CCIE RS Lab Bootcamp Workbook - Khawar Butt

CCIE R/S Lab Bootcamp Workbook Authored By:

Khawar Butt CCIE # 12353 (R/S, Security, SP, Voice)

CCIE R/S Lab Bootcamp Workbook

Netmetric Solutions http://www.netmetric-solutions.com Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

1 of 229

Module 1 – Frame Relay

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

2 of 229

Lab 1 – Hub-n-Spoke using Frame-relay map statements

R1

R2

R4 Frame-Relay

R3

IP addressing and DLCI information Chart Routers

IP address

Local DLCI

Connecting to:

R1

S0/0: 192.1.234.1/24

R2

S0/0: 192.1.234.2 /24

102 103 104 201

R2 R3 R4 R1

R3

S0/0: 192.1.234.3 /24

301

R1

R4

S0/0: 192.1.234.4 /24

401

R1

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

3 of 229

Task 1 Configure the frame-relay cloud in a hub and spoke topology using frame-relay map statements. The frame-relay switch is configured in a full mesh; these routers should NOT reply to inverse-arp inquiries.

R1

R2

Int S0/0 Ip address 192.1.234.1 255.255.255.0 Encapsulation frame Frame-relay map ip 192.1.234.2 102 b Frame-relay map ip 192.1.234.3 103 b Frame-relay map ip 192.1.234.4 104 b No frame-relay inverse-arp No shut R3

Int S0/0 Ip address 192.1.234.2 255.255.255.0 Encapsulation frame Frame-relay map ip 192.1.234.1 201 b No frame-relay inverse-arp No shut

R4

Int s0/0 Ip address 192.1.234.3 255.255.255.0 Encapsulation frame Frame-relay map ip 192.1.234.1 301 b No frame-relay inverse-arp No shut

Int s0/0 Ip address 192.1.234.4 255.255.255.0 Encapsulation frame Frame-relay map ip 192.1.234.1 401 b No frame-relay inverse-arp No shut

Task 2 Ensure that every router can ping every address connected to the frame-relay cloud including their own. R1

R2

Int S0/0 Frame-relay map ip 192.1.234.1 102

R3

Int S0/0 Frame-relay map ip 192.1.234.3 201 Frame-relay map ip 192.1.234.4 201 Frame-relay map ip 192.1.234.2 201 R4

Int S0/0 Frame-relay map ip 192.1.234.2 301 Frame-relay map ip 192.1.234.4 301 Frame-relay map ip 192.1.234.3 301

Int S0/0 Frame-relay map ip 192.1.234.2 401 Frame-relay map ip 192.1.234.3 401 Frame-relay map ip 192.1.234.4 401

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

4 of 229

Task 3 Erase the startup config and reload the routers before proceeding to the next lab.

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

5 of 229

Lab 2 –Configuring Frame-relay point-to-point sub-interfaces

R1

R2

R4 Frame-Relay

R3

IP addressing and DLCI information Chart Routers

IP address

Local DLCI

Connecting to:

R1

R2

S0/0.12: 192.1.12.1/24 S0/0.13: 192.1.13.1/24 S0/0.14: 192.1.14.1/24 S0/0.21: 192.1.12.2/24

102 103 104 201

R2 R3 R4 R1

R3

S0/0.31: 192.1.13.3 /24

301

R1

R4

S0/0.41: 192.1.14.4 /24

401

R1

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

6 of 229

Task 1 Configure the frame-relay cloud in a hub and spoke topology; the routers should be configured in a point-to-point configuration. R1

R2

Int S0/0 Encap frame-relay No shut Exit ! Int S0/0.12 point-to-point Ip address 192.1.12.1 255.255.255.0 Frame-relay interface-dlci 102 ! Int S0/0.13 point-to-point Ip address 192.1.13.1 255.255.255.0 Frame-relay interface-dlci 103 ! Int S0/0.14 point-to-point Ip address 192.1.14.1 255.255.255.0 Frame-relay interface-dlci 104 R3

Int S0/0 Encap frame-relay No shut Exit ! Int S0/0.21 point-to-point Ip address 192.1.12.2 255.255.255.0 Frame-relay interface-dlci 201

Int S0/0 Encap frame-relay No shut Exit ! Int S0/0.31 point-to-point Ip address 192.1.13.3 255.255.255.0 Frame-relay interface-dlci 301

Int S0/0 Encap frame-relay No shut Exit ! Int S0/0.41 point-to-point Ip address 192.1.14.4 255.255.255.0 Frame-relay interface-dlci 401

R4

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

7 of 229

Lab 3 – Point-to-point and Multipoint

R1

R2

R4 Frame-Relay

R3 Task 1 Configure the routers connected to the frame-relay cloud as follows: o R1 (The HUB) must be configured with two sub-interfaces, one of the two sub-interfaces must be configured to connect R1 to R4, this sub-interface should be configured in a point-to-point manner using the following IP addressing: R1 = 192.1.14.1 /24, and R4 = 192.1.14.4 /24. o The second sub-interface on R1 must be configured in a multipoint manner, and this sub-interface must be configured to connect R1 to routers R2 and R3 using the following IP addressing: R1 = 192.1.123.1 /24, R2 = 192.1.123.2 /24 and R3 = 192.1.123.3 /24 o Make sure that you are pretending that R1 is not a Cisco router when configuring the Encapsulation Framing. Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

8 of 229

o Routers R2, R3 should not be configured with a sub-interface and these routers should NOT rely on Inverse-arp. o R4 should be configured with a sub-interface in a point-to-point manner. o The routers connecting to the frame-relay cloud should be configured in a hub and spoke, with R1 being the hub and R2, R3 and R4 the spokes. o Ensure that the routers can ping every IP address including their own within their IP address space. R1

R2

Int S0/0 Encapsulation frame-relay ietf No frame-relay inverse No shut ! Int S0/0.14 point-to-point Ip address 192.1.14.1 255.255.255.0 Frame-relay interface-dlci 104 ! Int S0/0.123 multipoint Ip address 192.1.123.1 255.255.255.0 Frame-relay map ip 192.1.123.1 102 Frame-relay map ip 192.1.123.2 102 b Frame-relay map ip 192.1.123.3 103 b R3

Int S0/0 Ip address 192.1.123.2 255.255.255.0 Encapsulation frame No frame-relay inverse Frame-relay map ip 192.1.123.1 201 ietf b Frame-relay map ip 192.1.123.3 201 ietf Frame-relay map ip 192.1.123.2 201 ietf No shut Exit

R4

Int S0/0 Int S0/0 Encapsulation frame Encap frame Ip address 192.1.123.3 255.255.255.0 No frame-relay inverse Frame-relay map ip 192.1.123.1 301 ietf b No shut Frame-relay map ip 192.1.123.2 301 ietf ! Frame-relay map ip 192.1.123.3 301 ietf Inter S0/0.41 point-to-point No frame-relay inverse Ip address 192.1.14.4 255.255.255.0 No shut Frame-relay interface 401 ietf Task 2 Ensure that R1 and R4 use CHAP authentication using Cisco as the password. These routers must authenticate each other before they can communicate.

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

9 of 229

R1

R4

Username R4 password Cisco

Username R1 password Cisco

Interface S0/0.14 No ip address

Inter S0/0.41 No ip address

Inter virtual-template 1 Ip address 192.1.14.1 255.255.255.0 Ppp authentication chap

Inter virtual-template 1 Ip address 192.1.14.4 255.255.255.0 Ppp authentication chap

Int S0/0.14 Frame-relay interface-dlci 104 ppp virtualtemplate 1

Int S0/0.41 Frame-relay interface-dlci 401 ppp virtualtemplate 1

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

10 of 229

Module 2 – Basic Switching

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

11 of 229

Lab 1 Basic 3550 Configuration

R5 F 0/0 (.5) 192.1.15.0/24 VLAN 10 F 0/0.1 (.1)

R1 F 0/0.2 (.1) 192.1.13.0/24 VLAN 20

F0/0.1 (.3)

R3 F0/0.2 (.3) 192.1.34.0/24 VLAN 30

VLAN 30 (.15)

F 0/0 (.4)

R4

SW1 VLAN 40 (.15)

192.1.2.0/24 VLAN 40

F 0/0 (.2)

R2

Task 1 Configure Switch1 as the VTP Server and the other Switch(s) as VTP Clients. Use CCIE as the Domain name. Authenticate the relationship using CCIERS as the password.

Switch1

Switch2

VTP domain CCIE VTP mode server VTP password CCIERS

VTP domain CCIE VTP mode client VTP password CCIERS

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

12 of 229

Switch3

Switch4

VTP domain CCIE VTP mode client VTP password CCIERS

VTP domain CCIE VTP mode client VTP password CCIERS

Task 2 Ensure that you can enhances network bandwidth use through the trunk ports by reducing the unnecessary traffic flooding of VLANs throughout the switches in your network.

All Switches Vtp pruning Task 3 Ensure that the Trunk ports of your Rack are statically configured to trunk using an industry standard protocol. Configure these ports such that they will trunk even if the negotiation fails. Also make sure to disable DTP on the trunk interfaces.

All Switches Interface range F0/XX – XX Switchport trunk encapsulation dot1q Switchport mode trunk Switchport nonegotiate Task 4 Assign Ports to the appropriate VLANs based on the Network Diagram. Use the physical topology diagram for your rack to accomplish this. Make sure the ports are either set to Trunk or Access statically.

SwitchX interface F0/XX Switchport mode access Switchport access vlan XX ! interface F0/XX Switchport trunk encapsulation dot1q Swithcport mode trunk Task 5 Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

13 of 229

Enable flow-control on SW1 interface fa0/2 and make sure that when the router connected to this port announce congestion, the switch should reduce it's throughput for this port.

Switch1 interface F0/2 flowcontrol receive on

Task 6 Test by pinging directly connected interfaces on each router or Switch1.

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

14 of 229

Module 3 – RIP V2

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

15 of 229

Lab 1 – Basic RIP V2 Configuration Note: It builds on the topology created in the previous lab. Lab Objective: Task 1 Configure Loopback 0 on all routers and Switch1. Use the format of X.X.X.X/8 for the IP address of the loopback. Use 15 for Switch1. Task 2 Configure RIP V2 on all Devices to advertise all directly connected networks. Disable Auto-summary. R1

R2

Router Rip Version 2 No auto-summary Network 1.0.0.0 Network 192.1.13.0 Network 192.1.15.0 R3

Router Rip Version 2 No auto-summary Network 2.0.0.0 Network 192.1.2.0

Router Rip Version 2 No auto-summary Network 3.0.0.0 Network 192.1.34.0 Network 192.1.13.0 R5

Router Rip Version 2 No auto-summary Network 4.0.0.0 Network 192.1.34.0

Router Rip Version 2 No auto-summary Network 5.0.0.0 Network 192.1.15.0

IP Routing ! Router RIP Version 2 No auto-summary Network 15.0.0.0 Network 192.1.2.0 Network 192.1.34.0

R4

Switch1

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

16 of 229

Lab 2 – RIP V2 Authentication (Builds on Lab1) Lab Objective: Task 1 Configure Clear Text authentication between R1 and R5. Use ccie as the key-string with a key-id of 1. R1

R5

Key chain AUTH Key 1 Key-string ccie ! Interface F 0/0.1 Ip rip authentication key-chain AUTH

Key chain AUTH Key 1 Key-string ccie ! Interface F 0/0 Ip rip authentication key-chain AUTH

Task 2 Configure MD5 authentication for all links except the previously configured link between R1 and R5. Use the same key and key-string. R1

R2

Interface F 0/0.2 Ip rip authentication key-chain AUTH IP rip authentication mode MD5

Key chain AUTH Key 1 Key-string ccie ! Interface F 0/0 Ip rip authentication key-chain AUTH Ip rip authentication mode MD5 R4

R3 Key chain AUTH Key 1 Key-string ccie ! Interface F 0/0.1 Ip rip authentication key-chain AUTH IP rip authentication mode MD5 ! Interface F 0/0.2 Ip rip authentication key-chain AUTH IP rip authentication mode MD5

Key chain AUTH Key 1 Key-string ccie ! Interface F 0/0 Ip rip authentication key-chain AUTH Ip rip authentication mode MD5

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

17 of 229

Switch 1 Key chain AUTH Key 1 Key-string ccie ! Interface VLAN 30 Ip rip authentication key-chain AUTH Ip rip authentication mode MD5 ! Interface VLAN 40 Ip rip authentication key-chain AUTH Ip rip authentication mode MD5

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

18 of 229

Lab 9 – IP Triggered Lab 3 RIP – Route Filtering

using Distribute Lists

(Builds on Lab 2) Lab Objective: Task 1 Configure the following Loopback Interfaces on R3 and advertise them under RIP: Loopback 21: 201.1.1.1/24 Loopback 22: 201.1.2.1/24 Loopback 23: 201.1.3.1/24 Loopback 24: 201.1.4.1/24 Loopback 25: 201.1.5.1/24 Loopback 26: 201.1.6.1/24

R3 Interface loopback 21 Ip address 201.1.1.1 255.255.255.0 Interface loopback 22 Ip address 201.1.2.1 255.255.255.0 Interface loopback 23 Ip address 201.1.3.1 255.255.255.0 Interface loopback 24 Ip address 201.1.4.1 255.255.255.0 Interface loopback 25 Ip address 201.1.5.1 255.255.255.0 Interface loopback 26 Ip address 201.1.6.1 255.255.255.0 ! Router RIP Network 201.1.1.0 Network 201.1.2.0 Network 201.1.3.0 Network 201.1.4.0 Network 201.1.5.0 Network 201.1.6.0 Task 2 R1 should only receive routes from the 201.1.X.0 range that have an even number in the 3rd Octet. Use the minimum number of lines possible to accomplish this task. No Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

19 of 229

configuration should be done on R1. Make sure R4 and Switch1 receive all 201.1.X.0 routes. R3 Access-list 2 deny 201.1.1.0 0.0.254.255 Access-list 2 permit any ! Router RIP Distribute-list 2 out F0/0.1

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

20 of 229

Lab 4 – Route Filtering using Prefix-List (Builds on Lab 3) Lab Objective: Task 1 Configure the following Loopback Interfaces on R5 and advertise them under RIP: Loopback 21: 150.50.1.1/24 Loopback 22: 150.50.2.1/24 Loopback 23: 150.50.3.1/24 Loopback 24: 205.1.1.33/27 Loopback 25: 206.1.1.17/28 Loopback 26: 107.1.1.1/16 R5 Interface loopback 21 Ip address 150.50.1.1 255.255.255.0 Interface loopback 22 Ip address 150.50.2.1 255.255.255.0 Interface loopback 23 Ip address 150.50.3.1 255.255.255.0 Interface loopback 24 Ip address 205.1.1.33 255.255.255.224 Interface loopback 25 Ip address 206.1.1.1 255.255.255.240 Interface loopback 26 Ip address 107.1.1.1 255.255.0.0 ! Router Rip Network 150.50.0.0 Network 205.1.1.0 Network 206.1.1.0 Network 107.0.0.0 Task 2 R1 should only receive prefixes with a prefix-length of 8 to 24 from R5. Configure the Filtering on R1.

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

21 of 229

R1 ip prefix-list VALID-PREF seq 5 permit 0.0.0.0/0 ge 8 le 24 ! Router RIP distribute-list prefix VALID-PREF in F0/0.1

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

22 of 229

Lab 5 – Route Summarization with RIP (Builds on Lab 4) Lab Objective: Task 1 Configure the following Loopback Interfaces on Switch1 and advertise them under RIP: Loopback 41: 154.1.8.1/24 Loopback 42: 154.1.9.1/24 Loopback 43: 154.1.10.1/24 Loopback 44: 154.1.11.1/24 Loopback 45: 154.1.12.1/24 Loopback 46: 154.1.13.1/24 Loopback 47: 154.1.14.1/24 Loopback 48: 154.1.15.1/24 Switch1 Interface loopback 41 Ip address 154.1.8.1 255.255.255.0 Interface loopback 42 Ip address 154.1.9.1 255.255.255.0 Interface loopback 43 Ip address 154.1.10.1 255.255.255.0 Interface loopback 44 Ip address 154.1.11.1 255.255.255.0 Interface loopback 45 Ip address 154.1.12.1 255.255.255.0 Interface loopback 46 Ip address 154.1.13.1 255.255.255.0 Interface loopback 47 Ip address 154.1.14.1 255.255.255.0 Interface loopback 48 Ip address 154.1.15.1 255.255.255.0 ! Router Rip Network 154.1.0.0 Task 2

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

23 of 229

Ensure that all routers except R2 only get a summary route from Switch1 for the new Loopback interfaces that were created in Task 1. R2 should get all the specific routes. Do not eable auto summary on Switch1. Switch1 int VLAN 30 ip summary-address rip 154.1.8.0 255.255.248.0

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

24 of 229

Module 4 – EIGRP

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

25 of 229

Lab 1 – Basic EIGRP Configuration

R1 Loopback 0

R2 E 0/0

E 0/0

Loopback 0

S 0/0 S 0/0

Loopback 0

E 0/0

E 0/0

R4

Loopback 0 R3

Interface IP Address Configuration R1 Interface Loopback 0 E 0/0

IP Address 1.1.1.1 192.1.12.1

Subnet Mask 255.0.0.0 255.255.255.0

IP Address 2.2.2.2 192.1.12.2 192.1.23.2

Subnet Mask 255.0.0.0 255.255.255.0 255.255.255.0

IP Address 3.3.3.3 192.1.23.3 192.1.34.3

Subnet Mask 255.0.0.0 255.255.255.0 255.255.255.0

R2 Interface Loopback 0 E 0/0 S 0/0 R3 Interface Loopback 0 S 0/0 E 0/0

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

26 of 229

R4 Interface Loopback 0 E 0/0

IP Address 4.4.4.4 192.1.34.4

Subnet Mask 255.0.0.0 255.255.255.0

Lab Objective: Task 1 Configure the interfaces with the appropriate addresses. Configure the Serial interfaces between R2 and R3 using Frame Relay. Configure the interface as a Regular Frame Relay interface. Configure the Frame Relay mapping manually. R1

R2

Interface Loopback 0 Ip address 1.1.1.1 255.0.0.0 Interface E 0/0 Ip address 192.1.12.1 255.255.255.0 No shut

Interface Loopback 0 Ip address 2.2.2.2 255.0.0.0 Interface E 0/0 Ip address 192.1.12.2 255.255.255.0 No shut Interface S 0/0 Ip address 192.1.23.2 255.255.255.0 Encap frame-relay No frame-relay inverse-arp Frame-relay map ip 192.1.23.3 203 broad No shut R4

R3 Interface Loopback 0 Ip address 3.3.3.3 255.0.0.0 Interface E 0/0 Ip address 192.1.34.3 255.255.255.0 No shut Interface S 0/0 Ip address 192.1.23.3 255.255.255.0 Encap frame-relay No frame-relay inverse-arp Frame-relay map ip 192.1.23.2 302 broad No shut

Interface Loopback 0 Ip address 4.4.4.4 255.0.0.0 Interface E 0/0 Ip address 192.1.34.4 255.255.255.0 No shut

Task 2 Configure EIGRP on all 4 routers in AS 12353. Disable Auto-summary.

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

27 of 229

R1

R2

Router EIGRP 12353 No auto-summary Network 1.0.0.0 Network 192.1.12.0

Router EIGRP 12353 No auto-summary Network 2.0.0.0 Network 192.1.12.0 Network 192.1.23.0 R4

R3 Router EIGRP 12353 No auto-summary Network 3.0.0.0 Network 192.1.34.0 Network 192.1.23.0

Router EIGRP 12353 No auto-summary Network 4.0.0.0 Network 192.1.34.0

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

28 of 229

Lab 2 – EIGRP Authentication (Builds on Lab1) Lab Objective: Task 1 Configure MD5 authentication for all links. Use ccie as the key-string with a key-id of 1. R1

R2

Key chain AUTH Key 1 Key-string ccie ! Interface E 0/0 Ip authentication key-chain eigrp 12353 AUTH Ip authentication mode eigrp 12353 MD5

Key chain AUTH Key 1 Key-string ccie ! Interface S 0/0 Ip authentication key-chain eigrp 12353 AUTH Ip authentication mode eigrp 12353 MD5 ! Interface E 0/0 Ip authentication key-chain eigrp 12353 AUTH Ip authentication mode eigrp 12353 MD5 R4

R3 Key chain AUTH Key 1 Key-string ccie ! Interface S 0/0 Ip authentication key-chain eigrp 12353 AUTH Ip authentication mode eigrp 12353 MD5 ! Interface E 0/0 Ip authentication key-chain eigrp 123453 AUTH Ip authentication mode eigrp 12353 MD5

Key chain AUTH Key 1 Key-string ccie ! Interface E 0/0 Ip authentication key-chain eigrp 12353 AUTH Ip authentication mode eigrp 12353 MD5

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

29 of 229

Lab 9Lab – IP RIP 3 – Triggered Advanced

EIGRP Configurations

(Builds on Lab 2) Lab Objective: Task 1 Configure all routers such that they advertise EIGRP routes with greater than 110 hops as unreachable. R1

R2

router eigrp 12353 metric maximum-hops 110 R3

router eigrp 12353 metric maximum-hops 110 R4

router eigrp 12353 metric maximum-hops 110

router eigrp 12353 metric maximum-hops 110

Task 2 Change the administrative distance of all internal and external EIGRP networks to be 95. R1

R2

router eigrp 12353 distance eigrp 95 95 R3

router eigrp 12353 distance eigrp 95 95 R4

router eigrp 12353 distance eigrp 95 95

router eigrp 12353 distance eigrp 95 95

Task 3 Ensure that R2 never uses more than 45% of the bandwidth for EIGRP updates; you should use an EIGRP specific command to accomplish this task. R2 Interface S 0/0 ip bandwidth-percent eigrp 12353 45 Interface E 0/0 ip bandwidth-percent eigrp 12353 45 Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

30 of 229

Task 4 The Serial link between R3 and R2 sometimes is experiencing congestion and most of the time R3 declares R2 in Stuck-In-Active. Change the time that R3 will wait after sending a query to R2, before declaring the routes on R2 to be in SIA state to 10 minutes. R3 Router eigrp 12353 Timers active-time 10

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

31 of 229

Lab 4 – Route Filtering using Distribute Lists (Builds on Lab 3) Lab Objective: Task 1 Configure the following Loopback Interfaces on R2 and advertise them in EIGRP: Loopback 21: 201.1.1.1/24 Loopback 22: 201.1.2.1/24 Loopback 23: 201.1.3.1/24 Loopback 24: 201.1.4.1/24 Loopback 25: 201.1.5.1/24 Loopback 26: 201.1.6.1/24

R2 Interface loopback 21 Ip address 201.1.1.1 255.255.255.0 Interface loopback 22 Ip address 201.1.2.1 255.255.255.0 Interface loopback 23 Ip address 201.1.3.1 255.255.255.0 Interface loopback 24 Ip address 201.1.4.1 255.255.255.0 Interface loopback 25 Ip address 201.1.5.1 255.255.255.0 Interface loopback 26 Ip address 201.1.6.1 255.255.255.0 ! Router EIGRP 12353 Network 201.1.1.0 Network 201.1.2.0 Network 201.1.3.0 Network 201.1.4.0 Network 201.1.5.0 Network 201.1.6.0 Task 2 R1 should only receive routes from the 201.1.X.0 range that have an even number in the 3rd Octet. Use the minimum number of lines possible to accomplish this task. No configuration should be done on R1. Make sure R3 and R4 receive all 201.1.X.0 routes. Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

32 of 229

R2 Access-list 2 deny 201.1.1.0 0.0.254.255 Access-list 2 permit any ! Router EIGRP 12353 Distribute-list 2 out E 0/0

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

33 of 229

Lab 5 – Route Filtering using Prefix-List (Builds on Lab 4) Lab Objective: Task 1 Configure the following Loopback Interfaces on R3 and advertise them under EIGRP: Loopback 21: 150.50.1.1/24 Loopback 22: 150.50.2.1/24 Loopback 23: 150.50.3.1/24 Loopback 24: 205.1.1.33/27 Loopback 25: 206.1.1.17/28 Loopback 26: 107.1.1.1/16 R3 Interface loopback 21 Ip address 150.50.1.1 255.255.255.0 Interface loopback 22 Ip address 150.50.2.1 255.255.255.0 Interface loopback 23 Ip address 150.50.3.1 255.255.255.0 Interface loopback 24 Ip address 205.1.1.33 255.255.255.224 Interface loopback 25 Ip address 206.1.1.1 255.255.255.240 Interface loopback 26 Ip address 107.1.1.1 255.255.0.0 ! Router EIGRP 12353 Network 150.50.0.0 Network 205.1.1.0 Network 206.1.1.0 Network 107.0.0.0 Task 2 R4 should only receive prefixes with a prefix-length of 8 to 24 from R3. R4 ip prefix-list VALID-PREF seq 5 permit 0.0.0.0/0 ge 8 le 24 Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

34 of 229

! Router EIGRP 12353 distribute-list prefix VALID-PREF in F0/0

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

35 of 229

Lab 6 – Route Summarization with EIGRP (Builds on Lab 5) Lab Objective: Task 1 Configure the following Loopback Interfaces on R3 and advertise them under EIGRP: Loopback 41: 194.1.8.1/24 Loopback 42: 194.1.9.1/24 Loopback 43: 194.1.10.1/24 Loopback 44: 194.1.11.1/24 Loopback 45: 194.1.12.1/24 Loopback 46: 194.1.13.1/24 Loopback 47: 194.1.14.1/24 Loopback 48: 194.1.15.1/24 R3 Interface loopback 41 Ip address 194.1.8.1 255.255.255.0 Interface loopback 42 Ip address 194.1.9.1 255.255.255.0 Interface loopback 43 Ip address 194.1.10.1 255.255.255.0 Interface loopback 44 Ip address 194.1.11.1 255.255.255.0 Interface loopback 45 Ip address 194.1.12.1 255.255.255.0 Interface loopback 46 Ip address 194.1.13.1 255.255.255.0 Interface loopback 47 Ip address 194.1.14.1 255.255.255.0 Interface loopback 48 Ip address 194.1.15.1 255.255.255.0 ! Router EIGRP 12353 Network 194.1.8.0 Network 194.1.9.0 Network 194.1.10.0 Network 194.1.110 Network 194.1.12.0 Network 194.1.13.0 Network 194.1.14.0 Network 194.1.150 Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

36 of 229

Task 2 Ensure that all routers only get a summary route from R3 for the new Loopback interfaces that were created in Task 1. R3 should NOT enable auto summary. R3 int E0/0 ip summary-address eigrp 12353 194.1.8.0 255.255.248.0 ! int S0/0 ip summary-address eigrp 12353 194.1.8.0 255.255.248.0

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

37 of 229

Lab 7 – Route Summarization with EIGRP (Builds on Lab 6) Task 1 R1 is a low end spoke router that has low bandwith connection to the hub. Ensure that eigrp queries are not sent to the spoke. The hub needs reachibility for the loopback of R1. Do not use the "network" statement to advertise the loopback address on R1. R1 Route-map REDCON permit 10 Match interface Loopback0 Router EIGRP 12353 No auto-summary Network 192.1.12.0 Eigrp stub connected Redistribute connected route-map REDCON

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

38 of 229

Module 5 – OSPF

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

39 of 229

Lab 1 – Basic OSPF Configuration on BMA R1

R2

Loopback 0

Loopback 0 E 0/0

E 0/0

Loopback 0

Loopback 0

E 0/0

E 0/0

R3

R4

Interface IP Address Configuration R1 Interface Loopback 0 E 0/0

IP Address 1.1.1.1 100.0.0.1

Subnet Mask 255.0.0.0 255.0.0.0

IP Address 2.2.2.2 100.0.0.2

Subnet Mask 255.0.0.0 255.0.0.0

IP Address 3.3.3.3 100.0.0.3

Subnet Mask 255.0.0.0 255.0.0.0

IP Address 4.4.4.4 100.0.0.4

Subnet Mask 255.0.0.0 255.0.0.0

R2 Interface Loopback 0 E 0/0 R3 Interface Loopback 0 E 0/0 R4 Interface Loopback 0 E 0/0

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

40 of 229

Lab Objective: Configure the Interface IP addresses based on the above table Task 1 Configure OSPF on a Broadcast Multi-Access(BMA) Ethernet network in Area 0. Advertise all networks on all routers. Hard Code the Router-id based on the following: R1 – 11.11.11.11 R2 – 22.22.22.22 R3 – 33.33.33.33 R4 – 44.44.44.44 R1

R2

Router OSPF 1 Router-id 11.11.11.11 Network 1.0.0.0 0.255.255.255 area 0 Network 100.0.0.0 0.255.255.255 area 0 R3

Router OSPF 1 Router-id 22.22.22.22 Network 2.0.0.0 0.255.255.255 area 0 Network 100.0.0.0 0.255.255.255 area 0 R4

Router OSPF 1 Router-id 33.33.33.33 Network 3.0.0.0 0.255.255.255 area 0 Network 100.0.0.0 0.255.255.255 area 0

Router OSPF 1 Router-id 44.44.44.44 Network 4.0.0.0 0.255.255.255 area 0 Network 100.0.0.0 0.255.255.255 area 0

Task 2 Configure the routers such that R1 becomes the DR and R2 as the BDR on the 100 Network. R1

R2

Interface E 0/0 Ip ospf priority 100

Interface E 0/0 Ip ospf priority 50

Note: Shut the Switch interface that connect to the routers using the Interface Range command and bring them back up to reset the DR/BDR setup.

