ccie r&s v5 lab version 1.2 updated on 15th jan,2016 · the workbook is to provide more...

145
CCIE R&S v5 Lab version 1.2 Updated on 15 th Jan,2016 [email protected] All Right Reserved Page 1

Upload: others

Post on 23-Mar-2020

25 views

Category:

Documents


4 download

TRANSCRIPT

Page 1: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 1

Page 2: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 2

Disclaimer : CCCIE RSv5 lab Exam Workbook is designed to provide extensive

practical information to help candidates in the preparation for CISCO Systems CCIE RSv5 Lab Exam. We do not take liability or responsibility to any person or entity with respect to loss or damage caused by the information presented in the workbook Cisco, Cisco Systems,and CCIE (Cisco Certified Internetwork Expert) are registered trademarks of Cisco Systems, Inc.And of its affiliates in the USA and other countries . The information presented in the workbook is not necessarily related to Cisco Systems, Inc. This workbook is not affiliated, endorsed or sponsored by Cisco Systems, Inc.This workbook provides detailed and comprehensive practical examples for the preparation of CCIE RSv5 labs but cannot be used as a replacement of other supplementary books or prescribed materials. Purpose of the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual candidates who have purchased it with non-disclosure agreement. Imitation, copying, editing or posting contents of the workbook over the internet is part of copyright and non-disclosure agreement violation.

Page 3: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 3

Page 4: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 4

Configure the ACME Headquarters network (AS 12345) & New York Office (34567) as per the following requirements.

1. The VTP domain must be set to CCIE 2. Use VTP version 2 3. SW1 and SW2 must be in Transparent mode. 4. SW3 must be the VTP Server and SW4 must be the VTP client 5. Secure all VTP updates with an MD5 digest of the ASCII string "CCIErocks?” 6. SW3 & SW4 must not advertise their VLAN configuration but must forward VTP advertisement

that they receive out on their trunk ports. 7. In order to avoid as much as possible unknown unicast flooding in all vlans the administrator

requires that any dynamic entries learned by other SW1 and SW2 must be retained for 3 hours before being refreshed.

8. In order to avoid as much as possible unknown unicast flooding in all vlans the administrator requires that any dynamic entries learned by other SW3 and SW4 must be retained for 3 hours before being refreshed.

Page 5: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 5

Solution :-

SW1 ------ Configuration

SW1(config)#vtp domain CCIE SW1(config)#vtp version 2 SW1(config)#vtp mode transparent SW1(config)#vtp password CCIErock? ------------------> Note CCIErock? is without quotes SW1(config)#mac address-table aging-time 10800 ------------------> 10800 seconds = 3 hours

SW2 ------ Configuration

SW2(config)#vtp domain CCIE SW2(config)#vtp version 2 SW2(config)#vtp mode transparent SW2(config)#vtp password CCIErock? ------------------> Note CCIErock? is without quotes SW2(config)#mac address-table aging-time 10800 ------------------> 10800 seconds = 3 hours

SW3 ------ Configuration

SW3(config)#vtp domain CCIE SW3(config)#vtp version 2 SW3(config)#vtp mode server SW3(config)#vtp password CCIErock? ------------------> Note CCIErock? is without quotes SW3(config)#mac address-table aging-time 10800 ------------------> 10800 seconds = 3 hours

SW4 ------ Configuration

SW4(config)#vtp domain CCIE SW4(config)#vtp version 2 SW4(config)#vtp password CCIErock? ------------------> Note CCIErock? is without quotes SW4(config)#vtp mode client SW4(config)#mac address-table aging-time 10800 ------------------> 10800 seconds = 3 hours

Page 6: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 6

Verification :-

On SW1

On SW2

Page 7: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 7

On SW3

On SW4

Page 8: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 8

NOTE :- To insert question mark in password follow below steps.

i) Press Escape + Q , release , then shift + ? OR ii) Press CTRL + V , release , then shift + ?

Page 9: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 9

Configure All Switch Ports as per the following requirements :-

1. Complete the configuration of all vlans so that all routers that are located in ACME's headquarters (AS12345) and New York office (AS 34567) can ping their directly connected neighbors.

2. All four switches (SW1-SW4) must have four dot1q trunks that do not rely on negotiation DO NOT configure any ether channel

3. Ensure that the following unused ports on all four switches are shutdown and configured as access ports in vlan 999

E3/0 - E3/3 are unused on SW1 and SW2 E1/0 - E1/3 are unused on SW3 and SW4 E3/0 - E3/3 are unused on SW3 and SW4

Solution :-

SW1 ------ Configuration SW1(config)#vlan 14 SW1(config-vlan)#exit SW1(config)#vlan 15 SW1(config-vlan)#exit SW1(config)#vlan 23 SW1(config-vlan)#exit SW1(config)#vlan 24 SW1(config-vlan)#exit SW1(config)#vlan 35 SW1(config-vlan)#exit SW1(config)#vlan 46 SW1(config-vlan)#exit SW1(config)#vlan 57 SW1(config-vlan)#exit SW1(config)#vlan 67 SW1(config-vlan)#exit SW1(config)#vlan 999 SW1(config-vlan)#exit SW1(config)#

Page 10: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 10

SW1(config)#interface range ethernet 2/0 – 3 SW1(config-if-range)#switchport trunk encapsulation dot1q SW1(config-if-range)#switchport mode trunk SW1(config-if-range)#switchport nonegotiate SW1(config-if-range)#exit SW1(config)# SW1(config)#interface range ethernet 3/0 – 3 SW1(config-if-range)#switchport mode access SW1(config-if-range)#switchport access vlan 999 SW1(config-if-range)#shutdown SW1(config-if-range)#exit SW1(config)#exit SW1(config)# SW1(config)# interface ethernet 0/0 SW1(config-if)#switchport mode access SW1(config-if)#switchport access vlan 14 SW1(config-if)#no shutdown SW1(config-if)#exit SW1(config)# SW1(config)#interface ethernet 0/1 SW1(config-if)#switchport mode access SW1(config-if)#switchport access vlan 23 SW1(config-if)#no shutdown SW1(config-if)#exit SW1(config)# SW1(config)#interface ethernet 0/2 SW1(config-if)#switchport mode access SW1(config-if)#switchport access vlan 23 SW1(config-if)#no shutdown SW1(config-if)#exit SW1(config)# SW1(config)#interface ethernet 0/3 SW1(config-if)#switchport mode access SW1(config-if)#switchport access vlan 24 SW1(config-if)#no shutdown SW1(config-if)#exit SW1(config)#

Page 11: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 11

SW1(config)#interface ethernet 1/0 SW1(config-if)#switchport mode access SW1(config-if)#switchport access vlan 14 SW1(config-if)#no shutdown SW1(config-if)#exit SW1(config)# SW1(config)#interface ethernet 1/1 SW1(config-if)#switchport mode access SW1(config-if)#switchport access vlan 15 SW1(config-if)#no shutdown SW1(config-if)#exit SW1(config)# SW1(config)#interface ethernet 1/2 SW1(config-if)#switchport mode access SW1(config-if)#switchport access vlan 67 SW1(config-if)#no shutdown SW1(config-if)#exit SW1(config)# SW1(config)#interface ethernet 1/3 SW1(config-if)#switchport mode access SW1(config-if)#switchport access vlan 67 SW1(config-if)#no shutdown SW1(config-if)#exit SW1(config)#

SW2 ------ Configuration SW2(config)#vlan 14 SW2(config-vlan)#exit SW2(config)#vlan 15 SW2(config-vlan)#exit SW2(config)#vlan 23 SW2(config-vlan)#exit SW2(config)#vlan 24 SW2(config-vlan)#exit SW2(config)#vlan 35 SW2(config-vlan)#exit SW2(config)#vlan 46 SW2(config-vlan)#exit SW2(config)#vlan 57 SW2(config-vlan)#exit SW2(config)#vlan 67 SW2(config-vlan)#exit

Page 12: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 12

SW2(config)#vlan 999 SW2(config-vlan)#exit SW2(config)# SW2(config)#interface range ethernet 2/0 – 3 SW2(config-if-range)#switchport trunk encapsulation dot1q SW2(config-if-range)#switchport mode trunk SW2(config-if-range)#switchport nonegotiate SW2(config-if-range)#exit SW2(config)# SW2(config)#interface range ethernet 3/0 – 3 SW2(config-if-range)#switchport mode access SW2(config-if-range)#switchport access vlan 999 SW2(config-if-range)#shutdown SW2(config-if-range)#exit SW2(config)#exit SW2(config)# SW2(config)#interface ethernet 0/0 SW2(config-if)#switchport mode access SW2(config-if)#switchport access vlan 15 SW2(config-if)#no shutdown SW2(config-if)#exit SW2(config)#

SW2(config)#interface ethernet 0/1 SW2(config-if)#switchport mode access SW2(config-if)#switchport access vlan 24 SW2(config-if)#no shutdown SW2(config-if)#exit SW2(config)# SW2(config)#interface ethernet 0/2 SW2(config-if)#switchport mode access SW2(config-if)#switchport access vlan 35 SW2(config-if)#no shutdown SW2(config-if)#exit SW2(config)# SW2(config)#interface ethernet 0/3 SW2(config-if)#switchport mode access SW2(config-if)#switchport access vlan 46 SW2(config-if)#no shutdown SW2(config-if)#exit SW2(config)#

Page 13: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 13

SW2(config)#interface ethernet 1/0 SW2(config-if)#switchport mode access SW2(config-if)#switchport access vlan 57 SW2(config-if)#no shutdown SW2(config-if)#exit SW2(config)# SW2(config)#interface ethernet 1/1 SW2(config-if)#switchport mode access SW2(config-if)#switchport access vlan 35 SW2(config-if)#no shutdown SW2(config-if)#exit SW2(config)# SW2(config)#interface ethernet 1/2 SW2(config-if)#switchport mode access SW2(config-if)#switchport access vlan 46 SW2(config-if)#no shutdown SW2(config-if)#exit SW2(config)# SW2(config)#interface ethernet 1/3 SW2(config-if)#switchport mode access SW2(config-if)#switchport access vlan 57 SW2(config-if)#no shutdown SW2(config-if)#exit SW2(config)#

SW3 ------ Configuration SW3(config)#vlan 34 SW3(config-vlan)#exit SW3(config)#vlan 38 SW3(config-vlan)#exit SW3(config)#vlan 49 SW3(config-vlan)#exit SW3(config)#vlan 89 SW3(config-vlan)#exit SW3(config)#vlan 111 SW3(config-vlan)#exit SW3(config)#vlan 310 SW3(config-vlan)#exit SW3(config)#vlan 411 SW3(config-vlan)#exit

Page 14: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 14

SW3(config)#vlan 999 SW3(config-vlan)#exit SW3(config)# SW3(config)#interface range ethernet 2/0 – 3 SW3(config-if-range)#switchport trunk encapsulation dot1q SW3(config-if-range)#switchport mode trunk SW3(config-if-range)#switchport nonegotiate SW3(config-if-range)#exit SW3(config)# SW3(config)#interface range ethernet 1/0 - 3 , ethernet 3/0 – 3 SW3(config-if-range)#switchport mode access SW3(config-if-range)#switchport access vlan 999 SW3(config-if-range)#shutdown SW3(config-if-range)#exit SW3(config)# SW3(config)#interface ethernet 0/0 SW3(config-if)#switchport mode access SW3(config-if)#switchport access vlan 38 SW3(config-if)#no shutdown SW3(config-if)#exit SW3(config)# SW3(config)#interface ethernet 0/1 SW3(config-if)#switchport mode access SW3(config-if)#switchport access vlan 89 SW3(config-if)#no shutdown SW3(config-if)#exit SW3(config)# SW3(config)#interface ethernet 0/2 SW3(config-if)#switchport mode access SW3(config-if)#switchport access vlan 310 SW3(config-if)#no shutdown SW3(config-if)#exit SW3(config)# SW3(config)#interface ethernet 0/3 SW3(config-if)#switchport mode access SW3(config-if)#switchport access vlan 111 SW3(config-if)#no shutdown SW3(config-if)#exit SW3(config)#

Page 15: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 15

SW4 ------ Configuration SW4(config)#vlan 34 SW4(config-vlan)#exit SW4(config)#vlan 38 SW4(config-vlan)#exit SW4(config)#vlan 49 SW4(config-vlan)#exit SW4(config)#vlan 89 SW4(config-vlan)#exit SW4(config)#vlan 111 SW4(config-vlan)#exit SW4(config)#vlan 310 SW4(config-vlan)#exit SW4(config)#vlan 411 SW4(config-vlan)#exit SW4(config)#vlan 999 SW4(config-vlan)#exit SW4(config)# SW4(config)#interface range ethernet 2/0 – 3 SW4(config-if-range)#switchport trunk encapsulation dot1q SW4(config-if-range)#switchport mode trunk SW4(config-if-range)#switchport nonegotiate SW4(config-if-range)#exit SW4(config)# SW4(config)# interface range ethernet 1/0 - 3 , ethernet 3/0 – 3 SW4(config-if-range)#switchport mode access SW4(config-if-range)#switchport access vlan 999 SW4(config-if-range)#shutdown SW4(config-if-range)#exit SW4(config)# SW4(config)# interface ethernet 0/0 SW4(config-if)#switchport mode access SW4(config-if)#switchport access vlan 89 SW4(config-if)#no shutdown SW4(config-if)#exit SW4(config)# SW4(config)#int ethernet 0/1 SW4(config-if)#switchport mode access SW4(config-if)#switchport access vlan 49 SW4(config-if)#no shutdown SW4(config-if)#exit SW4(config)#

Page 16: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 16

SW4(config)# interface ethernet 0/2 SW4(config-if)#switchport mode access SW4(config-if)#switchport access vlan 111 SW4(config-if)#no shutdown SW4(config-if)#exit SW4(config)# SW4(config)# interface ethernet 0/3 SW4(config-if)#switchport mode access SW4(config-if)#switchport access vlan 411 SW4(config-if)#no shutdown SW4(config-if)#exit SW4(config)#

Verification :-

On SW1

Page 17: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 17

Page 18: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 18

On SW2

Page 19: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 19

On SW3

Page 20: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 20

Page 21: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 21

On SW4

Page 22: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 22

NOTE :- Once Section 1.2 is completed , test all connectivity by pinging directly connected neighbors (Ping All Router in AS 12345 & AS 34567)

Page 23: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 23

Configure the ACME network as per the following requirements.

