Jump to content

Search the Community

Showing results for tags 'Answers'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • ANNOUNCEMENTS
    • ANNOUNCEMENTS
  • CERTIFICATION - - - - - NO REQUESTS IN THESE FORUMS - - - - -
    • CISCO SYSTEMS
    • COMPTIA
    • LINUX
    • MICROSOFT
    • ORACLE
    • PROJECT MANAGEMENT
    • SECURITY CERTIFICATIONS
    • SUN MICROSYSTEMS
    • WIRELESS
    • OTHER CERTIFICATIONS
  • CISCO TECHNICAL SECTION
    • CISCO LABS
    • GNS3
    • NETWORK INFRASTRUCTURE
    • SECURITY
    • WIRELESS
    • SERVICE PROVIDERS
    • COLLABORATION, VOICE AND VIDEO
    • DATA CENTER
    • SMALL BUSINESS
  • MICROSOFT TECHNICAL SECTION
  • OTHER TECHNICAL SECTION
  • TRAINING OFFERS & REQUESTS
  • CERTCOLLECTION MALL
  • GENERAL FORUMS
  • COMMUNITY CENTER

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests

Found 5 results

  1. Latest Microsoft Azure DevOps Solutions Exam AZ-400 Questions and Answers: Guide for Real Exam (2020) English | April 13, 2020 | ASIN: B0872RTJX1 | 208 Pages | PDF/EPUB | 6.34 MB * The exam AZ-400 dump contains 146 Questions and Answers. * You can rely to this guide to pass the exam AZ-400 with a good mark. * The pass of the exam AZ-400 is guarantee. [hide][Hidden Content]]
  2. Recently took the RHEL 7 RHCSA exam. These are the questions i received along with a short explanation or answer when possible. I apologize in advance for the formatting - BBCode is a nightmare! [Hidden Content]
  3. 1.1 Errors in Initial Configuration VTP domain name mismatch. VTP password mismatch. Backup interface configured in SW1 fa 0/10 (or maybe in some other switches or interface) VTP version mismatch. 'no peer neighbor-route' to be given if missing somewhere where required. 1.2 Switching Configure all of the appropriate non trunking access switch ports on sw1, sw2, sw3, according to the following requirements. Configure the VLANs for the access switch ports as shown in the table. Include the ports to BB1, BB2 and BB3. Configure trunks between sw2 fa0/2 and R2 G0/1 Ensure that SW1 is the spanning-tree Root Switch for all vlans and has the best chance of staying as such, even for any new vlan that might added in the future Make sure that the spanning tree enters the forwarding state immediately only for these access switch ports, by passing the listening and learning states. Avoid transmitting bridge protocol data units (BPDUs) on these access switch ports, if a BPDU is received on any of these ports, the ports should transition back to the listening, learning and forward states. Add any special layer 2 commands that are required on the routers including trunk configuration. SW1 spanning-tree vlan 1-1005 priority 0 spanning-tree portfast bpdufilter default interface FastEthernet0/3 switchport access vlan 3 switchport mode access spanning-tree portfast interface FastEthernet0/4 switchport access vlan 44 switchport mode access spanning-tree portfast interface FastEthernet0/5 switchport access vlan 15 switchport mode access spanning-tree portfast interface FastEthernet0/10 switchport access vlan 15 switchport mode access spanning-tree portfast SW2 spanning-tree portfast bpdufilter default interface FastEthernet0/1 switchport access vlan 11 switchport mode access spanning-tree portfast interface FastEthernet0/2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 22,24 switchport mode trunk interface FastEthernet0/3 switchport access vlan 13 switchport mode access spanning-tree portfast interface FastEthernet0/4 switchport access vlan 24 switchport mode access spanning-tree portfast interface FastEthernet0/5 switchport access vlan 45 switchport mode access spanning-tree portfast interface FastEthernet0/10 switchport access vlan 2 switchport mode access spanning-tree portfast SW3 spanning-tree portfast bpdufilter default interface FastEthernet0/10 switchport access vlan 3 switchport mode access spanning-tree portfast SW4 spanning-tree portfast bpdufilter default 1.3 Implement Frame-Relay Use the following requirements to configure R1 and R2 for Frame-relay and R4 the frame-relay switch. Use ANSI LMI on the frame-relay switch and auto-sensing on R1 and R2 Don't use any static frame-relay maps or inverse address resolution protocol. Use RFC 1490/RFC2427(IETF) encapsulation. Use sub-interfaces between R1 and R2 Use largest mask for frame relay link Do not change anything in the frame-relay switch R4 Use the data-link connection identifier DLCI assignments from the table below Router DLCI assignments R1 100 R2 200 R1 interface Serial0/1/1 no ip address encapsulation frame-relay ietf no frame-relay inverse-arp clock rate 64000 interface Serial0/1/1.100 point-to-point ip address YY.YY.15.242 255.255.255.252 frame-relay interface-dlci 100 ietf R2 interface Serial0/1/1 no ip address encapsulation frame-relay ietf no frame-relay inverse-arp clock rate 64000 interface Serial0/1/1.200 point-to-point ip address YY.YY.15.241 255.255.255.252 frame-relay interface-dlci 200 ietf Frame relay switch should be already configured R4 frame-relay switching interface Serial0/1/0 no ip address encapsulation frame-relay IETF clock rate 64000 frame-relay lmi-type ansi frame-relay intf-type dce frame-relay route 100 interface Serial0/1/1 200 interface Serial0/1/1 no ip address encapsulation frame-relay IETF frame-relay lmi-type ansi frame-relay intf-type dce frame-relay route 200 interface Serial0/1/0 100 no shut 1.4 Traffic Control protection from backbone Configure traffic control on the three backbone links, protecting your network from a broadcast storm. This protection should begin once broadcast traffic is half (50%) available bandwidth. The port should remain functional during this time. SW1, SW2, SW3 interface FastEthernet0/10 storm-control broadcast level 50.00 1.5 Trunking Manipulations Configure the dual trunk ports between Sw1, sw2, sw3 and sw4 according to the following requirements Disable DTP on six distribution ports for each switch. Use dot1q encapsulation. Set the list of allowed VLANs that can receive and send traffic on these interfaces in tagged format. In particular only allow the VLANs need to go through the trunk links. VLAN 1 not inclusive. Ensure the link to the backbone are able to read to unidirectional link failure Ensure the interfaces that are connected to backbone not become root switch SW1,SW2,SW3,SW4 vlan dot1q tag native /* if native vlan should be tagged */ interface range fa0/19 – 24 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 3,11,13,,44,45 switchport nonegotiate SW1,SW2,SW3,SW4 interface fa0/10 udld port aggressive spanning-tree guard root Section II layer 3 Technologies After finishing each of the following questions, make sure that all configured interfaces and subnets are consistently visible on all pertinent routers and switches. Do not redistribute between any interior gateway protocol (IGP) and Border Gateway Protocol (BGP). You need to ping a BGP route only if stated in a question, otherwise the route should be only in the BGP table. At the end of section 2, all subnets in your topology, including the loop back interfaces (except for SW3), must be reachable via ping. Therefore redistribute as you wish unless directly stated in the question. The backbone interface must be reachable only if they are part of the solution to a question. The loop back interfaces can be seen as either /24 or /32 in the routing tables unless stated otherwise in a question. The loop back interfaces can be added into your IGP either via redistribution or added to a routing process of your choice. 2.1 Implement IPV4 OSPF Configure Open Shortest Path First (OSPF) Updates should be advertised only out of the interfaces that are indicated in the IGP topology diagram. The Process ID can be any number Don't manually change the router ID. Don't create additional OSPF areas Configure OSPF area 2 such that there are no TYPE 5 Advertisements (LSA) in the area, R1 should generate a default route. Configure OSPF over frame relay between R1 and R2 choosing a network type that requires designate router (DR) and backup designate router (BDR) negotiations and has the fastest recovery times. R1 interface Serial0/1/1.100 point-to-point ip ospf network broadcast ip ospf dead-interval minimal hello-multiplier 20 router ospf 1 area 2 nssa default-information-originate network YY.YY.15.161 0.0.0.0 area 0 network YY.YY.1.1 0.0.0.0 area 0 network YY.YY.15.242 0.0.0.0 area 2 R2 interface Serial0/1/1.200 point-to-point ip ospf network broadcast ip ospf dead-interval minimal hello-multiplier 20 router ospf 1 area 2 nssa network YY.YY.2.2 0.0.0.0 area 2 network YY.YY.15.130 0.0.0.0 area 2 network YY.YY.15.241 0.0.0.0 area 2 R3 router ospf 1 network YY.YY.15.193 0.0.0.0 area 0 SW1 ip routing interface Vlan11 ip address YY.YY.15.162 255.255.255.224 interface Vlan13 ip address YY.YY.15.194 255.255.255.224 router ospf 1 network YY.YY.7.7 0.0.0.0 area 0 network YY.YY.15.162 0.0.0.0 area 0 network YY.YY.15.194 0.0.0.0 area 0 SW2 interface Vlan2 ip address 150.2.1.1 255.255.255.0 interface Vlan22 ip address YY.YY.15.129 255.255.255.224 router ospf 1 area 2 nssa network YY.YY.8.8 0.0.0.0 area 2 network YY.YY.15.129 0.0.0.0 area 2 2.2 Implement IPV4 EIGRP Configure EIGRP 100 and EIGRP YY per the IGP topology diagram. EIGRP updates should be advertised only out to the interface per the IGP topology diagram. On R1, redistribute between OSPF and EIGRP YY. However all of the routes that are indicated below from backbone 3 (EIGRP 100) should not be redistributed between both protocols, Use route maps to accomplish this requirement. All route-maps should utilize the same access-list. Cannot disable auto-summary On OSPF area 0, EIGRP 100 routers should be choose the connection through R3 and should be seen as one path On R3 redistribute from EIGRP 100 