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

41 of 229

Lab 2 – OSPF and Frame Relay

R1

R2

R4 Frame-Relay

R3

Task 1 Configure the following loopback on all the routers: R1 – Loopback 0 – 1.1.1.1/8 R2 – Loopback 0 – 2.2.2.2/8 R3 – Loopback 0 – 3.3.3.3/8 R4 – Loopback 0 – 4.4.4.4/8 R1

R2

Interface Loopback 0 Ip address 1.1.1.1 255.0.0.0 R3

Interface Loopback 0 Ip address 2.2.2.2 255.0.0.0 R4

Interface Loopback 0 Ip address 3.3.3.3 255.0.0.0

Interface Loopback 0 Ip address 4.4.4.4 255.0.0.0

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

42 of 229

Task 2 Configure the link between R1 and R4 using Frame Relay. Keep in mind that R1 will also be connected to R2 and R3 over a Multipoint interface. Do not create any subinterfaces on R4. Do not rely on Inverse ARP for Frame Relay mappings. Do not use the Frame-relay map command on R1 for this task. Use 192.1.14.0/24 as the network for this link. R1

R4

Interface S 0/0 Encap frame-relay No frame-relay inverse-ARP No shut Interface S0/0.4 point-to-point Ip address 192.1.14.1 255.255.255.0 Frame-relay interface-dlci 104

Interface S0/0 Ip address 192.1.14.4 255.255.255.0 Encap frame-relay No frame-relay inverse-arp Frame-relay map ip 192.1.14.1 401 broad No shut

Task 3 Configure the link between R1, R2 and R3 using Frame Relay. This link should be a multipoint link Do not create any sub-interfaces on R2 and R3. Do not rely on Inverse ARP for Frame Relay mappings. Use 192.1.123.0/24 as the network for this link. All routers should be able to ping each other and their own local frame-relay interfaces. R1

R2

Interface S0/0.23 multipoint Ip address 192.1.123.1 255.255.255.0 Frame-relay map ip 192.1.123.1 102 Frame-relay map ip 192.1.123.2 102 broad Frame-relay map ip 192.1.123.3 103 broad

Interface S0/0 Ip address 192.1.123.2 255.255.255.0 Encap frame-relay No frame-relay inverse-arp Frame-relay map ip 192.1.123.1 201 broad Frame-relay map ip 192.1.123.2 201 Frame-relay map ip 192.1.123.3 201 No shut

R3 Interface S0/0 Ip address 192.1.123.3 255.255.255.0 Encap frame-relay No frame-relay inverse-arp Frame-relay map ip 192.1.123.1 301 broad Frame-relay map ip 192.1.123.2 301 Frame-relay map ip 192.1.123.3 301 No shut Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

43 of 229

Task 4 Configure OSPF in Area 0 as the routing protocol between R1, R2, R3 and R4. All loopback networks should be visible in all routing tables. They should be using a /8 mask. Hard-code the router ID based on the Loopback 0 addresses. Do not use the OSPF network type broadcast on any of the Frame Relay links. Do not use the Neighbor command for this task. R1

R2

Interface S0/0.23 Ip ospf network point-to-multipoint ! Interface Loopback 0 Ip ospf network point-to-point ! Router OSPF 1 Router-id 1.1.1.1 Network 1.0.0.0 0.255.255.255 area 0 Network 192.1.123.0 0.0.0.255 area 0 Network 192.1.14.0 0.0.0.255 area 0 R3

Interface S0/0 Ip ospf network point-to-multipoint ! Interface Loopback 0 Ip ospf network point-to-point ! Router OSPF 1 Router-id 2.2.2.2 Network 2.0.0.0 0.255.255.255 area 0 Network 192.1.123.0 0.0.0.255 area 0 R4

Interface S0/0 Ip ospf network point-to-multipoint ! Interface Loopback 0 Ip ospf network point-to-point ! Router OSPF 1 Router-id 3.3.3.3 Network 3.0.0.0 0.255.255.255 area 0 Network 192.1.123.0 0.0.0.255 area 0

Interface S0/0 Ip ospf network point-to-point ! Interface Loopback 0 Ip ospf network point-to-point ! Router OSPF 1 Router-id 4.4.4.4 Network 4.0.0.0 0.255.255.255 area 0 Network 192.1.14.0 0.0.0.255 area 0

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

44 of 229

Lab 3 – Virtual Link

R1 Lo 0

R2 E 0/0

Lo 0

E 0/0 192.1.12.0/24 S 0/0

R4 192.1.234.0/24

Switch 1

S 0/0 192.1.3.0/24

Lo 0

VLAN 3

Lo 0

E 0/0 R3

VLAN 5 192.1.5.0/24

R5

R1 Interface Loopback 0 E 0/0

IP Address 1.1.1.1 192.1.12.1

Subnet Mask 255.0. 0.0 255.255.255.0

IP Address 192.1.12.2 192.1.234.2 2.2.2.2

Subnet Mask 255.255.255.0 255.255.255.0 255.0.0.0

IP Address 192.1.234.3 192.1.3.3 3.3.3.3

Subnet Mask 255.255.255.0 255.255.255.0 255.0.0.0

R2 Interface E 0/0 S 0/0 Loopback 0 R3 Interface S 0/0 E 0/0 Loopback 0

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

45 of 229

R4 Interface Loopback 0 S 0/0

IP Address 4.4.4.4 192.1.234.4

Subnet Mask 255.0.0.0 255.255.255.0

IP Address 5.5.5.5 192.1.5.5

Subnet Mask 255.0.0.0 255.255.255.0

IP Address 55.55.55.55 192.1.3.33 192.1.5.55

Subnet Mask 255.0.0.0 255.255.255.0 255.255.255.0

R5 Interface Loopback 0 E 0/0 Switch 1 Interface Loopback 0 VLAN 3 VLAN 5 Interface Configuration R1

R2

interface Loopback0 ip address 1.1.1.1 255.0.0.0 ! interface Ethernet0/0 ip address 192.1.12.1 255.255.255.0 no shutdown

R3

interface Loopback0 ip address 2.2.2.2 255.0.0.0 ! interface Ethernet0/0 ip address 192.1.12.2 255.255.255.0 no shut down ! interface Serial0/0 ip address 192.1.234.2 255.255.255.0 encapsulation frame-relay frame-relay map ip 192.1.234.3 203 broadcast frame-relay map ip 192.1.234.4 204 broadcast no frame-relay inverse-arp no shutdown R4

interface Loopback0 ip address 3.3.3.3 255.0.0.0 ! interface Ethernet0/0 ip address 192.1.3.3 255.255.255.0 no shutdown !

interface Loopback0 ip address 4.4.4.4 255.0.0.0 ! interface Serial0/0 ip address 192.1.234.4 255.255.255.0 encapsulation frame-relay frame-relay map ip 192.1.234.2 402 broadcast

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

46 of 229

interface Serial0/0 ip address 192.1.234.3 255.255.255.0 encapsulation frame-relay frame-relay map ip 192.1.234.2 302 broadcast frame-relay map ip 192.1.234.4 302 no frame-relay inverse-arp no shutdown R5 interface Loopback0 ip address 5.5.5.5 255.0.0.0 ! interface Ethernet0/0 ip address 192.1.5.5 255.255.255.0 no shutdown

frame-relay map ip 192.1.234.3 402 no frame-relay inverse-arp no shutdown

Switch interface Loopback0 ip address 55.55.55.55 255.0.0.0 ! interface Vlan3 ip address 192.1.3.33 255.255.255.0 no shutdown ! interface Vlan5 ip address 192.1.5.55 255.255.255.0 no shutdown

Lab Objective: Task 1 Run OSPF as your Routing Protocol on all Routers and the Switch. Advertise the networks in the following areas: Area 0 – R1 Loopback 0, R1 E 0/0, R2 E 0/0, R2 Loopback 0 Area 10 – R2 S 0/0, R3 S 0/0, R3 Loopback 0, R4 S 0/0, R4 Loopback 0 Area 100 – R3 E 0/0, SW VLAN 3, SW VLAN 5, SW Loopback 0, R5 E 0/0, R5 Loopback 0 Configure a Virtual Link between the appropriate devices.

R1

R2

router ospf 1 network 1.0.0.0 0.255.255.255 area 0 network 192.1.12.0 0.0.0.255 area 0

router ospf 1 router-id 2.2.2.2 area 10 virtual-link 3.3.3.3 network 2.0.0.0 0.255.255.255 area 0 network 192.1.12.0 0.0.0.255 area 0 network 192.1.234.0 0.0.0.255 area 10

interface S 0/0 Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

47 of 229

ip ospf network point-to-mulitpoint R4

R3 router ospf 1 router-id 3.3.3.3 area 10 virtual-link 2.2.2.2 network 3.0.0.0 0.255.255.255 area 10 network 192.1.3.0 0.0.0.255 area 100 network 192.1.234.0 0.0.0.255 area 10 ! interface S 0/0 ip ospf network point-to-mulitpoint R5

router ospf 1 network 4.0.0.0 0.255.255.255 area 10 network 192.1.234.0 0.0.0.255 area 10 ! interface S 0/0 ip ospf network point-to-mulitpoint

router ospf 1 network 5.0.0.0 0.255.255.255 area 100 network 192.1.5.0 0.0.0.255 area 100

router ospf 1 network 55.0.0.0 0.255.255.255 area 100 network 192.1.3.0 0.0.0.255 area 100 network 192.1.5.0 0.0.0.255 area 100

Switch

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

48 of 229

Lab 4 – OSPF Authentication (Builds on Lab 3) Lab Objective: Task 1 All routers and the switch should Authenticate Routing updates using the most secure authentication method. The Virtual Link should also be authenticated. Use Key 1 with a key-string of ccie. Do not use wide authentication. R1 interface Ethernet0/0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 ccie R2 interface Ethernet0/0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 ccie ! interface Serial0/0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 ccie ! router ospf 1 area 10 virtual-link 3.3.3.3 authentication message-digest area 10 virtual-link 3.3.3.3 message-digest-key 1 md5 ccie R3 interface Ethernet0/0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 ccie ! interface Serial0/0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 ccie ! router ospf 1 area 10 virtual-link 2.2.2.2 authentication message-digest area 10 virtual-link 2.2.2.2 message-digest-key 1 md5 ccie

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

49 of 229

R4

Switch

interface Serial0/0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 ccie

interface Vlan3 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 ccie ! interface Vlan5 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 ccie

R5 interface Ethernet0/0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 ccie

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

50 of 229

Lab 5 – Multi-Area Configurations with Filtering

R1 Lo 0

R2 E 0/0

Lo 0

E 0/0 192.1.12.0/24 S 0/0

R4 192.1.234.0/24

Switch 1

S 0/0 192.1.3.0/24

Lo 0

VLAN 3

Lo 0

E 0/0 R3

VLAN 5 192.1.5.0/24

R5

R1 Interface Loopback 0 E 0/0

IP Address 1.1.1.1 192.1.12.1

Subnet Mask 255.0. 0.0 255.255.255.0

IP Address 192.1.12.2 192.1.234.2 2.2.2.2

Subnet Mask 255.255.255.0 255.255.255.0 255.0.0.0

IP Address 192.1.234.3 192.1.3.3

Subnet Mask 255.255.255.0 255.255.255.0

R2 Interface E 0/0 S 0/0 Loopback 0 R3 Interface S 0/0 E 0/0

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

51 of 229

Loopback 0

3.3.3.3

255.0.0.0

IP Address 4.4.4.4 192.1.234.4

Subnet Mask 255.0.0.0 255.255.255.0

IP Address 5.5.5.5 192.1.5.5

Subnet Mask 255.0.0.0 255.255.255.0

IP Address 55.55.55.55 192.1.3.33 192.1.5.55

Subnet Mask 255.0.0.0 255.255.255.0 255.255.255.0

R4 Interface Loopback 0 S 0/0 R5 Interface Loopback 0 E 0/0 Switch 1 Interface Loopback 0 VLAN 3 VLAN 5 Interface Configuration R1

R2

interface Loopback0 ip address 1.1.1.1 255.0.0.0 ! interface Ethernet0/0 ip address 192.1.12.1 255.255.255.0 no shutdown

R3

interface Loopback0 ip address 2.2.2.2 255.0.0.0 ! interface Ethernet0/0 ip address 192.1.12.2 255.255.255.0 no shut down ! interface Serial0/0 ip address 192.1.234.2 255.255.255.0 encapsulation frame-relay frame-relay map ip 192.1.234.3 203 broadcast frame-relay map ip 192.1.234.4 204 broadcast no frame-relay inverse-arp no shutdown R4

interface Loopback0 ip address 3.3.3.3 255.0.0.0 ! interface Ethernet0/0

interface Loopback0 ip address 4.4.4.4 255.0.0.0 ! interface Serial0/0

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

52 of 229

ip address 192.1.3.3 255.255.255.0 no shutdown ! interface Serial0/0 ip address 192.1.234.3 255.255.255.0 encapsulation frame-relay frame-relay map ip 192.1.234.2 302 broadcast frame-relay map ip 192.1.234.4 302 no frame-relay inverse-arp no shutdown R5 interface Loopback0 ip address 5.5.5.5 255.0.0.0 ! interface Ethernet0/0 ip address 192.1.5.5 255.255.255.0 no shutdown

ip address 192.1.234.4 255.255.255.0 encapsulation frame-relay frame-relay map ip 192.1.234.2 402 broadcast frame-relay map ip 192.1.234.3 402 no frame-relay inverse-arp no shutdown

Switch interface Loopback0 ip address 55.55.55.55 255.0.0.0 ! interface Vlan3 ip address 192.1.3.33 255.255.255.0 no shutdown ! interface Vlan5 ip address 192.1.5.55 255.255.255.0 no shutdown

Task 1 Run OSPF as your Routing Protocol on all Routers and the Switch. Configure the Frame Relay links as Point-to-multipoint network types. Advertise the networks in the following areas: Area 0 – R2 S 0/0, R3 S 0/0, R3 Loopback 0, R4 S 0/0, R4 Loopback 0 Area 10 – R1 Loopback 0, R1 E 0/0, R2 E 0/0, R2 Loopback 0 Area 100 – R3 E 0/0, SW VLAN 3, SW Loopback 0 R1

R2

router ospf 1 router-id 1.1.1.1 network 1.0.0.0 0.255.255.255 area 10 network 192.1.12.0 0.0.0.255 area 10

R3

router ospf 1 router-id 2.2.2.2 network 2.0.0.0 0.255.255.255 area 10 network 192.1.12.0 0.0.0.255 area 10 network 192.1.234.0 0.0.0.255 area 0 ! interface S 0/0 ip ospf network point-to-mulitpoint R4

router ospf 1

router ospf 1

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

53 of 229

router-id 3.3.3.3 network 3.0.0.0 0.255.255.255 area 100 network 192.1.3.0 0.0.0.255 area 100 network 192.1.234.0 0.0.0.255 area 0 ! interface S 0/0 ip ospf network point-to-mulitpoint Switch

network 4.0.0.0 0.255.255.255 area 0 network 192.1.234.0 0.0.0.255 area 0 ! interface S 0/0 ip ospf network point-to-mulitpoint

router ospf 1 network 55.0.0.0 0.255.255.255 area 100 network 192.1.3.0 0.0.0.255 area 100 Task 2 Run RIP as a Routing Protocol between R5 and the Switch. Advertise the Loopback on R5 in RIP. Mutually Redistribute RIP and OSPF on the Switch. R5

Switch

router rip network 5.0.0.0 network 192.1.5.0

router rip network 192.1.5.0 redistribute ospf 1 metric 1 ! router ospf 1 redistribute rip subnets

Task 3 Create the following Loopbacks on R2: Loopback 21 – 12.1.1.1/24 Loopback 22 – 12.1.2.1/24 Advertise these newly created loopbacks in OSPF using the network command. Make sure they appear in the routing table using a /24 mask. Filter these routes going into Area 10. The configuration needs to be done on R2. R2 interface Loopback21 ip address 12.1.1.1 255.255.255.0 ip ospf network point-to-point ! interface Loopback21 ip address 12.1.2.1 255.255.255.0 Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

54 of 229

ip ospf network point-to-point ! Ip prefix-list A10-IN deny 12.1.1.0/24 Ip prefix-list A10-IN deny 12.1.2.0/24 Ip prefix-list A10-IN permit 0.0.0.0/0 le 32 ! Router OSPF 1 Network 12.1.1.0 0.0.0.255 area 0 Network 12.1.2.0 0.0.0.255 area 0 Area 10 filter-list prefix A10-IN in Task 4 Create the following Loopbacks on R4: Loopback 41 – 44.1.1.1/24 Loopback 42 – 44.1.2.1/24 Loopback 43 – 44.1.3.1/24 Loopback 44 – 44.1.4.1/24 Advertise these newly created loopbacks in OSPF without using the network command. R4 interface Loopback41 ip address 44.1.1.1 255.255.255.0 ! interface Loopback42 ip address 44.1.2.1 255.255.255.0 ! interface Loopback43 ip address 44.1.3.1 255.255.255.0 ! interface Loopback44 ip address 44.1.4.1 255.255.255.0 ! access-list 1 permit 44.1.1.0 0.0.0.255 access-list 1 permit 44.1.2.0 0.0.0.255 access-list 1 permit 44.1.3.0 0.0.0.255 access-list 1 permit 44.1.4.0 0.0.0.255 ! route-map redcon permit 10 match ip address 1 ! router ospf 1 Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

55 of 229

redistribute connected subnets route-map redcon Task 5 Area 10 should not receive any Inter Area or External Routes. The devices in Area 10 should have full connectivity to the rest of the network. Do not use any filtering mechanism. R1

R2

router ospf 1 area 10 stub

router ospf 1 area 10 stub no-summary

Task 6 Area 100 should not receive any Inter Area or External Routes from the Backbone. It should have full connectivity to all routes. It Should maintain connectivity to routes learned via RIP and propagate these routes to other Areas. Switch

R3

router ospf 1 area 100 nssa

router ospf 1 area 100 nssa no-summary

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

56 of 229

Lab 6 – Summarization Inter-Area and External Routes (Builds on Lab 5) Task 1 Create the following Loopbacks on R1: Loopback 201 – 201.1.4.1/24 Loopback 202 – 201.1.5.1/24 Loopback 203 – 201.1.6.1/24 Loopback 204 – 201.1.7.1/24 Advertise these newly created loopbacks in OSPF using the network command. Make sure they appear in the routing table using a /24 mask. These routes should be seen as a single summarized route outside of area 10. R1

R2

interface Loopback 201 ip address 201.1.4.1 255.255.255.0 ip ospf network point-to-point ! interface Loopback 202 ip address 201.1.5.1 255.255.255.0 ip ospf network point-to-point ! interface Loopback 203 ip address 201.1.6.1 255.255.255.0 ip ospf network point-to-point ! interface Loopback 204 ip address 201.1.7.1 255.255.255.0 ip ospf network point-to-point ! Router OSPF 1 Network 201.1.4.0 0.0.0.255 area 10 Network 201.1.5.0 0.0.0.255 area 10 Network 201.1.6.0 0.0.0.255 area 10 Network 201.1.7.0 0.0.0.255 area 10

Router OSPF 1 Area 10 range 201.1.4.0 255.255.252.0

Task 2 Create the following Loopbacks on R4: Loopback 205 – 202.1.4.1/24 Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

57 of 229

Loopback 206 – 202.1.5.1/24 Loopback 207 – 202.1.6.1/24 Loopback 208 – 202.1.7.1/24 Advertise these newly created loopbacks in OSPF without using the network command. Make sure they appear in the routing table using a /24 mask. These routes should be seen be summarized. R4 interface Loopback 205 ip address 202.1.4.1 255.255.255.0 ip ospf network point-to-point ! interface Loopback 206 ip address 202.1.5.1 255.255.255.0 ip ospf network point-to-point ! interface Loopback 207 ip address 202.1.6.1 255.255.255.0 ip ospf network point-to-point ! interface Loopback 208 ip address 202.1.7.1 255.255.255.0 ip ospf network point-to-point ! access-list 5 permit 202.1.4.0 0.0.0.255 access-list 5 permit 202.1.5.0 0.0.0.255 access-list 5 permit 202.1.6.0 0.0.0.255 access-list 5 permit 202.1.7.0 0.0.0.255 ! route-map redcon permit 10 match ip address 5 ! Router OSPF 1 Redistribute connected route-map redcon Summary-address 202.1.4.0 255.255.252.0

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

58 of 229

Lab 7 – Redistribution

R1 Lo 0

R2 E 0/0

Lo 0

E 0/0 192.1.12.0/24 S 0/0

R4 192.1.234.0/24

Switch 1

S 0/0 192.1.3.0/24

Lo 0

VLAN 3

Lo 0

E 0/0 R3

VLAN 5 192.1.5.0/24

R5

R1 Interface Loopback 0 E 0/0

IP Address 1.1.1.1 192.1.12.1

Subnet Mask 255.0. 0.0 255.255.255.0

IP Address 192.1.12.2 192.1.234.2 2.2.2.2

Subnet Mask 255.255.255.0 255.255.255.0 255.0.0.0

IP Address 192.1.234.3 192.1.3.3 3.3.3.3

Subnet Mask 255.255.255.0 255.255.255.0 255.0.0.0

R2 Interface E 0/0 S 0/0 Loopback 0 R3 Interface S 0/0 E 0/0 Loopback 0

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

59 of 229

R4 Interface Loopback 0 S 0/0

IP Address 4.4.4.4 192.1.234.4

Subnet Mask 255.0.0.0 255.255.255.0

IP Address 5.5.5.5 192.1.5.5

Subnet Mask 255.0.0.0 255.255.255.0

IP Address 55.55.55.55 192.1.3.33 192.1.5.55

Subnet Mask 255.0.0.0 255.255.255.0 255.255.255.0

R5 Interface Loopback 0 E 0/0 Switch 1 Interface Loopback 0 VLAN 3 VLAN 5 Interface Configuration R1

R2

interface Loopback0 ip address 1.1.1.1 255.0.0.0 ! interface Ethernet0/0 ip address 192.1.12.1 255.255.255.0 no shutdown

R3

interface Loopback0 ip address 2.2.2.2 255.0.0.0 ! interface Ethernet0/0 ip address 192.1.12.2 255.255.255.0 no shut down ! interface Serial0/0 ip address 192.1.234.2 255.255.255.0 encapsulation frame-relay frame-relay map ip 192.1.234.3 203 broadcast frame-relay map ip 192.1.234.4 204 broadcast no frame-relay inverse-arp no shutdown R4

interface Loopback0 ip address 3.3.3.3 255.0.0.0 ! interface Ethernet0/0 ip address 192.1.3.3 255.255.255.0 no shutdown

interface Loopback0 ip address 4.4.4.4 255.0.0.0 ! interface Serial0/0 ip address 192.1.234.4 255.255.255.0 encapsulation frame-relay

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

60 of 229

! interface Serial0/0 ip address 192.1.234.3 255.255.255.0 encapsulation frame-relay frame-relay map ip 192.1.234.2 302 broadcast frame-relay map ip 192.1.234.4 302 no frame-relay inverse-arp no shutdown R5

frame-relay map ip 192.1.234.2 402 broadcast frame-relay map ip 192.1.234.3 402 no frame-relay inverse-arp no shutdown

Switch

interface Loopback0 ip address 5.5.5.5 255.0.0.0 ! interface Ethernet0/0 ip address 192.1.5.5 255.255.255.0 no shutdown

interface Loopback0 ip address 55.55.55.55 255.0.0.0 ! interface Vlan3 ip address 192.1.3.33 255.255.255.0 no shutdown ! interface Vlan5 ip address 192.1.5.55 255.255.255.0 no shutdown

Lab Objective: Task 1 Create the following Loopbacks on R1. Run RIP V2 as the Routing Protocol between R1 and R2. Advertise all directly connected networks including the newly created loopbacks in RIP. Advertise the Loopback and the E 0/0 Interface on R2 in RIP. Loopback 1 – 192.2.1.1/24 Loopback 2 – 192.2.2.1/24 Loopback 3 – 192.2.3.1/24 Loopback 4 – 192.2.4.1/24 Loopback 5 – 192.2.5.1/24 Loopback 6 – 192.2.6.1/24 Loopback 7 – 192.2.7.1/24 Loopback 8 – 192.2.8.1/24 R1