1. Spanning-tree Topology 1 :: All odd VLANS throughout your exam 2. Spanning-tree Topology 2 :: All even VLANS throughout your exam 3. Default Spanning-tree Topology :: All other VLANS 4. Ensure thet SW1 and SW3 are the root switch for instance 1 and the back-up root switch for

instance 2. 5. Ensure thet SW2 and SW4 are the root switch for instance 2 and the back-up root switch for

instance 1. 6. Explicitly configure the root and backup roles, assuming that other switches with default

configuration may eventually be added in the network in the future

7. All Switches must maintain one stp instance per vlan 8. All access ports must immediately transitioned to the forwarding state upon link up and they

must still participate in STP . Use single command per switch to enable this 9. Access ports must automatically shut down if they receive any BPDU and an administrator must

still manually re-enable the port. Use a single command per switch to enable this feature.

Solution :-

SW1 ------ Configuration SW1(config)#spanning-tree mode mst SW1(config)#spanning-tree mst configuration SW1(config-mst)#name CCIE SW1(config-mst)#revision 1 SW1(config-mst)#instance 1 vlan 1,15,23,35,57,67,999 SW1(config-mst)#instance 2 vlan 14,24,46 SW1(config-mst)#exit SW1(config)# SW1(config)#spanning-tree mst 1 root primary SW1(config)#spanning-tree mst 2 root secondary SW1(config)#spanning-tree portfast default SW1(config)#spanning-tree portfast bpduguard default SW1(config)#errdisable recovery cause bpduguard

Page 24: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 24

SW2 ------ Configuration SW2(config)#spanning-tree mode mst SW2(config)#spanning-tree mst configuration SW2(config-mst)#name CCIE SW2(config-mst)#revision 1 SW2(config-mst)#instance 1 vlan 1,15,23,35,57,67,999 SW2(config-mst)#instance 2 vlan 14,24,46 SW2(config-mst)#exit SW2(config)# SW2(config)#spanning-tree mst 2 root primary SW2(config)#spanning-tree mst 1 root secondary SW2(config)#spanning-tree portfast default SW2(config)#spanning-tree portfast bpduguard default SW2(config)#errdisable recovery cause bpduguard

SW3 ------ Configuration SW3(config)#spanning-tree mode mst SW3(config)#spanning-tree mst configuration SW3(config-mst)#name CCIE SW3(config-mst)#revision 1 SW3(config-mst)#instance 1 vlan 1,49,89,111,411,999 SW3(config-mst)#instance 2 vlan 34,38,310 SW3(config-mst)#exit SW3(config)# SW3(config)#spanning-tree mst 1 root primary SW3(config)#spanning-tree mst 2 root secondary SW3(config)#spanning-tree portfast default SW3(config)#spanning-tree portfast bpduguard default SW3(config)#errdisable recovery cause bpduguard

SW4 ------ Configuration SW4(config)#spanning-tree mode mst SW4(config)#spanning-tree mst configuration SW4(config-mst)#name CCIE SW4(config-mst)#revision 1 SW4(config-mst)#instance 1 vlan 1,49,89,111,411,999 SW4(config-mst)#instance 2 vlan 34,38,310

Page 25: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 25

SW4(config-mst)#exit SW4(config)# SW4(config)#spanning-tree mst 2 root primary SW4(config)#spanning-tree mst 1 root secondary SW4(config)#spanning-tree portfast default SW4(config)#spanning-tree portfast bpduguard default SW4(config)#errdisable recovery cause bpduguard

Verification :-

On SW1

Page 26: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 26

On SW2

On SW3

Page 27: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 27

On SW4

NOTE :- 1) When SW1 goes down , SW2 will become root switch for instance 1 2) When SW2 goes down , SW1 will become root switch for instance 2 3) When SW3 goes down , SW4 will become root switch for instance 1 4) When SW4 goes down , SW3 will become root switch for instance 2

Page 28: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 28

1. The WAN links must rely on a layer 2 protocol that supports link negotiation and authentication. 2. The Service provider expects both R18 and R19 to complete three way hand shake by providing

the expected response of a challenge that is sent by R63 3. R18 must use the username ACME-R18 and password CCIE 4. R19 must use the username ACME-R19 and password CCIE

Solution :-

R18 ------ Configuration R18(config)#interface serial 1/0 R18(config-if)#encapsulation ppp R18(config-if)#no peer neighbor-route R18(config-if)#ppp chap hostname ACME-R18 R18(config-if)#ppp chap password CCIE R18(config-if)#no shutdown R18(config-if)#exit R18(config)#

R19 ------ Configuration R19(config)#interface serial 1/0 R19(config-if)#encapsulation ppp R19(config-if)#no peer neighbor-route R19(config-if)#ppp chap hostname ACME-R19 R19(config-if)#ppp chap password CCIE R19(config-if)#no shutdown R19(config-if)#exit R19(config)#

Page 29: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 29

Verification :-

On R18

On R19

Page 30: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 30

Configure OSPFv2 area 0 in ACME HQ (AS12345) according to the following requirements

1. Configure the OSPF process id to 12345 and set the router id to interface loopback 0 on all seven routers

2. The interface loopback 0 at each router must be seen as an internal OSPF prefix by all other routers

3. Ensure that OSPF is not running on any interface that is facing another AS. Use any method to accomplish this requirement

4. SW 1 and SW2 must not participate in routing at all 5. Do not change the default OSPF cost of any interface in AS12345 6. Ensure that R1 act as a stub 7. R1 must see the following OSPF routes in the routing table as stub.

Page 31: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 31

Solution :-

R1 ------ Configuration R1(config)#router ospf 12345 R1(config-router)#router-id 123.1.1.1 R1(config-router)#network 123.10.1.1 0.0.0.0 area 0 R1(config-router)#network 123.10.1.5 0.0.0.0 area 0 R1(config-router)#network 123.1.1.1 0.0.0.0 area 0 R1(config-router)#max-metric router-lsa R1(config-router)#exit R1(config)#

R2 ------ Configuration R2(config)#router ospf 12345 R2(config-router)#router-id 123.2.2.2 R2(config-router)#network 123.10.1.9 0.0.0.0 area 0 R2(config-router)#network 123.10.1.17 0.0.0.0 area 0 R2(config-router)#network 123.2.2.2 0.0.0.0 area 0 R2(config-router)#exit R2(config)#

R3 ------ Configuration R3(config)#router ospf 12345 R3(config-router)#router-id 123.3.3.3 R3(config-router)#network 123.10.1.10 0.0.0.0 area 0 R3(config-router)#network 123.10.1.13 0.0.0.0 area 0 R3(config-router)#network 123.3.3.3 0.0.0.0 area 0 R3(config-router)#exit R3(config)#

R4 ------ Configuration R4(config)#router ospf 12345 R4(config-router)#router-id 123.4.4.4 R4(config-router)#network 123.10.1.2 0.0.0.0 area 0 R4(config-router)#network 123.10.1.21 0.0.0.0 area 0 R4(config-router)#network 123.10.1.18 0.0.0.0 area 0 R4(config-router)#network 123.4.4.4 0.0.0.0 area 0 R4(config-router)#exit R4(config)#

Page 32: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 32

R5 ------ Configuration R5(config)#router ospf 12345 R5(config-router)#router-id 123.5.5.5 R5(config-router)#network 123.10.1.6 0.0.0.0 area 0 R5(config-router)#network 123.10.1.14 0.0.0.0 area 0 R5(config-router)#network 123.10.1.29 0.0.0.0 area 0 R5(config-router)#network 123.5.5.5 0.0.0.0 area 0 R5(config-router)#exit R5(config)#

R6 ------ Configuration R6(config)#router ospf 12345 R6(config-router)#router-id 123.6.6.6 R6(config-router)#network 123.10.1.22 0.0.0.0 area 0 R6(config-router)#network 123.10.1.25 0.0.0.0 area 0 R6(config-router)#network 123.6.6.6 0.0.0.0 area 0 R6(config-router)#exit R6(config)#

R7 ------ Configuration R7(config)#router ospf 12345 R7(config-router)#router-id 123.7.7.7 R7(config-router)#network 123.10.1.30 0.0.0.0 area 0 R7(config-router)#network 123.10.1.26 0.0.0.0 area 0 R7(config-router)#network 123.7.7.7 0.0.0.0 area 0 R7(config-router)#exit R7(config)#

Page 33: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 33

Verification :-

On R1

Page 34: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 34

On R2

On R3

On R4

On R5

On R6

Page 35: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 35

On R7

Page 36: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 36

Configure EIGRP for ipv4 in the New York office (AS34567) according to the following requirements

1. The EIGRP Autonomous System is 34567 2. You are not allowed to use any virtual name 3. The interface loopback 0 on each router must be seen as an internal EIGRP prefix by all other

routers 4. Ensure the EIGRP is not running on any interface that is facing another AS. Use any method

to accomplish this requirement 5. Using a single command on one switch only ensure that R8 installs two equal-cost route for

the following three path

Vlan 411

Interface loopback0 at SW4

Interface loopback0 at R11

6. Using a single command on one switch only ensure that R9 installs two equal cost route for

the following three path

Vlan 310

Interface loopback0 at SW3

Interface loopback0 at R10

Solution :-

R8 ------ Configuration R8(config)#router eigrp 34567 R8(config-router)#network 123.10.2.1 0.0.0.0 R8(config-router)#network 123.10.2.5 0.0.0.0 R8(config-router)#network 123.8.8.8 0.0.0.0 R8(config-router)#no auto-summary R8(config-router)#exit R8(config)#

Page 37: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 37

R9 ------ Configuration R9(config)#router eigrp 34567 R9(config-router)#network 123.10.2.2 0.0.0.0 R9(config-router)#network 123.10.2.9 0.0.0.0 R9(config-router)#network 123.9.9.9 0.0.0.0 R9(config-router)#no auto-summary R9(config-router)#exit R9(config)#

R10 ------ Configuration R10(config)#router eigrp 34567 R10(config-router)#network 123.10.2.18 0.0.0.0 R10(config-router)#network 123.10.2.25 0.0.0.0 R10(config-router)#network 123.10.10.10 0.0.0.0 R10(config-router)#no auto-summary R10(config-router)#exit R10config)#

R11 ------ Configuration R11(config)#router eigrp 34567 R11(config-router)#network 123.10.2.22 0.0.0.0 R11(config-router)#network 123.11.11.11 0.0.0.0 R11(config-router)#network 123.10.2.26 0.0.0.0 R11(config-router)#no auto-summary R11(config-router)#exit R11(config)#

SW3 ------ Configuration SW3(config)#router eigrp 34567 SW3(config-router)#network 123.10.2.13 0.0.0.0 SW3(config-router)#network 123.10.2.6 0.0.0.0 SW3(config-router)#network 123.10.2.17 0.0.0.0 SW3(config-router)#network 123.33.33.33 0.0.0.0 SW3(config-router)#no auto-summary SW3(config-router)#exit SW3(config)# SW3(config)#interface vlan 34 SW3(config-if)#delay 100

Page 38: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 38

SW4 ------ Configuration SW4(config)#router eigrp 34567 SW4(config-router)#network 123.10.2.10 0.0.0.0 SW4(config-router)#network 123.10.2.14 0.0.0.0 SW4(config-router)#network 123.10.2.21 0.0.0.0 SW4(config-router)#network 123.44.44.44 0.0.0.0 SW4(config-router)#no auto-summary SW4(config-router)#exit SW4(config)# SW4(config)#interface vlan 34 SW4(config-if)#delay 100

Verification :-

On R8

Page 39: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 39

On R9

On R10

On R11

Page 40: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 40

On SW3

On SW4

Page 41: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 41

Configure EIGRP in AS 45678 according to the following requirements.

Configure EIGRP in AS 45678 according to the following requirements.