into OSPF with metric-type 2 On R3 redistribute from EIGRP 100 into EIGRP YY. However 3 networks 198.2.1.0 198.2.3.0 and 198.2.5.0 should be aggregated into a single address with the most specific mask possible R1 router eigrp 1 redistribute ospf 1 metric 1544 2000 255 1 1500 route-map BLOCK network YY.YY.1.1 0.0.0.0 network YY.YY.15.249 0.0.0.0 auto-summary router ospf 1 redistribute eigrp 1 subnets route-map BLOCK route-map BLOCK deny 10 match ip address 10 route-map BLOCK permit 20 access-list 10 permit 4.YY.YY.0 0.0.0.255 access-list 10 permit 128.28.2.0 0.0.0.255 access-list 10 permit 198.YY.YY.4 0.0.0.3 access-list 10 permit 198.2.1.0 0.0.0.255 access-list 10 permit 182.2.4.0 0.0.0.255 access-list 10 permit 182.2.2.0 0.0.0.255 access-list 10 permit 198.2.5.0 0.0.0.255 access-list 10 permit 150.3.YY.0 0.0.0.255 R3 router eigrp 100 no auto-summary network 150.3.1.1 0.0.0.0 interface Serial0/1/0 ip summary-address eigrp 1 198.2.0.0 255.255.248.0 router eigrp 1 redistribute eigrp 100 network YY.YY.3.3 0.0.0.0 network YY.YY.15.245 0.0.0.0 auto-summary router ospf 1 redistribute eigrp 100 subnets metric-type 2 R5 router eigrp 1 auto-summary network YY.YY.5.5 0.0.0.0 network YY.YY.15.97 0.0.0.0 network YY.YY.15.246 0.0.0.0 network YY.YY.15.250 0.0.0.0 SW4 interface Vlan44 ip address YY.YY.15.66 255.255.255.224 interface Vlan45 ip address YY.YY.15.98 255.255.255.224 router eigrp 1 auto-summary network YY.YY.10.10 0.0.0.0 network YY.YY.15.98 0.0.0.0 2.3 Implement RIP version 2 Configure RIP version 2 (RIP V2) per the IGP topology diagram. RIP update must be advertised only out to the interface per the IGP topology diagram Use the auto-summary All rip updates should be unicast. Mutually redistribute between RIP and EIGRP on SW4 and mutually redistribute between RIP and ospf of R2. EIGRP learned routes should be preferred over OSPF routes. RIP and EIGRP cannot turn off auto-summary, this cannot affect ospf routing. R2 router rip auto-summary version 2 passive-interface default neighbor YY.YY.15.33 network YY.YY.0.0 redistribute ospf YY metric 1 offset-list 0 out 4 fastethernet0/1.24 router ospf YY redistribute rip subnets route-map EIGRP100 // EIGRP 100 learned routes from RIP ip prefix-list EIGRP100PL permit 4.0.0.0/8 ip prefix-list EIGRP100PL permit 128.28.0.0/16 ip prefix-list EIGRP100PL permit 128.128.0.0/16 ip prefix-list EIGRP100PL permit 150.3.0.0/16 ip prefix-list EIGRP100PL permit 198.198.5.0/24 … route-map EIGRP100 deny 10 match ip address prefix-list EIGRP100PL route-map EIGRP100 permit 20 R4 router rip version 2 auto-summary passive-interface default neighbor YY.YY.15.34 neighbor YY.YY.15.66 network YY.YY.0.0 SW4 router rip version 2 auto-summary passive-interface default neighbor YY.YY.15.65 network YY.YY.0.0 redistribute eigrp YY metric 2 distance 171 YY.YY.15.65 0.0.0.0 10 access-list 10 deny YY.YY.4.4 access-list 10 deny YY.YY.15.32 0.0.0.31 access-list 10 permit any route-map NET_RIP permit 10 match ip address prefix-list net_rip ip prefix-list net_rip permit YY.YY.4.4/32 ip prefix-list net_rip permit YY.YY.15.32/27 ip prefix-list net_rip permit YY.YY.15.64/27 router eigrp YY redistribute rip metric 1544 2000 255 1 1500 route-map NET_RIP 2.4 Implement IPV6 Refer to the IPV6 topology diagram to configure IPV6 unique local unicast addresses using the eui-64 interface identifier. Configure OSPFv3 as per the IPV6 topology. Ensure that R4 can ping SW1 using IPV6. R4 G0/1 and R2 G0/1.z (Vlan 24) FC01:DB8:74:9::/64 EUI-64 R2 S0/1/0.z and R1 -S0/1/0.z FC01:DB8:74:A::/64 EUI-64 R1 G0/1 and SW1 - Svi 11 FC01:DB8:74:B::/64 EUI-64 R1 ipv6 unicast-routing ipv6 cef interface FastEthernet0/1 ipv6 address FC01:DB8:74:B::/64 eui-64 ipv6 ospf mtu-ignore ipv6 ospf 1 area 1 ipv6 router ospf 1 router-id YY.YY.1.1 interface Serial0/1/1.100 point-to-point ipv6 address FC01:DB8:74:A::/64 eui-64 ipv6 ospf 1 area 1 R2 ipv6 unicast-routing ipv6 cef ipv6 router ospf 1 router-id YY.YY.2.2 interface Serial0/1/1.200 point-to-point ipv6 address FC01:DB8:74:A::/64 eui-64 ipv6 ospf 1 area 1 interface FastEthernet0/1.24 ipv6 address FC01:DB8:74:9::/64 eui-64 ipv6 ospf 1 area 0 R4 ipv6 unicast-routing ipv6 cef ipv6 router ospf 1 router-id YY.YY.4.4 interface FastEthernet0/1 ipv6 address FC01:DB8:74:9::/64 eui-64 ipv6 ospf 1 area 0 SW1 sdm prefer dual-ipv4-and-ipv6-default /* reload the router */ ipv6 unicast-routing ipv6 router ospf 1 router-id YY.YY.7.7 interface Vlan11 ipv6 address FC01:DB8:74:B::/64 eui-64 ipv6 ospf 1 area 1 2.5 – Implement IPv4 BGP Referring to the bgp routing diagram, configure BGP with these parameters: Configure two bgp confederations R1, R3, R5 and SW4 (ASYY1) and R2 and SW2 (ASYY2). The confederation peers should neighbor between R1 and R2 and between SW4 and R2. EBGP: SW2 ebgp peers with the router 150.2.YY.254 on BB2 in AS254. This router advertises five routes with format 197.68.z.0/24 and the AS path 254. EBGP: R5 ebgp peers with the router 150.1.YY.254 on BB1 in AS254. This router advertises five routes with the format 197.68.z.0/24 and the AS path 254,253. The bgp devices should all prefer the path through R5 (150.1.YY.254) for network 197.68.21.0/24 and 197.68.22.0/24. The ibgp devices should all prefer the path through SW2 (150.2.YY.254) for network 197.68.1.0/24, 197.68.4.0/24 and 197.68.5.0/24. This manipulation should be accomplished by configuring only on one router using route maps that refer to a single access list. Configure only the loopback 0 ip address to propagate BGP route information. You cannot use route reflector or change next-hop self. BGP routes should be advertised to AS254. R1 router bgp YY1 no synchronization no auto-summary bgp log-neighbor-changes bgp confederation identifier YY bgp confederation peers YY2 neighbor YY.YY.2.2 remote-as YY2 neighbor YY.YY.2.2 ebgp-multihop 255 neighbor YY.YY.2.2 update-source Loopback0 neighbor YY.YY.3.3 remote-as YY1 neighbor YY.YY.3.3 update-source Loopback0 neighbor YY.YY.5.5 remote-as YY1 neighbor YY.YY.5.5 update-source Loopback0 neighbor YY.YY.10.10 remote-as YY1 neighbor YY.YY.10.10 update-source Loopback0 R3 router bgp YY1 no synchronization bgp log-neighbor-changes bgp confederation identifier YY neighbor YY.YY.5.5 remote-as YY1 neighbor YY.YY.5.5 update-source Loopback0 neighbor YY.YY.1.1 remote-as YY1 neighbor YY.YY.1.1 update-source Loopback0 neighbor YY.YY.10.10 remote-as YY1 neighbor YY.YY.10.10 update-source Loopback0 no auto-summary R5 router bgp YY1 no synchronization bgp log-neighbor-changes bgp confederation identifier YY neighbor YY.YY.3.3 remote-as YY1 neighbor YY.YY.3.3 update-source Loopback0 neighbor YY.YY.1.1 remote-as YY1 neighbor YY.YY.1.1 update-source Loopback0 neighbor YY.YY.10.10 remote-as YY1 neighbor YY.YY.10.10 update-source Loopback0 neighbor 150.1.YY.254 remote-as 254 neighbor 150.1.YY.254 route-map TAG in no auto-summary access-list 5 permit 197.68.20.0 0.0.3.255 route-map TAG permit 10 match ip address 5 set local-preference 250 route-map TAG permit 20 router eigrp YY redistribute connected metrix 1544 200 255 1 1500 route-map BB1 route-map BB1 permit 10 match interface fa0/0 SW4 router bgp YY1 no synchronization bgp log-neighbor-changes bgp confederation identifier YY bgp confederation peers YY2 neighbor YY.YY.1.1 remote-as YY1 neighbor YY.YY.1.1 update-source Loopback0 neighbor YY.YY.2.2 remote-as YY2 neighbor YY.YY.2.2 ebgp-multihop 255 neighbor YY.YY.2.2 update-source Loopback0 neighbor YY.YY.3.3 remote-as YY1 neighbor YY.YY.3.3 update-source Loopback0 neighbor YY.YY.5.5 remote-as YY1 neighbor YY.YY.5.5 update-source Loopback0 no auto-summary R2 router bgp YY2 no synchronization bgp log-neighbor-changes bgp confederation identifier YY bgp confederation peers YY1 neighbor YY.YY.1.1 remote-as YY1 neighbor YY.YY.1.1 ebgp-multihop 255 neighbor YY.YY.1.1 update-source Loopback0 neighbor YY.YY.8.8 remote-as YY2 neighbor YY.YY.8.8 update-source Loopback0 neighbor YY.YY.10.10 remote-as YY1 neighbor YY.YY.10.10 ebgp-multihop 255 neighbor YY.YY.10.10 update-source Loopback0 no auto-summary SW2 router bgp YY2 no synchronization bgp log-neighbor-changes bgp confederation identifier YY neighbor YY.YY.2.2 remote-as YY2 neighbor YY.YY.2.2 update-source Loopback0 neighbor 150.2.1.254 remote-as 254 no auto-summary router ospf YY redistribute connected metric 100 subnets route-map BB2 route-map BB2 permit 10 match interface vlan 2 Section III IP Multicast 3.1 Implement PIM sparse mode for IPV6 multicast. Enable pim sparse mode (pim-sm) on the lan between R4 and R2, and on the WAN link between R2 and R1, Using these criteria. Configure R4 Fa0/1 to be the redezvous point (RP) for the FF08::4000:4000 multicast group, no other groups should be permitted. R4 ipv6 cef ipv6 multicast-routing ipv6 pim rp-address X:X:X:X R2 ipv6 cef ipv6 multicast-routing ipv6 pim rp-address X:X:X:X R1 ipv6 cef ipv6 multicast-routing ipv6 pim rp-address X:X:X:X 3.2 Multicast Joins Configure R2 s0/0/0.z as an IPV6 receiver for the multicast group FF08::4000:4000. R2 should be able to ping the multicast group FF08::4000:4000. R2 interface Serial0/1/1.100 point-to-point ipv6 mld join-group FF08::4000:4000 X:X:X:X Section IV Advanced Services 4.1 Secure HTTP Access Enable secure HTTP access for R5. Enable authentication using the list "HTTP" which utilizes local user authentication. Configure two different users for access to R5; the user cisco (password "cisco"), who only have privilege 1 access to R5; and the user ADMIN (password “CISCO") who has privilege 15 access to R5. Do no modify console and vty lines login and password configuration R5 aaa new-model aaa authenctication login default line /* none required at the end if no line passwords are configured */ aaa authentication login HTTP local-case aaa authorization exec HTTP local username cisco privilege 1 password 0 cisco username