cciev5 configuration troubleshooting lab 1 4 questions solutions v1 release

7/23/2019 Cciev5 Configuration Troubleshooting Lab 1 4 Questions Solutions v1 Release

1/574

0 | P a

CCIE4ALL R Sv5

CCIE ROUTING AND SWITCHING v5.0

ADVANCED CONFIGURATION & TROUBLESHOOTING LAB

WORKBOOK QUESTIONS & SOLUTIONS

+44 (0) 7787 520 858 | 7894 248 694

[email protected]

[email protected]


2/574

0 | P a g e

Copyright

CCIEv5 R&S Advanced Configuration & Troubleshooting Lab Workbook

by Tom Mark Giembicki & Sean Paul Draper

Copyright 2015, CCIE4ALL All Right Reserved

Produced in the United Kingdom

This book contains material protected under International and Federal Copyright Laws and Treaties. Any

unauthorized reprint or use of this material is prohibited. No part of this book may be reproduced or transmitted in

any form or by any means, electronic or mechanical, including photocopying, recording, or by any information

storage and retrieval system without express written permission from the author / publisher.

CCIE R&S Advanced Configuration and Troubleshooting Lab Workbook may be purchased for educational,

business or sales promotional use. For more information, contact [email protected]@gmail.com

Acknowledgments

Tom Mark GiembickiTom is in the productivity business. At some level, we all are. Wed like to think that whatever

solution were selling or service were providing will offer a benefit or make life better in some way.

So long as were in an organization with limited finances (which probably includes most for-profit and not-for-profit

organizations these days) we need to measure better in two ways. One way of making things better means

better for the organization itself, so it can do a better job of achieving its mission for its customers. The other way

makes things better for the people who work in the organization. The tendency generally seems to be to focus on

making things better for the organization (and therefore the bottom line), but unfortunately, as organizations go

about making these types of improvements, it is easy to forget that better for the people often has a direct

impact on better for the organization, ie. making tasks easier and faster for the individuals in a company

generally leads to increasing the overall productivity of the company. I would like to thank my family for absolutely

everything I have achieved so far in my life and also Insight Team for helping me manage clients appointments

and business trips while working on this book.

Sean Paul DraperThere are too many friends to list here you all know who you are, I would also like to give thank

to my family, especially my mother.
mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]


3/574

1 | P a g e

TABLE OF CONTENTS

COPYRIGHT ..................................................................................................................................................... 0

ACKNOWLEDGMENTS ...................................................................................................................................... 0

FOREWORD ..................................................................................................................................................... 8

TROUBLESHOOTING SECTION .......................................................................................................................... 9

DIAGNOSTICS SECTION .................................................................................................................................. 10

CONFIGURATION SECTION ............................................................................................................................. 11

OBJECTIVES AND AUDIENCE .......................................................................................................................... 12

WARNING AND DISCLAIMER .......................................................................................................................... 13

LICENSE AGREEMENT ..................................................................................................................................... 13

TERM AND TERMINATION OF LICENSE AGREEMENT ...................................................................................... 14

WARANTY ...................................................................................................................................................... 14

CCIE EXAM IOS & CATEGORY CHANGES ......................................................................................................... 15

CCIE EXAM QUIDELINES UPDATE ................................................................................................................... 16

LAB EXAM GUIDELINES .................................................................................................................................. 17

LAB#1 ............................................................................................................................................................ 20

SAN FRANCISCO GROUP HQ .......................................................................................................................... 20

VLANTRUNKVTP ............................................................................................................................................... 20

ETHERCHANNEL...................................................................................................................................................... 23

SPANNING-TREE MST ....................................................... ................................................................. ..................... 28

SPANNING-TREE TUNING.............................................................. ................................................................. .......... 32

LAYER 2SECURITY.................................................................................................................................................. 34

CDP .................................................................................................................................................................... 36

SERVICE PROVIDER#9 .................................................................................................................................... 38

VLANTRUNKVTP ............................................................................................................................................... 38

ETHERCHANNEL...................................................................................................................................................... 43

SPANNING-TREE RAPID PVST ........................................................ ................................................................. .......... 49


SPANNING-TREE TIMERS............................................................... ................................................................. .......... 54

SPANNING-TREE UPLINKFAST................................................................................................................................... 55

ROUTER ON A STICK................................................................................................................................................ 56

SYDNEY BUSINESS MODEL HQ ....................................................................................................................... 60

VLANTRUNKVTP ............................................................................................................................................... 60

SPANNING-TREE RAPID PVST ........................................................ ................................................................. .......... 63


L2SECURITY......................................................... ................................................................. ................................ 67

SAN FRANCISCO GROUP REMOTE SITE .......................................................................................................... 70

DHCPMANUAL BINDINGS (7-BYTE) ......................................................................................................................... 70SAN FRANCISCO GROUP DATA CENTRE.......................................................................................................... 73


4/574

2 | P a g e

DHCP(27-BYTE) ................................................................................................................................................. 73

BERLIN HQ HOME .......................................................................................................................................... 76

DHCPEXCLUSION............................................................ ................................................................. ..................... 76

BERLIN REMOTE OFFICE ................................................................................................................................. 78

DHCPMULTIPLE SUBNET FUNCTIONALITY................................................................................................................... 78

BERLIN HQ DATA CENTRE .............................................................................................................................. 83

DHCPEXCLUSION............................................................ ................................................................. ..................... 83

SYDNEY BUSINESS MODEL HQ ....................................................................................................................... 87

PPPOE................................................................................................................................................................. 87

SYDNEY BUSINESS REMOTE OFFICE - SP#7 ..................................................................................................... 90

MULTILINK PPP ............................................................... ................................................................. ..................... 90

SP#3/SP#4 ..................................................................................................................................................... 95

PPPPAP/CHAP ................................................................................................................................................... 95

SP#2/SP#6 ..................................................................................................................................................... 97

PPPEAP ................................................................ .............................................................. ................................ 97

SAN FRANCISCO GROUP REMOTE SITE ........................................................................................................ 102

EIGRP ............................................................................................................................................................... 102

SAN FRANCISCO GROUP DATA CENTRE........................................................................................................ 104

EIGRP ............................................................................................................................................................... 104

SAN FRANCISCO GROUP HQ ........................................................................................................................ 106

EIGRP ............................................................................................................................................................... 106

EIGRPMETRIC..................................................... ................................................................. .............................. 109

EIGRPOFFSET-LIST.......................................................... ................................................................. ................... 112

EIGRPDISTRIBUTE LIST......................................................................................................................................... 115

