_H, configure GLBP on VLAN_H, Use

any group number. R4 should have the higher priority with the ability for R2 to assume control if

the priority of R4 decreases. Use MD5 authentication to protect the GLBP group. Use the

key-string 'cisco'. Configure the IP yy.yy.35.35 as your GLBP virtual address.

R2:

interface Ethernet0/0.24

glbp 1 ip 11.11.15.35

glbp 1 preempt



glbp 1 authentication md5 key-string cisco

R4:


glbp 1 ip 11.11.35.35

glbp 1 priority 105

glbp 1 preempt

glbp 1 authentication md5 key-string cisco

4.6 polled and broadcast NTP

Enable network time protocol (NTP) on R2,R3 and R4 according to the following requirement

R2 should act as an NTP server to R3

R4 should provide broadcast NTP updates only to VLAN_H

The hardware clocks on R2,R3 and R4 should be updated by the sofeware clock

R4 should use loopback 0 as the source address

Absent an external time server, R4 should use its own system clock to synchronize R2 and R3

Set the clock on R4 as 8:00 am (08:00),January 1 2000

Ultimately, the clocks on R2,R3 and R4 should be in synchronized

R4:

Clock set 8:00:00 1 jan 2000

Conf t

ntp master 3

ntp source loopback 0

ntp update-calendar

interface e0/1

ntp broadcast

R2:

ntp server 11.11.4.4

ntp update-calendar

interface e0/1.24

ntp broadcast client

R3:

ntp server 11.11.2.2

ntp update-calendar

4.7 SYSLOG

Configure SYSLOG on R3 to according to the following requirement

Enable SYSLOG on R3 to log emergencies , alarms and critical to host 150.3.YY.10 with facility 6


Notes:

Need to explain here, the normal 128-mask can not be configured, because we have been to find,

we use minimum with 127- mask, and we got a perfect score

R1:

ipv6 cef

ipv6 multicast-routing

ipv6 pim rp-address name multicast

ipv6 access-list multicast

permit ipv6 host FF08::4000:4000/127

R2:

ipv6 cef



R3 should use Loopback0 address

Answer:

R3

logging on

logging host 150.3.YY.10

logging trap critical logging facility local6

logging source-interface loopback 0

SECTION 4 : IP Multicast

4.1 PIM Spares Mode for IPv6 Multicast

implement PIM spares mode for IPV6 multicast

Enable pim sparse mode ( pim-sm) on the lan between R4-fa0/1 and R2-Gi0/1, R1 G0/1 and SW1

Svi, and on the WAN link between R2 and R1, Using these criteria

Configure R4-fa0/1 to be the redezvous point (RP) for the FF08::4000:4000 multicast group no

other groups should be permited






R4:

ipv6 cef





SW1:

ipv6 mld snooping

5.2 multicast joins

Configure R2 s0/0/0.Z as an ipv6 receiver for the multicast group FF08::4000:4000

R2 should be able to ping the multicast group FF08::4000:4000

R2:

Interface s0/0/0.Z

ipv6 mld join-group FF08::4000:4000

Section V. optimize the network

5.1 Netflow data export

Configure netflow on R4 to according to the following requirement

source should be VLAN_H

Export all data to 198.2.5.10

Use UDP port 9991 for exporting

Use netflow version 9 only

R4:

ip flow-export source loopback 0


Exit criteria are optional. If exit criteria are not specified, event monitoring will be reenabled


ip flow-export destination 198.2.5.10 9991

ip flow-export version 9

ip multicast netflow rpf

ip multicast netflow out

interface e0/0

ip flow ingress

ip flow egress

5.2 Embedded event manager monitor of cpu

Configure three different event manager applets on R3 acconding to the following requirements:

If the 5 min CPU value(cpmCPUTotal5minRev) goes above 60 percent, the first 10 lines of the

show processes cpu command output should be emailed to [email protected] from

[email protected] with a subject of "CPUAlert5min" using the mail server 198.2.5.10 Polling

should be every 60 seconds

R3

snmp-server community XXX ro

//[no] snmp-server community string [view view-name] [ro | rw][access-list number]

event manger applet CPU

event snmp oid 1.3.6.1.4.1.9.9.109.1.1.1.1.8 get-type exact entry-op ge entry-val 60

poll-interval 60

monitoring is not reenabled until the criteria are met.

act 1.0 cli command enable

act 2.0 cli command "show process cpu | include CPU|PID|^_ [1-9]|^_10"

act 3.0 mail server 198.2.5.10 to [email protected] from [email protected] subject

CPUAlert5min body $_cli_result

5.3 TFTP SERVER

Configure R3 as a TFTP server with the following requirements

R4 should be able to copy the file TEST from the flash memory of R3

No other files should be aviable from R3

No other devices should be able to copy the files TEST from R3

Note: You do not need to create the TEST file on R3 or attempt to make a actual copy

R3:

Access-list 4 permit 11.11.4.4



immediately. If exit criteria are specified—on the basis of values or time periods—event



tftp-server flash:TEST 4

ccie r&s lab_k3

Technology

132yyr2 yy

232yyr3 yy

332yyr4 yy

432yyr5 yy

interface fa01ip address

interface fa00ip address

forexample yy value

interface serial