ADMIN privilege 15 password 0 CISCO no ip http server ip http secure-server ip http authentication aaa login-authentication HTTP ip http authentication aaa exec-authorization HTTP 4.2 Secure the WAN PPP Links Configure challenge handshake authentication protocol (CHAP) on R5 for the link to R1 and R3, according to the following requirements. An authentication, authorization, and accounting (AAA) list names R1 and R3 for R1 and R3 respectively. Authentication for R1 should first try the radius server 198.2.3.128 using a key of cisco and fall back to local login in the event of a failure to connect to the radius server. R1 should present itself to R5 as RACKYYR1 with a shared password cisco. Authentication for R3 should first try the TACAS server 198.2.3.129 using a key of cisco and fall back to local login in the event of a failure to connect to the TACAS server. R3 should present itself to R5 as BACKUP with a shared password of CISCO. R5 aaa new-model aaa authentication ppp R1 group radius local-case aaa authentication ppp R3 group tacacs+ local-case username RACK1R1 password 0 cisco username BACKUP password 0 CISCO tacacs-server host 198.2.3.129 key cisco radius-server host 198.2.3.128 key cisco interface Serial0/1/0 ppp authentication chap R1 interface Serial0/1/1 ppp authentication chap R3 R1 interface Serial0/1/0 ppp chap hostname RACK1R1 ppp chap password cisco R3 interface Serial0/1/0 ppp chap hostname BACKUP ppp chap password CISCO 4.3 MQC Based frame-relay traffic shaping Configure R1 for Modular QoS CLI (MQC) based frame relay traffic shaping (FRTS) according to the following requirements: Using a hierarchical policy map, specify the parent class-default committed information rate (CIR) as 64KB (when no backward explicit congestion notification (BECNs) are present and 32KB (when BECNs are present). The traffic already marked with class 1 or 2 (AF11 or AF21) must be classified as Data traffic. Data Traffic should receive a guaranteed bandwidth of 35%. Voice packets are marked as Expedited Forwarding (EF) Voice traffic should receive a guaranteed bandwidth of 40% R2 class-map match-any DATA match ip dscp af11 match ip dscp af21 class-map match-all VOICE match ip dscp ef policy-map CHILD class VOICE priority percent 40 class DATA bandwidth percent 35 class class-default fait-queue policy-map PARENT class class-default shape average 64000 shape adaptive 32000 service-policy CHILD map-class frame-relay FRTS service-policy output PARENT interface Serial0/1/1.100 point-to-point frame-relay class FRTS 4.4 AutoQOS over PPP To 4.3 continue to address VOIP quality of service (QOS) by configuring Cisco autoqos over PPP link between R1 and R5. AutoQos should not use NBAR to classify the voice traffic. R1 interface s0/1/0 auto discovery qos trust auto qos voip trust Interface multilink XXXXX no peer neighbor-route R5 interface s0/0 auto discovery qos trust auto qos voip trust Interface multilink XXXXX no peer neighbor-route Note Bandwidth needs to be set to 128 which is the default. Also, no peer neighbor-route needs to be configured on the dynamic multilink interfaces on R1 and R5. 4.5 First Hop Redundancy To facilitate load balancing and back for hosts off VLAN_H, configure GLBP on VLAN_H, use any group number. R4 should have the higher priority with the ability for R2 to assume control if the priority of R4 decreases. Use MD5 authentication to protect the GLBP group. Use the key-string "cisco". Configure the IP YY.YY.15.35 as your GLBP virtual address. R2 should assume control if R4 loses reachability to the default route On R4 should track availability of default route R4 track 11 ip route 0.0.0.0 0.0.0.0 reachability interface FastEthernet0/1 glbp 1 ip YY.YY.15.35 glbp 1 priority 105 glbp 1 preempt glbp 1 authentication md5 key-string cisco glbp 1 weighting 110 lower 95 upper 105 glbp 1 weighting track 11 decrement 20 R2 interface FastEthernet0/1.24 glbp 1 ip YY.YY.15.35 glbp 1 priority 100 glbp 1 preempt glbp 1 authentication md5 key-string cisco Section V. Optimize the Network 5.1 Netflow IPv4 Multicast Accounting Configure netflow multicast accounting on R4 according to the following requirement Sources should be VLAN_H Export all data to 198.2.5.10 Use UDP port 9991 for exporting Use net flow version 9 only Collect all of the output and failure statistics, both in and out of R4 in VLAN_H. R4 ip multicast netflow rpf-failure ip multicast netflow output-counters ip flow-export version 9 ip flow-export destination 198.2.5.10 9991 interface f0/1 ip flow ingress ip flow egress 5.2 TFTP Server Configure R3 as TFTP server with the following requirements R4 should be able to copy the file TEST from the flash memory of R3. No other files should be available from R3 No other devices should be able to copy the file TEST from R3 Note: You do not need to create the TEST file on R3 or attempt to make a actual copy. R3 access-list 53 permit YY.YY.4.4 access-list 53 permit YY.YY.15.33 access-list 53 permit YY.YY.15.65 tftp-server flash:TEST 53 5.2 Embedded Event Manager Monitor of CPU Using IOS CLI an event manager applet on R3 according to the following requirements: If the 5min CPU value (cpmCPUTotal5minRev "1.3.6.1.4.1.9.9.109.YY.YY.YY.YY.8" ) goes above 60 percent, the first 10 lines of the show process cpu sorted 5min command output should be emailed to [email protected] from [email protected] with a subject of "CPUAlert5min" using the mail server 198.2.5.10. Polling should be every 60 seconds. R3 event manager applet cpmCPUTotal5minRev event snmp oid 1.3.6.1.4.1.9.9.109.YY.YY.1.8 get-type exact entry-op ge entry-val 60 poll-interval 60 action 1.0 cli command "terminal length 13" action 2.0 cli command "show processes cpu sort 5min" action 3.0 cli command “q” action 4.0 mail server "198.2.5.10" to "[email protected]" from "[email protected]" subject "CPUAlert5min" body "$_cli_result"
  4. [Hidden Content] This post is being updated frequently based on your experiences, comments, solutions and testing... Sections with Titles marked GREEN have the solution almost right. ( If you find somethings not right please do let us know ) Sections with Titles marked PURPLE are not perfect ( Questions or Answers or Both ) Section 1 - Layer 2 1.1 Troubleshoot Layer 2 Switching VLAN access map that is denying OSPF is in pre-configuration Between SW2 and SW3 trunk interfaces, ports fa0/21 and fa0/22 portfast is there SW3 – interface range fa 0/19 – 24 all configured with spanning-tree portfast trunk no ip cef on R1,R2,R3,R4 1.2 Implement Access Switch Ports of Switched Network Configure all of the appropriate non-trunking switch ports on SW1 – SW4 according to the following SW1 is the server for the VLAN Trunking Protocol version 2 domain "CCIE" (VTP password "cisco" ) SW2, SW3, SW4 are expecting SW1 update their VLAN database when needed Configure the VLAN ID and Name according to the table below (case sensitive) Configure the access ports for each VLAN as per the diagram Using a single command ensure that all access ports are transitioned to forwarding state as quickly as possible Using a single command ensure that the interface is forced the err-disabled state if BPDU is received by any ports Ensure that any BPDU received by the access ports facing the backbone devices (and only these devices) have no effect to your spanning tree decision Don’t forget to configure the Layer 3 interfaces and to include SW1’s port fa 0/4 into VLAN 44 SW1 vtp domain CCIE vtp password cisco vtp version 2 vtp mode server SW2 SW3 SW4 vtp domain CCIE vtp password cisco vtp version 2 vtp mode client SW1 SW2 SW3 SW4 spanning-tree portfast default spanning-tree portfast bpduguard default interface fa0/10 spanning-tree bpduguard disable spanning-tree guard root Note : Remember to configure the backbone interface before configuring the portfast default and portfast bpduguard default globally... as otherwise those interface would go to err-disabled state... 1.3 Spanning-Tree Domains for Switched Network Configure the switches according to the following requirements: Each of the following sets of VLANs must share a common spanning tree topology Spanning-Tree Topology 1 : 11,22,33 (all VLANs towards backbone links) Spanning-Tree Topology 2 : all other VLANs used throughout the exam Default spanning Tree Topology: All other VLANs [*]Ensure that SW1 is the Root Switch for Instance 1 and the Backup for Instance 2 [*]Ensure that SW2 is the Root Switch for Instance 2 and the Backup for Instance 1 [*]Configure to 30 seconds that time that all switches wait before their spanning-tree processes attempts to re-converge if it didn’t receive any spanning-tree configuration message On SW1, SW2, SW3, SW4 spanning-tree mode mst spanning-tree mst configuration instance 1 vlan 11, 22, 33 instance 2 vlan 10, 42, 44, 55, 123, 144, 999 exit spanning-tree mst max-age 30 SW1 spanning-tree mst 1 root primary spanning-tree mst 2 root secondary SW2 spanning-tree mst 2 root primary spanning-tree mst 1 root secondary 1.4 Switch Trunking and Ether Channel Use the following requirements to configure the Etherchannel of SW1, SW2, SW3 and SW4: Use encapsulation 802.1q Configure the Industry standard Etherchannel between SW1 and SW2. Configure the Cisco proprietary Etherchannel between SW3 and SW4. Ensure that SW1 and SW3 must initiate the negotiation and SW2 and SW4 must not start the negotiation SW1, SW2, SW3, SW4 interface range fastethernet 0/19-24 switchport trunk encapsulation dot1q switchport mode trunk SW1 interface range fa0/23-24 channel-group 12 mode active SW2 interface range fa0/23-24 channel-group 12 mode passive SW3 interface range fa0/23-24 channel-group 34 mode desirable SW4 interface range fa0/23-24 channel-group 34 mode auto 1.5 Spanning-Tree Tuning Ensure that the port fa0/20 is in the forwarding state rather