R2

interface Loopback1 ip address 192.2.1.1 255.255.255.0 ! interface Loopback2 ip address 192.2.2.1 255.255.255.0 !

router rip version 2 network 2.0.0.0 network 192.1.12.0 no auto-summary

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

61 of 229

interface Loopback3 ip address 192.2.3.1 255.255.255.0 ! interface Loopback4 ip address 192.2.4.1 255.255.255.0 ! interface Loopback5 ip address 192.2.5.1 255.255.255.0 ! interface Loopback6 ip address 192.2.6.1 255.255.255.0 ! interface Loopback7 ip address 192.2.7.1 255.255.255.0 ! interface Loopback8 ip address 192.2.8.1 255.255.255.0 ! router rip version 2 network 1.0.0.0 network 192.1.12.0 network 192.2.1.0 network 192.2.2.0 network 192.2.3.0 network 192.2.4.0 network 192.2.5.0 network 192.2.6.0 network 192.2.7.0 network 192.2.8.0 no auto-summary Task 2 Run EIGRP in AS 234 as the Routing Protocol between R2, R3 and R4. Advertise all directly connected networks on R4 in EIGRP. Advertise the S 0/0 interfaces on R2 and R3 in EIGRP. Also advertise the Loopback 0 network of R3 in EIGRP. R2

R3

router eigrp 234 network 192.1.234.0 no auto-summary

router eigrp 234 network 3.0.0.0 network 192.1.234.0 no auto-summary

R4 Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

62 of 229

router eigrp 234 network 4.0.0.0 network 192.1.234.0 no auto-summary Task 3 Run OSPF in Area 0 as the Routing Protocol between R3, the Switch and R5. Advertise all directly connected networks on R5 in OSPF. Advertise the 2 VLAN interfaces and the Loopback on the Switch in OSPF. Advertise the E 0/0 network in OSPF on R3. R3

R5

router ospf 1 network 192.1.3.0 0.0.0.255 area 0

router ospf 1 network 5.0.0.0 0.255.255.255 area 0 network 192.1.5.0 0.0.0.255 area 0

Switch router ospf 1 network 55.0.0.0 0.255.255.255 area 0 network 192.1.3.0 0.0.0.255 area 0 network 192.1.5.0 0.0.0.255 area 0 Task 4 Configure Mutual redistribution between RIP and EIGRP at the appropriate router. Configure Mutual redistribution between EIGRP and OSPF at the appropriate router. Make sure OSPF adds the cost of the links in the OSPF metric for the External Routes. R2

R3

router eigrp 234 redistribute rip metric 1 1 1 1 1 ! router rip redistribute eigrp 234 metric 5

router eigrp 234 redistribute ospf 1 metric 1 1 1 1 1 ! router ospf 1 redistribute eigrp 234 metric 150 metric-type 1 subnets

Task 5 The RIP routes should not be leaked to OSPF and OSPF routes should not be leaked to RIP. Do not use the Distribute-list or Prefix-list command to accomplish this task. You might have to re-configure the redistribution from the previous task to accomplish this. R2 Route-map STAG per 10 Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

63 of 229

Set tag 120 ! Route-map MTAG deny 10 Match tag 110 Route-map MTAG permit 20 ! router eigrp 234 redistribute rip metric 1 1 1 1 1 route-map STAG ! router rip redistribute eigrp 234 metric 5 route-map MTAG R3 Route-map STAG per 10 Set tag 110 ! Route-map MTAG deny 10 Match tag 120 Route-map MTAG permit 20 ! router eigrp 234 redistribute ospf 1 metric 1 1 1 1 1 route-map STAG ! router ospf 1 redistribute eigrp 234 metric 150 metric-type 1 route-map MTAG subnets

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

64 of 229

Module 6 – BGP

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

65 of 229

Lab 1 – Connecting EBGP Physical Layout R1

R2 Loopback 0

Loopback 0

E 0/0

E 0/0

S 0/0 Loopback 1

Loopback 1

Loopback 1

Loopback 1

S 0/0

Loopback 0

E 0/0

Loopback 0

E 0/0

R4

R3

Logical Layout

AS 1

AS 2

R2 R1

R4 R3

AS 4

AS 3

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

66 of 229

Interface IP Address Configuration R1 Interface Loopback 0 Loopback 1 E 0/0

IP Address 1.1.1.1 11.1.0.1 192.1.12.1

Subnet Mask 255.0.0.0 255.255.0.0 255.255.255.0

R2 Interface Loopback 0 Loopback 1 E 0/0 S 0/0

IP Address 2.2.2.2 12.1.0.1 192.1.12.2 192.1.23.2

Subnet Mask 255.0.0.0 255.255.0.0 255.255.255.0 255.255.255.0

IP Address 3.3.3.3 13.1.0.1 192.1.23.3 192.1.34.3

Subnet Mask 255.0.0.0 255.255.0.0 255.255.255.0 255.255.255.0

IP Address 4.4.4.4 14.1.0.1 192.1.34.4

Subnet Mask 255.0.0.0 255.255.0.0 255.255.255.0

R3 Interface Loopback 0 Loopback 1 S 0/0 E 0/0 R4 Interface Loopback 0 Loopback 1 E 0/0 Lab Objective: Task 1 Configure a BGP neighbor relationship between R1 and R2. R1 should be in AS 1 and R2 should be in AS 2. Advertise the loopback networks in BGP. Hard-code the Router ID for the BGP routers as 11.11.11.11 for R1 and 22.22.22.22 for R2. R1

R2

Router BGP 1 no auto-summary

Router BGP 2 no auto-summary

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

67 of 229

no sync bgp router-id 11.11.11.11 Network 1.0.0.0 Network 11.1.0.0 mask 255.255.0.0 Neighbor 192.1.12.2 remote-as 2

no sync bgp router-id 22.22.22.22 Network 2.0.0.0 Network 12.1.0.0 mask 255.255.0.0 Neighbor 192.1.12.1 remote-as 1

Task 2 Configure a BGP neighbor relationship between R2 and R3. R2 should already be configured in AS 2 and R3 should be in AS 3. Advertise the loopback network of R3 in BGP. Hard-code the Router ID for R3 as 33.33.33.33 R2

R3

Router BGP 2 Neighbor 192.1.23.3 remote-as 3

Router BGP 3 no auto-summary no sync bgp router-id 33.33.33.33 Network 3.0.0.0 Network 13.1.0.0 mask 255.255.0.0 Neighbor 192.1.23.2 remote-as 2

Task 3 Configure a BGP neighbor relationship between R3 and R4. R# should already be configured in AS 3 and R4 should be in AS 4. Advertise the loopback network of R4 in BGP. Hard-code the Router ID for R4 as 44.44.44.44. Establish the neighbor relationship based on Loopback 0 addresses. You are allowed to create a static route on each router to accomplish this task. R3

R4

Ip route 4.0.0.0 255.0.0.0 192.1.34.4 ! Router BGP 3 Neighbor 4.4.4.4 remote-as 4 Neighbor 4.4.4.4 update-source loop 0 Neighbor 4.4.4.4 ebgp-multihop

Ip route 3.0.0.0 255.0.0.0 192.1.34.3 ! Router BGP 4 no auto-summary no sync bgp router-id 44.44.44.44 Network 4.0.0.0 Network 14.1.0.0 mask 255.255.0.0 Neighbor 3.3.3.3 remote-as 3 Neighbor 3.3.3.3 update-source loop 0 Neighbor 3.3.3.3 ebgp-mulithop

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

68 of 229

Lab 2 – BGP Neighbor MD5 Authentication (Builds on Lab 1) Lab Objective: Task 1 Configure MD5 Authentication between R1 and R2 using a password of cciers. R1

R2

Router BGP 1 Neighbor 192.1.12.2 password cciers

Router BGP 2 Neighbor 192.1.12.1 password cciers

Task 2 Configure MD5 Authentication between R2 and R3 using a password of cciesec. R2

R3

Router BGP 2 Neighbor 192.1.23.3 password cciesec

Router BGP 3 Neighbor 192.1.23.2 password cciesec

Task 3 Configure MD5 Authentication between R3 and R4 using a password of cciers. R3

R4

Router BGP 3 Neighbor 4.4.4.4 password cciers

Router BGP 4 Neighbor 3.3.3.3 password cciers

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

69 of 229

Lab 3 – Configuring Route Reflectors Physical Layout R1 Loopback 0

R2 E 0/0

Loopback 0

E 0/0

S 0/0 S 0/0

Loopback 0

E 0/0

Loopback 0

E 0/0

R4

R3

Logical Layout

R3

AS 234 AS 1

R3

R1

R2

R4

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

70 of 229

Interface IP Address Configuration R1 Interface Loopback 0 Loopback 1 E 0/0

IP Address 1.1.1.1 11.1.0.1 192.1.12.1

Subnet Mask 255.0.0.0 255.255.0.0 255.255.255.0

R2 Interface Loopback 0 Loopback 1 E 0/0 S 0/0

IP Address 2.2.2.2 12.1.0.1 192.1.12.2 192.1.23.2

Subnet Mask 255.0.0.0 255.255.0.0 255.255.255.0 255.255.255.0

IP Address 3.3.3.3 13.1.0.1 192.1.23.3 192.1.34.3

Subnet Mask 255.0.0.0 255.255.0.0 255.255.255.0 255.255.255.0

IP Address 4.4.4.4 14.1.0.1 192.1.34.4

Subnet Mask 255.0.0.0 255.255.0.0 255.255.255.0

R3 Interface Loopback 0 Loopback 1 S 0/0 E 0/0 R4 Interface Loopback 0 Loopback 1 E 0/0 Lab Objective: Task 1 Configure a neighbor relationship between R1 and R2 based on the Logical diagram. Advertise the Loopback networks on both Routers. Hard-code the Router ID for the BGP routers as 11.11.11.11 for R1 and 22.22.22.22 for R2. R1

R2

Router BGP 1 no auto-summary

Router BGP 234 no auto-summary

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

71 of 229

no sync bgp router-id 11.11.11.11 Network 1.0.0.0 Network 11.1.0.0 mask 255.255.0.0 Neighbor 192.1.12.2 remote-as 234

no sync bgp router-id 22.22.22.22 Network 2.0.0.0 Network 12.1.0.0 mask 255.255.0.0 Neighbor 192.1.12.1 remote-as 1

Task 2 Configure RIP V2 as the routing protocol within AS 234. Only advertise the internal physical link in RIP on R2, R3 and R4. Do not advertise the link between R1 and R2 in RIP. R2

R3

Router RIP Version 2 no auto-summary Network 192.1.23.0

Router RIP Version 2 no auto-summary Network 192.1.23.0 Network 192.1.34.0

R4 Router RIP no auto-summary Network 192.1.34.0 Task 3 Configure neighbor relationships between R2 and R3 and another one between R3 and R4. Do not configure a neighbor relationship between R2 and R4. Advertise the Loopback networks under BGP. Make sure routes from R1 can get propagated to R3 and R4. Do not use a Confederation to accomplish this.

R2

R3

Router BGP 234 no auto-summary no sync Network 2.0.0.0 Network 12.1.0.0 mask 255.255.0.0 Neighbor 192.1.23.3 remote-as 234 Neighbor 192.1.23.3 next-hop-self

Router BGP 234 no auto-summary no sync Network 3.0.0.0 Network 13.1.0.0 mask 255.255.0.0 Neighbor 192.1.23.2 remote-as 234 Neighbor 192.1.23.2 route-reflector-client Neighbor 192.1.34.4 remote-as 234 Neighbor 192.1.34.4 route-reflector-client

R4 Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

72 of 229

Router BGP 234 no auto-summary no sync Network 4.0.0.0 Network 14.1.0.0 mask 255.255.0.0 Neighbor 192.1.34.3 remote-as 234

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

73 of 229

Lab 4 – Route Filtering using Distribute List (Builds on R3) Lab Objective: Task 1 Create the following Loopbacks on R2 Loopback 1 – 192.2.1.1/24 Loopback 2 – 192.2.2.1/24 Loopback 3 – 192.2.3.1/24 Loopback 4 – 192.2.4.1/24 Loopback 5 – 192.2.5.1/24 Loopback 6 – 192.2.6.1/24 Loopback 7 – 192.2.7.1/24 Loopback 8 – 192.2.8.1/24 R2 interface Loopback1 ip address 192.2.1.1 255.255.255.0 ! interface Loopback2 ip address 192.2.2.1 255.255.255.0 ! interface Loopback3 ip address 192.2.3.1 255.255.255.0 ! interface Loopback4 ip address 192.2.4.1 255.255.255.0 ! interface Loopback5 ip address 192.2.5.1 255.255.255.0 ! interface Loopback6 ip address 192.2.6.1 255.255.255.0 ! interface Loopback7 ip address 192.2.7.1 255.255.255.0 ! interface Loopback8 ip address 192.2.8.1 255.255.255.0

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

74 of 229

Task 2 Advertise the newly created routes in BGP. Do not use the network command to accomplish this. These routes should have an origin code of “igp”.

R2 Access-list 1 permit 192.2.1.1 0.0.0.255 Access-list 1 permit 192.2.2.1 0.0.0.255 Access-list 1 permit 192.2.3.1 0.0.0.255 Access-list 1 permit 192.2.4.1 0.0.0.255 Access-list 1 permit 192.2.5.1 0.0.0.255 Access-list 1 permit 192.2.6.1 0.0.0.255 Access-list 1 permit 192.2.7.1 0.0.0.255 Access-list 1 permit 192.2.8.1 0.0.0.255 ! Route-map redcon permit 10 Match address 1 Set origin igp ! Router bgp 234 Redistribute connected route-map redcon Task 3 Configure R2 such that it blocks all the 192.2.X.0 routes that have an odd number in the third octet from propagating outside the local AS. Use the distribute-list command to accomplish this task. R2 Access-list 1 deny 192.2.1.0 0.0.254.255 Access-list 1 permit any ! Router bgp 234 Neighbor 192.1.12.1 distribute-list 1 out Task 4 Configure R4 such that it blocks all the 192.2.X.0 routes that have an even number in the third octet from coming in. Make sure that even if in the future that a neighbor relationship is established between R2 and R4 these routes don’t come into R4. Use the distribute-list command to accomplish this task.

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

75 of 229

R4 Access-list 1 deny 192.2.0.0 0.0.254.255 Access-list 1 permit any ! Router bgp 234 distribute-list 1 in

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

76 of 229

Lab 5 – Route Filtering using Prefix-List (Builds on R4) Task 1 Create the following Loopbacks on R3 Loopback 1 – 150.3.16.1/20 Loopback 2 – 150.3.36.1/22 Loopback 3 – 150.3.40.1/22 Loopback 4 – 150.3.50.1/23 Loopback 5 – 150.3.65.1/24 Loopback 6 – 150.13.0.1/16 Loopback 7 – 150.14.64.1/18 R3 interface Loopback1 ip address 150.3.16.1 255.255.240.0 ! interface Loopback2 ip address 150.3.36.1 255.255.252.0 ! interface Loopback3 ip address 150.3.40.1 255.255.252.0 ! interface Loopback4 ip address 150.3.50.1 255.255.254.0 ! interface Loopback5 ip address 150.3.65.1 255.255.255.0 ! interface Loopback6 ip address 150.13.0.1 255.255.0.0 ! interface Loopback7 ip address 150.14.64.1 255.255.192.0 Task 2 Advertise the newly created routes in BGP using the Network command. R3 Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

77 of 229

Router bgp 234 Network 150.3.16.0 mask 255.255.240.0 Network 150.3.36.0 mask 255.255.252.0 Network 150.3.40.0 mask 255.255.252.0 Network 150.3.50.0 mask 255.255.254.0 Network 150.3.65.0 mask 255.255.255.0 Network 150.13.0.0 Network 150.14.64.0 mask 255.255.192.0 Task 3 Configure R2 such that it blocks all the 150.X.X.0 routes that have a subnet mask between 17 and 23 bits. R2 IP Prefix-list PLIST deny 150.0.0.0/8 ge 17 le 23 IP Prefix-list PLIST permit 0.0.0.0/0 le 32 ! Router bgp 234 Neighbor 192.1.23.3 prefix-list PLIST in

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

78 of 229

Lab 6 – AS Path-Filter Physical Layout R1 Loopback 0

R2 E 0/0

Loopback 0

E 0/0

S 0/0 S 0/0

Loopback 0

E 0/0

Loopback 0

E 0/0

R4

R3

Logical Layout

AS 1 R2 R1 AS 23

R4 R3

AS 4

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

79 of 229

Interface IP Address Configuration R1 Interface Loopback 0 Loopback 1 E 0/0

IP Address 1.1.1.1 11.1.0.1 192.1.12.1

Subnet Mask 255.0.0.0 255.255.0.0 255.255.255.0

R2 Interface Loopback 0 Loopback 1 E 0/0 S 0/0

IP Address 2.2.2.2 12.1.0.1 192.1.12.2 192.1.23.2

Subnet Mask 255.0.0.0 255.255.0.0 255.255.255.0 255.255.255.0

IP Address 3.3.3.3 13.1.0.1 192.1.23.3 192.1.34.3

Subnet Mask 255.0.0.0 255.255.0.0 255.255.255.0 255.255.255.0

IP Address 4.4.4.4 14.1.0.1 192.1.34.4

Subnet Mask 255.0.0.0 255.255.0.0 255.255.255.0

R3 Interface Loopback 0 Loopback 1 S 0/0 E 0/0 R4 Interface Loopback 0 Loopback 1 E 0/0

Lab Objective: Task 1 Configure a neighbor relationship between R1 and R2 based on the Logical diagram. Advertise the Loopback networks on both Routers. Hard-code the Router ID for the BGP routers as 11.11.11.11 for R1 and 22.22.22.22 for R2. R1

R2

Router BGP 1

Router BGP 23

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

80 of 229

no auto-summary no sync bgp router-id 11.11.11.11 Network 1.0.0.0 Network 11.1.0.0 mask 255.255.0.0 Neighbor 192.1.12.2 remote-as 23

no auto-summary no sync bgp router-id 22.22.22.22 Network 2.0.0.0 Network 12.1.0.0 mask 255.255.0.0 Neighbor 192.1.12.1 remote-as 1

Task 2 Configure a neighbor relationship between R3 and R4 based on the Logical diagram. Advertise the Loopback networks on both Routers. Hard-code the Router ID for the BGP routers as 33.33.33 for R3 and 44.44.44.44 for R4. R3

R4

Router BGP 23 no auto-summary no sync bgp router-id 33.33.33.33 Network 3.0.0.0 Network 13.1.0.0 mask 255.255.0.0 Neighbor 192.1.34.4 remote-as 4

Router BGP 4 no auto-summary no sync bgp router-id 44.44.44.44 Network 4.0.0.0 Network 14.1.0.0 mask 255.255.0.0 Neighbor 192.1.34.3 remote-as 23

Task 3 Configure a neighbor relationship between R2 and R3 based on the Logical diagram. When R2 sends routes that it learns from R1, it should sent 192.1.23.2 as the next hop for those routes. When R3 sends routes that it learns from R4, it should sent 192.1.23.3 as the next hop for those routes. R2

R3

Router BGP 23 Neighbor 192.1.23.3 remote-as 23 Neighbor 192.1.23.3 next-hop-self

Router BGP 23 Neighbor 192.1.23.2 remote-as 23 Neighbor 192.1.23.2 next-hop-self

Task 4 Configure BGP such that AS 4 does not use AS 23 to get AS 1 routes. Configuration should be done in AS 4. R4 Ip as-path access-list 1 deny _1$ Ip as-path access-list 1 permit .* ! Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

81 of 229

Router BGP 4 Neighbor 192.1.34.3 filter-list 1 in Task 5 Configure BGP such that AS 1 does not use AS 23 to get AS 4 routes. Configuration should be done in AS 23. You are only allowed a single line in the AS-path filter. R2 Ip as-path access-list 1 permit ^$ ! Router BGP 23 Neighbor 192.1.12.1 filter-list 1 out

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

82 of 229

Lab 7 – Route Aggregation (Builds on Lab 6) Task 1 Create the following Loopbacks on R3 and advertise them under BGP: Loopback 1 – 203.1.4.1/24 Loopback 2 – 203.1.5.1/24 Loopback 3 – 203.1.6.1/24 Loopback 4 – 203.1.7.1/24 R3 interface Loopback1 ip address 203.1.4.1 255.255.255.0 ! interface Loopback2 ip address 203.1.5.1 255.255.255.0 ! interface Loopback3 ip address 203.1.6.1 255.255.255.0 ! interface Loopback4 ip address 203.1.7.1 255.255.255.0 ! Router BGP 23 Network 203.1.4.0 Network 203.1.5.0 Network 203.1.6.0 Network 203.1.7.0 Task 2 Configure Route Aggregation on R3 such that these routes are summarized as a single route. Only the Summary route should be send to R3’s neighbors. R3 Router bgp 234 Aggregate-address 203.1.4.0 255.255.252.0 summary-only Task 3 Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

83 of 229

Create the following Loopbacks on R4 and advertise them under BGP: Loopback 1 – 204.1.4.1/24 Loopback 2 – 204.1.5.1/24 Loopback 3 – 204.1.6.1/24 Loopback 4 – 204.1.7.1/24 R4 interface Loopback1 ip address 204.1.4.1 255.255.255.0 ! interface Loopback2 ip address 204.1.5.1 255.255.255.0 ! interface Loopback3 ip address 204.1.6.1 255.255.255.0 ! interface Loopback4 ip address 204.1.7.1 255.255.255.0 ! Router BGP 4 Network 204.1.4.0 Network 204.1.5.0 Network 204.1.6.0 Network 204.1.7.0 Task 4 Configure Route Aggregation on R4 such that these routes are summarized as a single route. Only the Summary route should be send to R4’s neighbor. The routes should not be seen as suppressed on R4. Use the minimum number of lines in your filtering mechanism. R4 IP Prefix-list PLIST deny 204.1.4.0/22 ge 24 IP Prefix-list PLIST permit 0.0.0.0/0 le 32 ! Router bgp 4 Aggregate-address 204.1.4.0 255.255.252.0 Neighbor 192.1.34.3 prefix-list PLIST out

Task 5 Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

84 of 229

Create the following Loopbacks on R2 and advertise them under BGP: Loopback 1 – 202.1.4.1/24 Loopback 2 – 202.1.5.1/24 Loopback 3 – 202.1.6.1/24 Loopback 4 – 202.1.7.1/24 R2 interface Loopback1 ip address 202.1.4.1 255.255.255.0 ! interface Loopback2 ip address 202.1.5.1 255.255.255.0 ! interface Loopback3 ip address 202.1.6.1 255.255.255.0 ! interface Loopback4 ip address 202.1.7.1 255.255.255.0 ! Router BGP 23 Network 202.1.4.0 Network 202.1.5.0 Network 202.1.6.0 Network 202.1.7.0 Task 6 Configure Route Aggregation on R2 such that these routes are summarized as a single route. Only the Summary route and the 202.1.5.0 route should be send to R2’s neighbor. R2 Access-list 5 permit 202.1.5.0 0.0.0.255 ! Route-map SUPMAP deny 10 Match address 5 Route-map SUPMAP permit 20 ! Router bgp 4 Aggregate-address 202.1.4.0 255.255.252.0 supress-map SUPMAP

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

85 of 229

Lab 8 – Working with AS #’s Physical Layout R1 Loopback 0

R2 E 0/0

Loopback 0

E 0/0

S 0/0 S 0/0

Loopback 0 R3

Logical Layout

AS 1

AS 2

R2 R1

R3

AS 65500

Interface IP Address Configuration Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

86 of 229

R1 Interface Loopback 0 E 0/0

IP Address 1.1.1.1 192.1.12.1

Subnet Mask 255.0.0.0 255.255.255.0

IP Address 2.2.2.2 192.1.12.2 192.1.23.2

Subnet Mask 255.0.0.0 255.255.255.0 255.255.255.0

IP Address 3.3.3.3 192.1.23.3

Subnet Mask 255.0.0.0 255.255.255.0

R2 Interface Loopback 0 E 0/0 S 0/0 R3 Interface Loopback 0 S 0/0 Lab Objective: Task 1 Configure R2 for BGP under AS 2. Hard-code the Router-id as 22.22.22.22. Advertise the Loopback 0 network under BGP. R2 Router bgp 2 No auto-summary No Sync Bgp router-id 22.22.22.22 Network 2.0.0.0 Task 2 Configure R1 for BGP under AS 1. Hard-code the Router-id as 11.11.11.11. Advertise the Loopback 0 network under BGP. Setup a neighbor relationship between R1 and R2. R1 sees R2 in AS 12. You cannot change the AS # on R2 to accomplish this task. R1

R2

Router BGP 1 No auto-summary No Sync

Router BGP 2 Neighbor 192.1.12.1 remote-as 1 Neighbor 192.1.12.1 local-as 12

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

87 of 229

Bgp router-id 11.11.11.11 Network 1.0.0.0 Neighbor 192.1.12.2 remote-as 12 Task 3 Configure R3 for BGP under AS 65500. Hard-code the Router-id as 33.33.33.33. Advertise the Loopback 0 network under BGP. Setup a neighbor relationship between R3 and R2. R3 sees R2 in AS 23. You cannot change the AS # on R2 to accomplish this task. R3

R2

Router BGP 65500 No auto-summary No Sync Bgp router-id 33.33.33.33 Network 3.0.0.0 Neighbor 192.1.23.2 remote-as 23

Router BGP 2 Neighbor 192.1.23.3 remote-as 65500 Neighbor 192.1.23.3 local-as 23

Task 4 Reconfigure R1, R2 and R3 such that they use the actual AS number for R2 (2). R1 Router BGP 1 No Neighbor 192.1.12.2 remote-as 12 Neighbor 192.1.12.2 remote-as 2 R3 Router BGP 65500 No Neighbor 192.1.23.2 remote-as 23 Neighbor 192.1.23.2 remote-as 2 R2 Router BGP 1 No Neighbor 192.1.12.1 local-as 12 No Neighbor 192.1.23.3 local-as 23 Task 5 Configure R2 such that the Private AS number is removed from the AS Path when 3.0.0.0 gets send to R1. You are only allowed a single command to accomplish this task. R2 Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

88 of 229

Router BGP 2 Neighbor 192.1.12.1 remove-private-as

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

89 of 229

Lab 9 – Confederations Physical Layout R1 Loopback 0

R2 E 0/0

Loopback 0

E 0/0

S 0/0 S 0/0

Loopback 0

E 0/0

Loopback 0

E 0/0

R4

R3

Logical Layout

R2

AS 2

AS 4

AS 123 R1

R3

AS 1

R4

AS 3

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

90 of 229

Interface IP Address Configuration R1 Interface Loopback 0 E 0/0

IP Address 1.1.1.1 192.1.12.1

Subnet Mask 255.0.0.0 255.255.255.0

R2 Interface Loopback 0 E 0/0 S 0/0

IP Address 2.2.2.2 192.1.12.2 192.1.23.2

Subnet Mask 255.0.0.0 255.255.255.0 255.255.255.0

IP Address 3.3.3.3 192.1.23.3 192.1.34.3

Subnet Mask 255.0.0.0 255.255.255.0 255.255.255.0

IP Address 4.4.4.4 192.1.34.4

Subnet Mask 255.0.0.0 255.255.255.0

R3 Interface Loopback 0 S 0/0 E 0/0 R4 Interface Loopback 0 E 0/0 Lab Objective: Task 1 Configure RIP V2 as the routing protocol between R1, R2 and R3. Only advertised the R1-R2 and R2-R3 links in RIP on the appropriate routers.

