Jump to content

steve1403

Members
  • Content Count

    14
  • Joined

  • Last visited

Community Reputation

0 Neutral

About steve1403

  • Rank
    Member
  1. Hi , Kindly share us the link or material for spoto206. many of them are expired
  2. unable to download from the link. can you share the file
  3. Hi Team, As per the CCIE V5, the frame relay is not covered in the syllabus. ? TS 2 – frame relay and access list Why is it included it in the B9/10 Troubleshooting.
  4. Yes, There is no advertisement happens without redistribution or network statement. Got it..
  5. We should use "tunnel vrf " command instead of ip vrf forwarding under tunnel interface
  6. Hi Sir, Yes the tunnel comes without prefix list. Please advise what is he solution for below question. "R16,R17,R18,R19 must not advertise any prefix to AS 20003."
  7. Dear Team, I am confused with what configuration to follow for BGP,DMVPN section question for AS 45678 and 65222. Please help for providing correct configuration. Below are the configuration i follow for one spoke and hub (for both with VRF and without VRF) WITH VRF R17 ip vrf LOCALSP rd 45678:1 ip prefix-l DENY deny 0.0.0.0/0 le 32 ip prefix-l BGP per 0.0.0.0/0 route-map BGP-DEFAULT per 10 mat ip add pref BGP exit router bgp 45678 bgp router-id 123.17.17.17 address-family ipv4 vrf LOCALSP neighbor 203.3.17.1 remote-as 20003 neighbor 203.3.17.1 activate neighbor 203.3.17.1 prefix-list DENY out neighbor 203.3.17.1 route-map BGP-DEFAULT in int tun 0 tunnel vrf LOCALSP R18 ip vrf LOCALSP rd 45678:1 exit ip prefix-l DENY deny 0.0.0.0/0 le 32 ip prefix-l BGP per 0.0.0.0/0 route-map BGP-DEFAULT per 10 mat ip add pref BGP router bgp 65222 address-family ipv4 vrf LOCALSP neighbor 203.3.18.1 remote-as 20003 neighbor 203.3.18.1 activate neighbor 203.3.18.1 route-map BGP-DEFAULT in neighbor 203.3.18.1 prefix-list DENY out \ conf t int tun 0 tunnel vrf LOCALSP WITHOUT VRF R17 conf t access-list 1 permit 0.0.0.0 router bgp 45678 bgp router-id 123.17.17.17 neighbor 203.3.17.1 remote-as 20003 nei 203.3.17.1 prefix-l DENY out distance 171 203.3.17.1 0.0.0.0 1 exit ip prefix-l DENY deny 0.0.0.0/0 le 32 R18 router bgp 65222 neighbor 203.3.18.1 remote-as 20003 nei 203.3.18.1 prefix-l DENY out distance 171 203.3.18.1 0.0.0.0 1 exit ip prefix-l DENY deny 0.0.0.0/0 le 32 access-list 1 permit any Please help and advise if above configuration is fine or if any thing missing for below question. R16, 17, 18, 19 must establish an ebgp peering with AS 20003 ad must recenve a default route as well as other prefix R16, 17 , 18 , 19 must not advertise any prefix to AS 20003 as long as R15 is operational, R16, 17,18,19 must prefer the EIGRp default route over the EBGP default route do not create any vrf anywhere in order to accomplish the above requirements as long as R15 is operational, R16, 17,18,19 must prefer the EIGRp default route over the EBGP default route note : When i configure :" neighbor 203.3.17.1 prefix-list DENY out in R17", the tunnel is not comming up...
  8. Hi All, I am facing a problem where tunnel not coming up with tunnel protection along with tunnel vrf. without "tunnel protection" command the tunnel is getting up and eigrp neighborship is established. I am not sure if any command is missing. Below is the Configuration R17 crypto isakmp policy 10 encr aes authentication pre-share group 2 crypto isakmp key CCIE address 0.0.0.0 ! ! crypto ipsec transform-set CCIEXFORM esp-aes mode transport ! crypto ipsec profile DMVPNPROFILE set transform-set CCIEXFORM interface Tunnel0 bandwidth 1000 ip address 123.20.1.25 255.255.255.248 no ip redirects ip mtu 1400 no ip next-hop-self eigrp 45678 ip nhrp authentication 45678 ip nhrp map multicast dynamic ip nhrp network-id 45678 ip nhrp holdtime 300 ip nhrp redirect ip tcp adjust-mss 1380 delay 1000 tunnel source Ethernet0/0 tunnel mode gre multipoint tunnel vrf LOCALSP tunnel protection ipsec profile DMVPNPROFILE R18 crypto isakmp policy 10 encr aes authentication pre-share group 2 crypto isakmp key CCIE address 0.0.0.0 ! ! crypto ipsec transform-set CCIEXFORM esp-aes mode transport ! crypto ipsec profile DMVPNPROFILE set transform-set CCIEXFORM interface Tunnel0 bandwidth 1000 ip address 123.20.1.26 255.255.255.248 no ip redirects ip mtu 1400 ip nhrp authentication 45678 ip nhrp map multicast 203.3.17.2 ip nhrp map 123.20.1.25 203.3.17.2 ip nhrp network-id 45678 ip nhrp holdtime 300 ip nhrp nhs 123.20.1.25 ip nhrp shortcut ip tcp adjust-mss 1380 delay 1000 tunnel source Serial1/0 tunnel mode gre multipoint tunnel vrf LOCALSP tunnel protection ipsec profile DMVPNPROFILE
  9. Hi, We gets one problem in BGP ipv6 in R14. The problem states that the peer-group needs to be created before issuing the neighbor command. i am not sure how to resolve it.
  10. I understand the scenario as below 1. if asked to run virtual name with strongest authentication on all device ---> HMAC - SHA authentication 2. if asked for virtual name on routers own with authentication, then you must use key chain --> MD5 3, Anti replay scenario - HMAC - SHA authenticatio Pls correct if i am wrong.
  11. Hi Team, Please advise which authentication method to be used on below questions 1, Authenticaiton to avoid anti replay scenarios 2. Authentication that provide highest level of encryption.
  12. Hi Team, Kindly advise what authentication method to follow if we have below variation in the question 1. authentication that Avoid anti replay scenarios 2. authentication that provide highest level of encryption.
×
×
  • Create New...