than the blocking state for MST 1 on SW3. Ensure that the port fa0/20 is in the forwarding state rather than the blocking state for MST 2 on SW4. You must do this without changing any configurations on SW3 Use the highest numerical value to complete. On SW1 interface fastethernet 0/19 spanning-tree mst 1 port-priority 240 On SW2 interface fastethernet 0/19 spanning-tree mst 2 port-priority 240 1.6 RSPAN Any traffic received from VLAN_BB1 and VLAN_BB2 must be replicated to a traffic analyzer connected to SW4 Fa0/15 via VLAN 999 You need to monitor any future interfaces connecting to VLAN_BB1 and VLAN_BB2 Any traffic flowing through the trunk between SW3 and SW4 must be replicated to another traffic analyzer connected to SW4 Fa0/16 There should not be any configuration regarding this on SW3. Don’t create any new VLAN while configuring this SW1 vlan 999 remote-span monitor session 1 source vlan 11 rx monitor session 1 destination remote vlan 999 SW2 monitor session 1 source vlan 22 rx monitor session 1 destination remote vlan 999 SW4 monitor session 1 source remote vlan 999 monitor session 1 destination interface fastEthernet 0/15 monitor session 2 source interface port-channel 34 both monitor session 2 destination interface fastEthernet 0/16 1.7 PPP & CHAP R4 must require R1 and R2 to authenticate using CHAP but R1 and R2 must not require R4 to authenticate R1 and R2 cannot use ppp chap hostname, they can use ppp chap password with "CCIE". Make sure that all CHAP passwords are shown in clear int the configuration Use radius server at YY.YY.44.200 as authentication server and fallback to the local AAA database in case the server is unreachable Use CISCO as key required by the Radius server Make sure AAA authentication does not affect any console or line VTY from any PPP devices (ensure that there is no username prompt either) Use only default method list for both console and line VTY. On R4 aaa new-model aaa authentication login default line /* none required at the end only if no line password is configured */ aaa authentication ppp default group radius local-case radius host YY.YY.44.200 key CISCO username <Hostname of R1> password 0 CCIE username <Hostname of R2> password 0 CCIE interface s0/0/0 /* interface facing R1 */ encapsulation ppp ppp authentication chap default interface s0/1/0 /* interface facing R2 */ encapsulation ppp ppp authentication chap default On R1 & R2 interface s0/0/0 /* interface facing R4 */ encapsulation ppp ppp chap password 0 CCIE Note: If the question says to use AAA list name R1 and R2 for authenticating R1 and R2 respectively, use the below configuration On R4 aaa new-model aaa authentication login default line /* none required at the end only if no line password is configured */ aaa authentication ppp R1 group radius local-case aaa authentication ppp R2 group radius local-case radius host YY.YY.44.200 key CISCO username <Hostname of R1> password 0 CCIE username <Hostname of R2> password 0 CCIE interface s0/0/0 /* interface facing R1 */ encapsulation ppp ppp authentication chap R1 interface s0/1/0 /* interface facing R2 */ encapsulation ppp ppp authentication chap R2 On R1 & R2 interface s0/0/0 /* interface facing R4 */ encapsulation ppp ppp chap password 0 CCIE Section 2 – Layer 3 Technologies 2.1 Configure OSPF Area 0, 142 and 51 as per diagram OSPF process ID can be any number Router ID must be stable and must be configed using the IP Address of Lo0 Lo0 interfaces must be advertised in the OSPF area as shown in the IGP topology diagram and must appear as /32 routes Ensure that all switches attached to the VLAN 123 exchange routing updates primarily with SW1 and then SW2 (in case SW1 goes down) Use highest numerical values Make sure that all 3 prefixes for the backbone links (150.BB.YY.0/24) appear as OSPF External Type 2 routes in routing table Do not create any additional OSPF areas. Do not use any IP address not listed in the diagram R1 router ospf YY router-id YY.YY.1.1 network YY.YY.1.1 0.0.0.0 area 142 network YY.YY.14.1 0.0.0.0 area 142 network YY.YY.17.1 0.0.0.0 area 142 R2 router ospf YY router-id YY.YY.2.2 network YY.YY.24.2 0.0.0.0 area 142 network YY.YY.29.2 0.0.0.0 area 142 redistribute connected subnets route-map BB2 route-map BB2 match interface fastethernet 0/1 /* Interface facing BB2 */ R3 router ospf YY router-id YY.YY.3.3 network YY.YY.3.3 0.0.0.0 area 51 network YY.YY.35.3 0.0.0.0 area 51 R4 router ospf YY router-id YY.YY.4.4 network YY.YY.4.4 0.0.0.0 area 142 network YY.YY.14.4 0.0.0.0 area 142 network YY.YY.24.4 0.0.0.0 area 142 network YY.YY.34.4 0.0.0.0 area 142 network YY.YY.44.4 0.0.0.0 area 142 R5 router ospf YY router-id YY.YY.5.5 network YY.YY.5.5 0.0.0.0 area 51 network YY.YY.35.5 0.0.0.0 area 51 network YY.YY.58.5 0.0.0.0 area 51 SW1 ip routing router ospf YY router-id YY.YY.7.7 network YY.YY.7.7 0.0.0.0 area 0 network YY.YY.123.7 0.0.0.0 area 0 network YY.YY.17.7 0.0.0.0 area 142 interface vlan 123 ip ospf priority 255 SW2 ip routing router ospf YY router-id YY.YY.8.8 network YY.YY.8.8 0.0.0.0 area 0 network YY.YY.123.8 0.0.0.0 area 0 network YY.YY.58.8 0.0.0.0 area 51 interface vlan 123 ip ospf priority 254 SW3 ip routing router ospf YY router-id YY.YY.9.9 network YY.YY.9.9 0.0.0.0 area 0 network YY.YY.123.9 0.0.0.0 area 0 SW4 ip routing router ospf YY router-id YY.YY.10.10 network YY.YY.10.10 0.0.0.0 area 0 network YY.YY.123.10 0.0.0.0 area 0 network YY.YY.29.10 0.0.0.0 area 142 2.2 – Implement IPv4 EIGRP Configure Enhanced Interior Gateway Routing Protocol (EIGRP) 100 on SW2 in order to establish EIGRP neighbor with Backbone 3 in the IGP topology diagram. BB3 has IP address 150.3.YY.254 and is using AS number 100 Disable auto-summary SW2 router eigrp 100 no auto-summary network 150.3.YY.1 0.0.0.0 2.3 – Implement RIP Version 2 Configure RIP Version 2 (RIPv2) between R3 and BB1 RIP updates should be sent only out to the interface per the IGP topology All RIP updates should be sent as Unicast R3 must accept from BB1 only the following prefixes 199.172.5.0/24 199.172.7.0/24 199.172.13.0/24 199.172.15.0/24 [*]Use Standard ACL with a single entry [*]Disable Auto Summarization R3 router rip version 2 passive-interface default neighbor 150.1.YY.254 network 150.1.0.0 distribute-list 1 in fastethernet 0/0 /* interface facing BB1 */ no auto-summary access-list 1 permit 199.172.5.0 0.0.10.255 2.4 Redistribute RIP into OSPF Redistribute RIP into OSPF on R3 such that the routing table on R5 contains the following. O N2 199.172.15.0/24 [110/30] O N2 199.172.13.0/24 [110/30] O N1 199.172.7.0/24 [110/XXX] O N1 199.172.5.0/24 [110/XXX] O N2 150.1.YY.0 [110/30] [*]Use Standard ACL with a single entry R3 access-list 2 permit 199.172.5.0 0.0.2.255 route-map RIP_TO_OSPF permit 10 match ip address 2 set metric-type type-1 route-map RIP_TO_OSPF permit 20 set metric-type type-2 set metric 30 router ospf YY redistribute rip subnets route-map RIP_TO_OSPF area 51 nssa R5 router ospf YY area 51 nssa SW2 router ospf YY area 51 nssa 2.5 Redistribute EIGRP into OSPF Redistribute EIGRP into OSPF on SW2 such that Redistributed EIGRP routes must not be advertised into Area 51 Redistributed EIGRP routes must be advertised into Area 0 and 142 as OSPF Type E2 SW2 must advertise an inter-area default route into Area 51 only Don’t use any route-map and do not add any static route anywhere router ospf YY redistribute eigrp YY subnets metric-type 2 area 51 nssa no-summary no-redistribution 2.6 Implement IPv4 BGP Configure iBGP peering for R1, R2, SW2, R3 and R5 as per the following requirement. Where possible failure of a physical interface should not permanently affect BGP peer connections Minimize number of BGP peering sessions and all BGP speakers in AS YY except SW2 must have only one iBGP peer All BGP routes on all devices must be valid routes Configure BGP as per diagram BGP routes from BB1 must have community values 254 207 103 in AS YY BGP routes from BB2 must have community values 254 208 104 in AS YY Make sure that all BGP speakers in AS YY (even R2) are pointing all BGP prefixes from AS 254 via BB1 only (their BGP next hop must be the IP address of the backbone devices) R1 / R2 / R3 / R5 router bgp YY no auto-summary no synchronization bgp router-id YY.YY.X.X neighbor YY.YY.8.8 remote-as YY neighbor YY.YY.8.8 update-source loopback0 neighbor YY.YY.8.8 send-community SW2 router bgp YY no auto-summary no synchronization bgp router-id YY.YY.X.X neighbor YY.YY.1.1 remote-as YY neighbor YY.YY.1.1 update-source loopback 0 neighbor YY.YY.1.1 route-reflector-client neighbor YY.YY.1.1 send-community neighbor YY.YY.2.2 remote-as YY neighbor YY.YY.2.2 update-source loopback 0 neighbor YY.YY.2.2 route-reflector-client neighbor YY.YY.2.2 send-community neighbor YY.YY.3.3 remote-as YY neighbor YY.YY.3.3 update-source loopback 0 neighbor YY.YY.3.3 route-reflector-client neighbor YY.YY.3.3 send-community neighbor YY.YY.5.5 remote-as YY neighbor YY.YY.5.5 update-source loopback 0 neighbor YY.YY.5.5 route-reflector-client neighbor YY.YY.5.5 send-community R2 neighbor 150.2.YY.254 remote-as 254 neighbor 150.2.YY.254 route-map BB2 in route-map BB2 set community 103,207 additive R3 neighbor 150.1.YY.254 remote-as 254 neighbor 150.1.YY.254 route-map BB1 in route-map BB1 set local-preference 200 set community 104,208 additive 2.7 Implement Performance Routing Implement PfR to achieve the following policies R4 must be the master controller R1 and R2 must be the Border Routers Ensure that PfR sessions are established using the Lo0 interface only Configure tunnel to have direct connectivity between Border routers A specific traffic (marked with DSCP "CS2") from VLAN_44 to VLAN_55 must be routed via R1 Another traffic (marked with DSCP "CS4") from VLAN_44 to VLAN_55 must be routed via R2 Use Extended ACL with a single entry Use active