R1

R2

Router RIP No auto-summary Version 2 Network 192.1.12.0

Router RIP No auto-summary Version 2 Network 192.1.12.0 Network 192.1.23.0

R3 Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

91 of 229

Router RIP No auto-summary Version 2 Network 192.1.23.0 Task 2 Configure AS 1, AS 2 and AS 3 are Sub Autonomous Systems of a Larger AS 123 using Confederations. Advertise the Loopback 0 networks under BGP in AS 1, AS 2 and AS 3. Configure a Neighbor relationship between AS 1 and AS 2 and another Neighbor relationship between AS 2 and AS 3. R1

R2

Router BGP 1 No auto-summary No Sync Network 1.0.0.0 Neighbor 192.1.12.2 remote-as 2 bgp confederation identifier 123 bgp confederation peers 2

Router BGP 2 No auto-summary No Sync Network 2.0.0.0 Neighbor 192.1.12.1 remote-as 1 Neighbor 192.1.23.3 remote-as 3 bgp confederation identifier 123 bgp confederation peers 1 3

R3 Router BGP 3 No auto-summary No Sync Network 3.0.0.0 Neighbor 192.1.23.2 remote-as 2 bgp confederation identifier 123 bgp confederation peers 2 Task 3 Configure a neighbor relationship between R3 and R4. R4 is in AS 4. It peers with R3 in the confederation AS 123. Advertise the loopback 0 interface under BGP in AS 4. R3

R4

Router BGP 3 Neighbor 192.1.34.4 remote-as 4

Router BGP 4 No auto-summary No Sync Network 4.0.0.0 Neighbor 192.1.34.3 remote-as 123

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

92 of 229

Lab 10 – Configuring MED Physical Layout R1 Loopback 0

R2 E 0/0

Loopback 0

E 0/0

S 0/0

S 0/0

S 0/0

Loopback 0

S 0/0

E 0/0

Loopback 0

E 0/0

R4

R3

Logical Layout

R2 AS 1

AS 234 R3 R1

R4

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

93 of 229

Interface IP Address Configuration R1 Interface Loopback 0 E 0/0 S 0/0

IP Address 1.1.1.1 192.1.12.1 192.1.14.1

Subnet Mask 255.0.0.0 255.255.255.0 255.255.255.0

R2 Interface Loopback 0 E 0/0 S 0/0

IP Address 2.2.2.2 192.1.12.2 192.1.23.2

Subnet Mask 255.0.0.0 255.255.255.0 255.255.255.0

IP Address 3.3.3.3 192.1.23.3 192.1.34.3

Subnet Mask 255.0.0.0 255.255.255.0 255.255.255.0

IP Address 4.4.4.4 192.1.34.4 192.1.14.4

Subnet Mask 255.0.0.0 255.255.255.0 255.255.255.0

R3 Interface Loopback 0 S 0/0 E 0/0 R4 Interface Loopback 0 E 0/0 S 0/0 Task 1 Run RIP V2 as the IGP in AS 234. Advertise the directly connected links under RIP. Do not advertise the external links (192.1.12.0, 192.1.14.0) or the Loopbacks in RIP. R2

R3

Router RIP Version 2 No auto-summary Network 192.1.23.0

Router RIP Version 2 No auto-summary Network 192.1.23.0 Network 192.1.34.0

R4

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

94 of 229

Router RIP Version 2 No auto-summary Network 194.1.34.0 Task 2 Configure the routers under BGP based on the Logical diagram. Configure the Neighbor relationships also based on the Logical diagram. Advertise Loopback 0 Networks on all routers under BGP. Make sure the 1.0.0.0 gets put into the routing table of R3. Also make sure that Routes from R2 are getting propagated to R4 and vice versa. R1

R2

Router BGP 1 No auto-summary No sync Network 1.0.0.0 Neighbor 192.1.12.2 remote-as 234 Neighbor 192.1.14.4 remote-as 234

Router BGP 234 No auto-summary No sync Network 2.0.0.0 Neighbor 192.1.12.1 remote-as 1 Neighbor 192.1.23.3 remote-as 234 Neighbor 192.1.23.3 next-hop-self R4

R3 Router BGP 234 No auto-summary No sync Network 3.0.0.0 Neighbor 192.1.23.2 remote-as 234 Neighbor 192.1.23.2 route-reflector-client Neighbor 192.1.34.4 remote-as 234 Neighbor 192.1.34.4 route-reflector-client

Router BGP 234 No auto-summary No sync Network 4.0.0.0 Neighbor 192.1.34.3 remote-as 234 Neighbor 192.1.34.3 next-hop-self Neighbor 192.1.14.1 remote-as 1

Task 3 All ingress (incoming) traffic to AS 234 should use the path thru R4 using the MED attribute. Configure the MED on R2 to 100. R4’s MED is 0 by default. Lower MED will be preferred. R2 Route-map SETMED permit 10 Set metric 100 ! Router BGP 234 Neighbor 192.1.12.1 route-map SETMED out Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

95 of 229

Lab 11 – Setting Local Preference (Builds on Lab 10) Lab Objective: Task 1 Configure AS 234 such that all traffic destined for AS 1 should go through R2 in the outbound direction.Use Local-Preference Attribute to accomplish this. R2 Route-map SETLP permit 10 Set Local-preference 200 ! Router BGP 234 Neighbor 192.1.12.1 route-map SETLP in

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

96 of 229

Lab 12 – Setting Cisco Weight Attribute (Builds on Lab 11) Lab Objective: Task 1 Configure AS 1 such that all traffic destined for network 3.0.0.0 should go thru R2. It is taking the R1-R4 route because of the MED attribute set in Lab 11. Use the Weight attribute to accomplish this task. R1 Access-list 3 permit 3.0.0.0 0.255.255.255 ! Route-map SETWT permit 10 Match address 3 Set weight 5000 Route-map SETWT permit 20 ! Router BGP 1 Neighbor 192.1.12.2 route-map SETWT in

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

97 of 229

Module 7 – Advanced Switching Part I

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

98 of 229

Lab 1 – Advanced Switch Configurations Task 1 Configure VTP on both switches as follows: Domain name = CCIE Password = Cisco Mode = Transparent On Both Switches Vtp domain CCIE Vtp password Cisco Vtp Mode Transparent Task 2 Configure ports F0/XX and F0/XX as trunk links using an industry standard protocol, these links should appear to STP as a single link using an IEEE mode and none of the interfaces should be in blocking state. If one of the links fails, the traffic should use the other link without any interruption. Any other link on your topology connecting the 2 switches should be shutdown. The protocol should be unconditionally LACP. SW1

SW2

Interface range F0/13 - 14 Switchport trunk encap dot1q Switchport mode trunk Channel-group 1 mode active

Interface range F0/13 - 14 Switchport trunk encap dot1q Switchport mode trunk Channel-group 1 mode active

Task 3 Ensure that the EtherChannel created in the previous step uses destination MAC addresses to load-balance the traffic load. Also make sure it can be able to detect unidirectional link failure, when a unidirectional link fails, shuts down the affected port. SW1

SW2

port-channel load-balance dst-mac ! Interface range F0/13 - 14 udld port aggresive

port-channel load-balance dst-mac ! Interface range F0/13 - 14 udld port aggresive

Task 4 Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

99 of 229

Port F0/18 on SW1 is connected to a Cisco 7960 IP Phone. Voice traffic that originates from the phone is tagged with a CoS of 5. A PC is connected to the 7960 IP Phone which is generating traffic with CoS of 3. Ensure that the data traffic belongs to VLAN 3 and the Voice traffic belongs to VLAN 5. The traffic originated by the 7960 IP Phone should maintain it’s CoS value, whereas the traffic that originated from the PC connected to the 7960 IP Phone should be re-written with a CoS of 1. SW1 Mls qos Interface F0/18 Switchport access Vlan 3 Switchport voice Vlan 5 Switchport priority extend cos 1 Mls qos trust cos Task 5 Disable the Ether-channeling between SW1 and SW2. Configure Multi-instance of Spanning Tree on the switches as follows:











There should be two instances of STP, instance 1 and 2 Instance 1 should handle VLANs 12 and 34 Instance 2 should handle VLAN 56 All future VLANs should use instance 0 Instance 1 should use F0/13 Instance 2 should use F0/14 SW1 should be the root bridge for the first instance SW2 should be the root bridge for the second instance The name of this configuration should be CCIE The revision number should be 1

SW1

SW2

Interface range F0/13 - 14 No Channel-group 1 mode desirable ! Spanning-tree mode mst ! Spanning-tree mst configuration Revision 1 Name CCIE Instance 1 vlan 12,34 Instance 2 vlan 56 ! Spanning-tree mst 1 priority 0

Interface range F0/13 - 14 No Channel-group 1 mode desirable ! Spanning-tree mode mst ! Spanning-tree mst configuration Revision 1 Name CCIE Instance 1 vlan 12,34 Instance 2 vlan 56 ! Spanning-tree mst 1 priority 4096

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

100 of 229

Spanning-tree mst 2 priority 4096 ! Int F0/13 Spanning-tree mst 1 port-priority 0

Spanning-tree mst 2 priority 0 ! Int F0/14 Spanning-tree mst 2 port-priority 0

Task 6 There is a protocol analyzer connected to SW2 port F0/18. You received a request to monitor and analyze all packets for port F0/16 on SW1, configure the switches to accommodate this request. SW1 Vlan 90 Remote-span Exit Monitor session 1 source interface F0/16 Monitor session 1 destination remote vlan 90 reflector-port F0/17 SW2 Monitor session 1 source vlan 90 Monitor session 1 destination interface F0/18 Task 7 You have been requested to implement the following policy on SW1:
Hosts 192.1.34.1 and 192.1.34.2 in VLAN34 should not have access to the server with an IP address of 192.1.34.100 in their own VLAN
VLAN34 should NOT forward IGMP protocol SW1 Ip access-list extended IGMP Permit igmp any any Exit ! Ip access-list extended IP-TRAFFIC Permit ip host 192.1.34.1 host 192.1.34.100 Permit ip host 192.1.34.2 host 192.1.34.100 Exit ! Vlan access-map TEST 10 Match ip addr IGMP Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

101 of 229

Action drop Exit ! Vlan access-map TEST 20 Match ip addr IP-TRAFFIC Action drop Exit ! Vlan filter TEST vlan-list 34 Task 8 Configure the ports that the routers are connected such that they only allow one MACaddress to be connected to their assigned ports. If any other MAC address is detected on any of these ports, the appropriate switch should automatically shutdown that given port. Use a regular and smart port macro to accomplish this task.

Cat-1 Define interface-range Router-Ports F0/1 - 6 (The above command defines a range of ports on the switch and names them Router-Ports, in some documentation this is referred to as a regular macro) Macro name Port-Secure Enter macro commands one per line. End with the character '@'. switchport mode access switchport port-security switchport port-security mac-address sticky switchport port-security maximum 1 switchport port-security violation shutdown @ Cat-1(config)# (The above configuration configures a smartport macro. A smartport macro is started by the “Macro name” command and then followed by an arbitrary name that is assigned to the macro. Once that command is entered, a message is displayed in the next command line. This message tells us to use the @ sign in order to end this macro. Line 3 to line 7 contains the actual commands that the macro will execute. A smartport macro can be applied to an interface, interface range, or a regular macro. Lastly the Smartport Macro is applied to the regular macro, as follows; Interface range macro Router-Ports Macro apply Port-Secure Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

102 of 229

Task 9 On Cat-2 port F0/14 configure the amount of bandwidth utilization for broadcast traffic to 50%.

Cat-2 Interface F0/14 Storm-control broadcast level 50.00 Task 10 The PCs that are connected or will be connected to Cat-1 ports F0/17 – 18 should get authenticated before they are allowed access to the network. This authentication should use CSACS located at 192.168.1.2 using “cisco” as the key. If the user does not a 802.1X client, the port should be put in VLAN 250. If the user provides wrong credentials to login, it should be put in VLAN 260. Upon successful authentication, it should be put in VLAN 240.

Cat-1 VLAN 240 VLAN 250 VLAN 260 ! Dot1x system-auth-control ! Aaa new-model aaa authentication dot1x default group radius ! Radius-server host 192.168.1.2 key Cisco ! Interface f0/17 Switch mode access Switch access vlan 240 Dot1x port-control auto Dot1x guest-vlan 250 Dot1x auth-fail vlan 260

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

103 of 229

Module 7 – Advanced Switching Part II

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

104 of 229

Lab 1 – QinQ Configuration

SW3 SW1

Vlan 90

Vlan 80

SW4 SW2

Vlan 90

Vlan 80

Task 1 Configure SW3 and SW4 in transparent mode. Set the Domain name to CCIE. Create VLAN 80 and 90 on them. SW3 VTP Domain CCIE VTP mode Transparent ! VLAN 80 VLAN 90 SW4 VTP Domain CCIE VTP mode Transparent ! VLAN 80 VLAN 90 Task 2 Configure SVI’s on SW3 and SW4 based on the following table: Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

105 of 229

SW3 Interface Int SVI 80 Int SVI 90

IP Address 150.1.80.3 150.1.90.3

Subnet Mask 255.255.255.0 255.255.255.0

SW4 Interface Int SVI 80 Int SVI 90

IP Address 150.1.80.4 150.1.90.4

Subnet Mask 255.255.255.0 255.255.255.0

SW3 Interface VLAN 80 IP Address 150.1.80.3 255.255.255.0 ! Interface VLAN 80 IP Address 150.1.90.3 255.255.255.0 SW4 Interface VLAN 80 IP Address 150.1.80.4 255.255.255.0 ! Interface VLAN 80 IP Address 150.1.90.4 255.255.255.0 Task 3 Shut all trunk ports on SW3 and SW4. Bring up the lowest Interface on SW3 that is connecting SW3 to SW1. Bring up the lowest interface on SW4 that is connecting SW4 to SW2. Make sure all the other Trunk ports are down. At the end of this task, the only link between SW3 and SW4 should be thru SW1 and SW2. SW3 Interface range F0/XX – XX (All Trunk Ports) shutdown ! Interface F 0/X (Lowest Interface connecting SW3 to SW1) No shut SW4 Interface range F0/XX – XX (All Trunk Ports) shutdown Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

106 of 229

! Interface F 0/X (Lowest Interface connecting SW4 to SW2) No shut Task 4 Configure SW1 and SW2 in a VTP Domain CISCO. SW1 should be the VTP Server and SW1 should be a client. Configure QinQ on SW1 and SW2 to allow Customer Switches SW3 and SW4 to communicate to each to other. Use VLAN 120 as the Customer VLAN SW1 System mtu 1504 !Reload the switches to take effect ! VTP Domain CISCO VTP mode Server ! VLAN 120 ! Interface F0/X (Port actively connecting to SW3) Switchport access vlan 120 Switchport mode dot1q-tunnel SW2 System mtu 1504 !Reload the switches to take effect ! VTP Domain CISCO VTP mode Client ! VLAN 120 ! Interface F0/X (Port actively connecting to SW4) Switchport access vlan 120 Switchport mode dot1q-tunnel SW3 Interface F0/X (Port actively connecting to SW1) Switchport trunk encapsulation dot1q Switchport mode trunk SW4 Interface F0/X (Port actively connecting to SW2) Switchport trunk encapsulation dot1q Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

107 of 229

Switchport mode trunk Task 5 To Test, configure VLAN’s 80 and 90 on SW1. Configure the following interfaces on SW1: SW1 Interface Int SVI 80 Int SVI 90

IP Address 150.1.80.1 150.1.90.1

Subnet Mask 255.255.255.0 255.255.255.0

SW1 VLAN 80 VLAN 90 ! Interface VLAN 80 ip address 150.1.80.1 255.255.255.0 ! Interface VLAN 90 ip address 150.1.90.1 255.255.255.0 You should be able to Ping 150.1.80.4 and 150.1.90.4 from SW4, but you should not be able to Ping 150.1.80.1 and 150.1.90.1. Task 6 Configure QinQ and Layer Protocol Forwarding (metro) in such a way that allows switches to forward CDP, STP cutomer's frames transparently. Configure switches SW1 and SW2 ports facing SW3 and SW4 respectively. SW3 Interface F0/X (Port actively connecting to SW1) L2protocol-tunnel cdp L2protocol-tunnel stp SW4 Interface F0/X (Port actively connecting to SW2) L2protocol-tunnel cdp L2protocol-tunnel stp

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

108 of 229

Lab 2 – Vlan Load Balancing in PVST

FA0/19

SW1

FA0/19

FA0/20

FA0/20

FA0/21

FA0/21 7

SW2

FA0/16

FA0/16

FA0/17

FA0/17

FA0/18 7

FA0/18 7

FA0/22

FA0/22

FA0/23

FA0/23

FA0/24 7

FA0/24 7

FA0/19

SW4

FA0/19

FA0/20

FA0/20

FA0/21 7

FA0/21

SW3

Task 1 Configure VTP Transparent mode on all the switches and the following Vlans 10,20,30,40,50,60,70,80,90,100,200 and 300. All Switches ! Vtp mode transparent ! Vlan 10,20,30,40,50,60,70,80,90,100,200,300 ! Vlan 10,20,30,40,50,60,70,80,90,100,200,300

Task 2 Configure SW1 as the Root for Vlans 10,20 and 30 SW1 ! Spanning-tree vlan 10,20,30 root primary

Task 3 Configure SW2 as the Root for Vlans 40,50,60 and SW3 as the Secondary Root Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

109 of 229

SW2 ! Spanning-tree vlan 40,50,60 root primary SW3 ! Spanning-tree vlan 40,50,60 root secondary

Task 4 Configure SW3 as the Root for Vlans 70.80,90 and SW4 as the Secondary Root SW3 ! Spanning-tree vlan 70,80,90 root primary SW4 ! Spanning-tree vlan 70,80,90 root secondary

Task 5 Configure SW4 as the Root for Vlans 100,200,300 and SW1 as the Secondary Root SW4 ! Spanning-tree vlan 100,200,300 root primary SW1 ! Spanning-tree vlan 100,200,300 root secondary

Task 6 Ensure that SW1 uses its highest interface connected to SW4 for vlans 70,80,90. (This configuration must be done on SW1) SW1 ! Interface fa0/18 Spanning-tree vlan 70,80,90 port-cost 32

Task 7 Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

110 of 229

Ensure that SW2 traverses its highest interface connected to SW3 for vlans 10,20,30. (This configuration must be done on SW2) SW2 ! Interface fa0/18 Spanning-tree vlan 10,20,30 port-cost 32 Interface range f0/19 - 21 Spanning-tree vlan 10,20,30 port-cost 256

Task 8 Ensure that SW2 traverses through SW1 on its lowest interface facing SW2 for the vlans 100,200,300 (This configuration must not be done on SW2) SW1 ! Interface fa0/19 Spanning-tree vlan 100,200,300 port-priority 16

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

111 of 229

Lab 3 – STP Tunning (Builds on Lab 3) Task 1 Users in Vlan 90 are complaining about the time it usually takes for a network link to come up just after they have plugged in the network cable. Configure the TOTAL link startup delay until the port becomes forwarding to 16 seconds. Config the switches to accomplish this without jumping any state.

All Switches Spanning-tree vlan 90 forward-time 8

Task 2 Configure the port range from F0/1 - F0/6 in SW1 in a way that, the link will come up as soon as someone plugs in a network cable into these ports bypassing STP learning/listening states.

SW1 Interface range F0/1 - 6 Spanning-tree portfast

Task 3 The IT departament just found out that someone in the lobby area just plugged in a switch into port F0/6 on SW1. Configure a command globally on SW1 that if someone connects a hub or a switch to any of the access ports that have been enabled for Portfast, the port will be disabled. Also make sure that after 4 minutes the disabled port comes up automatically.

SW1 Spanning-tree portfast bpduguard Errdisable recovery cause bpduguard Errdisable recovery interval 240

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

112 of 229

Module 8 – Security

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

113 of 229

Lab 1 – Controlling Telnet Access

R1 F 0/0 (.1) 192.1.12.0/24 VLAN 10

F0/0.1 (.2)

R2 F0/0.2 (.2) 192.1.23.0/24 VLAN 30

VLAN 20 (.15)

F 0/0 (.3)

R3

SW1

Task 1 Configure Switch1 as the VTP Server and the other Switch(s) as VTP Clients. Use CCIE as the Domain name. Authenticate the relationship using CCIERS as the password.

Switch1

Switch2

VTP domain CCIE VTP mode server VTP password CCIERS

VTP domain CCIE VTP mode client VTP password CCIERS

Switch3

Switch4

VTP domain CCIE VTP mode client VTP password CCIERS

VTP domain CCIE VTP mode client VTP password CCIERS

Task 2 Ensure that the Trunk ports of your Rack are statically configured to trunk using an industry standard protocol. Configure these ports such that they will trunk even if the negotiation fails. Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

114 of 229

All Switches Interface range F0/XX – XX Switchport trunk encapsulation dot1q Switchport mode trunk

Task 3 Assign Ports to the appropriate VLANs based on the Network Diagram. Use the physical topology diagram for your rack to accomplish this. Make sure the ports are either set to Trunk or Access statically.

SwitchX interface F0/XX Switchport mode access Switchport access vlan XX ! interface F0/XX Switchport trunk encapsulation dot1q Swithcport mode trunk Task 4 Configure Loopback 0 on all routers and Switch1. Use the format of X.X.X.X/8 for the IP address of the loopback. Use 15 for Switch1. Task 5 Configure RIP V2 on all Devices to advertise all directly connected networks. Disable Auto-summary. R1

R2

Router Rip Version 2 No auto-summary Network 1.0.0.0 Network 192.1.12.0 R3

Router Rip Version 2 No auto-summary Network 2.0.0.0 Network 192.1.12.0 Network 192.1.23.0 Switch1

Router Rip Version 2

IP Routing !

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

115 of 229

No auto-summary Network 3.0.0.0 Network 192.1.23.0

Router RIP Version 2 No auto-summary Network 15.0.0.0 Network 192.1.23.0

Task 6 Configure Telnet on R1 based on the following requirements:
R1 should only allow the Internal networks 192.1.12.0 and 1.0.0.0 to Telnet in for Management access to it. R1 should not be able to Telnet out. Do not use an access-list for this step.
The administrator of R1 wants to reserve the 5th telnet line for himself by changing the default telnet port to 3020. Configure the 5th telnet line for the administrator on port 3020.

R1 access-list 5 permit 1.0.0.0 0.255.255.255 access-list 5 permit 192.1.12.0 0.0.0.255 ! line vty 0 3 access-class 5 in password telnet login transport output none ! line vty 4 access-class 5 in password telnet login transport output none rotary 20 ! line console 0 transport output none ! line aux 0 transport output none

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

116 of 229

Lab 2 – SSH Management Access (Builds on Lab1) Task 1 Enable SSH on R2. Use abc.com as the domain name. Use a 512 bit key. Authentication should be done based on the Local Database. Create a user sshuser with a password of ccie. Configure R2 with local authentication on the vty lines. No authentication should be done on the aux and console lines. Make sure of it. Only allow SSH connection to the VTY lines. Non-ssh Telnets should not be allowed. R2 ip domain name abc.com ! crypto key generate rsa usage-keys ! aaa new-model ! username sshuser password ccie ! aaa authentication login l-authen local aaa authentication login no-authen none ! line con 0 logging synchronous login authentication no-authen line aux 0 login authentication no-authen line vty 0 15 login authentication l-authen transport input ssh Note: Use ssh –l sshuser –c des 192.1.23.2 to test the configuration from R3.