1. The EIGRP Autonomous System is 45678 2. Ensure that EIGRP use strongest authentication type 3. The interface loopback0 at each router must be seen as an internal EIGRP prefix by all other

routers 4. Ensure the EIGRP is not running on any interface that is facing another AS. Use any method to

accomplish this requirement . 5. SW5 and SW6 are layer 3 switches and must configure EIGRP 6. On all three routers R15, 16, 17 must use EIGRP with 64bit metric version 7. Do not change the interface bandwidth on any physical interface in AS 45678

Solution :-

R15 ------ Configuration R15(config)#key chain CCIE R15(config-keychain)#key 1 R15(config-keychain-key)#key-string cisco R15(config-keychain-key)#exit R15(config-keychain)#exit R15(config)# R15(config)#router eigrp CCIE R15(config-router)#address-family ipv4 unicast autonomous-system 45678 R15(config-router-af)#network 123.20.1.1 0.0.0.0 R15(config-router-af)#network 123.20.1.9 0.0.0.0 R15(config-router-af)#network 123.15.15.15 0.0.0.0 R15(config-router-af)# topology base R15(config-router-af-topology)#no auto-summary R15(config-router-af-topology)#exit-af-topology R15(config-router-af)#

Page 42: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 42

R15(config-router-af)#af-interface ethernet 0/1 R15(config-router-af-interface)#authentication mode hmac-sha-256 cisco R15(config-router-af-interface)#authentication key-chain CCIE R15(config-router-af-interface)#exit-af-interface R15(config-router-af)# R15(config-router-af)#af-interface ethernet 0/2 R15(config-router-af-interface)#authentication mode hmac-sha-256 cisco R15(config-router-af-interface)#authentication key-chain CCIE R15(config-router-af-interface)#exit-af-interface R15(config-router-af)#exit R15(config-router)#exit R15(config)#

R16 ------ Configuration R16(config)#key chain CCIE R16(config-keychain)#key 1 R16(config-keychain-key)#key-string cisco R16(config-keychain-key)#exit R16(config-keychain)#exit R16(config)# R16(config)#router eigrp CCIE R16(config-router)#address-family ipv4 unicast autonomous-system 45678 R16(config-router-af)#network 123.20.1.2 0.0.0.0 R16(config-router-af)#network 123.20.1.17 0.0.0.0 R16(config-router-af)#network 123.16.16.16 0.0.0.0 R16(config-router-af)# topology base R16(config-router-af-topology)#no auto-summary R16(config-router-af-topology)#exit-af-topology R16(config-router-af)# R16(config-router-af)#af-interface ethernet 0/1 R16(config-router-af-interface)#authentication mode hmac-sha-256 cisco R16(config-router-af-interface)#authentication key-chain CCIE R16(config-router-af-interface)#exit-af-interface R16(config-router-af)# R16(config-router-af)#af-interface ethernet 0/2 R16(config-router-af-interface)#authentication mode hmac-sha-256 cisco R16(config-router-af-interface)#authentication key-chain CCIE R16(config-router-af-interface)#exit-af-interface R16(config-router-af)#exit R16(config-router)#exit R16(config)#

Page 43: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 43

R17 ------ Configuration R17(config)#key chain CCIE R17(config-keychain)#key 1 R17(config-keychain-key)#key-string cisco R17(config-keychain-key)#exit R17(config-keychain)#exit R17(config)# R17(config)#router eigrp CCIE R17(config-router)#address-family ipv4 unicast autonomous-system 45678 R17(config-router-af)#network 123.20.1.10 0.0.0.0 R17(config-router-af)#network 123.20.1.18 0.0.0.0 R17(config-router-af)#network 123.17.17.17 0.0.0.0 R17(config-router-af)# topology base R17(config-router-af-topology)#no auto-summary R17(config-router-af-topology)#exit-af-topology R17(config-router-af)# R17(config-router-af)#af-interface ethernet 0/1 R17(config-router-af-interface)#authentication mode hmac-sha-256 cisco R17(config-router-af-interface)#authentication key-chain CCIE R17(config-router-af-interface)#exit-af-interface R17(config-router-af)# R17(config-router-af)#af-interface ethernet 0/2 R17(config-router-af-interface)#authentication mode hmac-sha-256 cisco R17(config-router-af-interface)#authentication key-chain CCIE R17(config-router-af-interface)#exit-af-interface R17(config-router-af)#exit R17(config-router)#exit R17(config)#

SW5 ------ Configuration SW5(config)#Vlan 5 SW5(config)#Vlan 55 SW5(config)#key chain CCIE SW5(config-keychain)#key 1 SW5(config-keychain-key)#key-string cisco SW5(config-keychain-key)#exit SW5(config-keychain)#exit SW5(config)#

Page 44: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 44

SW5(config)#router eigrp CCIE SW5(config-router)#address-family ipv4 unicast autonomous-system 45678 SW5(config-router-af)#network 123.20.1.3 0.0.0.0 SW5(config-router-af)#network 123.55.55.55 0.0.0.0 SW5(config-router-af)#topology base SW5(config-router-af-topology)#no auto-summary SW5(config-router-af-topology)#exit-af-topology SW5(config-router-af)# SW5(config-router-af)#af-interface vlan 55 SW5(config-router-af-interface)#authentication mode hmac-sha-256 cisco SW5(config-router-af-interface)#authentication key-chain CCIE SW5(config-router-af)#af-interface vlan 5 SW5(config-router-af-interface)#authentication mode hmac-sha-256 cisco SW5(config-router-af-interface)#authentication key-chain CCIE SW5(config-router-af-interface)# exit-af-interface SW5(config-router-af)#exit-address-family SW5(config-router)#exit SW5(config)#

SW6 ------ Configuration SW6(config)#Vlan 6 SW6(config)#Vlan 66 SW6(config)#key chain CCIE SW6(config-keychain)#key 1 SW6(config-keychain-key)#key-string cisco SW6(config-keychain-key)#exit SW6(config-keychain)#exit SW6(config)# SW6(config)#router eigrp CCIE SW6(config-router)#address-family ipv4 unicast autonomous-system 45678 SW6(config-router-af)#network 123.20.1.11 0.0.0.0 SW6(config-router-af)#network 123.66.66.66 0.0.0.0 SW6(config-router-af)#topology base SW6(config-router-af-topology)#no auto-summary SW6(config-router-af-topology)#exit-af-topology SW6(config-router-af)#

Page 45: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 45

SW6(config-router-af)#af-interface vlan 66 SW6(config-router-af-interface)#authentication mode hmac-sha-256 cisco SW6(config-router-af-interface)#authentication key-chain CCIE SW6(config-router-af)#af-interface vlan 6 SW6(config-router-af-interface)#authentication mode hmac-sha-256 cisco SW6(config-router-af-interface)#authentication key-chain CCIE SW6(config-router-af-interface)# exit-af-interface SW6(config-router-af)#exit-address-family SW6(config-router)#exit SW6(config)#

Verification :-

On R15

Page 46: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 46

On R16

Page 47: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 47

On R17

Page 48: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 48

On SW5

On SW6

Page 49: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 49

Page 50: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 50

Configure EIGRP in AS 65222 according to the following requirements.

1. The EIGRP Autonomous System is 45678 2. The interface loopback0 at each router must be seen as an internal EIGRP prefix by all other

routers 3. Ensure that EIGRP is not running on any interface that is facing another AS.Use any method to

accomplish this requirement 4. Ensure that R17 should be the DMVPN hub and R18, R19 should be as the spoke. Use the pre-

configured tunnel 0

Pre-configuration for tunnel 0 on each routers

On R17 Interface tunnel 0 no ip redirects Ip address 123.20.1.25 255.255.255.248 tunnel source ethernet 0/0 tunnel mode gre multipoint

On R18 Interface tunnel 0 no ip redirects Ip address 123.20.1.26 255.255.255.248 tunnel source Serial1/0 tunnel mode gre multipoint

On R19 Interface tunnel 0 no ip redirects Ip address 123.20.1.27 255.255.255.248 tunnel source Serial1/0 tunnel mode gre multipoint

Page 51: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 51

Solution :-

R17 ------ Configuration R17(config)#router eigrp CCIE R17(config-router)# address-family ipv4 unicast autonomous-system 45678 R17(config-router-af)# network 123.20.1.25 0.0.0.0 ------------------> tunnel 0 ip address R17(config-router-af)#exit R17(config)#

R18 ------ Configuration R18(config)#router eigrp 45678 R18(config-router)#network 10.1.18.1 0.0.0.0 ---------------------------> Connected PC ip address R18(config-router)#network 123.18.18.18 0.0.0.0 ---------------------------> Loopback 0 ip address R18(config-router)#network 123.20.1.26 0.0.0.0 ---------------------------> tunnel ip address R18(config-router)#eigrp stub connected R18(config-router)# no auto-summary R18(config-router)#exit R18(config)#

R19 ------ Configuration R19(config)#router eigrp45678 R19(config-router)#network 10.1.19.1 0.0.0.0 ---------------------------> Connected PC ip address R19(config-router)#network 123.20.1.27 0.0.0.0 ---------------------------> tunnel ip address R19(config-router)#network 123.19.19.19 0.0.0.0 ---------------------------> Loopback 0 ip address R19(config-router)#eigrp stub connected R19(config-router)# no auto-summary R19(config-router)#exit R19(config)#

Page 52: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 52

Verification :-

On R17

On R18

Page 53: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 53

On R19

Note : You will get the above result only after completing Section 3.3 (DMVPN task).

Page 54: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 54

BGP is partially pre-configured in ACME headquarters. Complete the configuration as required. Configure the IBGP in ACME’s headquarters (AS 12345) according to the following requirements.

1. R4 and R5 must not establish any BGP session at any time 2. All BGP routers must use their interface loopback0 as their BGP router-id 3. Disable the default ipv4 unicast address family for peering session establishment in all BGP

routers 4. R1 must be the ipv4 route-reflector for BGP AS 12345 5. R1 must use the peer-gorup named “IBGP” for all internal peerings

Configure EBGP between ACME's San Francisco and San Jose sites according to the following requirements

6. R20 is the CE router and uses EBGP to connect to the managed services that are provided by the PE routers R2 and R3

7. R20 must establish separate EBGP peering with both R2 and R3 for every VRF 8. R20 must advertise the following prefix to all of its BGP peers

123.0.0.0/8 summary-only

10.0.0.0/8 summary-only

9. R20 must advertise a default route to all of its BGP peer except to 10.120.99.1 and 10.120.99.5

Page 55: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 55

Solution :-

For IBGP

R1 ------ Configuration R1(config)#router bgp 12345 R1(config-router)#bgp router-id 123.1.1.1 R1(config-router)#no bgp default ipv4-unicast R1(config-router)#neighbor IBGP peer-group R1(config-router)#neighbor IBGP remote-as 12345 R1(config-router)#neighbor IBGP update-source loopback 0 R1(config-router)#neighbor 123.2.2.2 peer-group IBGP R1(config-router)#neighbor 123.3.3.3 peer-group IBGP R1(config-router)#neighbor 123.6.6.6 peer-group IBGP R1(config-router)#neighbor 123.7.7.7 peer-group IBGP R1(config-router)#address-family ipv4 R1(config-router-af)#neighbor IBGP route-reflector-client R1(config-router-af)#neighbor 123.2.2.2 activate R1(config-router-af)#neighbor 123.3.3.3 activate R1(config-router-af)#neighbor 123.6.6.6 activate R1(config-router-af)#neighbor 123.7.7.7 activate R1(config-router-af)#exit-address-family R1(config-router)#exit R1(config)#

R2 ------ Configuration R2(config)#router bgp 12345 R2(config-router)#bgp router-id 123.2.2.2 R2(config-router)#no bgp default ipv4-unicast R2(config-router)#neighbor 123.1.1.1 remote-as 12345 R2(config-router)#neighbor 123.1.1.1 update-source loopback 0 R2(config-router)#address-family ipv4 R2(config-router-af)#neighbor 123.1.1.1 activate R2(config-router-af)#exit-address-family R2(config-router)#exit R2(config)#

Page 56: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 56

R3 ------ Configuration R3(config)#router bgp 12345 R3(config-router)#bgp router-id 123.3.3.3 R3(config-router)#no bgp default ipv4-unicast R3(config-router)#neighbor 123.1.1.1 remote-as 12345 R3(config-router)#neighbor 123.1.1.1 update-source loopback 0 R3(config-router)#address-family ipv4 R3(config-router-af)#neighbor 123.1.1.1 activate R3(config-router-af)#exit-address-family R3(config-router)#exit R3(config)#

R6 ------ Configuration R6(config)#router bgp 12345 R6(config-router)#bgp router-id 123.6.6.6 R6(config-router)#no bgp default ipv4-unicast R6(config-router)#neighbor 123.1.1.1 remote-as 12345 R6(config-router)#neighbor 123.1.1.1 update-source loopback 0 R6(config-router)#address-family ipv4 R6(config-router-af)#neighbor 123.1.1.1 activate R6(config-router-af)#exit-address-family R6(config-router)#exit R6(config)#

R7 ------ Configuration R7(config)#router bgp 12345 R7(config-router)#bgp router-id 123.7.7.7 R7(config-router)#no bgp default ipv4-unicast R7(config-router)#neighbor 123.1.1.1 remote-as 12345 R7(config-router)#neighbor 123.1.1.1 update-source loopback 0 R7(config-router)#address-family ipv4 R7(config-router-af)#neighbor 123.1.1.1 activate R7(config-router-af)#exit-address-family R7(config-router)#exit R7(config)#