EIGRPROUTE TAG............................................................................................................................................... 119

EIGRPAUTHENTICATION.............................................................. ................................................................. ........ 123

EIGRPBFD......................................................................................................................................................... 126

BERLIN HQ HOME USER ............................................................................................................................... 128

EIGRP ............................................................................................................................................................... 128

BERLIN REMOTE OFFICE ............................................................................................................................... 129

EIGRP ............................................................................................................................................................... 129

SYDNEY BUSINESS MODEL HQ ..................................................................................................................... 130

EIGRP ............................................................................................................................................................... 130

DHCP ......................................................... .............................................................. ......................................... 132

SYDNEY BUSINESS REMOTE OFFICE(1) ......................................................................................................... 134

EIGRP ............................................................................................................................................................... 134

SYDNEY BUSINESS REMOTE OFFICE(2) ......................................................................................................... 135

EIGRP ............................................................................................................................................................... 135


5/574

3 | P a g e

SERVICE PROVIDER#9 .................................................................................................................................. 138

OSPF ................................................................................................................................................................ 138

OSPF ................................................................................................................................................................ 144

OSPFLOCAL POLICY ROUTING............................................................................................................................... 147

OSPFPOLICY ROUTING..................................................... ................................................................. ................... 148

OSPFLSA ........................................................... ................................................................. .............................. 149

OSPFAUTHENTICATION............................................................... ................................................................. ........ 150

OSPFMPLS ........................................................ ................................................................. .............................. 153

OSPFFILTERING.................................................................................................................................................. 158

BERLIN HQ DATA CENTRE ............................................................................................................................ 160

OSPF ................................................................................................................................................................ 160

SERVICE PROVIDER #1.................................................................................................................................. 163

EBGP ................................................................................................................................................................ 163


EBGP ................................................................................................................................................................ 166


EBGP ................................................................................................................................................................ 169


EBGP ................................................................................................................................................................ 171


EBGP ................................................................................................................................................................ 173

SERVICE PROVIDER #6.................................................................................................................................. 176IBGP ................................................................................................................................................................. 176


NLRIADVERTISEMENT.......................................................................................................................................... 179

SERVICE PROVIDER #6 #7 ............................................................................................................................. 180

EBGP ................................................................................................................................................................ 180

BGPFILTERING..................................................... ................................................................. .............................. 182

SERVICE PROVIDER #7 #8 ............................................................................................................................. 184

EBGP ................................................................................................................................................................ 184

SP#7 - SP#8SBM HQSBM REMOTE OFFICE#1 ......................................................................................... 186

EBGP ................................................................................................................................................................ 186

EBGP ................................................................................................................................................................ 188


IBGP ................................................................................................................................................................. 191


IBGP ................................................................................................................................................................. 195

EBGP-NEXT HOP SELF..................................................... ................................................................. ................... 199ROUTE PREFERENCE.......................................................... ................................................................. ................... 203


6/574

4 | P a g e


REDISTRIBUTION................................................................................................................................................... 213


EBGP ................................................................................................................................................................ 214


NETWORK SERVICES -NAT .................................................................................................................................... 215

NETWORK SERVICESNAT ................................................................................................................................... 217

INTERNET CONNECTIVITY -SLA ...................................................... ................................................................. ........ 220


BGPCOMMUNITIES............................................................................................................................................. 223

SERVICE PROVIDER#6 .................................................................................................................................. 226

BGPCOMMUNITIES............................................................................................................................................. 226


BGPAGGREGATION SUMMARY ONLY.............................................................................................................. ........ 228


BGPAGGREGATION SUPPRESS MAP.......................................................... .............................................................. 230

REDISTRIBUTIONINTERNET CONNECTIVITY........................................................... ................................................... 232

IPV6 TABLE .................................................................................................................................................. 234

.................................................................................................................................................................... 236


OSPFV3 ................................................................ ............................................................... .............................. 238RIP/OSPFV3/REDISTRIBUTION........................................................................................................... ................... 242

OSPFV3METRIC................................................................................................................................................. 246

OSPFV3AUTHENTICATION.................................................................................................................................... 249

OSPFV3HSRP ................................................................................................................................................... 251

IPV6GENERIC PREFIX........................................................................................................................................... 256

SAN FRANCISCO GROUP HQSERVICE PROVIDER#5 ................................................................................... 258

EBGP ................................................................................................................................................................ 258


EIGRPV6 ........................................................................................................................................................... 261DEFAULT ROUTE.................................................................................................................................................. 263


EIGRPV6-DHCP ............................................................ ................................................................. ................... 264

EBGP ................................................................................................................................................................ 267

ROUTE ADVERTISEMENT........................................................................................................................................ 268

IPV6GLOBAL DNSSERVICE................................................................................................................................... 270

GRETUNNEL...................................................................................................................................................... 272

DNS&SSH ......................................................... ................................................................. .............................. 275

SFG-DC /SP#6/SP#9/ BERLIN HQ-DC ............................................................................................................ 279

IPV6PART I ........................................................................................................................................................ 279


7/574

5 | P a g e

IPV6PART II ....................................................................................................................................................... 281

IPV6REDISTRIBUTION....................................................... ................................................................. ................... 285

SERVICE PROVIDER #6SERVICE PROVIDER#9 ............................................................................................ 288

LDPAUTHENTICATION.......................................................................................................................................... 288

LDPSESSION PROTECTION............................................................ ................................................................. ........ 290

VRFBERLIN-HQRO ............................................................................................................................................. 292VRFSFG-WHDC ............................................................ ................................................................. ................... 303

VRFBERLIN-DCWH ............................................................................................................................................ 313

VRFFILTERING.................................................................................................................................................... 320

LDP/TDPLABEL PROTECTION....................................................... ................................................................. ........ 322

LABEL FILTERING.................................................................................................................................................. 324

VRFROUTE LEAKING............................................................................................................................................ 328

VRF/GLOBAL ROUTE LEAKING....................................................... ................................................................. ........ 331

SYDNEY BUSINESS MODEL HQ/REMOTE OFFICES ........................................................................................ 342

DMVPN ............................................................................................................................................................ 342

DHCP ......................................................... .............................................................. ......................................... 350DMVPNROUTES................................................................................................................................................ 353

DMVPNENCRYPTION.......................................................................................................................................... 355

VERIFICATION .............................................................................................................................................. 361

SYDNEY BUSINESS - SAN FRANCISCO GROUP - REMOTE OFFICES ................................................................. 363

IPSEC VPN ......................................................................................................................................................... 363

SYDNEY BUSINESS MODEL HQ/REMOTE OFFICES ........................................................................................ 368