probes only If required by you solution you may use any prefix that is not used in your topology Do not use max-range-utilization, resolve utilization and resolve range in OER policy You should user access-list specifying only source address and DSCP value You must use "set mode select-exit good" 2.8 Implement Performance Routing Continue as per following PfR must ensure that the voice traffic is routed via an exit which provides a maximum delay 40ms and a maximum jitter of 5ms Set the frequency of probes to 2 seconds Make sure that all exits are constantly probed The voice traffic is sourced from VLAN_$$ destined to the voice gateway R5 (YY.YY.55.5) and marked with DSCP "EF" You should user access-list specifying only source address and DSCP value You must use "set mode select-exit good" 2.9 Implement IPv6 Use any number for the process ID. OSPFv3 router IDs must be stable and identical to the OSPF v2 router IDs Configure OSPF Area 0 on the Ethernet segment shared by all switches. SW1 should control all routing, and SW2 should be the backup for Area 0. (Use largest value) SW3 and SW4 should not participate in the election. Configure OSPF Area 142 between R1, R2, R4, SW1 and SW4. Configure OSPF Area 51 between R3, R5 and SW2. Add Loopback 8 to SW2 with Global IPv6 Address 2011:CC1E:88:88:88::88/128 and redistribute into OSPFv3 Area 0 which should be seen as OE2 routes. Configure OSPF filtering to allow SW2 Loopback 8 in Area 0 to go into Area 51, but not Area 142. There should not be a default route in Area 142 R1 ipv6 unicast-routing ipv6 cef ipv6 router ospf YY router-id YY.YY.1.1 interface Serial 0/1 ipv6 address FC01:DB8:74:14::1/64 ipv6 ospf YY area 142 interface fastethernet 0/0 ipv6 address FC01:DB8:74:17::1/64 ipv6 ospf YY area 142 R2 ipv6 unicast-routing ipv6 cef ipv6 router ospf YY router-id YY.YY.2.2 interface Serial 0/1 ipv6 address FC01:DB8:74:42::2/64 ipv6 ospf YY area 142 interface FastEthernet 0/0 ipv6 address FC01:DB8:74:24::2/64 ipv6 ospf YY area 142 R3 ipv6 unicast-routing ipv6 cef ipv6 router ospf YY router id YY.YY.3.3 interface Serial 0/0 ipv6 address FC01:DB8:74:35::3/64 ipv6 ospr YY area 51 R4 ipv6 unicast-routing ipv6 cef ipv6 router ospf YY router-id YY.YY.4.4 interface fastethernet 0/1 ipv6 address FC01:DB8:74:44::4/64 ipv6 ospf YY area 142 interface Serial 0/0/0 ipv6 address FC01:DB8:74:14::4/64 ipv6 ospf YY area 142 interface serial 0/0/1 ipv6 address FC01:DB8:74:12::4/64 ipv6 ospf YY area 142 R5 ipv6 unicast-routing ipv6 cef ipv6 router ospf YY router-id YY.YY.5.5 interface Serial 0/1 ipv6 address FC01:DB8:74:35::5/64 ipv6 ospf YY area 51 interface FastEthernet 0/0 ipv6 address FC01:DB8:74:52::5/64 ipv6 ospf YY area 51 SW1 sdm prefer dual-ipv4-and-ipv6 default ipv6 unicast-routing ipv6 cef ipv6 router ospf YY router-id YY.YY.7.7 interface fastethernet 0/1 ipv6 address FC01:DB8:74:17::7/64 ipv6 ospf YY area 142 interface vlan 123 ipv6 address FC01:DB8:74:123::7/64 ipv6 ospf YY area 0 ipv6 ospf priority 255 SW2 sdm prefer dual-ipv4-and-ipv6 default ipv6 unicast-routing ipv6 cef ipv6 router ospf YY router-id YY.YY.8.8 redistribute connected metric-type 2 route-map loopback8 interface vlan 50 ipv6 address FC01:DB8:74:52::8/64 ipv6 ospf YY area 51 interface vlan 123 ipv6 address FC01:DB8:74:123::8/64 ipv6 ospf YY area 0 ipv6 ospf priority 254 interface loopback 8 ipv6 address 2011:cc1e:88:88:88::88/128 route-map loopback8 permit 10 match interface loopback8 SW3 sdm prefer dual-ipv4-and-ipv6 default ipv6 unicast-routing ipv6 cef ipv6 router ospf YY router-id YY.YY.9.9 interface vlan 123 ipv6 address FC01:DB8:74:123::9/64 ipv6 ospf YY area 0 ipv6 ospf priority 0 SW4 sdm prefer dual-ipv4-and-ipv6 default ipv6 unicast-routing ipv6 cef ipv6 router ospf YY router-id YY.YY.10.10 interface vlan 20 ipv6 address FC01:DB8:74:24::10/64 ipv6 ospf YY area 142 interface vlan 123 ipv6 address FC01:DB8:74:123::10/64 ipv6 ospf YY area 0 ipv6 ospf priority 0 R1 R2 R4 SW1 SW4 ipv6 router ospf YY area 142 nssa 2.10 Implement Advanced IPv6 feature In an attempt to reduce link-layer congestion, limit to 4 messages per second the rate at which all IPv6 enabled devices generate all IPv6 ICMP error messages Enable Netflow for IPv6 on R1 to monitor the traffic leaving Area 142 Export the flows every two minutes to the server YY.YY.44.100 (port 9876) Use R1-Lo0 as source address for the exports Aggregate the flows per ports and allow up to 20000 entries in the cache Inactive entries must be deleted from the cache after 3 minutes of inactivity R1 R2 R3 R4 R5 SW1 SW2 SW3 SW4 ipv6 icmp error-interval 250 1 R1 ipv6 cef ipv6 flow-export source Loopback0 ipv6 flow-aggregation cache protocol-port cache entries 2000 cache timeout inactive 180 cache timeout active 2 export version 9 export destination YY.YY.44.100 9876 enabled interface fastethernet0/0 /* interface facing SW1 */ ipv6 flow egress Section 3 – IP Multicast 3.1 IPv4 Multicast Enable multicasting with PIM-SM between Area 142 and Area 0. There is a multicast source on VLAN 44 and clients are located on the BB3 subnet (150.3.YY.0 /24) Use a non-cisco proprietary based on the method to send RP information to the other routers joined in multicast routing. Configure R1 and R2 loopback0 to be a rendezvous point (RP). Ensure that R1 should be the preferred RP rather than R2. Simulate clients have sent requests to join the multicast group 239.YY.YY.1. Make sure R4 f0/0 is able to ping this multicast IP. R1 ip multicast-routing interface loopback0 ip pim sparse-mode interface serial0/1 ip pim sparse-mode interface fastethernet 0/0 ip pim sparse-mode ip pim rp-candidate loopback0 priority 1 R2 ip multicast-routing interface loopback0 ip pim sparse-mode interface serial0/1 ip pim sparse-mode interface fastethernet 0/1 ip pim sparse-mode ip pim rp-candidate loopback0 priority 2 R4 ip multicast-routing interface loopback0 ip pim sparse-mode interface serial0/1 ip pim sparse-mode interface serial0/0 ip pim sparse-mode interface fastethernet0/0 ip pim sparse-mode ip pim bsr-candidate loopback0 0 SW1 ip multicast-routing interface loopback0 ip pim sparse-mode interface fastethernet0/1 ip pim sparse-mode interface vlan 123 ip pim sparse-mode SW2 ip multicast-routing interface loopback0 ip pim sparse-mode interface vlan 123 ip pim sparse-mode interface vlan 33 ip pim sparse-mode ip igmp join-group 239.YY.YY.1 SW3 ip multicast-routing interface loopback0 ip pim sparse-mode interface vlan 123 ip pim sparse-mode SW4 ip multicast-routing interface loopback0 ip pim sparse-mode interface vlan 42 ip pim sparse-mode interface vlan 123 ip pim sparse-mode 3.2 PIM Tuning Ensure PIM register message should reach RP via SW1. If SW1 goes down, PIM register messages should reach RP via one of the switches in Area 0. SW1 interface vlan 123 ip pim dr-priority <max-value> Section 4 – Advanced Services 4.1 Network Address Translations (NAT) You are required to implement NAT. You need to match the output in the screenshots provided. Do not propagate and prefix from the network 100.0.0.0/8 in any routing protocol. You are allowed to add one /24 static in too four devices. Do not add any static route in R4. Screenshot: SW1# ping 100.100.42.10 source lo 100 SW4# ping 100.100.17.7 source lo 100 On R4: show ip nat translations Pro Inside global Inside local Outside local Outside global icmp 100.100.17.7:N YY.YY.17.7:0 100.100.42.10:0 100.100.42.10:0 icmp 100.100.17.7:N YY.YY.17.7:0 YY.YY. 42.10:0 YY.YY. 42.10:0 100.100.17.7:N YY.YY.17.7 icmp 100.100.42.10:N YY.YY.42.10:0 YY.YY.17.7:0 YY.YY.17.7:0 icmp 100.100.42.10:N YY.YY.42.10:0 100.100.17.7:0 100.100.17.7:0 100.100.42.10:N YY.YY.42.10 SW1 interface loopback100 ip address 100.100.17.7 255.255.255.255 ip route 100.100.42.0 255.255.255.0 YY.YY.17.1 R1 ip route 100.100.42.0 255.255.255.0 YY.YY.14.4 SW4 interface loopback100 ip address 100.100.42.10 255.255.255.255 ip route 100.100.17.0 255.255.255.0 YY.YY.42.2 R2 ip route 100.100.17.0 255.255.255.0 YY.YY.24.4 R4 interface serial1/0 ip nat outside interface serial2/0 ip nat outside ip nat inside source static YY.YY.17.7 100.100.17.7 ip nat inside source static YY.YY.42.10 100.100.42.10 4.2 MLS QoS Configure your four switches according to the following requirements. Make sure that ports SW1-f0/1 to SW1-F0/5 are marking all untagged packets to "COS 1" Make sure that these ports are trusting the COS value if packets are already marked. Ensure that all switches are queuing packets marked with "COS 1" in the ingress queue #1 Ensure that all switches are queuing packets marked with "COS 5" in the ingress queue #2 Ensure that all switches drop ingress traffic marked with "COS 1" when the respective ingress queue level is between 40 and 100 percent Ensure that the switches do not drop packets marked with "COS 5" in ingress until the respective ingress queue in completely full Note: Once you completed this task, only one entry should be shown when taking the output (show run) SW1 SW2 SW3 SW4 mls qos mls qos srr-queue input cos-map queue 1 1 /* Default */ mls qos srr-queue input cos-map queue 2 5 /* Default */ /* Either Configure Exactly as above or Leave it to the default. But the below stroked out configuration is an unnecessary one mls qos srr-queue input cos-map queue 1 threshold 1 1 mls qos srr-queue input cos-map queue 2 threshold 2 5 /* mls qos srr-queue input threshold 1 40 100 mls qos srr-queue input threshold 2 100 100 /* Default */ interface range fastethernet 0/19 – 24 mls qos trust cos SW1 interface range fastethernet 0/1 – 5 mls qos cos 1 mls qos trust cos 4.3 QoS – Class Based Weighted Fair Queuing (CBWFQ) The IT administrator requires that you implement QoS. For traffic coming from BB2 allocate 10000 kbps on R2 f0/0. For traffic coming from BB1 allocate 1000 kbps on R3 s0/0/0. This should not affect any other traffic other than to all