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

117 of 229

Lab 3 – IP TCP Intercept (Builds on Lab 2) Task 1 The Web Server is getting overwhelmed by syn-attacks. R2 should watch the traffic and if it does not complete the TCP handshake in 10 seconds, it should drop the packets. The router should only do it if the traffic is destined for the Web Server at 2.0.0.80 also configure the time that a TCP connection should be managed after no activity to 3 1/2. R2 Access-list 161 permit tcp any host 2.0.0.80 eq www ! Ip tcp intercept mode watch Ip tcp intercept watch-timeout 10 Ip tcp intercept list 161 Ip tcp intercept connection-timeout 210

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

118 of 229

Lab 4 – Blocking Attacks using NBAR (Builds on Lab3) Task 1 R3 is under the Code Red attack from R2. The footprint has the following url’s:  “cmd.exe”  “root.exe”  “default.ida” Using NBAR classify the traffic on the inbound on S 0/0. Drop the classified traffic. You would also like to block P2P file transfer program like KaZaa, Grokster, BearShare and LimeWire. You only want to block .mpeg files. R3 Ip cef class-map match-any ABC match protocol http url "*cmd.exe*" match protocol http url "*root.exe*" match protocol http url "*default.ida*" match protocol fasttrack file-transfer “*.mpeg” match protocol gnutella file-transfer “*.mpeg” ! policy-map Attacks class ABC drop ! interface S0/0 service-policy input Attacks

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

119 of 229

Lab 5 – IP Source Tracker (Builds on Lab4) Task 1 Host 192.1.12.25 is under a DoS service attack. You need to find out the IP address of the attacker so you can instruct the ISP to block this address. Configure R1 to keep track of incoming packets with their source addresses, track the amount of traffic generated from the source and report it to a syslog server every 6 hours. The syslog server is located at 192.1.12.100. R1 Ip source-track 192.1.12.25 Ip source-track syslog-interval 360 Logging on Logging 192.1.12.100

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

120 of 229

Lab 6 – IP Spoofing (Builds on Lab5) Task 1 Block any RFC 1918 and the loopback address coming into R2 from the F 0/0.2 interface. All attacks must be logged, all the other traffic should not be logged. R2 Access-list 105 deny ip 10.0.0.0 0.255.255.255 any log Access-list 105 deny ip 172.16.0.0 0.15.255.255 any log Access-list 105 deny ip 192.168.0.0 0.0.255.255 any log Access-list 105 deny ip 127.0.0.0 0.255.255.255 any log Access-list 105 permit ip any any Int Fa0/0.2 ip access-group 105 in Task 2 Use uRPF to prevent IP spoofing and drop any traffic received that does not have a corresponding entry in its routing table, a default route can be taken into consideration as a valid entry. Make sure the packet is permitted only if the packet has been received by the same interface the router would use to route the traffic. Configure R2 Fa0/0.2 to log when this event occurs including the input interface in the logs. R2 Ip cef Access-list 106 deny ip any any log-input Int Fa0/0.2 Ip verify unicast source reachable-via rx allow-default 106

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

121 of 229

Lab 7 – Preventing Smurf Attack using CAR (Builds on Lab 6) Task 1 R3 is under a Smurf Attack (DoS) from the traffic entering F0/0. Rate limit this traffic to a maximum of 256 kbps, a normal burst size of 8000 kbps and an excess burst size of 8000 kbps any traffic transmission above this rates, drop it. Also prevent R3 from being a reflector in any future Smurf Attack R3 access-list 130 permit icmp any any echo access-list 130 permit icmp any any echo-reply ! Interface Fa0/0 Rate-limit input access-group 130 256000 8000 8000 conform-action transmit exceedaction drop

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

122 of 229

Lab 8 – Port Security with Voice Vlan (Builds on Lab 7) Task 1 Ciso 7960 IP phones are connected to SW2 f0/18 along whit a desktop PC. The IP phone belongs to vlan 29 and the desktop belongs to vlan 30. Ensure that only one mac address is learnt from the desktop pc. This mac# should be learned dynamically and must be updated to the running config. Also ensure that only 1 mac# is learnt from the IP phone. In case of a violation, the switch should place the ports in errdisable state.. SW2 Interface Fa 0/18 Switchport mode access Switchport voice vlan 29 Switchport access vlan 30 Switchport port-security Switchport port-security maximum 2 Switchport port-security maximum 1 vlan voice Switchport port-security maximum 1 vlan access Switchport port-security mac-address sticky Switchport port-security violation shutdown

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

123 of 229

Module 9 – IOS Services

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

124 of 229

Lab 1 – GRE with RIP Physical Layout

R1 Loopback 0

R2 E 0/0

Loopback 0

E 0/0 E 0/0

S 0/0 S 0/0

R4 Loopback 0 R3

Interface IP Address Configuration R1 Interface Loopback 0 E 0/0

IP Address 10.0.0.1 192.1.12.1

Subnet Mask 255.0.0.0 255.255.255.0

IP Address 2.2.2.2 192.1.12.2 192.1.23.2

Subnet Mask 255.0.0.0 255.255.255.0 255.255.255.0

IP Address 192.168.1.1 192.1.23.3

Subnet Mask 255.255.255.0 255.255.255.0

IP Address 4.4.4.4 192.1.12.4

Subnet Mask 255.255.255.0 255.255.255.0

R2 Interface Loopback 0 E 0/0 S 0/0 R3 Interface Loopback 0 S 0/0 R4 Interface Loopback 0 E 0/0 Interface Configuration

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

125 of 229

R1

R2

interface Loopback0 ip address 10.0.0.1 255.0.0.0 ! interface Ethernet0/0 ip address 192.1.12.1 255.255.255.0 no shutdown

interface Loopback0 ip address 2.2.2.2 255.0.0.0 ! interface Ethernet0/0 ip address 192.1.12.2 255.255.255.0 no shutdown ! interface Serial0/0 ip address 192.1.23.2 255.255.255.0 encapsulation frame-relay frame-relay map ip 192.1.23.3 203 broadcast no frame-relay inverse-arp no shutdown R4

R3

interface Loopback0 interface Loopback0 ip address 192.168.1.1 255.255.255.0 ip address 4.4.4.4 255.0.0.0 ! ! interface Serial0/0 interface Ethernet0/0 ip address 192.1.23.3 255.255.255.0 ip address 192.1.12.4 255.255.255.0 encapsulation frame-relay no shutdown frame-relay map ip 192.1.23.2 302 broadcast no frame-relay inverse-arp no shutdown Task 1 R2 is the ISP Router. It is simulating the Internet. R1 and R3 should point towards R2 (ISP) as the default gateway R1

R3

ip route 0.0.0.0 0.0.0.0 192.1.12.2

ip route 0.0.0.0 0.0.0.0 192.1.23.2

Task 2 Configure a GRE Tunnel from R1 to R3. Use a RFC 1918 network for the Tunnel Interface. The GRE Tunnel should be Authenticated.

R1

R3

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

126 of 229

interface Tunnel13 ip address 172.16.0.1 255.255.0.0 tunnel source 192.1.12.1 tunnel destination 192.1.23.3 tunnel key 1234

interface Tunnel13 ip address 172.16.0.3 255.255.0.0 tunnel source 192.1.23.3 tunnel destination 192.1.12.1 tunnel key 1234

Task 3 You want to RIP as a routing protocol over a GRE tunnel so that the Private networks of the company are seen on R1 and R3. R1

R3

router rip version 2 network 10.0.0.0 network 172.16.0.0 no auto-summary

router rip version 2 network 172.16.0.0 network 192.168.1.0 no auto-summary

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

127 of 229

Lab 2 – NAT (Builds on Lab 1) Task 1 Translate the 10.0.0.0 Network behind R1 into a range of Class C address (195.1.1.0/24) assigned to R1 by the ISP. R1 wants to use this address range in NAT as it has more than 254 hosts connecting to the Internet, although not all of them at the same time. R1 does not want packets going from 10.0.0.0 network to 192.168.1.0 to be used as NAT addresses. GRE tunnel would take care of it. Besides 192.168.1.0 is a private address space and the ISP would not route it. R1 access-list 121 deny ip 10.0.0.0 0.255.255.255 192.168.1.0 0.0.0.255 access-list 121 permit ip any any ! ip nat pool DP 195.1.1.1 195.1.1.254 netmask 255.255.255.0 ip nat inside source list 121 pool DP ! interface Loopback0 ip nat inside ! interface Ethernet0/0 ip nat outside R2 ip route 195.1.1.0 255.255.255.0 192.1.12.1 Task 2 ISP (R2) only assigns R1 2 IP’s. (195.1.1.1 and 195.1.1.2). R1 should use 195.1.1.1 to connect to the Internet. R1 should not translated packets going from 10.0.0.0 network to 192.168.1.0. The GRE Tunnel would route these packets. Reconfigure the Pool to accommodate the change. R1 No ip nat pool DP 195.1.1.1 195.1.1.254 netmask 255.255.255.0 No ip nat inside source list 121 pool DP ! ip nat pool PAT 195.1.1.1 195.1.1.1 netmask 255.255.255.0 Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

128 of 229

ip nat inside source list 121 pool PAT overload ! access-list 121 deny ip 10.0.0.0 0.255.255.255 192.168.1.0 0.0.0.255 access-list 121 permit ip 10.0.0.0 0.255.255.255 any Task 3 R1 should use 195.1.1.2 for its Web Server so that people on the outside can access it. The internal web server is at 10.0.0.80. R1 interface Loopback0 ip address 10.0.0.80 255.0.0.0 secondary ! ip nat inside source static 10.0.0.80 195.1.1.2

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

129 of 229

Lab 3 –DHCP (Builds on Lab 2) Task 1 Configure R3 as a DHCP Server with the following parameters:







IP ADDRESS : 192.168.1.0 WINS ADDRESS : 192.168.1.5 DNS ADDRESS : 192.168.1.6, 192.168.1.8 DEFAULT GATEWAY : 192.168.1.1 LEASE TIME : 3 Days 12 hours Excluded addresses : 192.168.1.1 – 192.168.1.10

R3 ip dhcp excluded-address 192.168.1.1 192.168.1.10 ! ip dhcp pool CCIE network 192.168.1.0 255.255.255.0 netbios-name-server 192.168.1.5 dns-server 192.168.1.6 192.168.1.8 default-router 192.168.1.1 lease 3 12 Task 2 Disable the DHCP server service on R1 R1 No service dhcp

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

130 of 229

Lab 4 –Core Dump using FTP (Builds on Lab 4) Task 1 Configure R1 to send a Core Dump to a FTP Server located at 192.1.12.100. Set the Dump size to 32768. R1 exception dump 192.1.12.100 exception region-size 32768 exception protocol ftp Task 2 The router logs into the FTP Server using a username of ccie and a password of ccie. R1 ip ftp username ccie ip ftp password ccie

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

131 of 229

Lab 5 – HSRP (Builds on Lab 4) Task 1 Configure HSRP between R1 and R2 on the Ethernet segment. R1 should be the Active router and R2 should be the Standby router. Use 192.1.12.12 as the Standby address. Set the Priority for R1 as 200. Make sure R1 is the Active router whenever it is up. Configure a authenticated HSRP connection between the routers. Use ccie as the password. R1

R2

Interface E 0/0 Standby 1 ip 192.1.12.12 Standby 1 priority 200 Standby 1 preempt Standby 1 authentication ccie

Interface E 0/0 Standby 1 ip 192.1.12.12 Standby 1 authentication ccie

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

132 of 229

Lab 6 – IP Accounting (Builds on Lab 5) Task 1 R1 has a web server located at 10.0.080 which was translated to 195.1.1.2. Turn on IP Accounting for this translated address. R1 Ip accounting-list 195.1.1.2 0.0.0.0 ! Interface E 0/0 Ip accounting

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

133 of 229

Lab 7 – Broadcast Management (Builds on Lab 6) Task 1 Configure R4 eth0/0 to forward incoming Mobile IP registration broadcasts to the server 192.1.23.254. R4 Interface E 0/0 Ip helper-address 192.1.23.254 ! Ip forward-protocol udp mobile-ip

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

134 of 229

Lab 8 – Distributed Director Server Redirect (Builds on Lab 7) Task 1 A Distribute Director Server is installed on your network. Enable R3 to respond to these queries. R3 Ip drp server

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

135 of 229

Lab 9 – Web Cache Communication Redirect (Builds on Lab 8) Task 1 A Web Caching System will be installed on R4 E0/0. Configure R1 to redirect any traffic going out through its E0/0 with the exception of 192.1.23.0 as a destination segment. WCCP will be using version 1. R1 Access-list 101 deny ip any 192.1.23.0 0.0.0.255 Access-list 101 permit ip any any Ip wccp version 1 Ip wccp web-cache redirect-list 101 Interface E0/0 ip wccp web-cache redirect out

Lab 10 – Traffic Engineering Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

136 of 229

(Builds on Lab 9) Task 1 Configure R1's loopback 1 with the ip address of 192.1.1.1 255.255.255.0. Configure R2 so any traffic entering S0/0 coming from R3's loopback0 destined to this new R1's loopback 1 should be sent straight away to R1's Eth0/0 Ip address and should also be marked with ip precedence 5. You are allowed to add a static route in R3 pointing to the R1's loopback 1. You are not allowed to use any NAT feature to accomplish this. R1 Interface Loopback1 ip address 192.1.1.1 255.255.255.0 R2 Interface Serial0/0 ip address 192.1.23.2 255.255.255.0 ip route-cache policy ip policy route-map PBR Access-list 115 permit ip host 192.168.1.1 host 192.1.1.1 ! Route-map PBR permit 10 match ip address 115 set ip precedence critical set ip next-hop 192.1.12.1 R3 Ip route 192.1.1.1 255.2552.255.255 192.1.23.2

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

137 of 229

Lab 11 – Logging Errors messages (Builds on Lab 10) Task 1 You are suspecting that R3 has some errors during during the nights because a night shift reported that they can't work at all, so you decided to logging errors, critical, alerts and emergencies on R3 to the buffer. Configure the buffer size to be 16400 and add date and time to the logging messages including the order number of the messages.

R3 Logging on Logging count Service timestamps log datetime localtime msec Logging buffered 16400 errors

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

138 of 229

Lab 12 – Time Range ACL (Builds on Lab 11) Task 1 Users behind R1 is not allowed to use www traffic during the week from 07:00 to 17:00. R1 Ip access-list extended WWW_TR deny tcp any any eq www time-range WEEK_TIME permit ip any any Time-range WEEK_TIME periodic weekdays 7:00 to 17:00 Interface F 0/0 Ip access-group WWW_TR in

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

139 of 229

Lab 13 – Configuring IPv6 with RIPng

R1 Lo 0

R2 E 0/0

Lo 0

E 0/0

192.1.12.0/24

S 0/0

Frame

192.1.23.0/24

S 0/0 192.1.34.0/24 Lo 0

E 0/0

Lo 0

E 0/0

R4

R3

Task 1 Enable IPv6 routing on R1,R2, R3 and R4. Assign IPv6 addresses to the E0/0 interface of the routers as follows:





R1 – 2001:1:1:12::1 /64 R2 – 2001:1:1:12::2 /64 R3 – 2001:1:1:34::3 /64 R4 – 2001:1:1:34::4 /64

R1

R2

ipv6 unicast-routing Interface E0/0 Ipv6 enable ipv6 address 2001:1:1:12::1/64 no shut R3

Ipv6 unicast-routing Interface E0/0 Ipv6 enable Ipv6 address 2001:1:1:12::2/64 No shut R4

ipv6 unicast-routing Interface E0/0 Ipv6 enable ipv6 address 2001:1:1:34::3/64 no shut

Ipv6 unicast-routing Interface E0/0 Ipv6 enable Ipv6 address 2001:1:1:34::4/64 No shut

Task 2 Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

140 of 229

Configure the Loopback0 interface on all routers as follows:





R1 – Loopback0 – 2000:1:1:1::/64 R2 – Loopback0 – 2000:2:2:2::/64 R3 – Loopback0 – 2000:3:3:3::/64 R4 – Loopback0 – 2000:4:4:4::/64

R1

R2

Interface Loopback 0 Ipv6 address 2000:1:1:1::/64 eui-64 R3

Interface Loopback 0 ipv6 address 2000:2:2:2::/64 eui-64 R4

Interface Loopback 0 Ipv6 address 2000:3:3:3::/64 eui-64

Interface Loopback 0 ipv6 address 2000:4:4:4::/64 eui-64

Task 3 Configure Frame-relay between R2 and R3 using the folloing IPV6 addresses:
R2 – 2000:1:1:23::2/64
R3 – 2000:1:1:23::3/64 Ensure that the routers can ping each other’s serial interface. Also allow R2 and R3 to ping their own IP addresses. Use a sun-interface on R2 and R3 for the Frame relay configuration. R2 Interface S0/0 Encap frame-relay No shut ! Interface S 0/0.3 point-to-point ipv6 address 2000:1:1:23::2/64 frame-relay interface-dlci 203 R3 Interface S0/0 Encap frame-relay no shut ! Interface S 0/0.2 point-to-point ipv6 address 2000:1:1:23::3/64 frame-relay interface-dlci 203 Task 4 Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

141 of 229

Configure RIPng on all routers to route all loopbacks. Enable RIPng under the following interfaces:





R1 – E 0/0, Loopback 0 R2 – E 0/0, Loopback 0, S 0/0 R3 – E 0/0, Loopback 0, S 0/0 R4 – E 0/0, Loopback 0

R1

R2

Interface Loopback 0 ipv6 rip CCIERS enable

Interface Loopback 0 ipv6 rip CCIERS enable

Interface E 0/0 ipv6 rip CCIERS enable

Interface S 0/0.3 ipv6 rip CCIERS enable ! Interface E 0/0 ipv6 rip CCIERS enable R4

R3 Interface Loopback 0 ipv6 rip CCIERS enable ! Interface S0/0 ipv6 rip CCIERS enable ! Interface S0/0.2 ipv6 rip CCIERS enable

Interface Loopback 0 ipv6 rip CCIERS enable Interface E 0/0 ipv6 rip CCIERS enable

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

142 of 229

Lab 14 – Configuring OSPF V3

R1 Lo 0

R2 E 0/0

Lo 0

E 0/0

192.1.12.0/24

S 0/0

Frame

192.1.23.0/24

S 0/0 192.1.34.0/24 Lo 0

E 0/0

Lo 0

E 0/0

R4

R3

Task 1 Disable RIP NG on all routers on all interfaces. R1

R2

Interface Loopback 0 No ipv6 rip CCIERS enable

Interface Loopback 0 No ipv6 rip CCIERS enable

Interface E 0/0 No ipv6 rip CCIERS enable

R3

Interface S 0/0 No ipv6 rip CCIERS enable ! Interface E 0/0 No ipv6 rip CCIERS enable R4

Interface Loopback 0 No ipv6 rip CCIERS enable

Interface Loopback 0 No ipv6 rip CCIERS enable

Interface S 0/0 No ipv6 rip CCIERS enable ! Interface E 0/0 No ipv6 rip CCIERS enable Task 2

Interface E 0/0 No ipv6 rip CCIERS enable

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

143 of 229

Configure the routers in OSPFv3 area 0 and advertise their directly connected interfaces in this area R1

R2

ipv6 unicast-routing ! ipv6 router ospf 1 router-id 1.1.1.1 ! Interface Loopback0 ipv6 ospf 1 area 0 ! Interface E0/0 ipv6 ospf 1 area 0

ipv6 unicast-routing ! ipv6 router ospf 1 router-id 2.2.2.2 ! Interface Loopback0 ipv6 ospf 1 area 0 ! Interface E0/0 ipv6 ospf 1 area 0 ! Interface S 0/0.3 ipv6 ospf 1 area 0 R4

R3 ipv6 unicast-routing ! ipv6 router ospf 1 router-id 3.3.3.3 ! Interface Loopback0 ipv6 ospf 1 area 0 ! Interface E0/0 ipv6 ospf 1 area 0 ! Interface S 0/0.2 ipv6 ospf 1 area 0

ipv6 unicast-routing ! ipv6 router ospf 1 router-id 4.4.4.4 ! Interface Loopback0 ipv6 ospf 1 area 0 ! Interface E0/0 ipv6 ospf 1 area 0

Task 3 Ensure that the loopback interfaces are advertised with their correct mask. R1

R2

Interface Loopback0 ipv6 ospf network point-to-point

Interface Loopback0 ipv6 ospf network point-to-point

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

144 of 229

R3

R4

Interface Loopback0 ipv6 ospf network point-to-point

Interface Loopback0 ipv6 ospf network point-to-point

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

145 of 229

Lab 15 – Configuring IPv6 through a IPv4 Network using a Tunnel

R1 Lo 0

R2 E 0/0

Lo 0

E 0/0

192.1.12.0/24

S 0/0

Frame

192.1.23.0/24

S 0/0 192.1.34.0/24 Lo 0

E 0/0

Lo 0

E 0/0

R4

R3

Task 1 Enable IPv6 routing on R1,R2, R3 and R4. Assign IPv6 addresses to the E0/0 interface of the routers as follows:





R1 – 2001:1:1:12::1 /64 R2 – 2001:1:1:12::2 /64 R3 – 2001:1:1:34::3 /64 R4 – 2001:1:1:34::4 /64

R1

R2

ipv6 unicast-routing Interface E0/0 Ipv6 enable ipv6 address 2001:1:1:12::1/64 no shut R3

Ipv6 unicast-routing Interface E0/0 Ipv6 enable Ipv6 address 2001:1:1:12::2/64 No shut R4

ipv6 unicast-routing Interface E0/0 Ipv6 enable ipv6 address 2001:1:1:34::3/64 no shut

Ipv6 unicast-routing Interface E0/0 Ipv6 enable Ipv6 address 2001:1:1:34::4/64 No shut

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

146 of 229

Task 2 Configure the Loopback0 interface on all routers as follows:





R1 – Loopback0 – 2000:1:1:1::/64 R2 – Loopback0 – 2000:2:2:2::/64 R3 – Loopback0 – 2000:3:3:3::/64 R4 – Loopback0 – 2000:4:4:4::/64

R1

R2

Interface Loopback 0 Ipv6 address 2000:1:1:1::/64 eui-64 R3

Interface Loopback 0 ipv6 address 2000:2:2:2::/64 eui-64 R4

Interface Loopback 0 Ipv6 address 2000:3:3:3::/64 eui-64

Interface Loopback 0 ipv6 address 2000:4:4:4::/64 eui-64

Task 3 Configure RIPng between R1 and R2. Enable RIPng under the following interfaces:
R1 – E 0/0, Loopback 0
R2 – E 0/0, Loopback 0 R1

R2

Interface Loopback 0 ipv6 rip CCIERS enable ! Interface E 0/0 ipv6 rip CCIERS enable

Interface Loopback 0 ipv6 rip CCIERS enable ! Interface E0/0 ipv6 rip CCIERS enable

Task 4 Configure RIPng between R3 and R4. Enable RIPng under the following interfaces:
R3 – E 0/0, Loopback 0
R4 – E 0/0, Loopback 0 R3

R4

Interface Loopback 0 ipv6 rip CCIERS enable ! Interface E 0/0

Interface Loopback 0 ipv6 rip CCIERS enable ! Interface E0/0

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

147 of 229

ipv6 rip CCIERS enable

ipv6 rip CCIERS enable

Task 5 Configure the Frame Relay link between R2 and R3 as an IPv4 Link on the 192.1.23.0/24 network. R2

R3

Interface S0/0 Ip address 192.1.23.2 255.255.255.0 Encap frame-relay No frame-relay inverse-arp Frame-relay map ip 192.1.23.3 203 b No shut

Interface S0/0 Ip address 192.1.23.3 255.255.255.0 Encap frame-relay No frame-relay inverse-arp Frame-relay map ip 192.1.23.2 302 b No shut

Task 6 Create a Tunnel between R2 and R3 Assign it an IPv6 address of 2000:23:23:23::/64. Set the Tunnel Mode to IPv6. Enable RIPng on the Tunnel Interface. R2

R3

Interface Tunnel 23 Tunnel source S 0/0 Tunnel destination 192.1.23.3 Ipv6 address 2000:23:23:23::2/64 Ipv6 enable Ipv6 rip CCIERS enable Tunnel mode IPV6IP No shut

Interface Tunnel 23 Tunnel source S 0/0 Tunnel destination 192.1.23.2 Ipv6 address 2000:23:23:23::3/64 Ipv6 enable Ipv6 rip CCIERS enable Tunnel mode IPV6IP No shut

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

148 of 229

Lab 16 – Configuring IPv6 over Point-to-point and Multipoint

R1

R2

R4 Frame-Relay

R3

IP addressing and DLCI information Chart Routers

IP address

Local DLCI

Connecting to:

R1

S0/0.123: 2001:150:1:30::1 /64 S0/0.104: 2001:150.1.60::1 /64

R2

S0/0: 2001:150:1:30::2 /64

102 103 104 201

R3

S0/0: 2001:150:1:30::3 /64

301

R4

S0/0: 2001:150.1.60::4 /64

401

R2 R3 R4 R1 R3 R1 R2 R1

Task 1 Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

149 of 229

Configure the routers connected to the frame-relay cloud as follows: o R1 (The HUB) must be configured with two sub-interfaces, one of the two sub-interfaces must be configured to connect R1 to R4, this sub-interface should be configured in a point-to-point manner using the following IP addressing: R1 = 2001:150.1.60::1 /64, and R4 = 2001:150.1.60::1 /64. o The second sub-interface on R1 must be configured in a multipoint manner, and this sub-interface must be configured to connect R1 to routers R2 and R3 using the following IP addressing: R1 = 2001:150:1:30::1 /64, R2 = 2001:150:1:30::2 /64 and R3 = 2001:150:1:30::1 /64. o Routers R2, R3 should not be configured with a sub-interface and these routers should NOT rely on Inverse-arp. o R4 should be configured with a sub-interface in a point-to-point manner. o The routers connecting to the frame-relay cloud should be configured in a hub and spoke, with R1 being the hub and R2, R3 and R4 the spokes. o Ensure that the routers can ping every IP address, no need to ping it's own IP Address. R1

R2

Ipv6 unicast-routing

Ipv6 unicast-routing

Int S0/0 Encapsulation frame-relay No frame-relay inverse No shut ! Int S0/0.14 point-to-point Ipv6 enable Ipv6 address 2001:150:1:60::1/64 Frame-relay interface-dlci 104 ! Int S0/0.123 multipoint Ipv6 enable Ipv6 address 2001:150:1:30::1/64 Frame-relay map ipv6 2001:150:1:30::2 102 b Frame-relay map ipv6 2001:150:1:30::3 103 b

Int S0/0 Ipv6 enable Ipv6 address 2001:150:1:30::2/64 Encapsulation frame No frame-relay inverse Frame-relay map ipv6 2001:150:1:30::1 201 b Frame-relay map ipv6 2001:150:1:30::3 201 No shut Exit

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

150 of 229

R3

R4

Ipv6 unicast-routing

Ipv6 unicast-routing

Int S0/0 Encapsulation frame Ipv6 enable Ipv6 address 2001:150:1:30::3/64 Frame-relay map ipv6 2001:150:1:30::1 301 b Frame-relay map ipv6 2001:150:1:30::2 301 No frame-relay inverse No shut

Int S0/0 Encap frame No frame-relay inverse No shut ! Inter S0/0.41 point-to-point Ipv6 enable Ipv6 address 2001:150:1:60::4/64 Frame-relay interface 401

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

151 of 229

Module 10 – Quality of Service (QoS)

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

152 of 229

Lab 1 – Frame Relay QoS

R1 Lo 0

R2 E 0/0

Lo 0

E 0/0

192.1.12.0/24

S 0/0

Frame

192.1.23.0/24

S 0/0 192.1.34.0/24 Lo 0

E 0/0

Lo 0

E 0/0

R4

R3

R1 Interface Loopback 0 E 0/0

IP Address 1.1.1.1 192.1.12.1

Subnet Mask 255.0. 0.0 255.255.255.0

IP Address 192.1.12.2 192.1.23.2 2.2.2.2

Subnet Mask 255.255.255.0 255.255.255.0 255.0.0.0

IP Address 192.1.23.3 192.1.34.3 3.3.3.3

Subnet Mask 255.255.255.0 255.255.255.0 255.0.0.0

R2 Interface E 0/0 S 0/0 Loopback 0 R3 Interface S 0/0 E 0/0 Loopback 0

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

153 of 229

R4 Interface Loopback 0 E 0/0

IP Address 4.4.4.4 192.1.34.4

Subnet Mask 255.0.0.0 255.255.255.0

Interface Configuration R1

R2

interface Loopback0 ip address 1.1.1.1 255.0.0.0 ! interface Ethernet0/0 ip address 192.1.12.1 255.255.255.0 no shutdown

interface Loopback0 ip address 2.2.2.2 255.0.0.0 ! interface Ethernet0/0 ip address 192.1.12.2 255.255.255.0 no shutdown ! interface Serial0/0 ip address 192.1.23.2 255.255.255.0 encapsulation frame-relay ip ospf network point-to-point no shutdown R4