Page 57: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 57

For EBGP

R2 ------ Configuration R2(config)#router bgp 12345 R2(config-router)#address-family ipv4 vrf BLUE R2(config-router-af)#neighbor 10.120.13.2 remote-as 65112 R2(config-router-af)#neighbor 10.120.13.2 activate R2(config-router-af)#exit-address-family R2(config-router)#exit R2(config)# R2(config)#router bgp 12345 R2(config-router)#address-family ipv4 vrf GREEN R2(config-router-af)#neighbor 10.120.12.2 remote-as 65112 R2(config-router-af)#neighbor 10.120.12.2 activate R2(config-router-af)#exit-address-family R2(config-router)#exit R2(config)# R2(config)#router bgp 12345 R2(config-router)#address-family ipv4 vrf INET R2(config-router-af)#neighbor 10.120.99.2 remote-as 65112 R2(config-router-af)#neighbor 10.120.99.2 activate R2(config-router-af)#exit-address-family R2(config-router)#exit R2(config)# R2(config)#router bgp 12345 R2(config-router)#address-family ipv4 vrf RED R2(config-router-af)#neighbor 10.120.14.2 remote-as 65112 R2(config-router-af)#neighbor 10.120.14.2 activate R2(config-router-af)#exit-address-family R2(config-router)#exit R2(config)# R2(config)#router bgp 12345 R2(config-router)#address-family ipv4 vrf YELLOW R2(config-router-af)#neighbor 10.120.15.2 remote-as 65112 R2(config-router-af)#neighbor 10.120.15.2 activate R2(config-router-af)#exit-address-family R2(config-router)#exit R2(config)#

Page 58: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 58

R3 ------ Configuration R3(config)#router bgp 12345 R3(config-router)#address-family ipv4 vrf BLUE R3(config-router-af)#neighbor 10.120.13.6 remote-as 65112 R3(config-router-af)#neighbor 10.120.13.6 activate R3(config-router-af)#exit-address-family R3(config-router)#exit R3(config)# R3(config)#router bgp 12345 R3(config-router)#address-family ipv4 vrf GREEN R3(config-router-af)#neighbor 10.120.12.6 remote-as 65112 R3(config-router-af)#neighbor 10.120.12.6 activate R3(config-router-af)#exit-address-family R3(config-router)#exit R3(config)# R3(config)#router bgp 12345 R3(config-router)#address-family ipv4 vrf INET R3(config-router-af)#neighbor 10.120.99.6 remote-as 65112 R3(config-router-af)#neighbor 10.120.99.6 activate R3(config-router-af)#exit-address-family R3(config-router)#exit R3(config)# R3(config)#router bgp 12345 R3(config-router)#address-family ipv4 vrf RED R3(config-router-af)#neighbor 10.120.14.6 remote-as 65112 R3(config-router-af)#neighbor 10.120.14.6 activate R3(config-router-af)#exit-address-family R3(config-router)#exit R3(config)# R3(config)#router bgp 12345 R3(config-router)#address-family ipv4 vrf YELLOW R3(config-router-af)#neighbor 10.120.15.6 remote-as 65112 R3(config-router-af)#neighbor 10.120.15.6 activate R3(config-router-af)#exit-address-family R3(config-router)#exit R3(config)#

Page 59: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 59

R20 ------ Configuration

R20(config)#router bgp 65112 R20(config-router)#network 10.0.0.0 R20(config-router)#network 123.0.0.0 R20(config-router)#neighbor 10.120.12.1 remote-as 12345 R20(config-router)#neighbor 10.120.12.1 default-originate R20(config-router)#neighbor 10.120.12.5 remote-as 12345 R20(config-router)#neighbor 10.120.12.5 default-originate R20(config-router)#neighbor 10.120.13.1 remote-as 12345 R20(config-router)#neighbor 10.120.13.1 default-originate R20(config-router)#neighbor 10.120.13.5 remote-as 12345 R20(config-router)#neighbor 10.120.13.5 default-originate R20(config-router)#neighbor 10.120.14.1 remote-as 12345 R20(config-router)#neighbor 10.120.14.1 default-originate R20(config-router)#neighbor 10.120.14.5 remote-as 12345 R20(config-router)#neighbor 10.120.14.5 default-originate R20(config-router)#neighbor 10.120.15.1 remote-as 12345 R20(config-router)#neighbor 10.120.15.1 default-originate R20(config-router)#neighbor 10.120.15.5 remote-as 12345 R20(config-router)#neighbor 10.120.15.5 default-originate R20(config-router)#neighbor 10.120.99.1 remote-as 12345 R20(config-router)#neighbor 10.120.99.5 remote-as 12345 R20(config-router)#aggregate-address 123.0.0.0 255.0.0.0 summary-only R20(config-router)#aggregate-address 10.0.0.0 255.0.0.0 summary-only R20(config-router)# auto-summary R20(config-router)#exit

Verification :-

For IBGP

On R1

Page 60: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 60

On R2

On R3

On R6

On R7

Page 61: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 61

For EBGP

On R2

Page 62: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 62

On R3

Page 63: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 63

Page 64: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 64

On R20

Page 65: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 65

BGP is partially pre-configured in ACME New York office(AS 34567). Complete the configuration as required. Configure IBGP in AS 34567 according to the following requirements

1. SW3 and SW4 must not establish any BGP session at any time 2. All four BGP routers must use their interface loopback0 as their bgp router-id 3. Disable the default ipv4 unicast address family for peering session establishment in all BGP

routers 4. Configure full mesh IBGP peering between all four routers use any configuration method 5. R9 must be selected as the preferred exit point for traffic destined to remote AS's 6. R11 must be selected as the next preferred exit point in case R9 fails 7. No BGP speaker in AS 34567 must use network statement under the BGP router configuration. 8. Ensure that all the BGP next-hop is never marked as unreachable as long as interface loopback0

of the remote peer is known via IGP Configure EBGP in AS 34567 according to the following requirements

9. All four BGP routers must establish EBGP peering with their neighboring AS as shown in diagram 3 (BGP topology)

10. All four BGP routers must redistribute EIGRP into BGP 11. R9 and R11 must redistribute only the BGP default route into Eigrp 12. Ensure that R9 is the only router that sees the default as a BGP route and that all other routers

(R8, R10, R11) see it as an EIGRP external router.

Solution :-

For IBGP

R8 ------ Configuration R8(config)#router bgp 34567 R8(config-router)#bgp router-id 123.8.8.8 R8(config-router)#no bgp default ipv4-unicast R8(config-router)#neighbor 123.9.9.9 remote-as 34567 R8(config-router)#neighbor 123.9.9.9 update-source loopback 0 R8(config-router)#neighbor 123.10.10.10 remote-as 34567

Page 66: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 66

R8(config-router)#neighbor 123.10.10.10 update-source loopback 0 R8(config-router)#neighbor 123.11.11.11 remote-as 34567 R8(config-router)#neighbor 123.11.11.11 update-source loopback 0 R8(config-router)#address-family ipv4 R8(config-router-af)#neighbor 123.9.9.9 activate R8(config-router-af)#neighbor 123.9.9.9 next-hop-self R8(config-router-af)#neighbor 123.10.10.10 activate R8(config-router-af)#neighbor 123.10.10.10 next-hop-self R8(config-router-af)#neighbor 123.11.11.11 activate R8(config-router-af)#neighbor 123.11.11.11 next-hop-self R8(config-router-af)#exit-address-family R8(config-router)#exit R8(config)#

R9 ------ Configuration R9(config)#router bgp 34567 R9(config-router)#bgp router-id 123.9.9.9 R9(config-router)#no bgp default ipv4-unicast R9(config-router)#neighbor 123.8.8.8 remote-as 34567 R9(config-router)#neighbor 123.8.8.8 update-source loopback 0 R9(config-router)#neighbor 123.10.10.10 remote-as 34567 R9(config-router)#neighbor 123.10.10.10 update-source loopback 0 R9(config-router)#neighbor 123.11.11.11 remote-as 34567 R9(config-router)#neighbor 123.11.11.11 update-source loopback 0 R9(config-router)#bgp default local-preference 102 R9(config-router)#address-family ipv4 R9(config-router-af)#neighbor 123.8.8.8 activate R9(config-router-af)#neighbor 123.8.8.8 next-hop-self R9(config-router-af)#neighbor 123.10.10.10 activate R9(config-router-af)#neighbor 123.10.10.10 next-hop-self R9(config-router-af)#neighbor 123.11.11.11 activate R9(config-router-af)#neighbor 123.11.11.11 next-hop-self R9(config-router-af)#exit-address-family R9(config-router)#exit R9(config)#

Page 67: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 67

R10 ------ Configuration R10(config)#router bgp 34567 R10(config-router)#bgp router-id 123.10.10.10 R10(config-router)#no bgp default ipv4-unicast R10(config-router)#neighbor 123.8.8.8 remote-as 34567 R10(config-router)#neighbor 123.8.8.8 update-source loopback 0 R10(config-router)#neighbor 123.9.9.9 remote-as 34567 R10(config-router)#neighbor 123.9.9.9 update-source loopback 0 R10(config-router)#neighbor 123.11.11.11 remote-as 34567 R10(config-router)#neighbor 123.11.11.11 update-source loopback 0 R10(config-router)#address-family ipv4 R10(config-router-af)#neighbor 123.8.8.8 activate R10(config-router-af)#neighbor 123.8.8.8 next-hop-self R10(config-router-af)#neighbor 123.9.9.9 activate R10(config-router-af)#neighbor 123.9.9.9 next-hop-self R10(config-router-af)#neighbor 123.11.11.11 activate R10(config-router-af)#neighbor 123.11.11.11 next-hop-self R10(config-router-af)#exit-address-family R10(config-router)#exit R10(config)#

R11 ------ Configuration R11(config)#router bgp 34567 R11(config-router)#bgp router-id 123.11.11.11 R11(config-router)#no bgp default ipv4-unicast R11(config-router)#neighbor 123.8.8.8 remote-as 34567 R11(config-router)#neighbor 123.8.8.8 update-source loopback 0 R11(config-router)#neighbor 123.9.9.9 remote-as 34567 R11(config-router)#neighbor 123.9.9.9 update-source loopback 0 R11(config-router)#neighbor 123.10.10.10 remote-as 34567 R11(config-router)#neighbor 123.10.10.10 update-source loopback 0 R11(config-router)#bgp default local-preference 101 R11(config-router)#address-family ipv4 R11(config-router-af)#neighbor 123.8.8.8 activate R11(config-router-af)#neighbor 123.8.8.8 next-hop-self R11(config-router-af)#neighbor 123.9.9.9 activate R11(config-router-af)#neighbor 123.9.9.9 next-hop-self R11(config-router-af)#neighbor 123.10.10.10 activate R11(config-router-af)#neighbor 123.10.10.10 next-hop-self R11(config-router-af)#exit-address-family R11(config-router)#exit R11(config)#

Page 68: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 68

For EBGP

R8 ------ Configuration R8(config)#router bgp 34567 R8(config-router)#neighbor 101.1.34.1 remote-as 10001 R8(config-router)#address-family ipv4 R8(config-router-af)#neighbor 101.1.34.1 activate R8(config-router-af)#redistribute eigrp 34567 R8(config-router-af)#exit-address-family R8(config-router)#exit R8(config)#

R9 ------ Configuration R9(config)#router bgp 34567 R9(config-router)#neighbor 102.2.34.1 remote-as 10002 R9(config-router)#neighbor 33.34.4.1 remote-as 30000 R9(config-router)#address-family ipv4 R9(config-router-af)#neighbor 102.2.34.1 activate R9(config-router-af)#neighbor 33.34.4.1 activate R9(config-router-af)#redistribute eigrp 34567 R9(config-router-af)#neighbor 33.34.4.1 route-map DEFAULT in R9(config-router-af)#exit-address-family R9(config-router)#exit R9(config)# R9(config)#ip prefix-list DEFAULT permit 0.0.0.0/0 R9(config)#route-map DEFAULT R9(config-route-map)#match ip address prefix-list DEFAULT R9(config-route-map)#exit R9(config)# R9(config)#router eigrp 34567 R9(config-router)#redistribute bgp 34567 route-map DEFAULT metric 100000 10 255 1 1500 R9(config-router)#exit R9(config)#

Page 69: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 69

R10 ------ Configuration R10(config)#router bgp 34567 R10(config-router)#neighbor 201.1.34.1 remote-as 20001 R10(config-router)#address-family ipv4 R10(config-router-af)#neighbor 201.1.34.1 activate R10(config-router-af)#redistribute eigrp 34567 R10(config-router-af)#exit-address-family R10(config-router)#exit R10(config)#

R11 ------ Configuration R11(config)#router bgp 34567 R11(config-router)#neighbor 33.34.3.1 remote-as 30000 R11(config-router)#neighbor 202.2.34.1 remote-as 20002 R11(config-router)#address-family ipv4 R11(config-router-af)#neighbor 33.34.3.1 activate R11(config-router-af)#neighbor 202.2.34.1 activate R11(config-router-af)#redistribute eigrp 34567 R11(config-router-af)#exit-address-family R11(config-router)#exit R11(config)#ip prefix-list DEFAULT permit 0.0.0.0/0 R11(config)#route-map DEFAULT R11(config-route-map)#match ip address prefix-list DEFAULT R11(config-route-map)#exit R11(config)# R11(config)#router eigrp 34567 R11(config-router)#redistribute bgp 34567 route-map DEFAULT R11(config-router)#exit R11(config)#

Page 70: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 70

Verification :-

For IBGP

On R8

On R9

On R10

On R11

Page 71: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 71

For EBGP

On R8

Page 72: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 72

On R9

Page 73: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 73

On R10

Page 74: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 74

On R11

Page 75: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 75

On R8

Page 76: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 76

Configure EBGP in ACME's APAC region (AS45678 and AS 65222) according to the following requirements. Refer “ Diagram 3 : BGP routing “

1. SW5 and SW6 must not establish any BGP session at any time. 2. All BGP routers must use their interface loopback0 as the BGP router-id. 3. No IBGP peering session are allowed in AS 45678. 4. R15 must establish an EBGP peering with AS 10003 and must receive a default route as well as

other prefix. 5. R15 must redistribute BGP into EIGRP vice versa. 6. R15 must also advertise an aggregate prefix for 123.20.1.0/24 to AS 10003 and must suppress all

components prefixes. 7. R16 , R17 , R18 , R19 must establish an EBGP peering with AS 20003 and must receive a default

route as well as other prefix. 8. R16 , R17 , R18 , R19 must not advertise any prefix to AS 20003. 9. As long as R15 operational , R16 , R17 , R18 , R19 must prefer the EIGRP default route over the

EBGP default route. 10. Do not create any VRF in anywhere in order to accomplish the above requirements.