MULTICAST......................................................................................................................................................... 368

MULTICAST......................................................................................................................................................... 372

SP#2/SP#6/SP#7 .......................................................................................................................................... 379

MULTICAST MSDPTOPOLOGY PREPERATION......................................................... ................................................... 379

MSDP ........................................................................................................................................................... 380

MULTICAST SP#2................................................................................................................................................. 380

MULTICAST SP#6................................................................................................................................................. 382

MULTICAST SP#7................................................................................................................................................. 384

MULTIPROTOCOL BGPEXTENSION....................................................................................................... ................... 385

MSDPPASSWORD PROTECTION/TIMERS................................................................................................................. 391


CLI ASCIIENTRY.................................................................................................................................................. 392


SYSTEM PROTECTION............................................................................................................................................ 394

DSCP, TOS AND IP PRECEDENCE MAPPPINGS............................................................................................... 396


TELNET ................................................................ ............................................................... .............................. 397

TELNET ................................................................ ............................................................... .............................. 400



8/574

6 | P a g e

CONTROL PLANE.................................................................................................................................................. 402

NTP-PART I ........................................................ ................................................................. .............................. 406

NTPPART II ...................................................... ................................................................. .............................. 412

DNS ........................................................... .............................................................. ......................................... 413

HTTP ................................................................................................................................................................ 417

NETFLOW .......................................................... ................................................................. .............................. 419

NETFLOW .......................................................... ................................................................. .............................. 420FLEXIBLE NETFLOW ............................................................................................................................................ 422

NAT .................................................................................................................................................................. 425

EEMI ......................................................... .............................................................. ......................................... 427

EEMII ........................................................ .............................................................. ......................................... 429

EEMIII ................................................................ ................................................................ .............................. 431

EEMIV.............................................................................................................................................................. 432

TFTP ................................................................................................................................................................. 433


DHCPSNOOPING................................................................................................................................................ 434

NBAR ......................................................... .............................................................. ......................................... 437QOS ........................................................... .............................................................. ......................................... 439

SNMP ........................................................ .............................................................. ......................................... 442

SNMP ........................................................ .............................................................. ......................................... 444

SNMPV3 ........................................................................................................................................................... 445

VERIFICATION .............................................................................................................................................. 451

LAB#2 .......................................................................................................................................................... 467

EIGRPOVER THE TOP (OTP) ................................................................................................................................ 467

LAB#3 .......................................................................................................................................................... 476

MPLS CORESERVICE PROVIDER 9 .............................................................................................................. 476

VLANTRUNKVTP ............................................................................................................................................. 476

ETHERCHANNEL ........................................................... ................................................................. ................... 481

SPANNINGTREE ........................................................... ................................................................. ................... 486


VLANTRUNKVTP ............................................................................................................................................. 491

ETHERCHANNEL ........................................................... ................................................................. ................... 495

SPANNINGTREE ........................................................... ................................................................. ................... 498

SYDNEY BUSINESS MODEL ........................................................................................................................... 503

VLANTRUNKVTP ............................................................................................................................................. 503

ETHERCHANNEL ........................................................... ................................................................. ................... 506

SPANNINGTREE ........................................................... ................................................................. ................... 509

TROUBLESHOOTING GUIDELINES ................................................................................................................. 515

LAB#4 .......................................................................................................................................................... 518

INCIDENT#1 ........................................................................................................................................................ 518

INCIDENT#2 ........................................................................................................................................................ 519

INCIDENT#3 ........................................................................................................................................................ 520

INCIDENT#4 ........................................................................................................................................................ 522INCIDENT#5 ........................................................................................................................................................ 524


9/574

7 | P a g e

INCIDENT#6 ........................................................................................................................................................ 525

INCIDENT#7 ........................................................................................................................................................ 527

INCIDENT#8 ........................................................................................................................................................ 528

INCIDENT#9 ........................................................................................................................................................ 530

INCIDENT#10 ...................................................................................................................................................... 532

INCIDENT#11 ...................................................................................................................................................... 534

INCIDENT#12 ...................................................................................................................................................... 536INCIDENT#13 ...................................................................................................................................................... 539

LAB#5 .......................................................................................................................................................... 543

LAYER 2 TECHNOLOGIES .............................................................................................................................. 543

SECTION 1.1 ....................................................................................................................................................... 543

SECTION 1.2 ....................................................................................................................................................... 545

SECTION 1.3 ....................................................................................................................................................... 546

SECTION 1.4 ....................................................................................................................................................... 547

SECTION 1.5 ....................................................................................................................................................... 548

SECTION 1.6 ....................................................................................................................................................... 549

SECTION 1.7 ....................................................................................................................................................... 549

SECTION 1.8 ....................................................................................................................................................... 550

SECTION 1.9 ....................................................................................................................................................... 551

LAYER 3 TECHNOLOGIES .............................................................................................................................. 553

SECTION 2.1 ....................................................................................................................................................... 553

SECTION 2.2 ....................................................................................................................................................... 555

SECTION 2.3 ....................................................................................................................................................... 556

SECTION 2.4 ....................................................................................................................................................... 559

SECTION 2.5 ....................................................................................................................................................... 560

SECTION 2.6 ....................................................................................................................................................... 561SECTION 2.7 ....................................................................................................................................................... 562

SECTION 2.8 ....................................................................................................................................................... 566

SECTION 2.9 ....................................................................................................................................................... 566

SECTION 2.10 ..................................................................................................................................................... 566

SECTION 2.11 ..................................................................................................................................................... 567

SECTION 2.12 ..................................................................................................................................................... 567

SECTION 2.13 ..................................................................................................................................................... 567

SECTION 2.14 ..................................................................................................................................................... 570

SECTION 2.15 ..................................................................................................................................................... 570

SECTION 2.16 ..................................................................................................................................................... 570

SECTION 2.17 ..................................................................................................................................................... 571

SECTION 2.18 ..................................................................................................................................................... 572

VPN TECHNOLOGIES .................................................................................................................................... 572

SECTION 3.1 ....................................................................................................................................................... 572

END OF WORKBOOK .................................................................................................................................... 573


10/574

8 | P a g e

Foreword

While the CCIE certification has long been the standard for network excellence, previous versions of the CCIE Lab

did not test real-life scenarios where topics such as Frame Relay , WCCP to name a few more have now been

completely removed from the version CCIEv5 lab with the lab now more focused on relevant topics such as IPv6 ,

VPN and troubleshooting methodologies.