R3 interface Loopback0 ip address 3.3.3.3 255.0.0.0 ! interface Ethernet0/0 ip address 192.1.34.3 255.255.255.0 no shutdown ! interface Serial0/0 ip address 192.1.23.3 255.255.255.0 encapsulation frame-relay ip ospf network point-to-point no shutdown

interface Loopback0 ip address 4.4.4.4 255.0.0.0 ! interface Ethernet0/0 ip address 192.1.34.4 255.255.255.0 no shutdown

Task 1 Run OSPF as the Routing protocol on all routers R1

R2

router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0

router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

154 of 229

R3

R4

router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0

router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0

Task 2 Make sure that OSPF packets between R2 and R3 are not Discard Eligible. R2

R3

Access-list 101 deny ospf any any Access-list 101 permit ip any any ! Frame-relay de-list 1 protocol ip list 101 ! Interface S 0/0 Frame-relay de-group 1 203

Access-list 101 deny ospf any any Access-list 101 permit ip any any ! Frame-relay de-list 1 protocol ip list 101 ! Interface S 0/0 Frame-relay de-group 1 302

Task 3 Configure the R2 Frame Relay interface for rate limiting by configuring the parameters CIR, Bc, Be and MINCIR, considering the following: Your interface speed is 768000 bps. The router should send at a rate of 384000 bps. During congestion, your provider will mark any traffic in excess of 48kbps as discard eligible, make sure your throughput changes accordingly based upon BECNs received only and throttle down to 192000 bps upon the receipt of BECNs. Allow the Router to double the speed if it has tokens available. Your token bucket interval is 125 ms. Use a "map-class" to apply this feature to all PVCs. R1 Map-class frame-relay FRTS Frame-relay cir 384000 Frame-relay bc 48000 Frame-relay be 96000 Frame-relay mincir 192000 Frame-relay adaptive-shaping becn ! Interface s0/0 Frame-relay traffic-shaping Frame-relay class FRTS

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

155 of 229

Lab 2 – QoS using Class Maps (Builds on Lab1) Task 1 Configure R1 for Rate Limiting (Policing) for traffic originating from the 1.0.0.0 network going towards the Ethernet segment using the following parameters:
HTTP traffic should be limited to 750 kbps
FTP traffic should be limited to 400 kbps R1 Access-list 101 permit tcp 1.0.0.0 0.255.255.255 any eq 80 ! Access-list 102 permit tcp 1.0.0.0 0.255.255.255 any eq 21 Access-list 102 permit tcp 1.0.0.0 0.255.255.255 any eq 20 ! Class-map match-all HTTP Match access-group 101 Class-map match-all FTP Match access-group 102 ! Policy-map CB-CAR Class HTTP Police 750000 Class FTP Police 400000 ! Interface E 0/0 Service-policy output CB-CAR Task 2 R2-R3 has a CIR of 512 and Peak CIR of 1544. Configure R2 such that all HTTP and HTTPS traffic going from 192.1.12.0 networks towards Network 4.0.0.0 should have a Precedence of 5 if it is within the CIR. If it exceeds the CIR, it should be set with a Precedence of 1. Also, set the DE bit on, if it exceeds the CIR. If it exceeds the Peak, the packet should be dropped. The rest of the traffic should to set to a Precedence of 3. R2 Access-list 103 permit tcp 192.1.12.0 0.0.0.255 4.0.0.0 0.255.255.255 eq 80 Access-list 103 permit tcp 192.1.12.0 0.0.0.255 4.0.0.0 0.255.255.255 eq 443 ! Class-map match-all WEB Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

156 of 229

Match access-group 103 ! Policy-map SETPREC Class WEB Police cir 512000 pir 1544000 Conform-action set-prec-transmit 5 Exceed-action set-frde-transmit Exceed-action set-prec-transmit 1 Violate-action drop Class class-default Set precedence 3 Interface S 0/0 Service-policy output SETPREC Task 3 Configure R4 Ethernet interface for CB-WFQ using the following:
HTTP and HTTPS traffic = 30% of the bandwidth
Telnet Traffic = 15% of the bandwidth. Telnet traffic should use LLQ. R4 Ip cef Access-list 104 permit tcp any any eq 80 Access-list 104 permit tcp any any eq 443 ! Access-list 105 permit tcp any any eq 23 ! class-map Telnet match access-group 105 ! class-map WEB match access-group 104 ! policy-map QoS class Telnet priority percent 15 class WEB bandwidth percent 30 ! Interface E 0/0 Service-policy output QoS

Task 4 Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

157 of 229

Configure R1 Ethernet interface for QoS using the following criteria:
Configure Policing such that HTTP downloading is policed at 100 kbps for *.gif or *.jpg files. R1 class-map match-any FILES match protocol http url “*.gif*” match protocol http url “*.jpg*” ! policy-map FT-PMAP class FILES police 100000 ! Interface E 0/0 Service-policy input FT-MAP Task 5 R2-R3 has a CIR of 512 and Peak CIR of 1544. Configure R3 such that all HTTP and HTTPS traffic going towads 1.0.0.0 network should have a minimum reserved bandwidth of 256 kbps and should be shaped to the average rate. FTP traffic towards the 1.0.0.0 network should have a minimum of 56Kbps reserved and should be shaped to CIR. R2 Access-list 110 permit tcp any 1.0.0.0 0.255.255.255 eq 80 Access-list 110 permit tcp any 1.0.0.0 0.255.255.255 eq 443 ! Access-list 111 permit tcp any 1.0.0.0 0.255.255.255 eq 20 Access-list 111 permit tcp any 1.0.0.0 0.255.255.255 eq 21 ! Class-map match-all WEB Match access-group 110 ! Class-map match-all FTP Match access-group 111 ! Policy-map SHAPE Class WEB Bandwidth 256 Shape average 512000 Class FTP Bandwidth 56 Shape average 512000 ! Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

158 of 229

Interface S 0/0 Service-policy output SHAPE

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

159 of 229

Lab 3 – QoS – CAR (Builds on Lab2) Task 1 Server has an ip address of 192.1.34.230 with UDP ports ranging from 4000 to 5000. Configure CAR outbound packets on R3 going to the mentioned server and port ranging, and make sure that a rate of 3mbps and normal burst size of 200 kbps and max burst size of 300 kbps is handle with a max priority (use precedence) and if it exceeds send it with a normal priority (on a best effort basis). Transmit all other packets which does not match the criteria with a rate of 800000 bps and normal burst of 150 kbps and maximum burst of 300 kbps with normal priority (on a best effort basis) and if it exceeds drop the packets.

R3 Access-list 130 permit udp any host 192.1.34.230 range 4000 5000 ! Interface eth0/0 Rate-limit output access-group 130 3000000 200000 300000 conform-action set-prec-transmit 5 exceed-action set-prec-transmit 0 Rate-limit output 800000 150000 300000 conform-action set-prec-transmit 0 exceed-action drop

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

160 of 229

Lab 4 – QoS (Congestion Management) (Builds on Lab3) Task 1 On R2 make sure all traffic leaving Eth0/0 will be set with IP Precedence 3 from Network 192.1.34.0 destined to Network 192.1.12.0 and ensure a minimum guaranteed bandwidth of 256K in case of congestion. Reserve 128K for all other traffic leaving E0/0. Do NOT use policing or rate-limiting. Make sure, in case of congestion, that these packets get dropped randomly. R2 Access-list 105 permit ip 192.1.34.0 0.0.0.255 192.1.12.0 0.0.0.255 Class-map PREC_3 Match access-group 105 Policy-map QoS_TRAFFIC Class class-default Set ip precedence 2 Bandwidth 128 Random-detect Class PREC_3 Set ip precedence 3 Bandwidth 256 Interface eth0/0 Service-policy ouput QoS_TRAFFIC

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

161 of 229

Lab 5 – Switch QoS (Builds on Lab3) Task 1 Configure SW1 to Map the CoS values to the wrr queues based on the following table on port F 0/16: CoS Value 0, 1, 2 3,4 5,6 7

Wrr Queue 4 3 2 1

SW1 Mls qos ! Interface F 0/16 Wrr-queue cos-map 1 7 Wrr-queue cos-map 2 5 6 Wrr-queue cos-map 3 3 4 Wrr-queue cos-map 4 0 1 2 Task 2 Change the bandwidth ratio in each Queue on WRR for port F 0/16 using the following table: Bandwidth 10 15 25 50

Wrr Queue 4 3 2 1

SW1 Interface F 0/16 Wrr-queue bandwidth 50 25 15 10 Task 3 Configure SRR on Switch 2 such that F 0/11 port using the following parameters: Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

162 of 229

CoS Value 3, 4, 6 2 ,7 0,1 5

Srr Queue 4 3 2 1

SW1 Mls qos srr-queu output cos-map queue 1 5 Mls qos srr-queu output cos-map queue 2 0 1 Mls qos srr-queu output cos-map queue 3 2 7 Mls qos srr-queu output cos-map queue 4 3 4 6 Task 4 Configure Shaping on the first queue. It should used 12.5% percent of the interface Bandwidth. Configure Sharing on the remaining queues. Queues 2, 3 and 4 should be shared with a percentage breakdown of 50 30 and 20 percentage respectively.

SW1 Interface F 0/16 srr-queue bandwidth shape 8 0 0 0 srr-queue bandwidth share 8 5 3 2 Task 6 Traffic Classification on a Per-Port Per-VLAN Basis Using Class Maps (3550). Sw1 - port Fa0/18 is assigned to a VLAN_ID 10, mark all Web traffic on that Vlan with flash on precedence. SW1 Mls qos Access-list 101 permit tcp any any eq www Interface fa0/18 Switchport mode access Switchport access vlan 10 Class-map MATCH_TRAFFIC Mach ip access-group 101 Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

163 of 229

! ! ! Class-map MATCH_VLAN_TRAFFIC Match vlan 10 Match class-map MATCH_TRAFFIC ! Policy-map QoS_SET Class MATCH_VLAN_TRAFFIC Set ip precedence 3 ! Interface fa0/18 Service-policy inputt QoS_SET

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

164 of 229

11 – Multicasting

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

165 of 229

Lab 1 – Configuring Multicast Dense-mode

S 0/0 S 0/0 R2 E 0/0

R1

Frame

E 0/0

192.1.12.0/24

R1 Interface E 0/0 S 0/0 Loopback0

IP Address 10.1.1.1 192.1.12.1 1.1.1.1

Subnet Mask 255.255.255.0 255.255.255.0 255.0.0.0

IP Address 192.1.12.2 10.2.2.2 2.2.2.2

Subnet Mask 255.255.255.0 255.255.255.0 255.0.0.0

R2 Interface S 0/0 E 0/0 Loopback0 Task 1 Configure PIM dense mode on the routers. R1

R2

Ip multicast-routing

Ip multicast-routing

Int E0/0 Ip pim dense-mode

Int E0/0 Ip pim dense-mode

Int S0/0 Ip pim dense-mode

Int S0/0 Ip pim dense-mode

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

166 of 229

Task 2 Configure R1 to join the multicast group 224.11.11.11 and R2 to join the multicast group 224.22.22.22 on the Ethernet interfaces. R1

R2

Int E0/0 Ip igmp join-group 224.11.11.11

Int E0/0 Ip igmp join-group 224.22.22.22

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

167 of 229

Lab 2 – Configuring Static-RP

S 0/0 S 0/0 R2 E 0/0

R1

Frame

E 0/0

192.1.12.0/24

R1 Interface E 0/0 S 0/0 Loopback0

IP Address 10.1.1.1 192.1.12.1 1.1.1.1

Subnet Mask 255.255.255.0 255.255.255.0 255.0.0.0

IP Address 192.1.12.2 10.2.2.2 2.2.2.2

Subnet Mask 255.255.255.0 255.255.255.0 255.0.0.0

R2 Interface S 0/0 E 0/0 Loopback0 Task 1 Configure RIPv2 on both routers and advertise your directly connected interfaces. R1

R2

Router RIP Version 2 No auto-summary Network 192.1.12.0 Network 1.0.0.0 Network 10.0.0.0

Router RIP Version 2 No auto-summary Network 192.1.12.0 Network 2.0.0.0 Network 10.0.0.0

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

168 of 229

Task 2 Configure R1 to be the RP for all groups. Use the most reliable interface. R1

R2

Interface loopback0 Ip pim sparse-mode

Ip multicast-routing Ip pim rp-address 1.1.1.1

Ip multicast-routing Ip pim rp-address 1.1.1.1

Int F0/0 Ip pim sparse-mode

Int F0/0 Ip pim sparse-mode

Int S0/0 Ip pim sparse-mode

Int S0/0 Ip pim sparse-mode Task 3 Have R2 E 0/0 to join the multicast group 224.12.3.53 R2 Int E0/0 Ip igmp join-group 224.11.11.11

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

169 of 229

Lab 3 – Configuring Multiple RPs using Static-RP

R1 Lo 0

R2 E 0/0

Lo 0

E 0/0

192.1.12.0/24

S 0/0

Frame

192.1.23.0/24

S 0/0 192.1.34.0/24 Lo 0

E 0/0

Lo 0

E 0/0

R4

R3

R1 Interface Loopback 0 E 0/0

IP Address 1.1.1.1 192.1.12.1

Subnet Mask 255.0. 0.0 255.255.255.0

IP Address 192.1.12.2 192.1.23.2 2.2.2.2

Subnet Mask 255.255.255.0 255.255.255.0 255.0.0.0

IP Address 192.1.23.3 192.1.34.3 3.3.3.3

Subnet Mask 255.255.255.0 255.255.255.0 255.0.0.0

R2 Interface E 0/0 S 0/0 Loopback 0 R3 Interface S 0/0 E 0/0 Loopback 0

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

170 of 229

R4 Interface Loopback 0 E 0/0

IP Address 4.4.4.4 192.1.34.4

Subnet Mask 255.0.0.0 255.255.255.0

Interface Configuration R1

R2

interface Loopback0 ip address 1.1.1.1 255.0.0.0 ! interface Ethernet0/0 ip address 192.1.12.1 255.255.255.0 no shutdown

interface Loopback0 ip address 2.2.2.2 255.0.0.0 ! interface Ethernet0/0 ip address 192.1.12.2 255.255.255.0 no shutdown ! interface Serial0/0 ip address 192.1.23.2 255.255.255.0 encapsulation frame-relay no shutdown R4

R3 interface Loopback0 ip address 3.3.3.3 255.0.0.0 ! interface Ethernet0/0 ip address 192.1.34.3 255.255.255.0 no shutdown ! interface Serial0/0 ip address 192.1.23.3 255.255.255.0 encapsulation frame-relay no shutdown

interface Loopback0 ip address 4.4.4.4 255.0.0.0 ! interface Ethernet0/0 ip address 192.1.34.4 255.255.255.0 no shutdown

Task 1 Configure RIP V2 on all routers and advertise all the directly connected networks. R1

R2

Router RIP Version 2 No auto-summary Network 1.0.0.0 Network 192.1.12.0

Router RIP Version 2 No auto-summary Network 2.0.0.0 Network 192.1.12.0 Network 192.1.23.0

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

171 of 229

R3

R4

Router RIP Version 2 No auto-summary Network 192.1.23.0 Network 192.1.34.0 Network 3.0.0.0

Router RIP Version 2 No auto-summary Network 192.1.34.0 Network 4.0.0.0

Task 2 Configure R1 to be the RP for Multicast groups 224.1.1.1 – 2, and R4 to be the RP for the groups 224.4.4.1 – 2. These two RPs should use their Loopback 0 interface for this purpose. R1

R2

Ip multicast-routing ! Ip pim rp-address 1.1.1.1 10 Ip pim rp-address 4.4.4.4 20 ! Access-list 10 permit 224.1.1.1 Access-list 10 permit 224.1.1.2 ! Access-list 20 permit 224.4.4.1 Access-list 20 permit 224.4.4.2 R3

Ip multicast-routing ! Ip pim rp-address 1.1.1.1 10 Ip pim rp-address 4.4.4.4 20 ! Access-list 10 permit 224.1.1.1 Access-list 10 permit 224.1.1.2 ! Access-list 20 permit 224.4.4.1 Access-list 20 permit 224.4.4.2 R4

Ip multicast-routing ! Ip pim rp-address 1.1.1.1 10 Ip pim rp-address 4.4.4.4 20 ! Access-list 10 permit 224.1.1.1 Access-list 10 permit 224.1.1.2 ! Access-list 20 permit 224.4.4.1 Access-list 20 permit 224.4.4.2

Ip multicast-routing ! Ip pim rp-address 1.1.1.1 10 Ip pim rp-address 4.4.4.4 20 ! Access-list 10 permit 224.1.1.1 Access-list 10 permit 224.1.1.2 ! Access-list 20 permit 224.4.4.1 Access-list 20 permit 224.4.4.2

Task 3 Configure R1 Loopback 0 and R4 loopback to to join the following Multicast groups: R1 – 224.1.1.1, 224.1.1.2, 224.1.1.3 R4 – 224.4.4.1, 224.4.4.2, 224.4.4.3 Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

172 of 229

R1

R4

Interface Loopback0 Ip igmp join-group 224.1.1.1 Ip igmp join-group 224.1.1.2 Ip igmp join-group 224.1.1.3

Interface Loopback0 Ip igmp join-group 224.4.4.1 Ip igmp join-group 224.4.4.2 Ip igmp join-group 224.4.4.3

Task 4 Configure PIM on the physical and loopback interfaces in such a way that all routers have access to all the multicast groups, including the ones that are not configured for RP’s. R1

R2

Interface E 0/0 Ip pim sparse-dense-mode ! Interface Loopback0 Ip pim sparse-dense-mode R3

Interface E 0/0 Ip pim sparse-dense-mode ! Interface S0/0 Ip pim sparse-dense-mode R4

Interface E 0/0 Ip pim sparse-dense-mode ! Interface S0/0 Ip pim sparse-dense-mode

Interface E 0/0 Ip pim sparse-dense-mode ! Interface Loopback0 Ip pim sparse-dense-mode

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

173 of 229

Lab 4 – Configuring AUTO-RP with a Single RP

R1 Lo 0

R2 E 0/0

Lo 0

E 0/0

192.1.12.0/24

S 0/0

Frame

192.1.23.0/24

S 0/0 192.1.34.0/24 Lo 0

E 0/0

Lo 0

E 0/0

R4

R3

R1 Interface Loopback 0 E 0/0

IP Address 1.1.1.1 192.1.12.1

Subnet Mask 255.0. 0.0 255.255.255.0

IP Address 192.1.12.2 192.1.23.2 2.2.2.2

Subnet Mask 255.255.255.0 255.255.255.0 255.0.0.0

IP Address 192.1.23.3 192.1.34.3 3.3.3.3

Subnet Mask 255.255.255.0 255.255.255.0 255.0.0.0

R2 Interface E 0/0 S 0/0 Loopback 0 R3 Interface S 0/0 E 0/0 Loopback 0

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

174 of 229

R4 Interface Loopback 0 E 0/0

IP Address 4.4.4.4 192.1.34.4

Subnet Mask 255.0.0.0 255.255.255.0

Interface Configuration R1

R2

interface Loopback0 ip address 1.1.1.1 255.0.0.0 ! interface Ethernet0/0 ip address 192.1.12.1 255.255.255.0 no shutdown

interface Loopback0 ip address 2.2.2.2 255.0.0.0 ! interface Ethernet0/0 ip address 192.1.12.2 255.255.255.0 no shutdown ! interface Serial0/0 ip address 192.1.23.2 255.255.255.0 encapsulation frame-relay no shutdown R4

R3 interface Loopback0 ip address 3.3.3.3 255.0.0.0 ! interface Ethernet0/0 ip address 192.1.34.3 255.255.255.0 no shutdown ! interface Serial0/0 ip address 192.1.23.3 255.255.255.0 encapsulation frame-relay no shutdown

interface Loopback0 ip address 4.4.4.4 255.0.0.0 ! interface Ethernet0/0 ip address 192.1.34.4 255.255.255.0 no shutdown

Task 1 Configure RIP V2 on all routers and advertise all the directly connected networks. R1

R2

Router RIP Version 2 No auto-summary Network 1.0.0.0 Network 192.1.12.0

Router RIP Version 2 No auto-summary Network 2.0.0.0 Network 192.1.12.0 Network 192.1.23.0

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

175 of 229

R3

R4

Router RIP Version 2 No auto-summary Network 192.1.23.0 Network 192.1.34.0 Network 3.0.0.0

Router RIP Version 2 No auto-summary Network 192.1.34.0 Network 4.0.0.0

Task 2 Configure IP Multicast Sparse Mode on R1 (Loopback0, E 0/0), R2 (E0/0, S0/0) and R3 (S0/0, Loopback0). Configure R2 Loopback0 to be the RP for multicast groups 224.3.3.1 and 224.3.3.2 only. Ensure that is sends its RP-announcements every 10 seconds with a TTL of 5. Do not configure any Static RP on any router. R3 should join the multicast groups 224.3.3.1 and 224.3.3.2 on the Loopback 0 interface. All multicast routers should be able to ping all R3 multicast routes. R2 Interface loopback 0 Ip pim sparse-mode Ip multicast-routing Ip pim autorp listener ! access-list 1 permit 224.3.3.1 access-list 1 permit 224.3.3.2 ! Ip pim send-rp-announce loopback0 scope 5 group-list 1 interval 10 Ip pim send-rp-discovery scope 5 ! Interface S0/0 Ip pim sparse-mode ! Interface E0/0 Ip pim sparse-mode R1

R3

Ip multicast-routing Ip pim autorp listener ! Interface loopback 0 Ip pim sparse-mode !

Ip multicast-routing Ip pim autorp listener ! Interface S0/0 Ip pim sparse-mode

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

176 of 229

Interface E0/0 Ip pim sparse-mode

! Interface Loopback0 Ip pim sparse-mode Ip igmp join-group 224.3.3.1 Ip igmp join-group 224.3.3.2

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

177 of 229

Lab 5 – Configuring Multicast Rate-Limiting (Builds on Lab 4) Task 1 On R1, limit the bandwidth of the multicast traffic sent to group 224.3.3.1 on E0/0 to 4 Mbps and traffic sent to group 224.3.3.2 to 1 Mbps R1 Access-list 5 permit 224.3.3.1 Access-list 6 permit 224.3.3.2 ! interface E 0/0 ip multicast rate-limit out group-list 5 4000 ip multicast rate-limit out group-list 6 1000 Task 2 Only all IGMP join messages coming into F 0/15 on SW1 for the Multicast groups 224.13.13.13 and 224.13.13.33. SW1 Ip igmp filter ! Ip igmp profile 1 Permit Range 224.13.13.13 Range 224.13.13.33 interface F 0/15 ip igmp filter 1 Task 3 Block all Multicast traffic coming into interface F 0/18 SW1 interface F 0/18 switchport block multicast

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

178 of 229

Task 4 There is a server On R2 E0/0 and Clients on R3 E0/0. Both don’t support multicast traffic. Server is sending broadcast traffic to the clients on destination port UDP port 2305. You are required to send this broadcast as multicast traffic for this application from R2 to R3 to avoid congestion on the intermediate link. Configure R2 to receive the traffic from server E0/0. Translate the broadcast traffic to multicast address 224.0.1.4 and send this traffic to R3 S0/0. Configure R3 to receive multicast traffic from R2. Translate it to broadcast so that clients on E0/0 segment of R3 can receive it properly. R2

R3

Ip forward-protocol udp 2035 ! access-list 100 permit udp any any eq 2305 ! Int E0/0 ip multicast helper-map broadcast 224.0.1.4 100

Ip forward-protocol udp 2035 ! access-list 100 permit udp any any eq 2305 ! int S 0/0 ip multicast helper-map 224.0.1.4 192.1.34.255 100 ! Int E0/0 Ip directed-broadcast

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

179 of 229

Super Lab – I Physical Connections and IP Addressing

BB1 (.9) 192.1.15.0/24 VLAN 15 10

F 0/0.1 (.5)

R5 F0/0.2 (.5)

192.1.45.0/24 VLAN 45

E 0/0 (.4)

R4

S 0/0.234 (.4)

S 0/0.1 (.4)

R2 E 0/0 (.2)

E 0/0 (.1)

192.1.14.0/24 S 0/0 (.2) S 0/0 (.1)

Frame Relay

R1

192.1.11.0/24 VLAN 11

192.1.234.0/24 192.1.26.0/24 VLAN 26 E 0/0.1 (.100)

192.1.36.0/24 VLAN 36 S 0/0 (.3) E 0/0.1 (.6)

E 0/0.2 (.6) E 0/0.2 (.3)

R3 E 0/0.2 (.100)

BB2

E 0/0.1 (.3)

R6

192.1.111.0/24 VLAN 111 (.20)

192.1.3.0/24 VLAN 3

(.21) (.21)

SW1

SW2

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

180 of 229

IP Addressing Device

Port

IP Address

R1

F 0/0

192.1.11.1/24

Loopback 0

1.1.1.1 /8

F 0/0

192.1.26.2/24

S 0/0

192.1.234.2/24

Loopback 0

2.2.2.2/8

S 0/0

192.1.234.3/24

F 0/0.1

192.1.3.3/24

F 0/0.2

192.1.36.3/24

Loopback 0

3.3.3.3/8

F 0/0

192.1.45.4/24

S 0/0.234

192.1.234.4/24

S 0/0.1

192.1.14.4/24

Loopback 0

4.4.4.4/8

F 0/0.1

192.1.15.5/24

F 0/0.2

192.1.45.5/24

Loopback 0

5.5.5.5 / 8

F 0/0.1

192.1.26.6/24

F 0/0.2

192.1.36.6/24

Loopback 0

6.6.6.6/8

SW1

VLAN 3

192.1.3.20/24

SW2

VLAN 3

192.1.3.21/24

VLAN 111

192.1.111.21/24

R2

R3

R4

R5

R6

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

181 of 229

RIP V2 Configuration

R5

R3

BB1

SW1

OSPF Configuration

R5

Area 0 R4

Area 10 R1 R2

Area 100 R6 R3

Area 50

R6

BB2 SW2

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

182 of 229

EIGRP Configuration

R1

AS 100

BB2

BGP Configuration

R5

AS 345 R4

AS 2

AS 1

R2

R1 R3

AS 65500 AS 21

R6 SW2

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

183 of 229

Section 1 – Layer 2 (20 points) 1.1 – Trunking (3 Point)  Configure all the ports that connect switches together as Trunk ports.  Set the encapsulation as Dot1q.  Configure Switch 1 as the VTP Server in a VTP Domain of CCIE.  Secure VTP with a password of CCIERS.  Configure the rest of the Switch(s) as VTP Client(s) in the CCIE VTP Domain.  Only allow appropriate VLANs to cross the trunk 1.2 – VLAN Creation and Assignment (2 Point)  Create the following VLANs with the appropriate names: o VLAN 3 – Name : VLAN_03 o VLAN 11 – Name : VLAN_11 o VLAN 15 – Name : VLAN_15 o VLAN 26 – Name : VLAN_26 o VLAN 36 – Name : VLAN_36 o VLAN 45 – Name : VLAN_45 o VLAN 111 – Name : VLAN_111  Assign the appropriate ports to the appropriate VLANs based on the Diagram. 1.3 – Port Fast with Macros (2 Point)  Add any 2 unused ports to VLAN 26.  Define an interface-range with all ports that are part of VLAN 26 except for any trunk ports.  Define a Smart Macro that sets the ports in VLAN 26 to Access mode and turns on Port Fast on them. 1.4 – SPAN (3 Point)  There is a Traffic Analyzer connected to port 10 on Switch 1.  Send a copy of all traffic received on VLANs 15 and 26 to the Traffic Analyzer. 1.5 – MST (3 Point) Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

184 of 229

 Configure Multi-instance of Spanning Tree on the switches as follows: o o o o o o o

The name of this configuration should be CCIE The revision number should be 1 Instance 1 should handle VLANs 3 , 11 and 15 Instance 2 should handle VLANs 26 , 36, 45 and 111 All future VLANs should use instance 0 SW1 should be the root bridge for the first instance SW2 should be the root bridge for the second instance

1.6 – Controlling Multicast and broadcast Traffic (2 Point)  Configure F0/1 on SW1 such that the maximum amount of bandwidth utilization for broadcast traffic is 40% and 50% for Multicast traffic. 1.7 – Frame Relay (3 Point)  Configure frame relay to connect R1, R2, R3 and R4 based on the Diagram.  You can create 2 sub-interfaces on R4. You cannot create sub-interfaces on R2 and R3.  R2, R3 and R4 should be configured in a hub-n-spoke configuration. R4 being the hub and R2 and R3 being spokes.  R2 should be able to ping R3 and vice versa.  All routers should be able to ping their local frame relay interface.  Do not rely on inverse ARP for frame relay mappings. 1.8 – Frame Relay Authentication (2 Point)  Ensure that R1 and R4 use CHAP authentication using Cisco as the password. These routers must authenticate each other before they can communicate.