Solution :-

R15 ------ Configuration R15(config)#router bgp 45678 R15(config-router)#bgp router-id 123.15.15.15 R15(config-router)#neighbor 103.2.45.1 remote-as 10003 R15(config-router)#redistribute eigrp 45678 R15(config-router)#aggregate-address 123.20.1.0 255.255.255.0 summary-only R15(config-router)#exit R15(config)# R15(config)#router eigrp 45678 R15(config-router)#redistribute bgp 45678 R15(config-router)#exit R15(config)#

Page 77: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 77

R16 ------ Configuration R16(config)#router bgp 45678 R16(config-router)#bgp router-id 123.16.16.16 R16(config-router)#neighbor 203.3.16.1 remote-as 20003 R16(config-router)#distance 171 203.3.16.1 0.0.0.0 1 R16(config-router)#exit R16(config)# R16(config)#access-list 1 permit 0.0.0.0

R17 ------ Configuration R17(config)#router bgp 45678 R17(config-router)#bgp router-id 123.17.17.17 R17(config-router)#neighbor 203.3.17.1 remote-as 20003 R17(config-router)#distance 171 203.3.17.1 0.0.0.0 1 R17(config-router)#exit R17(config)# R17(config)#access-list 1 permit 0.0.0.0

R18 ------ Configuration R18(config)#router bgp 65222 R18(config-router)#bgp router-id 123.18.18.18 R18(config-router)#neighbor 203.3.18.1 remote-as 20003 R18(config-router)#distance 171 203.3.18.1 0.0.0.0 1 R18(config-router)#exit R18(config)# R18(config)#access-list 1 permit 0.0.0.0

R19 ------ Configuration R19(config)#router bgp 65222 R19(config-router)#bgp router-id 123.19.19.19 R19(config-router)#neighbor 203.3.19.1 remote-as 20003 R19(config-router)#distance 171 203.3.19.1 0.0.0.0 1 R19(config-router)#exit R19(config)# R19(config)#access-list 1 permit 0.0.0.0

Page 78: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 78

Verification :-

On R15

Page 79: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 79

On R16

Page 80: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 80

On R17

On R18

Page 81: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 81

On R19

Page 82: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 82

Note : You will get the above result only after completing Section 3.1 & 3.2 (MPLS VPN PART 1 & PART 2)

Page 83: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 83

Configure the ACME network as per the following requirements

1. All ACME border routers in AS 12345 must filter the BGP prefixes that are advertised to their SP in VRF INET and must allow all prefixes that belong to class A 123.0.0.0./8 and all other VRF's must propagate all prefix

2. All ACME border routers in AS 34567 must filter the BGP prefixes that are advertised to their SP and must allow only all prefixes that belong to the class A 123.0.0.0/8

3. Do not use any route-map or access-list to accomplish the above requirements 4. R13 must route traffic preferably via AS 20002, use any method to accomplish this requirement 5. All three remote sites in AS 65111 must be able to ping 1.2.3.4 and traceroute must reveal the

exact same path as shown in the following output

R12# ping 1.2.3.4 source loopback0 !!!!! R12# traceroute 1.2.3.4 source loopback0 1. 201.1.12.1 [AS 65112] 2. 201.1.123.2 [AS 65112] 3. 10.120.12.1 [AS 65112] [MPLS: label 125 EXP 0] 4. 10.120.12.2 [AS 65112] 5. 10.120.99.5 [AS 65112] 6. 102.2.123.1 [AS 65112] 7. 33.10.2.2 [AS 65112]

Solution :-

R2 ------ Configuration R2(config)#ip prefix-list FILTER permit 123.0.0.0/8 le 32 R2(config)#router bgp 12345 R2(config-router)#address-family ipv4 vrf INET R2(config-router-af)#neighbor 101.1.123.1 remote-as 10001 R2(config-router-af)#neighbor 101.1.123.1 activate R2(config-router-af)#neighbor 101.1.123.1 prefix-list FILTER out R2(config-router-af)#exit-address-family R2(config-router)#exit R2(config)#

Page 84: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 84

R3 ------ Configuration R3(config)#Ip prefix-list FILTER permit 123.0.0.0/8 le 32 R3(config)#Router bgp 12345 R3(config-router)#Address-family ipv4 vrf INET R3(config-router-af)#Neighbor 102.2.123.1 remote-as 10002 R3(config-router-af)#Neighbor 102.2.123.1 activate R3(config-router-af)#Neighbor 102.2.123.1 prefix-list FILTER out R3(config-router-af)#exit-address-family R3(config-router)#exit R3(config)#

R6 ------ Configuration R6(config)#Ip prefix-list FILTER permit 123.0.0.0/8 le 32 R6(config)#Router bgp 12345 R6(config-router)#Address-family ipv4 vrf INET R6(config-router-af)#Neighbor 201.1.123.1 remote-as 20001 R6(config-router-af)#Neighbor 201.1.123.1 activate R6(config-router-af)#Neighbor 201.1.123.1 prefix-list FILTER out R6(config-router-af)#exit-address-family R6(config-router)#exit R6(config)#

R7 ------ Configuration R7(config)#Ip prefix-list FILTER permit 123.0.0.0/8 le 32 R7(config)#Router bgp 12345 R7(config-router)#Address-family ipv4 vrf INET R7(config-router-af)#Neighbor 202.2.123.1 remote-as 20002 R7(config-router-af)#Neighbor 202.2.123.1 activate R7(config-router-af)#Neighbor 202.2.123.1 prefix-list FILTER out R7(config-router-af)#exit-address-family R7(config-router)#exit R7(config)#

Page 85: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 85

R8 ------ Configuration R8(config)#ip prefix-list FILTER permit 123.0.0.0/8 le 32 R8(config)#Router bgp 34567 R8(config-router)#Address-family ipv4 R8(config-router-af)#Neighbor 101.1.34.1 prefix-list FILTER out R8(config-router-af)#exit-address-family R8(config-router)#exit R8(config)#

R9 ------ Configuration R9(config)#Ip prefix-list FILTER permit 123.0.0.0/8 le 32 R9(config)# R9(config)#router bgp 34567 R9(config-router)#address-family ipv4 R9(config-router-af)#neighbor 102.2.34.1 prefix-list FILTER out R9(config-router-af)#exit-address-family R9(config-router)#exit R9(config)#

R10 ------ Configuration R10(config)#Ip prefix-list FILTER permit 123.0.0.0/8 le 32 R10(config)#Router bgp 34567 R10(config-router)#Address-family ipv4 R10(config-router-af)#Neighbor 201.1.34.1 prefix-list FILTER out R10(config-router-af)#exit-address-family R10(config-router)#exit R10(config)#

R11 ------ Configuration R11(config)#Ip prefix-list FILTER permit 123.0.0.0/8 le 32 R11(config)#Router bgp 34567 R11(config-router)#Address-family ipv4 R11(config-router-af)#Neighbor 202.2.34.1 activate R11(config-router-af)#Neighbor 202.2.34.1 prefix-list FILTER out R11(config-router-af)#exit-address-family R11(config-router)#exit R11(config)#

Page 86: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 86

R12 ------ Configuration R12(config)#Router bgp 65111 R12(config-router)#Redistribute connected R12(config-router)#Neighbor 201.1.12.1 remote-as 20001 R12(config-router)#exit R12(config)#

R13 ------ Configuration R13(config)#Router bgp 65111 R13(config-router)#Redistribute connected R13(config-router)#Neighbor 201.1.13.1 remote-as 20001 R13(config-router)#Neighbor 202.2.13.1 remote-as 20002 R13(config-router)#Neighbor 202.2.13.1 weight 1 R13(config-router)#exit R13(config)#

R14 ------ Configuration R14(config)#Router bgp 65111 R14(config-router)#Bgp log-neighbor-changes R14(config-router)#Redistribute connected R14(config-router)#Neighbor 202.2.14.1 remote-as 20002 R14(config-router)#exit R14(config)#

R20 ------ Configuration R20(config)#Router bgp 65112 R20(config-router)#Neighbor 10.120.99.5 weight 1 R20(config-router)#exit R20(config)#

Page 87: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 87

Verification :-

On R12

On R13

Page 88: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 88

On R14

Note : You will get the above result only after completing Section 3.1 & 3.2 (MPLS VPN PART 1 & PART 2)

Page 89: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 89

Configure OSPFv3 in the ACME New York office as per the following requirements.

1. Configure the OSPF process id 1 and set the router-id as interface loopback0 2. SW4 must be selected as the designated router on VLAN 34 and must have the best chance. 3. SW3 must be selected as the back-up designated router on VLAN 34 and must take over the

designated router if Switch4 is down. 4. You are not allowed to use “ ipv6 ospf 1 area X “ command

Ipv6 address is Pre-Configured

Solution :-

SW3 ------ Configuration SW3(config)#ipv6 unicast-routing SW3(config)#ipv6 router ospf 1 SW3(config-rtr)#router-id 123.33.33.33 SW3(config-rtr)#exit SW3(config)# SW3(config)#interface loopback 0 SW3(config-if)#ospfv3 1 ipv6 area 0 SW3(config)#exit SW3(config)# SW3(config)#interface vlan 34 SW3(config-if)#ospfv3 1 ipv6 area 0 SW3(config-if)#ipv6 ospf priority 254 SW3(config)#exit SW3(config)# SW3(config-if)#interface vlan 310 SW3(config-if)#ospfv3 1 ipv6 area 10 SW3(config-if)#exit SW3(config)#

Page 90: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 90

SW4 ------ Configuration SW4(config)#ipv6 unicast-routing SW4(config)#Ipv6 router ospf 1 SW4(config-rtr)#Router-id 123.44.44.44 SW4(config-rtr)#exit SW4(config)# SW4(config)#Interface loopback 0 SW4(config-if)# ospfv3 1 ipv6 area 0 SW4(config-if)#exit SW4(config)# SW4(config)#Interface vlan 34 SW4(config-if)# ospfv3 1 ipv6 area 0 SW4(config-if)#Ipv6 ospf priority 255 SW4(config-if)#exit SW4(config)# SW4(config-if)#Interface vlan 411 SW4(config-if)# ospfv3 1 ipv6 area 11 SW4(config-if)#exit SW4(config)#

R10 ------ Configuration R10(config)#ipv6 unicast-routing R10(config)#Ipv6 router ospf 1 R10(config-rtr)#Router-id 123.10.10.10 R10(config-rtr)#exit R10(config)# R10(config)#Interface ethernet0/1 R10(config-if)# ospfv3 1 ipv6 area 10 R10(config-if)#exit R10(config)# R10(config)#Interface loopback 0 R10(config-if)# ospfv3 1 ipv6 area 10 R10(config-if)#exit R10(config)#

Page 91: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 91

R11 ------ Configuration R11(config)#ipv6 unicast-routing R11(config)#Ipv6 router ospf 1 R11(config-rtr)#Router-id 123.11.11.11 R11(config-rtr)#exit R11(config)#Interface ethernet0/2 R11(config-if)# ospfv3 1 ipv6 area 11 R11(config-if)#exit R11(config)# R11(config)#Interface loopback 0 R11(config-if)# ospfv3 1 ipv6 area 11 R11(config-if)#exit R11(config)#

Verification :-

On R10

On R11

On SW3

Page 92: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 92

On SW4

Page 93: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 93

Configure ACME network as per the following requirements

1. Establish the four eBGP peering as indicated on "diagram IPV6 routing" 2. Do not use the network command under the BGP address-family ipv6 on either R10 or R11 3. Both regional Service Provider will advertise the necessary prefixes 4. Advertise the ipv6 prefix on interface Ethernet 0/0 into BGP on both R12 and R14 5. Configure your network such that any ipv6 that include can communicate with any ipv6 user

that is located and vice versa. 6. Do not use any static route or default route anywhere 7. Use the following ping to verify your configuration

R12# ping 2001:CC1E:BEF:14:202:2:14:1 source Ethernet0/0 !!!!!