While the CCIE Written exam remains essentially the same, the CCIE Lab exam has significant changes. The entire

version 5 Lab exam will be utilized on 100% virtual equipment. Features on Cisco IOS Software Release 15 can now

be tested in the lab and along with virutlaising the devices the exam provides a more realistic network with much

larger network topologies. The main objective of this workbook session is to give an overview of how the exams are

conducted and to provide you good guidance on what you need to look at when preparing and taking the

exams.

The CCIE lab exam now consists of three specific sections:

Troubleshooting

DIAG

Configuration

We have included a few screenshots from Cisco Live program , see the following :


11/574

9 | P a g e

Troubleshooting Section

Network topology of ~30 virtual routers and switches

Scenario is fully preconfigured but contains faults

2h30 maximum (visible countdown timer + 30 min warning after 2h)

Content designed to be doable within 2h

Incidents stem are symptom-based

Verifications are result-based + constraints

No partial scoring


12/574

10 | P a g e

Diagnostics Section

Independent scenarios putting candidates into the role of a Network Support engineer who diagnoses networking

issues

Analyze, identify, locate and explain the root cause

Recommend optimal troubleshooting procedures leading to the root cause

Recommend network changes isolating the issue without causing more harm

Analyzing, correlating and discerning multiple sources of documentation

Email threads

Network topology diagrams

Console sessions log , Syslogs, Monitoring charts,

Network traffic captures

Designed to be doable within 30 minutes

Tickets stem are very generic

Scenarios provided by additional documentation

Verifications are deterministic

Partial scoring possible per ticket


13/574

11 | P a g e

Configuration Section

Network topology with virtual routers and switches

Scenario is partly preconfigured and items are inter-dependent!

Item#10 may require Item#1 to be completed! And Vice versa!!

Sequence of items is not aligned to the implementation sequence!!

May include implicit troubleshooting

5h30 maximum (no visible countdown timer, refer to proctors clock)

Items stem are based on requirements and constraints

Verification rules check for functionalities, not specific configurations

Validate alternate solution configurations

No partial scoring


14/574

12 | P a g e

Objectives and Audience

CCIEv5.0 Routing and Switching Advanced Configuration and Troubleshooting Labspresents you with full

configuration / troubleshooting lab scenarios in exam style format to echo the real CCIE Routing and Switching

v5.0 lab exam. This publication gives you the opportunity to put into practice your own extensive theoretical

knowledge of subjects to find out how they interact with each other on a larger complex scale.

As the network evolves to support technological advances such as the Internet of Everything and employee

mobility, there is a significant demand for expert-level engineers with proven skills to support forward-looking

trends. The enhanced CCIE Routing and Switching Exams, along with expert-level training for CCIE, provide

sophisticated education and requisite certification to support tomorrows advanced networks. These new

standards reflect both the evolution of job skills that employers are looking for at the expert level and the evolution

of related technologies that are relevant to todays enterprise network environments. Network engineers who use

the expert-level training will be equipped with the knowledge and validated skills required to accelerate expert-level competency in the field.

Cisco announced a major revision of theCCIE Routing and Switching (R&S) Certificationand expert-level training

to meet the increasing challenges of enterprise networks evolving in size, scope and complexity. As the network

carries more essential services, networking experts are expected to anticipate, diagnose and resolve complex

network issues accurately and quickly. The increasing importance of the network to drive significant productivity

and cost benefits to organizations as well as the role of the network in transforming businesses have driven

worldwide demand for skilled IT staff.

Cisco, the Cisco Logo, CCNA, CCNP, CCDP, CCDA, CCIE, Cisco CertifiedNetwork Associate,

Cisco Certified Design Professional, Cisco Certified DesignAssociate, and Cisco Certified Network

Professional, are registered trademarks of Cisco Systems, Inc.The contents contained wherein, is not associated or

endorsed by Cisco Systems, Inc.
https://learningnetwork.cisco.com/community/certifications/ccie_routing_switchinghttps://learningnetwork.cisco.com/community/certifications/ccie_routing_switchinghttps://learningnetwork.cisco.com/community/certifications/ccie_routing_switchinghttps://learningnetwork.cisco.com/community/certifications/ccie_routing_switching


15/574

13 | P a g e

Warning And Disclaimer

PLEASE READ THIS SUBSCRIPTION LICENSE AGREEMENT CAREFULLY BEFORE USING THIS PRODUCT.

BY ORDERING THIS PRODUCT YOU ARE CONSENTING TO BE BOUND BY THIS LICENSING AGREEMENT.IF YOU DO NOT

AGREE TO ALL OF THE TERMS OF THIS LICENSE, THEN DO NOT PURCHASE THIS PRODUCT.

This book is designed to provide information about the Cisco Certified Internetwork Expert (CCIE)

Routing and Switching (R&S) Lab 5.0 Exam. Maximum effort has been made to make this book accurate and

informative as possible, but no warranty or fitness is implied. You should use this book as a general guide.

The authors, shall have neither liability nor responsibility to any person or entity with respect to any loss or damages

arising from the information contained in this book.

This book is written only with the hope of the author that your reading and understanding the contents will alert

you to questions that you should ask and pitfalls which you should attempt to avoid before attempting to take you

lab exam.

License Agreement

CCIEv5.0 Routing and Switching Advanced Configuration and Troubleshooting Lab Workbook is copyrighted. In

addition, this product is at all times the property of Tom Mark Giembicki and Sean Paul Draper , and the customershall agree to use this product only for themselves, the licensed user. The license for the specific customer remains

valid from the purchase date until they pass their CCIE Routing and Switching lab exam.

CCIEv5.0 Routing and Switching Advanced Configuration and Troubleshooting Lab Workbook materials are

licensed by individual customer. This material cannot be resold, transferred, traded, sold, or have the price shared

in any way. Each specific individual customer must have a license to use this product. The customer agrees that

this product is always the property of Tom Mark Giembicki and Sean Paul Draper, and they are just purchasing a

license to use it. A Customers license will be revoked if they violate this licensing agreement in any way.

Copies of this material in any form or fashion are strictly prohibited. If for anyreason a licensed copy of this material

is lost or damaged a new copy will be provided free of charge, except for the cost of printing, shipping andhandling.

Individuals or entities that knowingly violate the terms of this licensing agreement may be subject to punitive

damages that Tom Mark Giembicki and Sean Paul Draper could seek in civil court. In addition, individuals or

entities that knowingly violate the terms of this license agreement may be subject to criminal penalties as are

allowed by law.


16/574

14 | P a g e

Term and Termination of License Agreement

This License is effective until terminated. Customer may terminate this License at any time by destroying all copies

of written and electronic material of this product.