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

185 of 229

Section 2 – IGP (30 points) 2.1 – Configure RIP Version 2 (3 Points)  Configure RIP V2 on R5 to communicate to BB1 which is already configure with RIP V2. Advertise the Loopback network on R5 in RIP.  Configure RIP V2 between R3 and Switch 1. Create the following loopback on Switch 1: o Loopback 15: 15.15.15.15/8  Advertise the Loopbacks on R3 and Switch 1 under RIP V2.  Configure R3 and Switch 1 such that SW2 does not see RIP traffic. 2.2 – RIP Authentication (2 Points)  Configure R5 to authenticate with BB1. BB1 has been configured with a Key # of 1 and key-string of cisco.  Configure authentication between R3 and the Switch. Use a password of ccie with a key # of 1.  Use the most secure authentication mechanism. 2.3 – Route Filtering using RIP (2 Points)  Deny all networks that have an even number in the 195.1.X.0 network range.  Do the filtering on R5. Use minimum number of lines possible to accomplish this task. 2.4 – Configuring EIGRP (2 Points)  Configure EIGRP on R1 in AS 100 to communicate with BB2.  Don’t advertise the Loopback network in EIGRP.  Disable auto-summary. 2.5 – EIGRP Authentication (2 Points)  Authenticate the EIGRP connection with BB2. BB2 has been configured with a key # 1 with a key-string of cisco. Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

186 of 229

 Use the most secure authentication mechanism. 2.6 – Configuring OSPF (4 Point)  Configure OSPF between R4 and R5 in Area 0. Advertise the Loopback interface on R4 in Area 0. Make sure the route appears on R5 with the proper mask and not a host mask  Configure OSPF between R2, R3, R4, R6 and SW2 in Area 100. Advertise the Loopback addresses on R2, R3 and R6 in Area 100. They should appear with the proper mask and the not a host mask. Do not use the IP OSPF Network Broadcast command on R2, R3 and R6 to accomplish this task.  Configure OSPF between R1 and R4 in Area 10. Advertise the Loopback interface on R1 in Area 10. Make sure the route appears on R4 with the proper mask and not a host mask  Configure the appropriate interfaces on SW2 and R1 in Area 50.  Hard code the router-id on all OSPF devices. Use the following as the router-ids: o o o o o o o

R1 – 11.11.11.11 R2 – 22.22.22.22 R3 – 33.33.33.33 R4 – 44.44.44.44 R5 – 55.55.55.55 R6 – 66.66.66.66 SW2 – 21.21.21.21

2.7 – Configuring OSPF Virtual Links (4 Point)  Configure Virtual Links on the appropriate routers to connect Area 50 to Area 0.  Make sure you provide full redundancy for your network. 2.8 –OSPF Authentication (4 Point)  Configure authentication for OSPF routers in Area 0. Use Message Digest as the authentication Mechanism. Use ccie as the key with a key id of 1.  Configure Authentication for OSPF routers in Area 10. Use Message Digest as the authentication Mechanism. Use ccie as the key with a key id of 1.  Configure Authentication for the neighbor relationships between R2, R3 and R4 and also between R2 and R6. Use Message Digest as the authentication Mechanism. Use ccie as the key with a key id of 1. Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

187 of 229

 Configure Authentication on all virtual links. 2.9 – Redistribution (4 Point)  Mutually redistribute RIP and OSPF at the appropriate router. Routes should be redistributed in such a way that OSPF adds the link cost at each router.  When redistributing the 200.1.1.0 routes learned from BB1, only the even networks should be redistributed at the appropriate router.  Create loopback 100 with an Ip address of 100.1.1.1/8 on Switch 1. Do not advertise this network in any routing protocol on Switch 1.  All routers should have connectivity to this network. You are allowed to create a single static route on 1 router to accomplish this task.  All OSPF routers should have access to the EIGRP routes on R1. You are not allowed to redistribute EIGRP into OSPF. You are allowed a create a single static route on a router to accomplish this task. 2.10 – Summarization (3 Point)  Configure the following loopbacks on R1: o Loopback 201: 201.1.12.1/24 o Loopback 202: 201.1.13.1/24 o Loopback 203: 201.1.14.1/24 o Loopback 204: 201.1.15.1/24  Advertise the newly created loopbacks under EIGRP on R1.  These routes should be summarized towards BB2.  Inject these routes into OSPF as well. Don’t use the network command to accomplish this task. Only send a summarized route into OSPF.  Configure the following loopbacks on R6: o Loopback 201: 206.1.20.1/24 o Loopback 202: 206.1.21.1/24 o Loopback 203: 206.1.22.1/24 o Loopback 204: 206.1.23.1/24  Advertise the newly created loopbacks under OSPF on R6.  These routes should be summarized on R4. Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

188 of 229

Section 3 – BGP (12 points) 3.1 –IBGP (3 Point)  Configure the following Loopbacks: o R1 – Loopback 125: 125.1.1.1/24 o R2 – Loopback 125: 125.2.2.2/24 o R3 – Loopback 125: 125.3.3.3/24 o R4 – Loopback 125: 125.4.4.4/24 o R5 – Loopback 125: 125.5.5.5/24 o R6 – Loopback 125: 125.6.6.6/24 o SW2 – Loopback 125: 125.21.21.21/24  Configure R3, R4 and R5 in AS 345.  R5 should not have a neighbor relationship with R3.  Advertise the Loopback 125 networks on the appropriate routers.  Configure the neighbor relationship with redundancy in mind.  All IBGP routers using the most secure authentication method. Use CCIE as the password. 3.2 – EBGP (3 Points)  Configure a EBGP relationship between AS 2 and AS 345. Use R5 in AS 345 to set this relationship up.  Advertise the Loopback 125 network in BGP on R2. Don’t use the network command to accomplish task The origin should be internal.  Configure a EBGP relationship between AS 2 and AS 65500. Authenticate this relationship  Advertise the Loopback 125 network in BGP on R6.  Configure R1 in AS 1. Advertise the Loopback 125 network under BGP.  Configure a EBGP neighbor relation between AS 345 and AS 1.  AS 345 sees AS 1 in AS 1000. Configure the remote-as as 1000 for AS 1 on R4.  Configure SW2 in AS 21. Advertise the Loopback 125 network under BGP.

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

189 of 229

 Configure an EBGP neighbor relation between AS 21 and AS 345 based on the network diagram.  Also configure an EBGP neighbor relation between AS 21 and AS 1 based on the network diagram. 3.3 – Route Aggregation (2 Points)  Create the following loopback on R1: o Loopback 191: 199.1.4.1/24 o Loopback 192: 199.1.5.1/24 o Loopback 193: 199.1.6.1/24 o Loopback 194: 199.1.7.1/24  Advertise these networks under BGP.  Summarize these networks on R1.  Suppress the specific routes from getting propagated to BGP neighbors except for 199.1.5.0/24. This route should get propagated in addition to the summary route. 3.4 – Filtering Private AS number (2 Points)  R2 should not send the Private AS number in the AS Path for route(s) from AS 65500 to AS 345.  You can use a single command under the BGP Routing process to accomplish this task. 3.5 – Path Attributes (2 Points)  Configure AS 345 such that it uses AS 21 to get to AS 1 routes. Do not use the AS-Path or Weight Attributes to accomplish this task.  Configure AS 21 such that it uses AS 1 to get to AS 2 routes.

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

190 of 229

Section 4 – Security (8 points) 4.1 – Dot 1X Authentication (3 Points)  Configure Ports F 0/13 – 18 on Switch 1 for Dot1X authentication. Assign them to VLAN 250.  Authentication should be done based on a RADIUS Server located at 192.1.3.100. Use cciers as the secret key.  If the host does not support Dot1X authentication, it should be put in VLAN 300. 4.2 – SSH Configuation (3 Points)  Configure R3 such that remote management can only be done by SSH.  Configure a Local User SSHADMIN with a password of cciers. SSH authentication should be done based on the local database.  Only allow Remote Management from VLAN 3. 4.3 – ACL Configuration (2 Points)  Configure RFC 1918 filtering on R5 for anti-spoofing from the Frame cloud.  Also make sure packets with internal address as source addresses should not be allowed in. Do not use an ACL for this task.  There is a web server located at 192.1.15.25. This web server will be going down for Maintenance on Friday, Saturday and Sunday from 9:00 PM to 11:30 PM. R5 should block access to this server during the Maintenance times. This should be in affect for the month of December.

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

191 of 229

Section 5 – IOS Services (12 points) 5.1 – IOS DHCP Server (3 Points)  Enable R5 as a DHCP Server with the following information: o o o o o o

IP ADDRESS : 192.1.15.0/24 WINS ADDRESS : 192.1.15.5 DNS ADDRESS : 192.1.15.6 DEFAULT GATEWAY : 192.1.15.1 LEASE TIME : 6 Days Exclude-addresses : 192.1.15.1-192.1.15.10

5.2 – Core Dumps (3 Points)  Configure R1 to send a Core DUMP to a FTP server located at 192.1.12.100. Set the Dump size to 32768.  Use CCIE as the Username to log into the FTP with a password of 12353. 5.3 – NAT (3 Points)  Configure a Loopback 10 on R1. Assign it an address of 10.0.0.1/8.  Configure NAT on R1 to allow the 10.0.0.0 network to access the rest of routers using S 0/0 interface address. Do not create a pool to accomplish this.  There is a web server that will be installed at 10.0.0.80. There is a DNS Server located at 10.0.0.81.  Allow the outside user’s access to these servers using a common outside address of 192.1.14.83. 5.4 – DRP (3 Points)  R5 will be queried by Cisco DistributedDirector from the following IP Addresses: o 195.1.5.15 o 195.1.7.35  Enable the DRP Server Agent on R5  Only allow DRP Queries from the above listed DistributedDirector’s.  R5 should be configured to authenticate the DistributedDirector with a key of ccie Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

192 of 229

Section 6 – Multicasting (6 points) 6.1 – Configuring PIM Sparse Mode (3 Points)  Configure VLAN 26 to receive and send multicast Traffic from and to VLAN 45.  Perform configurations on R2 and R4 using PIM-Sparse-Mode. R2 should be the RP for 224.2.2.2 and R4 should be the RP for 224.4.4.4. 6.2 – Configuring IGMP (3 Points)  Configure R2 to statically join multicast group 224.2.2.2 and R4 to statically join the multicast group 224.4.4.4.  R2 and R4 should be able to ping both Multicast groups.

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

193 of 229

Section 7 –QoS (8 points) 7.1 – Configuring CB-WFQ using NBAR (3 Points)  Configure R3 such that traffic going towards the Frame Cloud uses the following QoS parameters: o All HTTP traffic towards a Web Server http://www.netmetricsolutions.com should be assigned a minimum bandwidth of 35%. o Telnet Traffic should be assigned a minimum bandwidth of 10%. Configure it for LLQ. o FTP traffic should be limited to 256 kbps.

7.2 – Configuring Policing using MQC (3 Points)  R3-R4 has a CIR of 256 and Peak CIR of 512. Configure R4 such that all HTTP and HTTPS traffic going from 192.1.15.0 networks towards Network 6.0.0.0 should have a Precedence of 5 if it is within the CIR. If it exceeds the CIR, it should be set with a Precedence of 1. Also, set the DE bit on, if it exceeds the CIR. If it exceeds the Peak, the packet should be dropped. The rest of the traffic should to set to a Precedence of 3. 7.3 – SRR (2 Points)  Configure SRR on Switch 1 such that F 0/10 port using the following parameters: CoS Value 3, 4, 6 2 ,7 0,1 5

Srr Queue 4 3 2 1

 Configure Shaping on the first queue. It should used 25% percent of the interface Bandwidth. Configure Sharing on the remaining queues. Queues 2, 3 and 4 should be shared with a percentage breakdown of 45 30 and 25 percentage respectively.

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

194 of 229

Section 8 – IPV6 (4 points) 8.1 – Configuring IPV6 (2 Points)  Configure R3 and R6 with the following IPv6 Addresses: Router R3 R3 R6 R6

Interface Loopback 0 E 0/0.2 Loopback 0 E 0/0.2

IPv6 Address 2222:1111:3333:3333::3/64 2222.1111:3333:3636::3/64 2222:1111:6666:6666::6/64 2222:1111:2222:3636::6/64

8.2 – Running RIPng (2 Points)  Enable IPv6 Unicast Routing.  Run RIPng between R3 and R6 and advertise the Loopback networks.

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

195 of 229

Super Lab – I (Answers) Physical Connections and IP Addressing

BB1 (.9) 192.1.15.0/24 VLAN 15 10

F 0/0.1 (.5)

R5 F0/0.2 (.5)

192.1.45.0/24 VLAN 45

E 0/0 (.4)

R4

S 0/0.234 (.4)

S 0/0.1 (.4)

R2 E 0/0 (.2)

E 0/0 (.1)

192.1.14.0/24 S 0/0 (.2) S 0/0 (.1)

Frame Relay

R1

192.1.11.0/24 VLAN 11

192.1.234.0/24 192.1.26.0/24 VLAN 26 E 0/0.1 (.100)

192.1.36.0/24 VLAN 36 S 0/0 (.3) E 0/0.1 (.6)

E 0/0.2 (.6) E 0/0.2 (.3)

R3 E 0/0.2 (.100)

BB2

E 0/0.1 (.3)

R6

192.1.111.0/24 VLAN 111 (.20)

192.1.3.0/24 VLAN 3

(.21) (.21)

SW1

SW2

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

196 of 229

IP Addressing Device

Port

IP Address

R1

F 0/0

192.1.11.1/24

Loopback 0

1.1.1.1 /8

F 0/0

192.1.26.2/24

S 0/0

192.1.234.2/24

Loopback 0

2.2.2.2/8

S 0/0

192.1.234.3/24

F 0/0.1

192.1.3.3/24

F 0/0.2

192.1.36.3/24

Loopback 0

3.3.3.3/8

F 0/0

192.1.45.4/24

S 0/0.234

192.1.234.4/24

S 0/0.1

192.1.14.4/24

Loopback 0

4.4.4.4/8

F 0/0.1

192.1.15.5/24

F 0/0.2

192.1.45.5/24

Loopback 0

5.5.5.5 / 8

F 0/0.1

192.1.26.6/24

F 0/0.2

192.1.36.6/24

Loopback 0

6.6.6.6/8

SW1

VLAN 3

192.1.3.20/24

SW2

VLAN 3

192.1.3.21/24

VLAN 111

192.1.111.21/24

R2

R3

R4

R5

R6

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

197 of 229

RIP V2 Configuration

R5

R3

BB1

SW1

OSPF Configuration

R5

Area 0 R4

Area 10 R1 R2

Area 100 R6 R3

Area 50

R6

BB2 SW2

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

198 of 229

EIGRP Configuration

R1

AS 100

BB2

BGP Configuration

R5

AS 345 R4

AS 2

AS 1

R2

R1 R3

AS 65500 AS 21

R6 SW2

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

199 of 229

Section 1 – Layer 2 (20 points) 1.1 – Trunking (3 Point)  Configure all the ports that connect switches together as Trunk ports.  Set the encapsulation as Dot1q.  Configure Switch 1 as the VTP Server in a VTP Domain of CCIE.  Secure VTP with a password of CCIERS.  Configure the rest of the Switch(s) as VTP Client(s) in the CCIE VTP Domain.  Only allow appropriate VLANs to cross the trunk SW1

SW2

VTP mode server VTP domain CCIE VTP password CCIERS ! interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport trunk allowed vlan 3,11,15,26,36,45,111 switchport mode trunk ! interface FastEthernet0/14 switchport trunk encapsulation dot1q switchport trunk allowed vlan 3,11,15,26,36,45,111 switchport mode trunk ! interface FastEthernet0/16 switchport trunk encapsulation dot1q switchport trunk allowed vlan 3,11,15,26,36,45,111 switchport mode trunk ! interface FastEthernet0/17 switchport trunk encapsulation dot1q switchport trunk allowed vlan 3,11,15,26,36,45,111 switchport mode trunk SW3

VTP mode client VTP domain CCIE VTP password CCIERS ! interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport trunk allowed vlan 3,11,15,26,36,45,111 switchport mode trunk ! interface FastEthernet0/14 switchport trunk encapsulation dot1q switchport trunk allowed vlan 3,11,15,26,36,45,111 switchport mode trunk

SW4

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

200 of 229

VTP mode client VTP domain CCIE VTP password CCIERS ! interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport trunk allowed vlan 3,11,15,26,36,45,111 switchport mode trunk ! interface FastEthernet0/14 switchport trunk encapsulation dot1q switchport trunk allowed vlan 3,11,15,26,36,45,111 switchport mode trunk

VTP mode client VTP domain CCIE VTP password CCIERS ! interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport trunk allowed vlan 3,11,15,26,36,45,111 switchport mode trunk ! interface FastEthernet0/14 switchport trunk encapsulation dot1q switchport trunk allowed vlan 3,11,15,26,36,45,111 switchport mode trunk

1.2 – VLAN Creation and Assignment (2 Point)  Create the following VLANs with the appropriate names: o VLAN 3 – Name : VLAN_03 o VLAN 11 – Name : VLAN_11 o VLAN 15 – Name : VLAN_15 o VLAN 26 – Name : VLAN_26 o VLAN 36 – Name : VLAN_36 o VLAN 45 – Name : VLAN_45 o VLAN 111 – Name : VLAN_111  Assign the appropriate ports to the appropriate VLANs based on the Diagram. SW1

SW2

Vlan 3 Name VLAN_3 Vlan 11 Name VLAN_11 Vlan 15 Name VLAN_15 Vlan 26 Name VLAN_26 Vlan 36 Name VLAN_36 Vlan 45 Name VLAN_45 Vlan 111 Name VLAN_111

interface FastEthernet0/2 switchport access vlan 26 switchport mode access ! interface FastEthernet0/4 switchport access vlan 45 switchport mode access ! interface FastEthernet0/6 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0/24 switchport trunk encapsulation dot1q

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

201 of 229

! interface FastEthernet0/1 switchport access vlan 11 switchport mode access ! interface FastEthernet0/3 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0/5 switchport trunk encapsulation dot1q switchport mode trunk SW3

switchport mode trunk

interface FastEthernet0/24 switchport access vlan 15 switchport mode access 1.3 – Port Fast with Macros (2 Point)  Add any 2 unused ports to VLAN 26.  Define an interface-range with all ports that are part of VLAN 26 except for any trunk ports.  Define a Smart Macro that sets the ports in VLAN 26 to Access mode and turns on Port Fast on them. SW1 interface FastEthernet0/7 switchport access vlan 26 ! interface FastEthernet0/8 switchport access vlan 26 ! define interface-range VLAN26 FastEthernet0/7 , FastEthernet0/8 ! macro name VLAN26 switchport mode access switchport access vlan 26 spanning-tree portfast @ 1.4 – SPAN (3 Point) Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

202 of 229

 There is a Traffic Analyzer connected to port 10 on Switch 1.  Send a copy of all traffic received on VLANs 15 and 26 to the Traffic Analyzer. SW1 monitor session 1 source vlan 15 , 26 rx monitor session 1 destination interface Fa0/10 1.5 – MST (3 Point)  Configure Multi-instance of Spanning Tree on the switches as follows: o o o o o o o

The name of this configuration should be CCIE The revision number should be 1 Instance 1 should handle VLANs 3 , 11 and 15 Instance 2 should handle VLANs 26 , 36, 45 and 111 All future VLANs should use instance 0 SW1 should be the root bridge for the first instance SW2 should be the root bridge for the second instance

SW1

SW2

spanning-tree mode mst ! spanning-tree mst configuration name CCIE revision 1 instance 1 vlan 3, 11, 15 instance 2 vlan 26, 36, 45, 111 ! spanning-tree mst 1 priority 0 SW3

spanning-tree mode mst ! spanning-tree mst configuration name CCIE revision 1 instance 1 vlan 3, 11, 15 instance 2 vlan 26, 36, 45, 111 ! spanning-tree mst 2 priority 0 SW4

spanning-tree mode mst ! spanning-tree mst configuration name CCIE revision 1 instance 1 vlan 3, 11, 15 instance 2 vlan 26, 36, 45, 111

spanning-tree mode mst ! spanning-tree mst configuration name CCIE revision 1 instance 1 vlan 3, 11, 15 instance 2 vlan 26, 36, 45, 111

1.6 – Controlling Multicast and broadcast Traffic (2 Point)

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

203 of 229

 Configure F0/1 on SW1 such that the maximum amount of bandwidth utilization for broadcast traffic is 40% and 50% for Multicast traffic. SW1 Int F0/1 storm-control broadcast level 40.00 storm-control multicast level 50.00 1.7 – Frame Relay (3 Point)  Configure frame relay to connect R1, R2, R3 and R4 based on the Diagram.  You can create 2 sub-interfaces on R4. You cannot create sub-interfaces on R2 and R3.  R2, R3 and R4 should be configured in a hub-n-spoke configuration. R4 being the hub and R2 and R3 being spokes.  R2 should be able to ping R3 and vice versa.  All routers should be able to ping their local frame relay interface.  Do not rely on inverse ARP for frame relay mappings. 1.8 – Frame Relay Authentication (2 Point)  Ensure that R1 and R4 use CHAP authentication using Cisco as the password. These routers must authenticate each other before they can communicate.

R1

R2

username R4 password 0 Cisco ! interface Virtual-Template1 ip address 192.1.14.1 255.255.255.0 ppp authentication chap ! interface Serial0/0 no ip address encapsulation frame-relay no frame-relay inverse-arp ! interface Serial0/0.1 point-to-point frame-relay interface-dlci 104 ppp Virtual-

interface Serial0/0 ip address 192.1.234.2 255.255.255.0 encapsulation frame-relay frame-relay map ip 192.1.234.2 204 frame-relay map ip 192.1.234.3 204 frame-relay map ip 192.1.234.4 204 broadcast no frame-relay inverse-arp

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

204 of 229

Template1 R3

R4

interface Serial0/0 ip address 192.1.234.3 255.255.255.0 encapsulation frame-relay frame-relay map ip 192.1.234.2 304 frame-relay map ip 192.1.234.3 304 frame-relay map ip 192.1.234.4 304 broadcast no frame-relay inverse-arp

username R1 password 0 Cisco ! interface Serial0/0 no ip address encapsulation frame-relay no frame-relay inverse-arp ! interface Serial0/0.1 point-to-point frame-relay interface-dlci 401 ppp VirtualTemplate1 ! interface Serial0/0.234 multipoint ip address 192.1.234.4 255.255.255.0 frame-relay map ip 192.1.234.2 402 broadcast frame-relay map ip 192.1.234.3 403 broadcast frame-relay map ip 192.1.234.4 402 ! interface Virtual-Template1 ip address 192.1.14.4 255.255.255.0 ppp authentication chap

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

205 of 229

Section 2 – IGP (30 points) 2.1 – Configure RIP Version 2 (3 Points)  Configure RIP V2 on R5 to communicate to BB1 which is already configure with RIP V2. Advertise the Loopback network on R5 in RIP.  Configure RIP V2 between R3 and Switch 1. Create the following loopback on Switch 1: o Loopback 15: 15.15.15.15/8  Advertise the Loopbacks on R3 and Switch 1 under RIP V2.  Configure R3 and Switch 1 such that SW2 does not see RIP traffic. R5

R3

router rip version 2 network 5.0.0.0 network 192.1.15.0

router rip version 2 passive-interface FastEthernet0/0.1 network 3.0.0.0 network 192.1.3.0 neighbor 192.1.3.20 no auto-summary

SW1 Interface Loopback 15 Ip address 15.15.15.15 255.0.0.0 ! Ip routing ! router rip version 2 passive-interface Vlan3 network 15.0.0.0 network 192.1.3.0 neighbor 192.1.3.3 no auto-summary 2.2 – RIP Authentication (2 Points)  Configure R5 to authenticate with BB1. BB1 has been configured with a Key # of 1 and key-string of cisco.