Solution :-

R10 ------ Configuration R10(config)#router bgp 34567 R10(config-router)#neighbor 2001:CC1E:BEF:10:201:1:34:1 remote-as 20001 R10(config-router)#address-family ipv6 R10(config-router-af)#neighbor 2001:CC1E:BEF:10:201:1:34:1 activate R10(config-router-af)#redistribute ospf 1 match internal external R10(config-router-af)#exit-address-family R10(config-router)#exit R10(config)# R10(config)#ipv6 router ospf 1 R10(config-rtr)#redistribute bgp 34567 R10(config-rtr)#exit R10(config)#

Page 94: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 94

R11 ------ Configuration R11(config)#Router bgp 34567 R11(config-router)#neighbor 2001:CC1E:BEF:11:202:2:34:1 remote-as 20002 R11(config-router)#address-family ipv6 R11(config-router-af)#neighbor 2001:CC1E:BEF:11:202:2:34:1 activate R11(config-router-af)#redistribute ospf 1 match internal external R11(config-router-af)#exit-address-family R11(config-router)#exit R11(config)# R11(config)#ipv6 router ospf 1 R11(config-rtr)#redistribute bgp 34567 R11(config-rtr)#exit R11(config)#

R12 ------ Configuration R12(config)#Router bgp 65111 R12(config-router)#neighbor 2001:CC1E:BEF:124:201:1:12:1 remote-as 20001 R12(config-router)#address-family ipv6 R12(config-router-af)#neighbor 2001:CC1E:BEF:124:201:1:12:1 activate R12(config-router-af)#neighbor 2001:CC1E:BEF:124:201:1:12:1 allowas-in R12(config-router-af)#network 2001:CC1E:BEF:12::/64 R12(config-router-af)#exit-address-family R12(config-router)#exit R12(config)#

R14 ------ Configuration R14(config)#Router bgp 65111 R14(config-router)#neighbor 2001:CC1E:BEF:144:202:2:14:1 remote-as 20002 R14(config-router)#address-family ipv6 R14(config-router-af)#neighbor 2001:CC1E:BEF:144:202:2:14:1 activate R14(config-router-af)#neighbor 2001:CC1E:BEF:144:202:2:14:1 allowas-in R14(config-router-af)#network 2001:CC1E:BEF:14::/64 R14(config-router-af)#exit-address-family R14(config-router)#exit R14(config)#

Page 95: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 95

Verification:-

On R12

Page 96: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 96

Assume that Streaming server is connected in vlan 5 on SW5 and receiver are located at the DMVPN spoke R18 and R19 Configure the ACME network as per the following requirements

1. Only network segments with active receivers that explicitly require the data must receive the

multicast traffic 2. Interface loopback0 of R15 must be configured as RP 3. Use a standard method of dynamically distributing the RP 4. Both R16 and R17 must participate in the multicast routing 5. For testing purpose ,Configure interface ethernet0/0 of both R18 and R19 to join group

232.1.1.1

Solution :-

R15 ------ Configuration R15(config)#ip multicast-routing R15(config)#interface loopback 0 R15(config-if)#ip pim sparse-mode R15(config-if)#exit R15(config)# R15(config)#interface ethernet 0/1 R15(config-if)#ip pim sparse-mode R15(config-if)#exit R15(config)# R15(config)#int ethernet 0/2 R15(config-if)#ip pim sparse-mode R15(config-if)#exit R15(config)# R15(config)#ip pim rp-candidate loopback 0 R15(config)#ip pim bsr-candidate loopback 0

Page 97: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 97

SW5 ------ Configuration SW5(config)#ip multicast-routing SW5(config)#int vlan 5 SW5(config-if)#ip pim sparse-mode SW5(config-if)#exit SW5(config)# SW5(config)#int vlan 55 SW5(config-if)#ip pim sparse-mode SW5(config-if)#exit SW5(config)#

SW6 ------ Configuration SW6(config)#ip multicast-routing SW6(config)# SW6(config)#interface vlan 66 SW6(config-if)#ip pim sparse-mode SW6(config-if)#exit SW6(config)# SW6(config)#interface vlan 6 SW6(config-if)#ip pim sparse-mode SW6(config-if)#exit SW6(config)#

R16 ------ Configuration R16(config)#ip multicast-routing R16(config)#interface ethernet 0/1 R16(config-if)# ip pim sparse-mode R16(config-if)#exit R16(config)# R16(config)#interface ethernet 0/2 R16(config-if)# ip pim sparse-mode R16(config-if)#exit R16(config)#

Page 98: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 98

R17 ------ Configuration R17(config)#ip multicast-routing R17(config)#interface tunnel 0 R17(config-if)# ip pim sparse-mode R17(config-if)#exit R17(config)# R17(config)#interface ethernet 0/1 R17(config-if)# ip pim sparse-mode R17(config-if)#exit R17(config)# R17(config)#interface ethernet 0/2 R17(config-if)# ip pim sparse-mode R17(config-if)#exit R17(config)#

R18 ------ Configuration R18(config)#ip multicast-routing R18(config)#interface tunnel 0 R18(config-if)# ip pim sparse-mode R18(config-if)#exit R18(config)# R18(config)#interface ethernet 0/0 R18(config-if)# ip pim sparse-mode R18(config-if)#ip igmp join-group 232.1.1.1 R18(config-if)#exit R18(config)#

R19 ------ Configuration R19(config)#ip multicast-routing R19(config)#interface tunnel 0 R19(config-if)# ip pim sparse-mode R19(config-if)#exit R19(config)#

Page 99: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 99

R19(config)#interface ethernet 0/0 R19(config-if)# ip pim sparse-mode R19(config-if)#ip igmp join-group 232.1.1.1 R19(config-if)#exit R19(config)#

Verification :-

On SW5

On R15

On R16

Page 100: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 100

On R17

On R18

On R19

On SW5

Page 101: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 101

On SW6

Note : You will get the above results only after completing Section 3.3 (DMVPN task).

Page 102: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 102

Refer to "diagram 3 BGP topology" and "diagram 4 VPN technology" The ACME HQ network (AS12345) uses MPLS L3VPN in order to clearly separate remote site networks The ACME corporate security policies are centralized and enforced at the San Jose site (AS 65112) for all remote sites. the policies require that all traffic that is originated from any remote sites (with the exception of New York office) Configure MPLS L3 VPN in the ACME network according to the following requirements

1. Enable LDP only on required interfaces on all seven routers in AS 12345 2. Use the interface loopback 0 to establish LDP peering 3. Ensure that no MPLS interface that belongs to any router in AS12345 is visible on a traceroute

that originates outside of the AS 4. R2, R3, R6 and R7 must be configured as PE routers 5. R1, R4 and R5 must be configured as P routers

Page 103: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 103

Solution :-

R1 ------ Configuration R1(config)#Mpls ldp router-id loopback 0 force R1(config)#No mpls ip propagate-ttl R1(config)#Router ospf 12345 R1(config-router)#Mpls ldp autoconfig R1(config-router)#exit R1(config)#

R2 ------ Configuration R2(config)#Mpls ldp router-id loopback 0 force R2(config)#No mpls ip propagate-ttl R2(config)#Router ospf 12345 R2(config-router)#Mpls ldp autoconfig R2(config-router)#exit R2(config)#

R3 ------ Configuration R3(config)#Mpls ldp router-id loopback 0 force R3(config)#No mpls ip propagate-ttl R3(config)#Router ospf 12345 R3(config-router)#Mpls ldp autoconfig R3(config-router)#exit R3(config)#

R4 ------ Configuration R4(config)#Mpls ldp router-id loopback 0 force R4(config)#No mpls ip propagate-ttl R4(config)#Router ospf 12345 R4(config-router)#Mpls ldp autoconfig R4(config-router)#exit R4(config)#

Page 104: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 104

R5 ------ Configuration R5(config)#Mpls ldp router-id loopback 0 force R5(config)#No mpls ip propagate-ttl R5(config)#Router ospf 12345 R5(config-router)#Mpls ldp autoconfig R5(config-router)#exit R5(config)#

R6 ------ Configuration R6(config)#Mpls ldp router-id loopback 0 force R6(config)#No mpls ip propagate-ttl R6(config)#Router ospf 12345 R6(config-router)#Mpls ldp autoconfig R6(config-router)#exit R6(config)#

R7 ------ Configuration R7(config)#Mpls ldp router-id loopback 0 force R7(config)#No mpls ip propagate-ttl R7(config)#Router ospf 12345 R7(config-router)#Mpls ldp autoconfig R7(config-router)#exit R7(config)#

Page 105: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 105

Verification :-

On R1

On R2

Page 106: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 106

On R3

On R4

Page 107: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 107

On R5

On R6

Page 108: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 108

On R7

Page 109: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 109

Refer to "diagram 3 BGP topology" and "diagram 4 VPN technology" The global and regional service providers have agreed to transport the ACME VPN via PE to PE eBGP peering that are already preconfigured. Complete all the configuration of MPLS L3 VPN in the ACME network according to the following requirements

1. R1 must reflect VPNv4 prefixes from any PE to any other PE in AS 12345 2. R2 and R3 must establish EBGP peering with both global Service Providers

(As 10001 and AS 10002) for the following VRF's

GREEN

BLUE

RED

YELLOW

INET

3. R6 must establish an EBGP peering with the regional SP (AS 20001) for the following VRFs

GREEN

BLUE

INET

4. R7 must establish an EBGP peering with the regional SP (AS 20002) for the following VRFs

BLUE

RED

INET

5. All ip address used for EBGP peering must pass the BGP's directly connected check 6. No BGP speaker is AS 12345 may use the network or redistribute statement under any address-

family of the BGP router configuration 7. At the end of the exam scenario the interface ethernet 0/0 of the gateway router in any remote

site must be able to connect to the interface ethernet 0/0 of any other remote gateway that belongs to AS 65111 or AS 65222

Page 110: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 110

8. Use the following tests as examples of connectivity checks

R12# ping 10.2.19.1 source ethernet0/0 !!!!! R12# traceroute 10.2.19.1 source ethernet0/0

Solution :-

R1 ------ Configuration R1(config)#router bgp 12345 R1(config-router)#address-family vpnv4 R1(config-router-af)#neighbor IBGP send-community extended R1(config-router-af)#neighbor IBGP route-reflector-client R1(config-router-af)#neighbor 123.2.2.2 activate R1(config-router-af)#neighbor 123.3.3.3 activate R1(config-router-af)#neighbor 123.6.6.6 activate R1(config-router-af)#neighbor 123.7.7.7 activate R1(config-router-af)#exit-address-family R1(config-router)#exit R1(config)#

R2 ------ Configuration R2(config)#Router bgp 12345 R2(config-router)#Address-family vpnv4 R2(config-router-af)#Neighbor 123.1.1.1 activate R2(config-router-af)#Neighbor 123.1.1.1 send-community extended R2(config-router-af)#exit-address-family R2(config-router)#exit R2(config)#

R3 ------ Configuration R3(config)#Router bgp 12345 R3(config-router)#Address-family vpnv4 R3(config-router-af)#Neighbor 123.1.1.1 activate R3(config-router-af)#Neighbor 123.1.1.1 send-community extended R3(config-router-af)#exit-address-family R3(config-router)#exit R3(config)#

Page 111: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 111

R6 ------ Configuration R6(config)#Router bgp 12345 R6(config-router)#Address-family vpnv4 R6(config-router-af)#Neighbor 123.1.1.1 activate R6(config-router-af)#Neighbor 123.1.1.1 send-community extended R6(config-router-af)#exit-address-family R6(config-router)#exit R6(config)#

R7 ------ Configuration R7(config)#Router bgp 12345 R7(config-router)#Address-family vpnv4 R7(config-router-af)#Neighbor 123.1.1.1 activate R7(config-router-af)#Neighbor 123.1.1.1 send-community extended R7(config-router-af)#exit-address-family R7(config-router)#exit R7(config)#

R2 ------ Configuration R2(config)#router bgp 12345 R2(config-router)#Address-family ipv4 vrf BLUE R2(config-router-af)#Neighbor 101.1.123.1 remote-as 10001 R2(config-router-af)#Neighbor 101.1.123.1 activate R2(config-router-af)#Exit-address-family R2(config-router)# R2(config-router)#Address-family ipv4 vrf GREEN R2(config-router-af)#Neighbor 101.1.123.1 remote-as 10001 R2(config-router-af)#Neighbor 101.1.123.1 activate R2(config-router-af)#Exit-address-family R2(config-router)# R2(config-router)#Address-family ipv4 vrf INET R2(config-router-af)#Neighbor 101.1.123.1 remote-as 10001 R2(config-router-af)#Neighbor 101.1.123.1 activate R2(config-router-af)#Exit-address-family R2(config-router)#