Customer's rights under this License will terminate immediately without notice from Tom Mark Giembicki and Sean

Paul Draper, if Customer fails to comply with any provision of this License. Upon termination, Customer must destroyall copies of material in its possession or control. The license for the specific user remains valid from the purchase

date until the user passes their lab exam pertaining to the purchased subscription. Once the customer passes the

relevant lab exam the license is terminated and all material written or electronic in their possession or control must

be destroyed or returned to Tom Mark Giembicki and Sean Paul Draper.

WarantyNo warranty of any kind is provided with this product. There are no guarantees that the use of this product will

help a customer pass any exams, tests, or certifications,or enhance their knowledge in any way. The product is

provided on an AS IS basis.

In no event will Tom Mark Giembicki and Sean Paul Draper, its suppliers, or licensed resellers be liable for any

incurred costs, lost revenue, lost profit, lost data, or any other damages regardless of the theory of liability arising

out of use or inability to use this product.


17/574

15 | P a g e

CCIE Exam IOS & Category Changes

Equipment List and IOS Requirements

The lab exam tests any feature that can be configured on the equipment and IOS versions indicated here:

3925 series routers - IOS 15.3(T)Advanced Enterprise Services

For additional information referenceCISCO IOS Configuration guide

Catalyst 3560X series switches running IOS Version 15.0SAdvanced IP Services

For additional information referenceCISCO IOS Configuration guide

Version 5 of the CCIE exam is organized into 6 categories versus the existing 11

Network Principlesis a new category that includes foundational topics that are covered only on the written exam.

Layer 2 Technologiespredominately covers LAN Switching and WAN circuit technologies.

Layer 3 Technologiescovers both interior and exterior routing protocols (RIP, EIGRP, OSPF, ISIS and BGP). Both IPv4

and IPv6 will be included as well as more focus on dual-stack technologies. IP Multicast is no longer a separate

category it is included in both the Layer 2 and Layer 3 technology category.

VPN Technologiesis a new category that includes Tunnelling and Encryption sub-domains. Tunnelling includes

MPLS L2 and L3 VPNs and well as DMVPN and IPv6 Tunnelling techniques. Encryption includes IPsec with pre-

shared key. GETVPN is also included but only on the written exam.

Infrastructure Securityincludes both Device and Network Security with both focusing on features supported in ISR

routers and CAT 3K switches. It excludes topics that rely on dynamic crypto (PKI) or any remote servers.

Infrastructure Serversincludes System Management, Services, Quality of Service (QoS) and network optimization.

QoS was a separate category in version 4 of the exam, it is still included is version 5 of the exam, it is just absorbed

in a different category. Layer 2 QoS topics are included on the written exam only.
http://www.cisco.com/c/en/us/support/ios-nx-os-software/ios-15-4m-t/products-installation-and-configuration-guides-list.htmlhttp://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/15-0_2_se/configuration/guide/3750x_cg.htmlhttp://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/15-0_2_se/configuration/guide/3750x_cg.htmlhttp://www.cisco.com/c/en/us/support/ios-nx-os-software/ios-15-4m-t/products-installation-and-configuration-guides-list.html


18/574

16 | P a g e

CCIE exam quidelines update

Topics Added to the CCIE Routing and Switching v5.0 Written Exam:

Describe basic software architecture differences between IOS and IOS XE

Identify Cisco Express Forwarding Concepts

Explain General Network Challenges

Explain IP, TCP and UDP OperationsDescribe Chassis Virtualization and Aggregation Technologies

Explain PIM Snooping

Describe WAN Rate-based Ethernet Circuits

Describe BGP Fast Convergence Features

ISIS (for IPv4 and IPv6)

Describe Basic Layer 2 VPNWireline

Describe Basic L2VPNLAN Services

Describe GET VPN

Describe IPv6 Network Address Translation

Topics Added to the CCIE Routing and Switching v5.0 Written and Lab Exams:

Interpret Packet Capture

Implement and Troubleshoot Bidirectional Forwarding Detection

Implement EIGRP (multi-address) Named Mode

Implement Troubleshoot and Optimize EIGRP and OSPF Convergence and Scalabililty

Implement and Troubleshoot DMVPN (single hub)

Implement and Troubleshoot IPsec with pre-shared key

Implement and Troubleshoot IPv6 First Hop Security

Topics Moved from the CCIE RS v4.0 Lab exam to the CCIE RS v5.0 Written Exam:

Describe IPv6 Multicast

Describe RIPv6 (RIPng)

Describe IPv6 Tunneling Techniques

Describe Device Security using IOS AAA with TACACS+ and Radius

Describe 802.1x

Describe Layer 2 QoS

Identify Performance Routing (PfR)

Topics Removed from the CCIE RS v4.0 Exam:

Flexlink ISL Layer 2 Protocol Tunneling

Frame-Relay (LFI, FR Traffic Shaping)

WCCP

IOS Firewall and IPS

RITE, RMON

RGMP

RSVP QoS, WRR/SRR


19/574

17 | P a g e

Lab Exam Guidelines

We would advise that you read the whole workbook before you start. This will give you an understanding of where

different technologies will be running in the network and should help you visualize the entire network.

This is one of the most important concepts when dealing with the CCIE R&S lab exam administered by Cisco.

Load the initial configuration files for the routers. Refer to the diagram(s) for the interface connections to other

routers.

In the real exam no configuration changes can be made to the Internet routers (marked grey) however

throughout this workbook the Internet routers will need to be configured for certain tasks.

All of the devices have been preconfigured with initial configurations.

Do a Root Cause Analysis before doing any configuration change

The overall scenario targets full reachability between all sites, unless specified.

Revert to initial configuration if in doubt (manage devices menu)

There are many valid solutions, grading is based on outcome.

Points are awarded per item if the solution meets all requirements.

Do not remove any feature preconfigured! ACL, PBR, NAT, CoPP, MQC,

Do not change routing protocol(s) boundaries, unless it is the issue!

Do not use static route and redistributions unless explicitly requested to.

Use the validation test to confirm resolution (necessary but not sufficient!)

Do backward verifications using the validation test of each incident

Do not change IP addressing or routing protocols boundaries.

Do not add interfaces unless specified.