possible traffic entering from these links R2 class-map BB2 match input-interface fastethernet0/1 policy-map CBWFQ class BB2 bandwidth 10000 interface fastethernet0/0 service-policy output CBWFQ R3 class-map BB1 match input-interface fastethernet0/0 policy-map CBWFQ class BB1 bandwidth 1000 interface serial0/0 service-policy output CBWFQ 4.4 Implement Routing Protocol Authentication Secure OSPF area 0 according to the following requirement Use the strongest authentication type The password must be saved in clear in the config and must be seen to "cisco" You are not allowed to use any commands in the router configuration SW1 SW2 SW3 SW4 no service password-encryption interface vlan 123 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 cisco 4.5 Implement DHCP R4 has been configured to provide the following parameters for DHCP clients on VLAN 44 IP addresses DNS servers YY.YY.55.50 and YY.YY.55.51 Domain name cisco.com Default gateway is YY.YY.44.4 The administrator wants that the DHCP deployment is as secured as possible. Complete the DHCP configuration on R4 and SW1 according to the following requirements Protect users in VLAN 44 from rogue DHCP servers Ensure that only R4 services the DHCP requests Disable the insertion and removal of option-82 field Protect the DHCP server from DHCP attacks originating from SW1 port Fa0/14, which may lead to resource exhaustion and ensure that maximum 3 different hosts can still connect to that port (Shutdown the port when violation occurred) Note: make sure that SW1 Fa 0/14 is enabled and provisioned so that the customer only needs to connect the printer to the port 4.6 Implement Layer 2 Security Continue securing the DHCP deployment according to the following requirements In the near future the customer will connect a printer to SW1’s Fa0/14 in VLAN 44 and assign it the static IP address YY.YY.44.100. The printers MAC address is abcd.abcd.abcd Ensure that the printer is able to communicate with the users on VLAN 44 and ensure that your solution survives a reload (use the file flash:CCIE.TXT) Enable a feature on the switch to dynamically protect interface Fa 0/14 against spoofed IP packets and ARP request Solution for 4.5 and 4.6 Combined R4 ip dhcp pool 44 network YY.YY.44.0 255.255.255.0 default-router YY.YY.44.4 dns-server YY.YY.55.50.YY.YY.55.51 domain-name cisco.com ip dhcp excluded-address YY.YY.44.4 /* Interface fastethernet 0/0 IP Address - This is not necassary - DHCP is intelligent enough */ ip dhcp excluded-address YY.YY.44.100 /* Printer IP Address Statically configured ... Also the IPv6 Netflow Server IP Address */ ip dhcp excluded-address YY.YY.44.200 /* Radius Server */ SW1 ip dhcp snooping ip dhcp snooping vlan 44 ip dhcp snooping verify mac-address /* Default - Wont show in show run */ ip dhcp snooping database flash:CCIE.TXT no ip dhcp snooping information option ip arp inspection vlan 44 interface fastethernet0/4 ip dhcp snooping trust ip arp inspection trust interface fastethernet0/14 switchport mode access switchport access vlan 44 switchport port-security switchport port-security maximum 3 switchport port-security violation shutdown /* Shutdown the port when violation occurred */ switchport port-security mac-address sticky ip dhcp snooping limit rate 150 /* Prevents Resource Exhaustion */ ip verify source /* enable ip source guard - for protection against spoofed IP packets */ no shutdown /* dont forget this */ exit exit ip dhcp snooping binding abcd.abcd.abcd vlan 44 YY.YY.44.100 interface fastEthernet 0/14 expiry 4294967295 /* exec level command*/ 4.7 Web Caching Communication Protocol (WCCP) Configure WCCP on R4 according to the following requirement There will be a WAAS appliance connected to interface of Fa0/1 Any traffic from any client connected toi Fa0/0 going out of the 2 serial interfaces must be redirected to the WAAS server on Fa0/1 Traffic redirected from the server to the clients must use WCCP service 61 Traffic redirected from the clients to the server must use WCCP service 62 You are not allowed to modify any configuration of interface Fa0/0 R4 ip wccp ver 2 ip wccp 61 ip wccp 62 ip wccp check services all /* check all configured services for a match and perform redirection for those services */ ip wccp 61 redirect-list S_TO_C ip wccp 62 redirect-list C_TO_S ip access-list extended S_TO_C permit ip any YY.YY.44.0 0.0.0.255 ip access-list extended C_TO_S permit ip YY.YY.44.0 0.0.0.255 any interface serial 0/0 ip wccp 61 redirect in ip wccp 62 redirect out interface serial 0/1 ip wccp 61 redirect in ip wccp 62 redirect out interface fastethernet 0/1 ip wccp redirect exclude in Section 5 – Optimize the Network 5.1 Implement SNMP On R5 implement SNMP to send traps to an NMS system. Use the community string of CiscoWorks. The NMS system is located at YY.YY.55.240 which is the only SNMP manager that should be able to use this community strings SNMP manager should be able to modify any MIB on R5. Configure R5 to send bgp traps. R5 snmp-server community CiscoWorks RW 10 snmp-server enable traps bgp snmp-server host YY.YY.55.240 CiscoWorks bgp access-list 10 permit YY.YY.55.240 5.2 Embedded Event Manager On R3 configure an EEM applet named "CONF_CHANGE" (without the quotes). The EEM applet should append the output of "show clock" to flash:ConfSave.txt. The EEM applet needs to activate every time someone make changes to the configuration. Also, a syslog message has to be generated with the string "Configuration changed" (without the quotes). R3 logging on logging console archive log config logging enable event manager applet CONF_CHANGE event syslog pattern ".*SYS-5-CONFIG_I.*" action 1.0 cli command "enable" action 2.0 cli command "show clock | append flash:ConfSave.txt" action 3.0 syslog msg "Configuration changed"
  5. Section 1 Layer 2 1.1 Troubleshoot Layer 2 Switching Network vtp domain mode, name, password vlan assignments monitor session on SW3 fa 0/10 wrong ip addres on interface vlan 33 on SW3 native added on fa 0/1 of R1 – remove it 1.2 Vlan Management All loopback 0 IP address is YY.YY.X.X/32 and vlans are as following VLAN Name 11 Marketing 12 Sales 20 Engineering 30 HR 33 BB3 42 ISP42 51 ISP51 54 ISPBB 234 Support 243 QA 300 Admin 1.3 Layer 2 provisioning a robust L2 Use 802.1w on all four switches Ensure that spanning-tree enter the forwarding state immediately only on the access switch ports by bypassing the listening and learning states. The interfaces connected to BB routers are not the access switch ports. Avoiding transmitting BPDU on any access ports on any of these ports, the ports should be shutdown immediately if it receive a BPDU Ensure that all four switches are able to read unidirectional link failure for any switch to switch ports. The affected ports should be disabled in the event of failure. SW1, SW2, SW3, SW4 spanning-tree mode rapid-pvst spanning-tree portfast bpduguard default interface range FastEthernet0/19 - 24 udld port aggressive SW1, SW2 interface range fastethernet 0/2 -5 spanning-tree portfast /* If we are using the global command spanning-tree portfast default, disable portfast from the interfaces connected to backbone using command spanning-tree portfast disable. In some questions its seen not to enable spanning-tree portfast default globally. so in that case this wont be necassary... Still its better to check if portfast is enabled or not on those backbone interfaces... */ 1.4 Switching Use 802.1q Switches should not actively attempt to convert the links to trunk link by negotiating the trunk mode. Utilize Ether channel between all interconnections using IEEE standard to actively negotiate channel. Ether channel Load balancing should be accomplished by destination IP Address. Configure port F0/1 on SW2. Ensure that only Vlan Sales and Marketing are allowed. SW1 is the root bridge for all VLANs. SW4 should not become root for any Vlan. Ensure that this occurs without changing the switch priority. (Cannot use command spanning-tree priority) SW1, SW2, SW3, SW4 interface range FastEthernet0/19 - 24 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate no shut exit interface range FastEthernet0/19 - 20 channel-group 1 mode active interface range FastEthernet0/21 - 22 channel-group 2 mode active interface range FastEthernet0/23 - 24 channel-group 3 mode active exit port-channel load-balance dst-ip SW1 spanning-tree vlan 1-4094 priority 0 /* This has to be configured before configuring the Root Guard else the trunk interfaces may go into root-inconsistent STP State */ interface Port-channel 2 /* Connecting to SW4 */ spanning-tree guard root SW2 interface Port-channel 1 /* Connecting to SW4 */ spanning-tree guard root interface fastethernet 0/1 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 11,12 SW3 interface Port-channel 3 /* Connecting to SW4 */ spanning-tree guard root 1.5 Port Mirroring Configure port monitoring on SW3 according to the following requirements Transmit and receive on port Fa0/1 - Fa0/8 and the Etherchannel port-channel for Fa0/19, fa0/20 should be monitored A copy of the traffic should be forwarded to Fa0/11 SW3 monitor session 1 source interface fa0/1 - 8 , portchannel 1 both monitor session 1 destination interface fa0/11 1.6 MAC Address aging time On SW1 make sure that MAC address aging time applies to Vlan Engineering is set to half of the other Vlans. SW1 mac address-table aging-time 150 vlan 20 1.7 Frame-Relay Use Cisco LMI of FR switch on R5 and auto sense on R1 and R3 Do not use any static frame-relay map Use frame relay encapsulation Cisco Use DLCI assignment as per the table below Create sub interface with name in the DLCI table, cannot create other sub interface Unnumbered IP Address with Loopback 0 Router FR DLCI assignments R1 221 R3 223 R3 interface Serial0/1/0 no ip address encapsulation frame-relay