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

206 of 229

 Configure authentication between R3 and the Switch. Use a password of ccie with a key # of 1.  Use the most secure authentication mechanism. R5

R3

key chain RIP key 1 key-string cisco ! interface FastEthernet0/0.1 ip rip authentication mode md5 ip rip authentication key-chain RIP SW1

key chain RIP key 1 key-string ccie ! interface FastEthernet0/0.1 ip rip authentication mode md5 ip rip authentication key-chain RIP

key chain RIP key 1 key-string ccie ! interface vlan 3 ip rip authentication mode md5 ip rip authentication key-chain RIP 2.3 – Route Filtering using RIP (2 Points)  Deny all networks that have an even number in the 195.1.X.0 network range.  Do the filtering on R5. Use minimum number of lines possible to accomplish this task. R5 Access-list 101 deny 195.1.0.0 0.0.254.255 Access-list 101 permit any ! Router rip distribute-list 101 in 2.4 – Configuring EIGRP (2 Points)  Configure EIGRP on R1 in AS 100 to communicate with BB2.  Don’t advertise the Loopback network in EIGRP.  Disable auto-summary. Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

207 of 229

R1 router eigrp 100 network 192.1.11.1 0.0.0.0 no auto-summary 2.5 – EIGRP Authentication (2 Points)  Authenticate the EIGRP connection with BB2. BB2 has been configured with a key # 1 with a key-string of cisco.  Use the most secure authentication mechanism. R5 key chain EIGRP key 1 key-string cisco ! interface FastEthernet0/0 ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 EIGRP 2.6 – Configuring OSPF (4 Point)  Configure OSPF between R4 and R5 in Area 0. Advertise the Loopback interface on R4 in Area 0. Make sure the route appears on R5 with the proper mask and not a host mask  Configure OSPF between R2, R3, R4, R6 and SW2 in Area 100. Advertise the Loopback addresses on R2, R3 and R6 in Area 100. They should appear with the proper mask and the not a host mask. Do not use the IP OSPF Network Broadcast command on R2, R3 and R6 to accomplish this task.  Configure OSPF between R1 and R4 in Area 10. Advertise the Loopback interface on R1 in Area 10. Make sure the route appears on R4 with the proper mask and not a host mask  Configure the appropriate interfaces on SW2 and R1 in Area 50.  Hard code the router-id on all OSPF devices. Use the following as the router-ids: o o o o

R1 – 11.11.11.11 R2 – 22.22.22.22 R3 – 33.33.33.33 R4 – 44.44.44.44

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

208 of 229

o R5 – 55.55.55.55 o R6 – 66.66.66.66 o SW2 – 21.21.21.21 R1:

R2

Int loopback 0 Ip ospf network point-to-point ! router ospf 1 router-id 11.11.11.11 log-adjacency-changes network 1.1.1.1 0.0.0.0 area 10 network 192.1.11.1 0.0.0.0 area 50 network 192.1.14.1 0.0.0.0 area 10

Interface Loopback 0 ip ospf network point-to-point ! Interface s0/0 ip ospf network point-to-multipoint ! router ospf 1 router-id 22.22.22.22 log-adjacency-changes network 192.1.26.2 0.0.0.0 area 100 network 192.1.234.2 0.0.0.0 area 100 network 22.22.22.22 0.0.0.0 area 100 R4

R3 Interface Loopback 0 ip ospf network point-to-point ! Interface s0/0 ip ospf network point-to-multipoint ! router ospf 1 router-id 33.33.33.33 log-adjacency-changes network 192.1.3.3 0.0.0.0 area 100 network 192.1.234.3 0.0.0.0 area 100 network 33.33.33.33 0.0.0.0 area 100 R5 router ospf 1 router-id 55.55.55.55 log-adjacency-changes network 192.1.45.5 0.0.0.0 area 0

Interface Loopback 0 ip ospf network point-to-point ! Interface s0/0.234 ip ospf network point-to-multipoint ! router ospf 1 router-id 44.44.44.44 log-adjacency-changes network 44.44.44.44 0.0.0.0 area 0 network 192.1.14.4 0.0.0.0 area 10 network 192.1.45.4 0.0.0.0 area 0 network 192.1.234.4 0.0.0.0 area 100 R6 Interface Loopback 0 ip ospf network point-to-point ! router ospf 1 router-id 66.66.66.66 log-adjacency-changes network 192.1.26.6 0.0.0.0 area 100 network 66.66.66.66 0.0.0.0 area 100

SW2 router ospf 1 Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

209 of 229

router-id 21.21.21.21 log-adjacency-changes network 192.1.3.21 0.0.0.0 area 100 network 192.1.111.21 0.0.0.0 area 50 2.7 – Configuring OSPF Virtual Links (4 Point)  Configure Virtual Links on the appropriate routers to connect Area 50 to Area 0.  Make sure you provide full redundancy for your network. R1

R4

Router ospf 1 area 10 virtual-link 44.44.44.44 area 50 virtual-link 21.21.21.21

Router ospf 1 area 10 virtual-link 11.11.11.11 area 100 virtual-link 21.21.21.21

SW2 Router ospf 1 area 100 virtual-link 44.44.44.44 area 50 virtual-link 11.11.11.11 2.8 –OSPF Authentication (4 Point)  Configure authentication for OSPF routers in Area 0. Use Message Digest as the authentication Mechanism. Use ccie as the key with a key id of 1.  Configure Authentication for OSPF routers in Area 10. Use Message Digest as the authentication Mechanism. Use ccie as the key with a key id of 1.  Configure Authentication for the neighbor relationships between R2, R3 and R4 and also between R2 and R6. Use Message Digest as the authentication Mechanism. Use ccie as the key with a key id of 1.  Configure Authentication on all virtual links. R1

R2

Router ospf 1 area 10 authentication message-digest area 10 virtual-link 44.44.44.44 authentication message-digest area 10 virtual-link 44.44.44.44 messagedigest-key 1 md5 ccie area 10 authentication message-digest

Interface s0/0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 ccie ! Interface f0/0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 ccie

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

210 of 229

area 50 virtual-link 21.21.21.21 authentication message-digest area 50 virtual-link 21.21.21.21 messagedigest-key 1 md5 ccie ! interface Serial0/0.1 point-to-point ip ospf message-digest-key 1 md5 ccie R3

R4

Interface s0/0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 ccie

Router ospf 1 area 0 authentication message-digest area 10 authentication message-digest area 10 virtual-link 11.11.11.11 messagedigest-key 1 md5 ccie area 100 virtual-link 21.21.21.21 messagedigest-key 1 md5 ccie ! Interface f0/0 ip ospf message-digest-key 1 md5 ccie ! Interface s0/0.1 ip ospf message-digest-key 1 md5 ccie ! Interface s0/0.234 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 ccie

R5

R6

Router ospf 1 area 0 authentication message-digest ! interface f0/0.2 ip ospf message-digest-key 1 md5 ccie SW2

Int F0/0.1 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 ccie

Router ospf 1 area 100 virtual-link 44.44.44.44 authentication message-digest area 100 virtual-link 44.44.44.44 messagedigest-key 1 md5 ccie area 50 virtual-link 21.21.21.21 authentication message-digest area 50 virtual-link 21.21.21.21 messagedigest-key 1 md5 ccie Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

211 of 229

2.9 – Redistribution (4 Point)  Mutually redistribute RIP and OSPF at the appropriate router. Routes should be redistributed in such a way that OSPF adds the link cost at each router.  When redistributing the 200.1.1.0 routes learned from BB1, only the even networks should be redistributed at the appropriate router.  Create loopback 100 with an Ip address of 100.1.1.1/8 on Switch 1. Do not advertise this network in any routing protocol on Switch 1.  All routers should have connectivity to this network. You are allowed to create a single static route on 1 router to accomplish this task.  All OSPF routers should have access to the EIGRP routes on R1. You are not allowed to redistribute EIGRP into OSPF. You are allowed a create a single static route on a router to accomplish this task. R1:

R3

ip route 202.2.0.0 255.255.0.0 Null0 ! Router ospf 1 redistribute static subnets

Router ospf 1 redistribute rip metric-type 1 subnets redistribute static subnets ! Router rip redistribute ospf 1 metric 5 ! ip route 100.0.0.0 255.0.0.0 192.1.3.20 SW1:

R5 Access-list 121 deny 200.1.1.0 0.0.254.255 Access-list 121 permit any ! route-map R-2-O permit 10 match ip address 121 ! Router ospf 1 redistribute rip metric-type 1 subnets routemap R-2-O ! Router rip redistribute ospf 1 metric 5

interface Loopback100 ip address 100.1.1.1 255.0.0.0

2.10 – Summarization (3 Point) Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

212 of 229

 Configure the following loopbacks on R1: o Loopback 201: 201.1.12.1/24 o Loopback 202: 201.1.13.1/24 o Loopback 203: 201.1.14.1/24 o Loopback 204: 201.1.15.1/24  Advertise the newly created loopbacks under EIGRP on R1.  These routes should be summarized towards BB2.  Inject these routes into OSPF as well. Don’t use the network command to accomplish this task. Only send a summarized route into OSPF.  Configure the following loopbacks on R6: o Loopback 201: 206.1.20.1/24 o Loopback 202: 206.1.21.1/24 o Loopback 203: 206.1.22.1/24 o Loopback 204: 206.1.23.1/24  Advertise the newly created loopbacks under OSPF on R6.  These routes should be summarized on R4. R1

R4:

interface Loopback201 ip address 201.1.12.1 255.255.255.0 ! interface Loopback202 ip address 201.1.13.1 255.255.255.0 ! interface Loopback203 ip address 201.1.14.1 255.255.255.0 ! interface Loopback204 ip address 201.1.15.1 255.255.255.0 ! router eigrp 100 network 201.1.12.1 0.0.0.0 network 201.1.13.1 0.0.0.0 network 201.1.14.1 0.0.0.0 network 201.1.15.1 0.0.0.0 ! Interface f0/0 ip summary-address eigrp 100 201.1.12.0

Router ospf 1 area 100 range 206.1.20.0 255.255.252.0

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

213 of 229

255.255.252.0 5 ! route-map RC permit 10 match interface Loopback201 Loopback202 Loopback203 Loopback204 ! Router ospf 1 Redistribute connected route-map RC subnets summary-address 201.1.12.0 255.255.252.0 R6 interface Loopback201 ip address 206.1.20.1 255.255.255.0 ! interface Loopback202 ip address 206.1.21.1 255.255.255.0 ! interface Loopback203 ip address 206.1.22.1 255.255.255.0 ! interface Loopback204 ip address 206.1.23.1 255.255.255.0 ! Router ospf 1 network 206.1.20.1 0.0.0.0 area 100 network 206.1.21.1 0.0.0.0 area 100 network 206.1.22.1 0.0.0.0 area 100 network 206.1.23.1 0.0.0.0 area 100

Section 3 – BGP (12 points) 3.1 –IBGP (3 Point)  Configure the following Loopbacks: o R1 – Loopback 125: 125.1.1.1/24 o R2 – Loopback 125: 125.2.2.2/24 o R3 – Loopback 125: 125.3.3.3/24 o R4 – Loopback 125: 125.4.4.4/24 o R5 – Loopback 125: 125.5.5.5/24 o R6 – Loopback 125: 125.6.6.6/24 o SW2 – Loopback 125: 125.21.21.21/24  Configure R3, R4 and R5 in AS 345. Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

214 of 229

 R5 should not have a neighbor relationship with R3.  Advertise the Loopback 125 networks on the appropriate routers.  Configure the neighbor relationship with redundancy in mind.  All IBGP routers using the most secure authentication method. Use CCIE as the password. R1:

R2

Int loopback125 Ip address 125.1.1.1 255.255.255.0 R3

Int loopback125 Ip address 125.2.2.2 255.255.255.0 R4:

Int loopback125 Ip address 125.3.3.3 255.255.255.0 ! router bgp 345 no auto-summary no sync network 125.3.3.0 mask 255.255.255.0 neighbor 44.44.44.44 remote-as 345 neighbor 44.44.44.44 password CCIE neighbor 44.44.44.44 update-source Loopback0

Int loopback125 Ip address 125.4.4.4 255.255.255.0 ! router bgp 345 no auto-summary no sync network 125.4.4.0 mask 255.255.255.0 neighbor 33.33.33.33 remote-as 345 neighbor 33.33.33.33 password CCIE neighbor 33.33.33.33 update-source Loopback0 neighbor 33.33.33.33 route-reflector-client neighbor 55.55.55.55 remote-as 345 neighbor 55.55.55.55 password CCIE neighbor 55.55.55.55 update-source Loopback0 neighbor 55.55.55.55 route-reflector-client R6:

R5 Int loopback125 Ip address 125.5.5.5 255.255.255.0 ! router bgp 345 no auto-summary no sync neighbor 44.44.44.44 remote-as 345 neighbor 44.44.44.44 password CCIE neighbor 44.44.44.44 update-source Loopback0

Int loopback125 Ip address 125.6.6.6 255.255.255.0

SW1 Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

215 of 229

Int loopback125 Ip address 125.21.21.21 255.255.255.0 3.2 – EBGP (3 Points)  Configure a EBGP relationship between AS 2 and AS 345. Use R5 in AS 345 to set this relationship up.  Advertise the Loopback 125 network in BGP on R2. Don’t use the network command to accomplish task The origin should be internal.  Configure a EBGP relationship between AS 2 and AS 65500. Authenticate this relationship  Advertise the Loopback 125 network in BGP on R6.  Configure R1 in AS 1. Advertise the Loopback 125 network under BGP.  Configure a EBGP neighbor relation between AS 345 and AS 1.  AS 345 sees AS 1 in AS 1000. Configure the remote-as as 1000 for AS 1 on R4.  Configure SW2 in AS 21. Advertise the Loopback 125 network under BGP.  Configure an EBGP neighbor relation between AS 21 and AS 345 based on the network diagram.  Also configure an EBGP neighbor relation between AS 21 and AS 1 based on the network diagram. R1

R2

router bgp 1 no auto-summary no sync network 125.1.1.0 mask 255.255.255.0 neighbor 192.1.3.21 remote-as 21 neighbor 192.1.3.21 ebgp-multihop 255 neighbor 192.1.14.4 remote-as 345 neighbor 192.1.14.4 local-as 1000

route-map RC-2-BGP permit 10 match interface Loopback125 set origin igp ! router bgp 2 no auto-summary no sync redistribute connected route-map RC-2BGP neighbor 192.1.26.6 remote-as 65500 neighbor 192.1.26.6 password CCIE neighbor 192.1.45.5 remote-as 345 neighbor 192.1.45.5 ebgp-multihop 255 R4

R3

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

216 of 229

router bgp 345 neighbor 192.1.3.21 remote-as 21 R5

router bgp 345 neighbor 192.1.14.1 remote-as 1000 R6

router bgp 345 neighbor 192.1.234.2 remote-as 2 neighbor 192.1.234.2 ebgp-multihop 255

router bgp 65500 no auto-summary no sync network 125.6.6.0 mask 255.255.255.0 neighbor 192.1.26.2 remote-as 2 neighbor 192.1.26.2 password CCIE

SW2 router bgp 21 network 125.21.21.0 mask 255.255.255.0 neighbor 192.1.3.3 remote-as 345 neighbor 192.1.14.1 remote-as 1 neighbor 192.1.14.1 ebgp-multihop 255 3.3 – Route Aggregation (2 Points)  Create the following loopback on R1: o Loopback 191: 199.1.4.1/24 o Loopback 192: 199.1.5.1/24 o Loopback 193: 199.1.6.1/24 o Loopback 194: 199.1.7.1/24  Advertise these networks under BGP.  Summarize these networks on R1.  Suppress the specific routes from getting propagated to BGP neighbors except for 199.1.5.0/24. This route should get propagated in addition to the summary route. R1 interface Loopback191 ip address 199.1.4.1 255.255.255.0 ! interface Loopback192 ip address 199.1.5.1 255.255.255.0 ! interface Loopback193 ip address 199.1.6.1 255.255.255.0 ! interface Loopback194 Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

217 of 229

ip address 199.1.7.1 255.255.255.0 ! router bgp 1 network 199.1.4.0 network 199.1.5.0 network 199.1.6.0 network 199.1.7.0 aggregate-address 199.1.4.0 255.255.252.0 summary-only suppress-map SM ! access-list 131 deny 199.1.5.0 0.0.0.255 access-list 131 permit any ! route-map SM permit 10 match ip address 131 3.4 – Filtering Private AS number (2 Points)  R2 should not send the Private AS number in the AS Path for route(s) from AS 65500 to AS 345.  You can use a single command under the BGP Routing process to accomplish this task. R2 Router bgp 2 neighbor 192.1.45.5 remove-private-as 3.5 – Path Attributes (2 Points)  Configure AS 345 such that it uses AS 21 to get to AS 1 routes. Do not use the AS-Path or Weight Attributes to accomplish this task.  Configure AS 21 such that it uses AS 1 to get to AS 2 routes. R3

SW2

ip as-path access-list 1 permit _1$ ! route-map LP permit 10 match as-path 1 set local-preference 200 ! route-map LP permit 20 ! Router bgp 234

ip as-path access-list 2 permit _2$ ! route-map LP permit 10 match as-path 2 set local-preference 200 ! route-map LP permit 20 ! Router bgp 21

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

218 of 229

neighbor 192.1.3.21 route-map LP in

neighbor 192.1.14.1 route-map LP in

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

219 of 229

Section 4 – Security (8 points) 4.1 – Dot 1X Authentication (3 Points)  Configure Ports F 0/13 – 18 on Switch 1 for Dot1X authentication. Assign them to VLAN 250.  Authentication should be done based on a RADIUS Server located at 192.1.3.100. Use cciers as the secret key.  If the host does not support Dot1X authentication, it should be put in VLAN 300. SW1 Vlan 250 Vlan 300 ! Under all trunk interfaces: switchport trunk allowed vlan add 250,300 ! aaa new-model aaa authentication dot1x default group radius ! dot1x system-auth-control ! radius-server host 192.1.3.100 key cciers ! Interface range F0/13-18 Switchport mode access Switchport access vlan 250 dot1x port-control auto dot1x guest-vlan 300 4.2 – SSH Configuation (3 Points)  Configure R3 such that remote management can only be done by SSH.  Configure a Local User SSHADMIN with a password of cciers. SSH authentication should be done based on the local database.  Only allow Remote Management from VLAN 3. R3: username SSHADMIN password 0 cciers ! Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

220 of 229

ip domain name ccie.com ! crypto key generate rsa ! access-list 3 permit 192.1.3.0 0.0.0.255 ! line vty 0 4 access-class 3 in login local transport input ssh line vty 5 1180 access-class 3 in login local transport input ssh 4.3 – ACL Configuration (2 Points)  Configure RFC 1918 filtering on R5 for anti-spoofing from the Frame cloud.  Also make sure packets with internal address as source addresses should not be allowed in. Do not use an ACL for this task.  There is a web server located at 192.1.15.25. This web server will be going down for Maintenance on Friday, Saturday and Sunday from 9:00 PM to 11:30 PM. R5 should block access to this server during the Maintenance times. This should be in affect for the month of December. R5 access-list 141 deny ip 10.0.0.0 0.255.255.255 any access-list 141 deny ip 172.16.0.0 0.15.255.255 any access-list 141 deny ip 192.168.0.0 0.0.255.255 any access-list 141 permit ip any any ! Interface F0/0.2 ip verify unicast source reachable-via rx ip access-group 141 in ! time-range SM absolute start 00:00 01 December 2008 end 23:59 31 December 2008 periodic Friday 21:00 to 23:30 periodic Saturday 21:00 to 23:30 periodic Sunday 21:00 to 23:30 ! Access-list 142 deny ip any host 192.1.15.25 time-range SM Access-list 142 permit ip any any Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

221 of 229

! Interface f0/0.1 ip access-group 142 in

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

222 of 229

Section 5 – IOS Services (12 points) 5.1 – IOS DHCP Server (3 Points)  Enable R5 as a DHCP Server with the following information: o o o o o o

IP ADDRESS : 192.1.15.0/24 WINS ADDRESS : 192.1.15.5 DNS ADDRESS : 192.1.15.6 DEFAULT GATEWAY : 192.1.15.1 LEASE TIME : 6 Days Exclude-addresses : 192.1.15.1-192.1.15.10

R5 ip dhcp pool CCIE network 192.1.15.0 255.255.255.0 netbios-name-server 192.1.15.5 dns-server 192.1.15.6 default-router 192.1.15.1 lease 6 ! ip dhcp excluded-address 192.1.15.1 192.1.15.10 5.2 – Core Dumps (3 Points)  Configure R1 to send a Core DUMP to a FTP server located at 192.1.12.100. Set the Dump size to 32768.  Use CCIE as the Username to log into the FTP with a password of 12353. R1 exception protocol ftp exception region-size 32768 exception dump 192.1.12.100 ! ip ftp username CCIE ip ftp password 12353 5.3 – NAT (3 Points)  Configure a Loopback 10 on R1. Assign it an address of 10.0.0.1/8.  Configure NAT on R1 to allow the 10.0.0.0 network to access the rest of routers using S 0/0 interface address. Do not create a pool to accomplish this. Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

223 of 229

 There is a web server that will be installed at 10.0.0.80. There is a DNS Server located at 10.0.0.81.  Allow the outside user’s access to these servers using a common outside address of 192.1.14.83. R1 Interface Loopback10 Ip address 10.0.0.1 255.0.0.0 Ip nat inside ! Interface S 0/0.1 Ip nat outside ! Access-list 161 permit 10.0.0.0 0.255.255.255 any ! ip nat inside source list 161 interface S 0/0.1 overload ip nat inside source static tcp 192.1.14.83 80 10.0.0.80 80 extendable ip nat inside source static udp 192.1.14.83 53 10.0.0.81 53 extendable 5.4 – DRP (3 Points)  R5 will be queried by Cisco DistributedDirector from the following IP Addresses: o 195.1.5.15 o 195.1.7.35  Enable the DRP Server Agent on R5  Only allow DRP Queries from the above listed DistributedDirector’s.  R5 should be configured to authenticate the DistributedDirector with a key of ccie R5 access-list 15 permit 195.1.5.15 access-list 15 permit 195.1.7.35 ! key-chain DRP key 1 key-string ccie ! ip drp server ip drp access-group 15 Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

224 of 229

ip drp authentication key-chain DRP

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

225 of 229

Section 6 – Multicasting (6 points) 6.1 – Configuring PIM Sparse Mode (3 Points)  Configure VLAN 26 to receive and send multicast Traffic from and to VLAN 45.  Perform configurations on R2 and R4 using PIM-Sparse-Mode. R2 should be the RP for 224.2.2.2 and R4 should be the RP for 224.4.4.4. R2

R4

Ip multicast-routing ! Interface s0/0 Ip pim sparse-mode ! Interface F 0/0 Ip pim sparse-mode ! ip pim rp-address 2.2.2.2 31 ip pim rp-address 4.4.4.4 32 ! access-list 31 permit 224.2.2.2 access-list 32 permit 224.4.4.4

Ip multicast-routing ! Interface s0/0.234 Ip pim sparse-mode ! Interface F 0/0 Ip pim sparse-mode ! ip pim rp-address 2.2.2.2 31 ip pim rp-address 4.4.4.4 32 ! access-list 31 permit 224.2.2.2 access-list 32 permit 224.4.4.4

6.2 – Configuring IGMP (3 Points)  Configure R2 to statically join multicast group 224.2.2.2 and R4 to statically join the multicast group 224.4.4.4.  R2 and R4 should be able to ping both Multicast groups. R2

R4

Interface F 0/0 Ip igmp join-group 224.2.2.2

Interface F 0/0 Ip igmp join-group 224.4.4.4

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

226 of 229

Section 7 –QoS (8 points) 7.1 – Configuring CB-WFQ using NBAR (3 Points)  Configure R3 such that traffic going towards the Frame Cloud uses the following QoS parameters: o All HTTP traffic towards a Web Server http://www.netmetricsolutions.com should be assigned a minimum bandwidth of 35%. o Telnet Traffic should be assigned a minimum bandwidth of 10%. Configure it for LLQ. o FTP traffic should be limited to 256 kbps. R3 class-map match-all TELNET match protocol telnet class-map match-all HTTP match protocol http url "*http://www.netmetric-solutions.com*" class-map match-all FTP match protocol ftp ! ! policy-map QoS class HTTP bandwidth percent 35 class TELNET priority percent 10 class FTP police 256000 ! Interface s0/0/0 service-policy output QoS 7.2 – Configuring Policing using MQC (3 Points)  R3-R4 has a CIR of 256 and Peak CIR of 512. Configure R4 such that all HTTP and HTTPS traffic going from 192.1.15.0 networks towards Network 6.0.0.0 should have a Precedence of 5 if it is within the CIR. If it exceeds the CIR, it should be set with a Precedence of 1. Also, set the DE bit on, if it exceeds the CIR. If it exceeds the Peak, the packet should be dropped. The rest of the traffic should to set to a Precedence of 3. R4 Access-list 171 permit tcp 192.1.15.0 0.0.0.255 6.0.0.0 0.255.255.255 eq www Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

227 of 229

Access-list 171 permit tcp 192.1.15.0 0.0.0.255 6.0.0.0 0.255.255.255 eq 443 ! class-map match-all WEB match access-group 171 ! policy-map POLICE class WEB ! police cir 256000 pir 512000 conform-action set-prec-transmit 5 exceed-action set-prec-transmit 1 exceed-action set-frde-transmit violate-action drop class class-default set precedence 3 ! Interface s0/0.234 service-policy output POLICE 7.3 – SRR (2 Points)  Configure SRR on Switch 1 such that F 0/10 port using the following parameters: CoS Value 3, 4, 6 2 ,7 0,1 5

Srr Queue 4 3 2 1

 Configure Shaping on the first queue. It should used 25% percent of the interface Bandwidth. Configure Sharing on the remaining queues. Queues 2, 3 and 4 should be shared with a percentage breakdown of 45 30 and 25 percentage respectively. SW1 Mls qos ! mls qos srr-queue output cos-map queue 1 5 mls qos srr-queue output cos-map queue 2 0 1 mls qos srr-queue output cos-map queue 3 2 7 mls qos srr-queue output cos-map queue 4 3 4 6 ! interface FastEthernet0/10 srr-queue bandwidth share 4 45 30 25 srr-queue bandwidth shape 4 0 0 0 Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

228 of 229

Section 8 – IPV6 (4 points) 8.1 – Configuring IPV6 (2 Points)  Configure R3 and R6 with the following IPv6 Addresses: Router R3 R3 R6 R6

Interface Loopback 0 E 0/0.2 Loopback 0 E 0/0.2

IPv6 Address 2222:1111:3333:3333::3/64 2222.1111:3333:3636::3/64 2222:1111:6666:6666::6/64 2222:1111:2222:3636::6/64

R3

R6

Interface F0/0.2 ipv6 address 2222:1111:3333:3636::3/64 Interface loopback0 ipv6 address 2222:1111:3333:3333::3/64

Interface F0/0.2 ipv6 address 2222:1111:2222:3636::6/64 Interface loopback0 ipv6 address 2222:1111:6666:6666::6/64

8.2 – Running RIPng (2 Points)  Enable IPv6 Unicast Routing.  Run RIPng between R3 and R6 and advertise the Loopback networks. R3

R6

ipv6 unicast-routing ! Interface F0/0.2 ipv6 rip RIPNG enable Interface loopback0 ipv6 rip RIPNG enable

ipv6 unicast-routing ! Interface F0/0.2 ipv6 rip RIPNG enable Interface loopback0 ipv6 rip RIPNG enable

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: [email protected]

229 of 229