Plan for regression tests after completed substantial changes


20/574

18 | P a g e

CCIEv5 Routing Switching

Avanced Configuration &

Troubleshooting Lab#1

Questions & Solutions

Tom

Mark

Giembicki

Sean Paul Draper


21/574

19 | P a g e

R8 R9

R10 R11

E3/0 E2/0E2/0

E2/0E1/0 E2/0

E1/0 E3/0

E0/0 E0/0

E1/0 E1/0

E0/1 E0/1

E0/2 E0/2E0/3

E1/0E1/1

E1/0E1/1

SW1 SW2

BGP

AS 64784

E1/2

Copyright 2015 CCIE4ALL. All rights reserved

VLAN118

VLAN119

VLAN 111

VLAN811

R8 R9

R10 R11E2/0 E1/0

E1/0 E2/0

E3/0

E0/0 E0/0

SVI SVI

E3/0 E2/0E2/0

E1/0 E1/0

SW1 SW2

.1 .2

.5

.6

.9

.10

.13

.14

.17

.18

.21

.22

.25 .26

IPv4/IPv6

Core

BGP

AS 64784

San Francisco Group

HeadquarterSan Francisco Group

Headquarter

E1/3 E1/3

CCIEv5 R S L2/L3 Topology

EIGRP HQ AS150192.168.10.0 /30

Lo0:192.X.X.X/32

R8 Lo1:192.188.188.188/32

R9 Lo1:192.188.188.188/32

Mgmt VLAN100

192.100.X.X/24


22/574

20 | P a g e

LAB#1

San Francisco Group HQ

VLAN TRUNK VTP

Configure SW1 and SW2 with the following:

The VTP domain should be configured to CCIE_Rocks (without the quotes)

Ensure that VTP traffic is MD5 secured using a password of CCIE_Rocks?(question mark is part of

password)

Use VTP version 2

Configure 802.1qtrunk links between the switches according to the Layer 2 Diagram

Only active VLANs should be allowed on trunk links

VLAN 811 MTU(Maximum Transision Unit) should be set to 1400

Ensure that VLAN 999 traffic is not tagged when sent over the trunk links

After synchronization both switches must not propagate VLAN configuration changes to eachother

Configuration:

SW1

vtp domain CCIE_Rocks

vtp version 2

vtp password CCIE_Rocks(Esc+Q)? see note

vtp mode server

vlan 811

mtu 1400

interface range Ethernet1/0 1 , Ethernet1/3

switchport trunk encapsulation dot1q

switchport trunk native vlan 999

switchport trunk allowed vlan 1,111,118,119,811,999

switchport mode trunk

vtp mode transparent

SW2

vtp domain CCIE_Rocks

vtp version 2

vtp password CCIE_Rocks(Esc+Q)? see note

vtp mode server

vlan 811

mtu 1400

interface range Ethernet1/0 1 , interface Ethernet1/3


switchport trunk native vlan 999



vtp mode transparent


23/574

21 | P a g e

Verification:

SW1#show vtp statusVTP Version capable : 1 to 3

VTP version running : 2VTP Domain Name : CCIE_RocksVTP Pruning Mode : DisabledVTP Traps Generation : DisabledDevice ID : aabb.cc00.3300Configuration last modified by 192.168.10.6 at 12-6-14 09:16:07

Feature VLAN:--------------

VTP Operating Mode : TransparentMaximum VLANs supported locally : 1005

Number of existing VLANs : 10Configuration Revision : 0MD5 digest : 0xD9 0x16 0xB7 0xD6 0x00 0x64 0x8A 0xBE

0x41 0x35 0x4B 0xD0 0xAB 0x6E 0xAD 0xA2

SW2#sh vtp statuVTP Version capable : 1 to 3

VTP version running : 2VTP Domain Name : CCIE_RocksVTP Pruning Mode : DisabledVTP Traps Generation : DisabledDevice ID : aabb.cc00.3400Configuration last modified by 192.168.10.6 at 12-10-14 19:45:05

Feature VLAN:--------------

VTP Operating Mode : TransparentMaximum VLANs supported locally : 1005

Number of existing VLANs : 10Configuration Revision : 0MD5 digest : 0x68 0xA8 0x6D 0x78 0xC3 0xF6 0xB5 0x94

0x42 0x15 0x53 0x12 0xA3 0x95 0xB1 0x62

SW1#show vtp passwordVTP Password: CCIE_Rocks?

SW2#sh vtp passVTP Password: CCIE_Rocks?

SW1#show int trunkPort Mode Encapsulation Status Native vlanEt1/0 on 802.1q trunking 999Et1/1 on 802.1q trunking 999Et1/3 on 802.1q trunking 999

Port Vlans allowed on trunkEt1/0 1,111,118-119,811,999Et1/1 1,111,118-119,811,999Et1/3 1,111,118-119,811,999

Port Vlans allowed and active in management domainEt1/0 1,111,118-119,811,999Et1/1 1,111,118-119,811,999Et1/3 1,111,118-119,811,999

Port Vlans in spanning tree forwarding state and not prunedEt1/0 1,111,118-119,811,999Et1/1 1,111,118-119,811,999

Et1/3 1,111,118-119,811,999


24/574

22 | P a g e

SW2#sh int trunkPort Mode Encapsulation Status Native vlanEt1/0 on 802.1q trunking 999Et1/1 on 802.1q trunking 999Et1/3 on 802.1q trunking 999

Port Vlans allowed on trunkEt1/0 1,111,118-119,811,999

Et1/1 1,111,118-119,811,999Et1/3 1,111,118-119,811,999

Port Vlans allowed and active in management domainEt1/0 1,111,118-119,811,999Et1/1 1,111,118-119,811,999Et1/3 1,111,118-119,811,999

Port Vlans in spanning tree forwarding state and not prunedEt1/0 1,111,118-119,811,999Et1/1 noneEt1/3 none

SW1#show vlan id 811VLAN Name Status Ports---- -------------------------------- --------- -------------------------------811 R9-SW1 active Et0/1, Et1/0, Et1/1, Et1/3

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------811 enet 100811 1400 - - - - - 0 0

Primary Secondary Type Ports------- --------- ----------------- ------------------------------------------

SW2#show vlan id 811VLAN Name Status Ports---- -------------------------------- --------- -------------------------------811 R9-SW1 active Et0/3, Et1/0, Et1/1, Et1/3

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------811 enet 100811 1400 - - - - - 0 0

Primary Secondary Type Ports------- --------- ----------------- ------------------------------------------

Note:You can configure the system to recognize a particular keystroke (key combination or sequence) as command

aliases. In other words, you can set a keystroke as a shortcut for executing a command. To enable the system to

interpret a keystroke as a command, use the either of the following key combinations before entering the command

sequence:

Ctrl-Vor Esc, Q- Configures the system to accept the following keystroke as a user-configured command entry (rather

than as an editing command)