Page 112: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 112

R2(config-router)#Address-family ipv4 vrf RED R2(config-router-af)#Neighbor 101.1.123.1 remote-as 10001 R2(config-router-af)#Neighbor 101.1.123.1 activate R2(config-router-af)#Exit-address-family R2(config-router)# R2(config-router)#Address-family ipv4 vrf YELLOW R2(config-router-af)#Neighbor 101.1.123.1 remote-as 10001 R2(config-router-af)#Neighbor 101.1.123.1 activate R2(config-router-af)#Exit-address-family R2(config-router)#exit R2(config)#

R3 ------ Configuration R3(config)#router bgp 12345 R3(config-router)#Address-family ipv4 vrf BLUE R3(config-router-af)#Neighbor 102.2.123.1 remote-as 10002 R3(config-router-af)#Neighbor 102.2.123.1 activate R3(config-router-af)#Exit-address-family R3(config-router)# R3(config-router)#Address-family ipv4 vrf GREEN R3(config-router-af)#Neighbor 102.2.123.1 remote-as 10002 R3(config-router-af)#Neighbor 102.2.123.1 activate R3(config-router-af)#Exit-address-family R3(config-router)# R3(config-router)#Address-family ipv4 vrf INET R3(config-router-af)#Neighbor 102.2.123.1 remote-as 10002 R3(config-router-af)#Neighbor 102.2.123.1 activate R3(config-router-af)#Exit-address-family R3(config-router)# R3(config-router)# R3(config-router)#Address-family ipv4 vrf RED R3(config-router-af)#Neighbor 102.2.123.1 remote-as 10002 R3(config-router-af)#Neighbor 102.2.123.1 activate R3(config-router-af)#Exit-address-family R3(config-router)# R3(config-router)#Address-family ipv4 vrf YELLOW R3(config-router-af)#Neighbor 102.2.123.1 remote-as 10002 R3(config-router-af)#Neighbor 102.2.123.1 activate R3(config-router-af)#Exit-address-family R3(config-router)#exit R3(config)#

Page 113: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 113

R6 ------ Configuration R6(config)#router bgp 12345 R6(config-router)#Address-family ipv4 vrf BLUE R6(config-router-af)#Neighbor 201.1.123.1 remote-as 20001 R6(config-router-af)#Neighbor 201.1.123.1 activate R6(config-router-af)#Exit-address-family R6(config-router)# R6(config-router)#Address-family ipv4 vrf GREEN R6(config-router-af)#Neighbor 201.1.123.1 remote-as 20001 R6(config-router-af)#Neighbor 201.1.123.1 activate R6(config-router-af)#Exit-address-family R6(config-router)# R6(config-router)#Address-family ipv4 vrf INET R6(config-router-af)#Neighbor 201.1.123.1 remote-as 20001 R6(config-router-af)#Neighbor 201.1.123.1 activate R6(config-router-af)#Exit-address-family R6(config-router)#exit R6(config)#

R7 ------ Configuration R7(config)#router bgp 12345 R7(config-router)#Address-family ipv4 vrf BLUE R7(config-router-af)#Neighbor 202.2.123.1 remote-as 20002 R7(config-router-af)#Neighbor 202.2.123.1 activate R7(config-router-af)#Exit-address-family R7(config-router)# R7(config-router)#address-family ipv4 vrf RED R7(config-router-af)#neighbor 202.2.123.1 remote-as 20002 R7(config-router-af)#neighbor 202.2.123.1 activate R7(config-router-af)#exit-address-family R7(config-router)#exit R7(config-router)#Address-family ipv4 vrf INET R7(config-router-af)#Neighbor 202.2.123.1 remote-as 20002 R7(config-router-af)#Neighbor 202.2.123.1 activate R7(config-router-af)#Exit-address-family R7(config-router)#exit R7(config)#

Page 114: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 114

Verification :-

On R12

On R2

Page 115: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 115

On R3

On R6

Page 116: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 116

On R7

Page 117: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 117

Configure DMVPN phase 3 in the ACME APAC region (AS 45678 and 65222) as per the following requirements

1. Use the preconfigured interface tunnel 0 on all the three routers in order to accomplish this task 2. Ensure that DMVPN should be established via VRF on each routers. 3. R17 must be configured as the hub router 4. R18 and R19 must be the spoke routers and must participate in the NHRP information exchange 5. Disable send icmp redirect message on all three tunnel 0 interfaces 6. Configure the following parameters on all the three tunnel 0 interfaces

Configure the bandwidth 1000 kbps

Configure the delay to 10000 msec

Adjust the ip MTU to 1400 Bytes

Adjust the TCP MSS to 1380 Bytes

7. Authenticate NHRP using the string 45678key 8. Use the NHRP network-id 45678 9. Configure NHRP hold time to 5 min 10. Ensure that spoke-to-spoke traffic does not transit via the hub

Solution :-

R16 ------ Configuration

Pre-configuration On R16

ip vrf LOCALSP rd 45678:15 route-target export 15:15 route-target import 15:15 Interface ethernet 0/0 ip vrf forwarding LOCALSP ip address 203.3.16.2 255.255.255.252

Page 118: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 118

R16(config)#ip vrf LOCALSP R16(config-vrf)#export map LOCALSP R16(config-vrf)#exit R16(config)# R16(config)#router bgp 45678 R16(config-router)#no bgp default ipv4-unicast R16(config-router)#no neighbor 203.3.16.1 remote-as 20003 R16(config-router)#address-family ipv4 vrf LOCALSP R16(config-router-af)#neighbor 203.3.16.1 remote-as 20003 R16(config-router-af)#neighbor 203.3.16.1 activate R16(config-router-af)#distance 171 203.3.16.1 0.0.0.0 1 R16(config-router-af)#exit-address-family R16(config-router)#exit R16(config)# R16(config)#ip prefix-list ALL deny 0.0.0.0/0 le 32 R16(config)#route-map LOCALSP R16(config-route-map)#match ip address prefix-list ALL R16(config-route-map)#exit R16(config)#

R17 ------ Configuration

Pre-configuration On R17

ip vrf LOCALSP rd 45678:15 route-target export 15:15 route-target import 15:15 Interface ethernet 0/0 ip vrf forwarding LOCALSP ip address 203.3.17.2 255.255.255.252 R17(config)#interface tunnel 0 R17(config-if)#bandwidth 1000 R17(config-if)#no ip redirects R17(config-if)#ip mtu 1400 R17(config-if)#ip nhrp authentication 45678key R17(config-if)#ip nhrp map multicast dynamic R17(config-if)#ip nhrp network-id 45678

Page 119: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 119

R17(config-if)#ip nhrp holdtime 300 R17(config-if)#ip tcp adjust-mss 1380 R17(config-if)#delay 1000 R17(config-if)#tunnel key 100 R17(config-if)# tunnel vrf LOCALSP R17(config-if)#ip nhrp redirect R17(config-if)#exit R17(config)# R17(config)#router eigrp CCIE R17(config-router)#address-family ipv4 autonomous-system 45678 R17(config-router-af)#af-interface tunnel 0 R17(config-router-af-interface)#no split-horizon R17(config-router-af-interface)#no next-hop-self R17(config-router-af-interface)#exit-af-interface R17(config-router-af)#exit-address-family R17(config-router)#exit R17(config)# R17(config)#ip vrf LOCALSP R17(config-vrf)#export map LOCALSP R17(config)#router bgp 45678 R17(config-router)#no bgp default ipv4-unicast R17(config-router)#no neighbor 203.3.17.1 remote-as 20003 R17(config-router)# R17(config-router)#address-family ipv4 vrf LOCALSP R17(config-router-af)#neighbor 203.3.17.1 remote-as 20003 R17(config-router-af)#neighbor 203.3.17.1 activate R17(config-router-af)#distance 171 203.3.17.1 0.0.0.0 1 R17(config-router-af)#exit-address-family R17(config-router)#exit R17(config)#ip prefix-list ALL deny 0.0.0.0/0 le 32 R17(config)#route-map LOCALSP R17(config-route-map)#match ip address prefix-list ALL R17(config-route-map)#exit R17(config)#

Page 120: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 120

R18 ------ Configuration

Pre-configuration On R18

ip vrf LOCALSP rd 45678:15 route-target export 15:15 route-target import 15:15 interface serial 1/0 ip vrf forwarding LOCALSP ip address 203.3.18.2 255.255.255.252 R18(config)#interface tunnel 0 R18(config-if)#bandwidth 1000 R18(config-if)#no ip redirects R18(config-if)#ip mtu 1400 R18(config-if)#ip nhrp authentication 45678key R18(config-if)#ip nhrp network-id 45678 R18(config-if)#ip nhrp holdtime 300 R18(config-if)#ip tcp adjust-mss 1380 R18(config-if)#delay 1000 R18(config-if)#ip nhrp nhs 123.20.1.25 R18(config-if)#ip nhrp map 123.20.1.25 203.3.17.2 R18(config-if)#ip nhrp map multicast 203.3.17.2 R18(config-if)#ip nhrp shortcut R18(config-if)#tunnel key 100 R18(config-if)#tunnel vrf LOCALSP R18(config-if)#exit R18(config)# R18(config)#ip vrf LOCALSP R18(config-vrf)#export map LOCALSP R18(config-vrf)#exit R18(config)# R18(config)#router bgp 65222 R18(config-router)#no bgp default ipv4-unicast R18(config-router)#no neighbor 203.3.18.1 remote-as 20003 R18(config-router)# R18(config-router)#address-family ipv4 vrf LOCALSP R18(config-router-af)#neighbor 203.3.18.1 remote-as 20003 R18(config-router-af)#neighbor 203.3.18.1 activate R18(config-router-af)#distance 171 203.3.18.1 0.0.0.0 1 R18(config-router-af)#exit-address-family

Page 121: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 121

R18(config-router)#exit R18(config)# R18(config)#ip prefix-list ALL deny 0.0.0.0/0 le 32 R18(config)#route-map LOCALSP R18(config-route-map)#match ip address prefix-list ALL R18(config-route-map)#exit R18(config)#

R19 ------ Configuration

Pre-configuration On R19

ip vrf LOCALSP rd 45678:15 route-target export 15:15 route-target import 15:15 interface serial 1/0 ip vrf forwarding LOCALSP ip address 203.3.19.2 255.255.255.252 R19(config)#Interface Tunnel 0 R19(config-if)#bandwidth 1000 R19(config-if)#no ip redirects R19(config-if)#ip mtu 1400 R19(config-if)#ip nhrp authentication 45678key R19(config-if)#ip nhrp network-id 45678 R19(config-if)#ip nhrp holdtime 300 R19(config-if)#ip tcp adjust-mss 1380 R19(config-if)#delay 1000 R19(config-if)#ip nhrp nhs 123.20.1.25 R19(config-if)#ip nhrp map 123.20.1.25 203.3.17.2 R19(config-if)#ip nhrp map multicast 203.3.17.2 R19(config-if)#ip nhrp shortcut R19(config-if)#tunnel key 100 R19(config-if)#tunnel vrf LOCALSP R19(config-if)#exit R19(config)# R19(config)#ip vrf LOCALSP R19(config-vrf)#export map LOCALSP R19(config-vrf)#exit R19(config)#

Page 122: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 122

R19(config)#router bgp 65222 R19(config-router)#no bgp default ipv4-unicast R19(config-router)#no neighbor 203.3.19.1 remote-as 20003 R19(config-router)# R19(config-router)#address-family ipv4 vrf LOCALSP R19(config-router-af)#neighbor 203.3.19.1 remote-as 20003 R19(config-router-af)#neighbor 203.3.19.1 activate R19(config-router-af)#distance 171 203.3.19.1 0.0.0.0 1 R19(config-router-af)#exit-address-family R19(config-router)#exit R19(config)# R19(config)#ip prefix-list ALL deny 0.0.0.0/0 le 32 R19(config)#route-map LOCALSP R19(config-route-map)#match ip address prefix-list ALL R19(config-route-map)#exit R19(config)#

Verification :-

On R18

Page 123: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 123

On R17

On R18

Page 124: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 124

On R19

Note : VRF name & RD value will be pre-configured.

Page 125: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 125

Refer to "Diagram 4 VPN technology" Secure the DMVPN tunnel using IPSEC according to the following requirements

1. Configure IKE Phase 1 as per the following

Use AES encryption with the pre-shared key “ CCIE “

All IPsec tunnels must be authenticated using the same IKE Phase 1 pre-shared key

Use 1024 bits for the key exchange using the Diffie-Hellman algorithm

Configure a single policy using priority 10

2. Configure IKE Phase 2 as per the following requirements

Use CCIEXFORM as transform-set name

use DMVPNPROFILE as IPSEC profile name

use IPSEC in transport mode

use the IPSEC protocol ESP and algorithm AES

3. Ensure that the DMVPN cloud is secured using above parameters.

Use tunnel protection in your configuration.