clock rate 64000 no shutdown interface Serial0/1/0.223 point-to-point ip unnumbered Loopback0 frame-relay interface-dlci 223 R1 interface Serial0/1/0 no ip address encapsulation frame-relay clock rate 64000 no shutdown interface Serial0/1/0.221 point-to-point ip unnumbered Loopback0 frame-relay interface-dlci 221 Frame Relay Switch is currently configured in the lab. R5 frame-relay switching interface Serial0/1/0 description conn to R1 no ip address encapsulation frame-relay frame-relay lmi-type cisco frame-relay intf-type dce frame-relay route 221 interface Serial0/1/1 223 no shutdown interface Serial0/1/1 description Conn to R3 no ip address encapsulation frame-relay clock rate 64000 frame-relay lmi-type cisco frame-relay intf-type dce frame-relay route 223 interface Serial0/1/0 221 no shutdown Section 2 - Layer 3 Technologies 2.1 OSPF Part 1 Only the network shown in the topology will be notified in the routing process Configure OSPF for SW1, R1 and R3. SW1 should inject default route. The link with BB1 should be seen as external route. Part 2 Only the network shown in the topology will be notified in the routing process Configure OSPF for SW2, SW3, SW4 and R2. SW2 should inject default route. The link with BB2 should be seen as external route. SW1 router ospf 2 router-id YY.YY.7.7 log-adjacency-changes area 51 virtual-link YY.YY.100.5 redistribute connected subnets route-map BB subnets network YY.YY.0.98 0.0.0.0 area 0 network YY.YY.0.129 0.0.0.0 area 51 network YY.YY.7.7 0.0.0.0 area 0 default-information originate always route-map BB permit 10 match interface FastEthernet0/10 R1 router ospf 2 network YY.YY.0.65 0.0.0.0 area 0 network YY.YY.0.97 0.0.0.0 area 0 network YY.YY.1.1 0.0.0.0 area 0 R3 router ospf 2 network YY.YY.0.1 0.0.0.0 area 1 network YY.YY.0.33 0.0.0.0 area 1 network YY.YY.3.3 0.0.0.0 area 0 R2 router ospf 2 network YY.YY.2.2 0.0.0.0 area 1 network YY.YY.128.193 0.0.0.0 area 1 network YY.YY.128.225 0.0.0.0 area 1 SW3 router ospf 2 network YY.YY.9.9 0.0.0.0 area 1 network YY.YY.128.161 0.0.0.0 area 1 network YY.YY.128.195 0.0.0.0 area 1 SW4 router ospf 2 network YY.YY.10.10 0.0.0.0 area 1 network YY.YY.128.162 0.0.0.0 area 1 network YY.YY.128.194 0.0.0.0 area 1 SW2 router ospf 2 redistribute connected subnets route-map BB network YY.YY.8.8 0.0.0.0 area 1 network YY.YY.128.129 0.0.0.0 area 1 network YY.YY.128.163 0.0.0.0 area 1 default-information originate always route-map BB permit 10 match interface FastEthernet0/10 2.2 EIGRP Configure EIGRP YY between R4 and R5. Configure EIGRP 100 as in the diagram. EIGRP updates should be advertised only out the interface indicated in the IGP topology. Configure SW3 such that it will not receive EIGRP queries. SW3 should also not send out any information about BB3 routes to EIGRP 100 neighbors. Do not configure any kind of outgoing filtering to do this. Use route-maps to tag any Class A network address routes sourced from external EIGRP with tag 200. Define ACL for Class A network Loopback 0 of R4 and R5 should be seen as external route SW3 redistribute EIGRP 100 into OSPF summarize to the following into an aggregate - 198.0.0.0/8 198.YY.YY.4/30 198.2.1.0/24 198.2.3.0/24 198.2.5.0/24 SW3 router eigrp 100 distribute-list route-map TAG in network 150.3.YY.1 0.0.0.0 eigrp stub receive-only access-list 9 deny 0.0.0.0 0.255.255.255 /* This will make sure that only class A is permitted. If a default route exists that wont be allowed. */ access-list 9 permit 0.0.0.0 127.255.255.255 /* You can also use Prefix List to do this if there is any restriction on using Access List ip prefix-list CLASS_A permit 0.0.0.0/1 le 32 /* CIDR */ */ route-map TAG permit 10 match ip address 9 set tag 200 route-map TAG permit 20 router ospf 2 summary-address 198.0.0.0 255.0.0.0 redistribute eigrp 100 subnets EIGRP between R4 and R5 is configured in the MPLS Section. 2.3 BGP EBGP SW1 connects to BB1 (150.1.YY.254) and from BB1, SW1 receives 197.68.Z.0/24 networks with AS path: 254 253 SW2 connects to BB2 (150.2.YY.254) and from BB2, SW2 receives 197.68.Z.0/24 networks with AS path: 254 SW2 should modify the AS-path of its learned routes; adding AS 253 by using a single route-map. Don’t worry about blackhole IBGP SW1, SW2, R3 and R2 are IBGP peers; next-hop-self and route-reflector-clients are not permitted. Use local BGP command to cause R2 to prefer SW2 as the exit point for ASYY, and R3 to prefer SW1 as the exit point for ASYY. Both R2 and R3 should still have routes to the other exit point in the BGP table. Use only Loopback 0 ip address to propagate BGP route information No IGP routes should be advertised to AS 254 R2 router bgp 2 no synchronization neighbor YY.YY.3.3 remote-as 2 neighbor YY.YY.3.3 update-source Loopback0 neighbor YY.YY.7.7 remote-as 2 neighbor YY.YY.7.7 update-source Loopback0 neighbor YY.YY.8.8 remote-as 2 neighbor YY.YY.8.8 update-source Loopback0 neighbor YY.YY.8.8 weight 100 no auto-summary R3 router bgp 2 no synchronization neighbor YY.YY.2.2 remote-as 2 neighbor YY.YY.2.2 update-source Loopback0 neighbor YY.YY.7.7 remote-as 2 neighbor YY.YY.7.7 update-source Loopback0 neighbor YY.YY.7.7 weight 200 neighbor YY.YY.8.8 remote-as 2 neighbor YY.YY.8.8 update-source Loopback0 no auto-summary SW1 router bgp 2 no synchronization neighbor YY.YY.2.2 remote-as 2 neighbor YY.YY.2.2 update-source Loopback0 neighbor YY.YY.3.3 remote-as 2 neighbor YY.YY.3.3 update-source Loopback0 neighbor YY.YY.8.8 remote-as 2 neighbor YY.YY.8.8 update-source Loopback0 neighbor 150.1.YY.254 remote-as 254 no auto-summary SW2 router bgp 2 no synchronization bgp log-neighbor-changes neighbor YY.YY.2.2 remote-as 2 neighbor YY.YY.2.2 update-source Loopback0 neighbor YY.YY.3.3 remote-as 2 neighbor YY.YY.3.3 update-source Loopback0 neighbor YY.YY.7.7 remote-as 2 neighbor YY.YY.7.7 update-source Loopback0 neighbor 150.2.YY.254 remote-as 254 neighbor 150.2.YY.254 route-map PREP in no auto-summary route-map PREP permit 10 set as-path prepend 253 2.4 MPLS Part 1 Name the VRF as "vpnA", rd and route target should be 100:1 on both R4 and R5 Use OSPF as routing protocol between PE and CE. Address the need MPLS introduces of connecting partitioned OSPF backbone, MPLS prefer ospf backdoor link between R2 and R3, Use the network YY.YY.100.X/24 to facilitate this. Part 2 Use MBGP AS 100 to exchange customer prefixes. Source all updates using loopback 0 address. R1 should reach prefixes learned from site 2 through MPLS, but not case for R3. Only prefix YY.YY.0.0 will be allowed for 2 site. R5 mpls ip mpls label protocol ldp ip vrf vpnA rd 100:1 route-target export 100:1 route-target import 100:1 interface Loopback100 ip vrf forwarding vpnA ip address YY.YY.100.5 255.255.255.255 interface FastEthernet0/0 mpls ip interface FastEthernet0/1 ip vrf forwarding vpnA ip ospf mtu-ignore router eigrp 1 red conn route-map LP metric 1 1 1 1 1 network YY.YY.254.2 0.0.0.0 no auto-summary route-map LP match interface lo 0 router ospf 2 vrf vpnA router-id YY.YY.100.5 area 0 sham-link YY.YY.100.5 YY.YY.100.4 cost 1 area 51 virtual-link YY.YY.7.7 redistribute bgp 100 subnets network YY.YY.0.130 0.0.0.0 area 51 router bgp 100 no bgp default ipv4-unicast neighbor YY.YY.4.4 remote-as 100 neighbor YY.YY.4.4 update-source Loopback0 address-family ipv4 neighbor YY.YY.4.4 activate no auto-summary no synchronization exit-address-family address-family vpnv4 neighbor YY.YY.4.4 activate neighbor YY.YY.4.4 send-community extended exit-address-family address-family ipv4 vrf vpnA redistribute ospf 2 vrf vpnA no synchronization network YY.YY.100.5 mask 255.255.255.255 exit-address-family R4 mpls ip mpls label protocol ldp ip vrf vpnA rd 100:1 route-target export 100:1 route-target import 100:1 interface Loopback100 ip vrf forwarding vpnA ip address YY.YY.100.4 255.255.255.255 interface FastEthernet0/0 ip vrf forwarding vpnA ip ospf mtu-ignore interface FastEthernet0/1 mpls ip router eigrp 1 redi conn route-map LP metric 1 1 1 1 1 network YY.YY.254.1 0.0.0.0 no auto-summary route-map LP match interface lo 0 router ospf 2 vrf vpnA area 0 sham-link YY.YY.100.4 YY.YY.100.5 cost 1 redistribute bgp 100 subnets network YY.YY.128.130 0.0.0.0 area 1 router bgp 100 no bgp default ipv4-unicast neighbor YY.YY.5.5 remote-as 100 neighbor YY.YY.5.5 update-source Loopback0 address-family ipv4 neighbor YY.YY.5.5 activate no auto-summary no synchronization exit-address-family address-family vpnv4 neighbor YY.YY.5.5 activate neighbor YY.YY.5.5 send-community extended exit-address-family address-family ipv4 vrf vpnA redistribute ospf 2 vrf vpnA no synchronization network YY.YY.100.4 mask 255.255.255.255 exit-address-family R3 interface serial 0/1/1 ip ospf cost 2000 R2 interface serial 0/1/0 ip ospf cost 2000 2.5 IPV6 RIPng Configure ipv6 unique local unicast address as following: R2 Fa0/0 10YY:1010:10::1/64 Fa0/1 10YY:1010:20::1/64 SW3 : SVI 234 10YY:1010:20::2/64 ; SVI 33 10YY:1010:30::2/64 Configure RIPng between R2 and SW3 Ensure that R2 can receive default routes from SW3. R2 ipv6 unicast-routing ipv6 router rip 1 interface FastEthernet0/0 ipv6 address 10YY:1010:10::1/64 ipv6 rip 1 enable interface FastEthernet0/1 ipv6 address 10YY:1010:20::1/64 ipv6 rip 1 enable SW3 sdm prefer dual-ipv4-and-ipv6 default /* Reload */ ipv6 unicast-routing ipv6 router rip 1 interface Vlan33 ipv6 address 10YY:1010:30::2/64 ipv6 rip 1 enable interface Vlan234 ipv6 address 10YY:1010:20::2/64 ipv6 rip 1 enable ipv6 rip 1 default-information originate 3.1 Multicast PIM SM between SW2, SW3, SW4 The QA and Support Vlan should handle multicast traffic Configure Auto-RP, with SW3 loopback 0 serving as RP only for the multicast group 239.10.5.0 /24 and SW4 serving as the mapping-agent. Enable SW2 loopback 0 to join group 239.10.5.1 To verify you should be able to successfully generate multicast traffic for the