25/574

23 | P a g e

Etherchannel

SW1 and SW2 should run an industry standard Etherchannel

Only Ethernet1/0 and Ethernet1/1 should participate in the Etherchannel configuration

If SW1 detects a loop due to an error in this configuration it should disable both links

Ensure that SW1 initiate the negotiation whereas SW2 should not attempt to negotiate

Ensure that Ethernet1/0 on SW1 is more likely to transmit the packets over the industry Etherchannel -

use the best value possible

For all Etherchannel ports set the load balancing method so that it is based on source and

destination mac-address

Configuration:

SW1

interface range ethernet1/0 1

channel-group 12 mode active

interface ethernet1/0lacp port-priority 0

interface Port-channel12

switchport




port-channel load-balance src-dst-mac

spanning-tree etherchannel guard misconfig

SW2

interface range ethernet1/0 1

channel-group 12 mode passive

interface ethernet1/0

lacp port-priority 0

interface Port-channel12

switchport




port-channel load-balance src-dst-mac

spanning-tree etherchannel guard misconfig

Verification:

SW1#show etherchannel summary | be NumNumber of channel-groups in use: 1Number of aggregators: 1

Group Port-channel Protocol Ports------+-------------+-----------+-----------------------------------------------

12 Po12(SU) LACP Et1/0(P) Et1/1(P)


26/574

24 | P a g e

SW2#sh etherc summ | be GroGroup Port-channel Protocol Ports------+-------------+-----------+-----------------------------------------------12 Po12(SU) LACP Et1/0(P) Et1/1(P)

SW1#show int po12 switchport

Name: Po12Switchport: Enabled

Administrative Mode: trunkOperational Mode: trunk

Administrative Trunking Encapsulation: dot1qOperational Trunking Encapsulation: dot1qNegotiation of Trunking: OnAccess Mode VLAN: 1 (default)Trunking Native Mode VLAN: 999 (NATIVE)

Administrative Native VLAN tagging: enabledVoice VLAN: noneAdministrative private-vlan host-association: noneAdministrative private-vlan mapping: noneAdministrative private-vlan trunk native VLAN: noneAdministrative private-vlan trunk Native VLAN tagging: enabledAdministrative private-vlan trunk encapsulation: dot1q

Administrative private-vlan trunk normal VLANs: noneAdministrative private-vlan trunk associations: noneAdministrative private-vlan trunk mappings: noneOperational private-vlan: noneTrunking VLANs Enabled: 1,111,118,119,811,999Pruning VLANs Enabled: 2-1001Appliance trust: none

SW1#show etherchannel 12 detailGroup state = L2Ports: 2 Maxports = 16Port-channels: 1 Max Port-channels = 16Protocol: LACPMinimum Links: 0

Ports in the group:-------------------

Port: Et1/0------------Port state = Up Mstr Assoc In-BndlChannel group = 12 Mode = Active Gcchange = -Port-channel = Po12 GC = - Pseudo port-channel = Po12Port index = 0 Load = 0x00 Protocol = LACPFlags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs.

A - Device is in active mode. P - Device is in passive mode.Local information:

LACP port Admin Oper Port PortPort Flags State Priority Key Key Number StateEt1/0 SA bndl 0 0xC 0xC 0x101 0x3D

Partner's information:LACP port Admin Oper Port Port

Port Flags Priority Dev ID Age key Key Number StateEt1/0 SP 0 aabb.cc00.3400 2s 0x0 0xC 0x101 0x3CAge of the port in the current state: 0d:00h:02m:39sPort: Et1/1------------Port state = Up Mstr Assoc In-BndlChannel group = 12 Mode = Active Gcchange = -Port-channel = Po12 GC = - Pseudo port-channel = Po12Port index = 0 Load = 0x00 Protocol = LACPFlags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs.


LACP port Admin Oper Port PortPort Flags State Priority Key Key Number StateEt1/1 SA bndl 32768 0xC 0xC 0x102 0x3DPartner's information:

LACP port Admin Oper Port PortPort Flags Priority Dev ID Age key Key Number StateEt1/1 SP 32768 aabb.cc00.3400 1s 0x0 0xC 0x102 0x3C


27/574

25 | P a g e

Age of the port in the current state: 0d:00h:02m:37sPort-channels in the group:---------------------------

Port-channel: Po12 (Primary Aggregator)------------Age of the Port-channel = 0d:00h:03m:42sLogical slot/port = 16/1 Number of ports = 2HotStandBy port = null

Port state = Port-channel Ag-InuseProtocol = LACPPort security = DisabledPorts in the Port-channel:Index Load Port EC state No of bits------+------+------+------------------+-----------0 00 Et1/0 Active 00 00 Et1/1 Active 0

Time since last port bundled: 0d:00h:02m:37s Et1/1

SW2#show etherchannel 12 detailGroup state = L2Ports: 2 Maxports = 16Port-channels: 1 Max Port-channels = 16Protocol: LACPMinimum Links: 0

Ports in the group:-------------------

Port: Et1/0------------Port state = Up Mstr Assoc In-BndlChannel group = 12 Mode = Passive Gcchange = -Port-channel = Po12 GC = - Pseudo port-channel = Po12Port index = 0 Load = 0x00 Protocol = LACPFlags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs.


LACP port Admin Oper Port PortPort Flags State Priority Key Key Number State

Et1/0 SP bndl 0 0xC 0xC 0x101 0x3CPartner's information:

LACP port Admin Oper Port PortPort Flags Priority Dev ID Age key Key Number StateEt1/0 SA 32768 aabb.cc00.3300 23s 0x0 0xC 0x101 0x3DAge of the port in the current state: 0d:00h:01m:14sPort: Et1/1------------Port state = Up Mstr Assoc In-BndlChannel group = 12 Mode = Passive Gcchange = -Port-channel = Po12 GC = - Pseudo port-channel = Po12Port index = 0 Load = 0x00 Protocol = LACPFlags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs.