Solution :-

For Phase 1

R17 ------ Configuration R17(config)#crypto isakmp enable R17(config)#crypto isakmp policy 10 R17(config-isakmp)#authentication pre-share R17(config-isakmp)#encryption aes R17(config-isakmp)#group 2 R17(config-isakmp)#exit R17(config)#

Page 126: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 126

R17(config)#crypto keyring DMVPNPROFILE vrf LOCALSP R17(conf-keyring)# pre-shared-key address 0.0.0.0 0.0.0.0 key CCIE

R18 ------ Configuration R18(config)#crypto isakmp enable R18(config)#crypto isakmp policy 10 R18(config-isakmp)#authentication pre-share R18(config-isakmp)#encryption aes R18(config-isakmp)#group 2 R18(config-isakmp)#exit R18(config)# R18(config)#crypto keyring DMVPNPROFILE vrf LOCALSP R18(conf-keyring)# pre-shared-key address 0.0.0.0 0.0.0.0 key CCIE

R19 ------ Configuration R19(config)#crypto isakmp enable R19(config)#crypto isakmp policy 10 R19(config-isakmp)#authentication pre-share R19(config-isakmp)#encryption aes R19(config-isakmp)#group 2 R19(config-isakmp)#exit R19(config)# R19(config)#crypto keyring DMVPNPROFILE vrf LOCALSP R19(conf-keyring)# pre-shared-key address 0.0.0.0 0.0.0.0 key CCIE

For Phase 2

R17 ------ Configuration R17(config)#Crypto ipsec transform-set CCIEXFORM esp-aes R17(cfg-crypto-trans)#mode transport R17(cfg-crypto-trans)#exit R17(config)# R17(config)#crypto isakmp profile DMVPNPROFILE R17(conf-isa-prof)#vrf LOCALSP R17(conf-isa-prof)#keyring DMVPNPROFILE R17(conf-isa-prof)#match identity address 0.0.0.0 LOCALSP R17(conf-isa-prof)#exit R17(config)#

Page 127: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 127

R17(config)#crypto ipsec profile DMVPNPROFILE R17(ipsec-profile)#set transform-set CCIEXFORM R17(ipsec-profile)#set isakmp-profile DMVPNPROFILE R17(ipsec-profile)#exit R17(config)# R17(config)#interface tunnel 0 R17(config-if)#tunnel protection ipsec profile DMVPNPROFILE R17(config-if)#exit R17(config)#

R18 ------ Configuration R18(config)#Crypto ipsec transform-set CCIEXFORM esp-aes R18(cfg-crypto-trans)#mode transport R18(cfg-crypto-trans)#exit R18(config)# R18(config)#crypto isakmp profile DMVPNPROFILE R18(conf-isa-prof)#vrf LOCALSP R18(conf-isa-prof)#keyring DMVPNPROFILE R18(conf-isa-prof)#match identity address 0.0.0.0 LOCALSP R18(conf-isa-prof)#exit R18(config)# R18(config)#crypto ipsec profile DMVPNPROFILE R18(ipsec-profile)#set transform-set CCIEXFORM R18(ipsec-profile)#set isakmp-profile DMVPNPROFILE R18(ipsec-profile)#exit R18(config)# R18(config)#interface tunnel 0 R18(config-if)#tunnel protection ipsec profile DMVPNPROFILE R18(config-if)#exit R18(config)#

R19 ------ Configuration R19(config)#Crypto ipsec transform-set CCIEXFORM esp-aes R19(cfg-crypto-trans)#mode transport R19(cfg-crypto-trans)#exit R19(config)#

Page 128: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 128

R19(config)#crypto isakmp profile DMVPNPROFILE R19(conf-isa-prof)#vrf LOCALSP R19(conf-isa-prof)#keyring DMVPNPROFILE R19(conf-isa-prof)#match identity address 0.0.0.0 LOCALSP R19(conf-isa-prof)#exit R19(config)# R19(config)#crypto ipsec profile DMVPNPROFILE R19(ipsec-profile)#set transform-set CCIEXFORM R19(ipsec-profile)#set isakmp-profile DMVPNPROFILE R19(ipsec-profile)#exit R19(config)# R19(config)#interface tunnel 0 R19(config-if)#tunnel protection ipsec profile DMVPNPROFILE R19(config-if)#exit R19(config)#

Verification :-

On R17

Page 129: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 129

On R18

On R19

Page 130: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 130

Refer to “ Diagram 1 : Main Topology “ Configure R20 in the ACME San Jose office as per the following

1. All users who connect to R20 via the console port or via any of VTY lines using SSH must be prompted with the below message before any other prompt is displayed

WARNING! ACCESS RESTRICTED!

2. Do not include any extra spaces or any other characters as the ones shown above

Solution :-

R20 ------ Configuration R20(config)#banner motd * WARNING! ACCESS RESTRICTED!* ----> Copy Paste this statement from question to avoid spaces R20(config)# R20(config)#banner login * WARNING! ACCESS RESTRICTED!* ----> Copy Paste this statement from question to avoid spaces

Page 131: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 131

R20(config)#line vty 0 4 R20(config-line)#no motd-banner R20(config-line)#exit R20(config)#exit R20#quit NOTE : After “ WARNING! ACCESS RESTRICTED! “ do not enter or space . You can use * symbol or return button or type “ m “ to come out .

Verification :-

On R20

Page 132: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 132

Refer to “ Diagram 1 : Main Topology “ Configure ACME New York office as per the following

1. Ensure that interfaces ethernet 0/0 , ethernet 0/1 , ethernet 0/2 , ethernet 0/3 of SW3 forward traffic that was sent from expected and legitimate host and servers.

2. Sw3 must dynamically learn only one mac address per port and must save the mac address in its startup configuration

3. Sw3 must shut down the port if security violation occurs on any of these four ports

Solution :-

SW3 ------ Configuration SW3(config)#Interface range ethernet 0/0-3 SW3(config-if-range)#switchport port-security SW3(config-if-range)#switchport port-security mac-address sticky SW3(config-if-range)#switchport port-security maximum 1 SW3(config-if-range)#switchport port-security violation shutdown SW3(config-if-range)#exit SW3(config)#

Verification :-

On SW3

Page 133: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 133

Refer to “ Diagram 1 : Main Topology “ Configure R20 int the ACME San Jose office as per the following requirements

1. Enable SSH access in R20 using the domain name “ acme.org “ 2. R20 must accept up to five remote authorized users to connect at the same time using SSH 3. Create the user "test" with password "test" in the local database of R20 4. Ensure that R20 accepts SSH connections with clients with source ip in 123.10.2.0/24. All other

source ip must be denied. Use standard ACL to configure this requirement. 5. R20 must produce a syslog message for all SSH connection attempts whether permitted or

denied 6. When authenticate the username “ test “ must be granted privilege level 1 7. Do not enable aaa new-model command on R20 8. Ensure that SSH is the only remote access method permitted on VTY lines of R20 9. Ensure that the console is not affected by your solution and no username prompt is presented

on the console port 10. Test your solution from any device that is located in AS 34567 and ensure that the following

sequence of command produce the following output

R10 # ssh -l test 123.20.20.20 WARNING!ACCESS RESTRICTED R20> R20>show privilage current privilage level is 1 R20> R20>q R10#

Page 134: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 134

Solution :-

R20 ------ Configuration R20(config)#service linenumber R20(config)#username test password test R20(config)#ip domain-name acme.org R20(config)#crypto key generate rsa How many bits in the modulus [512]: 1024 R20(config)#ip ssh maxstartups 5 R20(config)#ip ssh logging events R20(config)#ip ssh version 2 R20(config)#Access-list 1 permit 123.10.2.0 0.0.0.255 log R20(config)#Access-list 1 deny any log R20(config)#line console 0 R20(config-line)#exec-timeout 0 0 R20(config-line)#logging synchronous R20(config-line)#exit R20(config)# R20(config)#line vty 0 4 R20(config-line)#access-class 1 in R20(config-line)#login local R20(config-line)#transport input ssh R20(config-line)#privilege level 1 R20(config-line)#exit R20(config)#

Page 135: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 135

Verification :-

On R10

On R20

Page 136: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 136

Refer to “ Diagram 1 : Main Topology “ Configure the ACME network as per the following requirements

1. R20 must enable all private corporate traffic that is originated from any host with source ip address 10.1.0.0/16 or 10.2.0.0/16 to connect to any public destination that is located in AS 34567 or in any source

2. All remote sites in AS 65111 and 65222 must be able to connect to these public destinations 3. R20 must swap the source ip address in these packets with the ip address of its interface

loopback0 4. R20 must allow multiple concurrent connections 5. Use a standard ACL to accomplish the above requirements

The following tests must succeed after the above requirements (in addition to previous requirements) are achieved

R12# ping 1.2.3.4 source ethernet0/0 !!!!!

R20# ping 1.2.3.4 source loopback 1 !!!!!

Solution :-

R20 ------ Configuration R20(config)#interface loopback 0 R20(config-subif)#ip nat outside R20(config-subif)#exit R20(config)# R20(config)#interface range ethernet 0/0.12 - ethernet 0/0.15 R20(config-if-range)#ip nat inside R20(config-if-range)#exit R20(config)#

Page 137: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 137

R20(config)#interface ethernet 0/0.99 R20(config-subif)#ip nat outside R20(config-subif)#exit R20(config)# R20(config)#interface range ethernet 0/1.12 - ethernet 0/1.15 R20(config-if-range)#ip nat inside R20(config-if-range)#exit R20(config)# R20(config)#interface ethernet 0/1.99 R20(config-subif)#ip nat outside R20(config-subif)#exit R20(config)# R20(config)#access-list 2 permit 10.1.0.0 0.0.255.255 R20(config)#access-list 2 permit 10.2.0.0 0.0.255.255 R20(config)#ip nat inside source list 2 interface loopback 0 overload

Verification :-

On R12

On R20

Page 138: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 138

Note :- Interface has address 10.120.12.2 ( ip nat inside ) Interface has address 10.120.99.6 ( ip nat outside )

Page 139: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 139

Configure R17 as per the following requirements

1. Configure IOS features on R17 to achieve the following output

R17#show interfaces | grep 'is up' Ethernet0/0 is up, line protocol is up Ethernet0/1 is up, line protocol is up Ethernet0/2 is up, line protocol is up Ethernet0/3 is up, line protocol is up Loopback0 is up, line protocol is up Tunnel0 is up, line protocol is up Tunnel1 is up, line protocol is up R17#show interfaces | grep 'is up' | wc -l 7

Solution :-

R17 ------ Configuration R17#terminal shell R17#configure terminal R17(config)#shell processing full R17(config)#

Page 140: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 140

Verification :-

On R17

Page 141: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 141

Configure ACME as per the following requirements

1. SW3 must provide an authoritative time source to the ACME network 2. Ensure that SW3 must use an authentication to the ACME Network 3. R10 and R12 must synchronize their clock to SW3 using NTP v4 for IPv6 4. R10 and R12 must operate in client mode 5. Sw3 must not capture or use any time information that is sent by R10 and R12 6. All NTP traffic must rely on IPv6 connectivity only

All NTP traffic must be sourced and destined to interface loopback 0 of the corresponding devices

Solution :-

SW3 ------ Configuration SW3(config)#ntp master SW3(config)#ntp source loopback 0 SW3(config)#ntp authenticate SW3(config)#ntp authentication-key 1 md5 CCIE SW3(config)#ntp trusted-key 1 SW3(config)# SW3(config)#interface loopback 0 SW3(config-if)#ntp disable ip ----------> disable ipv4 for running ipv6 only SW3(config-if)#exit SW3(config)# SW3(config)#ntp peer 2001:CC1E:BEF:0:123:10:10:10 version 4 ------------> R10’s loopback 0 ipv6 address SW3(config)#ntp peer 2001:CC1E:BEF:0:123:12:12:12 version 4 ------------> R12’s loopback 0 ipv6 address

Page 142: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 142

R10 ------ Configuration R10(config)# ntp authenticate R10(config)# ntp authentication-key 1 md5 CCIE R10(config)# ntp trusted-key 1 R10(config)#ntp source loopback 0 R10(config)#interface loopback 0 R10(config-if)#Ntp disable ip ---------> disable ipv4 for running ipv6 only R10(config-if)#exit R10(config)# R10(config)#ntp server 2001:CC1E:BEF:0:123:33:33:33 version 4 --------> SW3’s loopback 0 ipv6 address

R12 ------ Configuration R12(config)# ntp authenticate R12(config)# ntp authentication-key 1 md5 CCIE R12(config)# ntp trusted-key 1 R12(config)#ntp source loopback 0 R12(config)#interface loopback 0 R12(config-if)#Ntp disable ip -----------> disable ipv4 for running ipv6 only R12(config-if)#exit R12(config)# R12(config)#ntp server 2001:CC1E:BEF:0:123:33:33:33 version 4 --------> SW3’s loopback 0 ipv6 address R12(config)#router bgp 65111 R12(config-router)#address-family ipv6 R12(config-router-af)#network 2001:CC1E:BEF:0:123:12:12:12/128 R12(config-router-af)#exit-address-family R12(config-router)#exit R12(config)#

Page 143: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 143

Verification :-

On SW3

On R10

Page 144: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 144

On R12

Page 145: CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016 · the workbook is to provide more practical information about the CCIE RSv5 lab Exam. This workbook is prepared for the individual

CCIE R&S v5 Lab version 1.2 Updated on 15th Jan,2016

[email protected] All Right Reserved Page 145