group 239.5.10.1 using R2 as the source. SW3 ip multicast-routing distributed ip pim autorp listener ip pim send-rp-announce Loopback0 scope 16 group-list 31 access-list 31 permit 239.10.5.0 0.0.0.255 interface Loopback0 ip pim sparse-mode interface Vlan234 ip pim sparse-mode interface Vlan243 ip pim sparse-mode SW4 ip multicast-routing distributed ip pim autorp listener ip pim send-rp-discovery Loopback0 scope 16 interface Loopback0 ip pim sparse-mode interface Vlan234 ip pim sparse-mode interface Vlan243 ip pim sparse-mode SW2 ip multicast-routing distributed ip pim autorp listener interface loopback 0 ip pim sparse-mode ip igmp join-group 239.10.5.1 /* Although multicast would work without ip pim autorp listerner in this scenario, its better to configure that. Since that is the proper way of configuring Auto-RP in sparse mode */ 3.2 IGMP Limit PC of Vlan QA can only join in multicast group 239.10.5.1 OR Configure SW2 and SW4 so that host connected to vlan QA can only join in multicast group 239.10.5.1 SW2, SW3, SW4 /* Configure SW3 based on the question */ access-list 5 permit 239.10.5.1 interface vlan 243 ip igmp access-group 5 IV Advanced Services 4.1 Link Fragmentation Part 1 Configure on R1 and R3 by the following requirements Use endpoint identifier for multilink bundling Use a policy map to define priority of 45 to all VOIP traffic only traffic whose proceeding as critical. (No named extended ACL) Implement LLQ Part2 Apply a fragment delay of 8ms to the MPPP bundle Use a multilink group interface for all QOS and IP commands Define CIR and interface bandwidth as 128K The committed burst size as 8Kb and excess burst size is 1Kb R1 multilink bundle endpoint interface serial0/1/0.221 point no ip address frame-relay interface-dlci 221 ppp virtual-template 1 exit interface virtual-template 1 ppp multilink ppp multilink group 1 no ip address bandwidth 128 interface multilink 1 bandwidth 128 ppp multilink ppp multilink group 1 ip unnumbered lo0 ppp multilink interleave ppp multilink fragment delay 8 ppp multilink endpoint hostname access-list 109 permit udp any any precedence critical map-class frame-relay FRTS frame-relay cir 128000 frame-relay bc 8000 frame-relay be 1000 interface serial0/1/0 frame-relay traffic-shaping interface Serial0/1/0.221 point-to-point frame-relay interface-dlci 221 ppp Virtual-Template1 class FRTS class-map match-all VOIP match access-group 109 policy-map VOIP class VOIP priority percent 45 class class-default fair queue interface Multilink1 service-policy output VOIP R3 multilink bundle endpoint interface serial0/1/0.223 point no ip address frame-relay interface-dlci 223 ppp virtual-template 1 exit interface virtual-template 1 ppp multilink ppp multilink group 1 no ip address bandwidth 128 interface multilink 1 bandwidth 128 ppp multilink ppp multilink group 1 ip unnumbered lo0 ppp multilink interleave ppp multilink fragment delay 8 ppp multilink endpoint hostname access-list 109 permit udp any any range 16384 32767 precedence critical map-class frame-relay FRTS frame-relay cir 128000 frame-relay bc 8000 frame-relay be 1000 interface serial0/1/0 frame-relay traffic-shaping interface Serial0/1/0.223 point-to-point frame-relay interface-dlci 223 ppp Virtual-Template1 class FRTS class-map match-all VOIP match access-group 109 policy-map VOIP class VOIP priority percent 45 class class-default fair queue interface Multilink1 service-policy output VOIP 4.2 NTP Part 1 Between R5, SW1, SW2, R3 R5 should synchronize with NTP source YY.YY.254.254 In the event of R5 losses connection to NTP server it should act as an NTP server with a stratum 5 and the calendar as authoritative time source SW1, SW2, R3 using loopback 0 should use R5 as authoritative time server. Part 2 R3 and R5 should authenticate each other. SW1 and SW2 do not authenticate Set clock on R5 08:00 1 Jan 2000 Ultimately clock should be synchronized R5 clock calendar-valid ntp authentication-key 1 md5 cisco ntp authenticate ntp trusted-key 1 ntp master 5 ntp source fa0/1 ntp update-calendar clock set 8:00:00 1 jan 200 ntp server YY.YY.254.254 source loopback 0 R3 ntp authentication-key 1 md5 cisco ntp authenticate ntp trusted-key 1 ntp server YY.YY.0.130 key 1 source loopback 0 SW1, SW2 ntp server YY.YY.0.130 source loopback 0 4.3 RSVP Configure reservable bandwidth 64k with the largest reservable flow 64k. Configure R3 to simulate a host generating an RSVP path message to R1. Protocol should be tcp. Configure R1 to simulate a host generating rsvp receive message to R3. Using Loopback address to R1 and R3 and the message protocol should be tcp with a source port of telnet and the destination port of 10000. The message should be for a single reservation with a guaranteed average bit rate 10k and a max burst of 1000 bytes. R3 ip rsvp sender-host YY.YY.1.1 YY.YY.3.3 TCP 10000 23 10 1 interface Multilink1 ip rsvp bandwidth 64 64 R1 ip rsvp reservation-host YY.YY.1.1 YY.YY.3.3 TCP 10000 23 FF RATE 10 1 interface Multilink1 ip rsvp bandwidth 64 64 4.4 MHSRP Configure MHSRP on Support Vlans (234) according to the following: SW4 has priority group 1.Its virtual IP address yy.yy.128.196. SW3 has priority group 2. Its virtual IP address yy.yy.128.222 Do load-balance and fault tolerance in SW3 and SW4 Track the default route. SW3 interface Vlan234 standby 1 ip YY.YY.128.196 standby 1 preempt standby 2 ip YY.YY.128.222 standby 2 priority 105 standby 2 preempt standby 2 track 1 decrement 10 track 1 ip route 0.0.0.0 0.0.0.0 reachability SW4 interface Vlan234 standby 1 ip YY.YY.128.196 standby 1 priority 105 standby 1 preempt standby 1 track 1 decrement 10 standby 2 ip YY.YY.128.222 standby 2 preempt track 1 ip route 0.0.0.0 0.0.0.0 reachability 4.5 MLS Qos for Video Port Fa0/6 on SW4, will host a video server for streaming to devices off the Marketing vlan on R1. Configure MLS QOS in the network according to: The video server ip YY.YY.128.98 Use policy map to assign video traffic a DSCP 56. Define policer for the video traffic with rate of 3M and a burst size of 1M, Additionally when these rates are exceeded the DSCP value for the video should be marked down from 56 to 8. The Distribution ports between all four switches should trust the inbound DSCP value for classification Additionally, for untagged packets the default cos value should be defined as 1 Finally the expedite queue should be for all these ports SW4 mls qos mls qos map policed-dscp 56 to 8 access-list 100 permit udp host YY.YY.128.98 YY.YY.0.64 0.0.0.31 range 16384 32767 class-map match-all VIDEO match access-group 100 policy-map QOS class VIDEO set dscp 56 police 3000000 125000 exceed-action policed-dscp-transmit /* Its always better to check the unit of parameters before entering if they are in bits or bytes. Use ? */ interface FastEthernet0/6 mls qos cos 1 priority-queue out service-policy input QOS SW1, SW2, SW3, SW4 interface range fastethernet0/19 - 24 priority-queue out mls qos cos 1 mls qos trust dscp SW2 interface fa0/1 priority-queue out V Optimize the network 5.1 IP Service Level Agreements Configure IP SLA intended to monitor the response across between MPLS network and backdoor serials according to: SW2 will do all monitoring, SW1 will act as IP SLA responder, while R3 should not have knowledge of IP SLA's SW2 should use TCP to monitor SW1. The operation should repeat every three minutes starting immediately and repeat every day. TCP should use well known telnet port. SW2 should use ICMP to monitor R3. The operation should repeat every three minutes starting immediately and repeat every day. Loopback addresses should be used for all devices. SW2 ip sla 1 icmp-echo YY.YY.3.3 source-ip YY.YY.8.8 frequency 180 ip sla schedule 1 start-time now recurring ip sla 2 tcp-connect YY.YY.7.7 23 source-ip YY.YY.8.8 source-port 23 frequency 180 ip sla schedule 2 start-time now recurring SW1 ip sla responder 5.2 SNMP Configure SNMP on SW2 and R3 according to the All traps should be sent to the SNMP server YY.YY.128.226 using the community string public There should be two communities should be defined one public with read only access and another ciscoADMIN with read -write access. On SW2 enable SNMP traps for IP SLA in the event that round trip value violates the upper lower threshold. Use default values. On R3 enable SNMP traps for RSVP SW2 snmp-server community public RO snmp-server community ciscoADMIN RW snmp-server enable traps rtr snmp-server host YY.YY.128.226 public ip sla reaction-configuration 1 react rtt threshold-type immediate action-type trapOnly thresholdvalue 5000 3000 ip sla reaction-configuration 2 react rtt threshold-type immediate action-type trapOnly thresholdvalue 5000 3000 R3 snmp-server community public RO snmp-server community ciscoADMIN RW snmp-server enable traps rsvp snmp-server host YY.YY.128.226 public 5.3 Logging Management Core dumps Configure the following system management feature on R2, according to: Enable local time-stamps with date and time in msec debug and logged messages. Configure the local logging buffer to be 10000 bytes, logging messages with set severity level 4 (warning) and the higher. In the event that the local buffer is overwritten, enable the error counter. To facilitate troubleshooting, when there is unexpected system shutdown or reboot ensure that core dump is generated and saved to host YY.YY.128.98 using the FTP protocol. The filename should be RackYYR2 and the file should be compressed. The username / password for the ftp transfer should be reload /cisco. R2 service timestamps log datetime msec localtime service timestamps debug datetime msec localtime logging on logging count logging buffered 10000 warnings ip ftp username reload ip ftp password cisco exception core-file RackYYR2 compress exception protocol ftp exception dump YY.YY.128.98
×
×
  • Create New...