LACP port Admin Oper Port Port

Port Flags State Priority Key Key Number StateEt1/1 SP bndl 32768 0xC 0xC 0x102 0x3CPartner's information:

LACP port Admin Oper Port PortPort Flags Priority Dev ID Age key Key Number StateEt1/1 SA 32768 aabb.cc00.3300 26s 0x0 0xC 0x102 0x3DAge of the port in the current state: 0d:00h:01m:16s

Port-channels in the group:---------------------------

Port-channel: Po12 (Primary Aggregator)------------Age of the Port-channel = 0d:00h:01m:42sLogical slot/port = 16/1 Number of ports = 2HotStandBy port = nullPort state = Port-channel Ag-InuseProtocol = LACPPort security = Disabled

Ports in the Port-channel:Index Load Port EC state No of bits------+------+------+------------------+-----------


28/574

26 | P a g e

0 00 Et1/0 Passive 00 00 Et1/1 Passive 0

Time since last port bundled: 0d:00h:01m:14s Et1/0Time since last port Un-bundled: 0d:00h:01m:17s Et1/1

SW1#show etherchannel load-balanceEtherChannel Load-Balancing Configuration:

src-dst-mac

EtherChannel Load-Balancing Addresses Used Per-Protocol:Non-IP: Source XOR Destination MAC addressIPv4: Source XOR Destination MAC addressIPv6: Source XOR Destination MAC address

SW1#show spanning-tree summarySwitch is in pvst modeRoot bridge for: VLAN0001, VLAN0111, VLAN0118-VLAN0119, VLAN0811, VLAN0999Extended system ID is enabledPortfast Default is disabledPortFast BPDU Guard Default is disabledPortfast BPDU Filter Default is disabledLoopguard Default is disabledEtherChannel misconfig guard is enabledConfigured Pathcost method used is shortUplinkFast is disabledBackboneFast is disabled

Name Blocking Listening Learning Forwarding STP Active---------------------- -------- --------- -------- ---------- ----------VLAN0001 0 0 0 4 4VLAN0111 0 0 0 2 2VLAN0118 0 0 0 3 3VLAN0119 0 0 0 2 2VLAN0811 0 0 0 3 3VLAN0999 0 0 0 2 2---------------------- -------- --------- -------- ---------- ----------6 vlans 0 0 0 16 16

SW2# show spanning-tree summarySwitch is in pvst modeRoot bridge for: noneExtended system ID is enabledPortfast Default is disabled

PortFast BPDU Guard Default is disabledPortfast BPDU Filter Default is disabledLoopguard Default is disabledEtherChannel misconfig guard is enabledConfigured Pathcost method used is shortUplinkFast is disabledBackboneFast is disabled

Name Blocking Listening Learning Forwarding STP Active---------------------- -------- --------- -------- ---------- ----------VLAN0001 1 0 0 1 2VLAN0111 1 0 0 3 4VLAN0118 1 0 0 1 2VLAN0119 1 0 0 2 3VLAN0811 1 0 0 2 3VLAN0999 1 0 0 1 2---------------------- -------- --------- -------- ---------- ----------6 vlans 6 0 0 10 16


29/574

27 | P a g e

Note: Spanning Tree

The multiple spanning-tree (MST) implementation is based on the IEEE 802.1sstandard.

The per-VLAN spanning-tree plus (PVST+) protocol is based on the IEEE 802.1Dstandard and Cisco proprietary extensions.The rapid per-VLAN spanning-tree plus (rapid-PVST+) protocol based on the IEEE 802.1wstandard.

The STP uses a spanning-tree algorithm to select one switch of a redundantly connected network as the root of the spanning tree.The algorithm calculates the best loop-free path through a switched Layer 2 network by assigning a role to each port based on therole of the port in the active topology:

RootA forwarding port elected for the spanning-tree topologyDesignatedA forwarding port elected for every switched LAN segmentAlternateA blocked port providing an alternate path to the root bridge in the spanning treeBackupA blocked port in a loopback configuration

The stable, active spanning-tree topology of a switched network is controlled by these elements:

The unique bridge ID (switch priority and MAC address) associated with each VLAN on each switch. In a switch stack, allswitches use the same bridge ID for a given spanning-tree instance.

The spanning-tree path cost to the root switch.The port identifier (port priority and MAC address) associated with each Layer 2 interface.

When the switches in a network are powered up, each functions as the root switch. Each switch sends a configuration BPDUthrough all of its ports. The BPDUs communicate and compute the spanning-tree topology. Each configuration BPDU contains thisinformation:

The unique bridge ID of the switch that the sending switch identifies as the root switchThe spanning-tree path cost to the rootThe bridge ID of the sending switchMessage ageThe identifier of the sending interface

When selecting the root port on a switch stack, spanning tree follows this sequence:

Selects the lowest root bridge IDSelects the lowest path cost to the root switchSelects the lowest designated bridge IDSelects the lowest designated path cost

Selects the lowest port ID

*directly from Cisco website


30/574

28 | P a g e

Spanning-Tree MST

All odd VLANs in your network must be assigned to Spanning-tree instance 1

All even VLANs in your network must be assigned to Spanning-tree instance 2

All other VLANs in your network must be assigned to Spanning-tree instance 3

Use domain name as CISCO without the quotes and set revision to the lowest value

Ensure SW1 is root switch for Instance 1 and backup root switch for instance 2

Ensure SW2 is root switch for Instance 2 and backup root switch for instance 1

Ensure that BPDU received on the ports connecting routers have no effect to your spanning tree

decision

Spanning-tree process should wait 30 seconds before it attempts to re-converge if it didnt receive

any spanning-tree configuration messages

Configuration:

SW1

spanning-tree mode mst

spanning-tree mst configuration

name CISCO

revision 1

instance 1 vlan 111, 119, 811, 999

instance 2 vlan 118

instance 3 vlan 1-4094

spanning-tree mst max-age 30

spanning-tree mst 1 root primary

spanning-tree mst 2 root secondary

interface Ethernet 0/0spanning-tree bpduguard disable

spanning-tree guard root

interface Ethernet 0/1

spanning-tree bpduguard disable


interface Ethernet 0/2



SW2

spanning-tree mode mst

spanning-tree mst configuration

name CISCO

revision 1

instance 1 vlan 111, 119, 811, 999

instance 2 vlan 118

instance 3 vlan 1-4094

spanning-tree mst max-age 30

spanning-tree mst 2 root primary

spanning-tree mst 1 root secondary

interface Ethernet0/0



31/574

29 | P a g e














Verification:

SW1#show spanning-tree summarySwitch is in mst mode (IEEE Standard)Root bridge for: MST0-MST1, MST3Extended system ID is enabledPortfast Default is disabledPortFast BPDU Guard Default is disabledPortfast BPDU Filter Default is disabledLoopguard Default is disabledEtherChannel misconfig guard is enabledConfigured Pathcost method used is short (Operational value is long)UplinkFast is disabledBackboneFast is disabledName Blocking Listening Learning Forwarding STP Active---------------------- -------- --------- -------- ---------- ----------MST0 0 0 0 6 6

MST1 0 0 0 3 3MST2 1 0 0 2 3MST3 0 0 0 4 4

cciev5 configuration troubleshooting lab 1 4 questions solutions v1 release

Documents