Jump to content

Search the Community

Showing results for tags 'K6'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • ANNOUNCEMENTS
    • ANNOUNCEMENTS
  • CERTIFICATION - - - - - NO REQUESTS IN THESE FORUMS - - - - -
    • CISCO SYSTEMS
    • COMPTIA
    • LINUX
    • MICROSOFT
    • ORACLE
    • PROJECT MANAGEMENT
    • SECURITY CERTIFICATIONS
    • SUN MICROSYSTEMS
    • WIRELESS
    • OTHER CERTIFICATIONS
  • CISCO TECHNICAL SECTION
    • CISCO LABS
    • GNS3
    • NETWORK INFRASTRUCTURE
    • SECURITY
    • WIRELESS
    • SERVICE PROVIDERS
    • COLLABORATION, VOICE AND VIDEO
    • DATA CENTER
    • SMALL BUSINESS
  • MICROSOFT TECHNICAL SECTION
  • OTHER TECHNICAL SECTION
  • TRAINING OFFERS & REQUESTS
  • CERTCOLLECTION MALL
  • GENERAL FORUMS
  • COMMUNITY CENTER

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests

Found 91 results

  1. Hello Folks, Recently we have seen several loopback and SVI interfaces created in the Lab..... Are we suppose to shut these down or leave as it is ? Does it not impact the solution, More importantly 802.1Q and private vlans in K7 ? In my exam , I asked the proctor and as usual she gave me a very confusing answer so I left it like that ...I failed K7 !
  2. My first attempt failed with 73 % on my TSv5 I was nerves and I don't know where to start and what to do the Qs not required same as from the IOU (the DNS case was asking to ping only, and the Qs are not in the order we have) the drawing didn't show the tunnel in AREA0 as we have on the IOU (and I did advertise it in AREA1 = I guess they don't like it) I got 9 out of 10 cases same output they want and I don't know why this score I can't solve the BGP case (ping from R14 192.168.133.100) i don't why but (it wasn't cluster ID or next-hop or route-reflector) it was something on SW4 (access list) but i can't do it I finished K6 in 3 and half hours it was cool and Passed.
  3. Hi, I think that there was some debate about this command before, and the command in the solution seems to be OK (ipv6 icmp error-interval 250 1), but do you think guys that ipv6 icmp error-interval 1000 4 is also valid, and might be even more accurate?!
  4. Hi guys, i have few questin regardin K6/K6++ NAT: here is my solution to the NAT task (both K6,K6++) SW1: interface loopback100 ip address yy.yy.17.7 255.255.255.0 ! ip route 100.100.42.0 255.255.255.0 yy.yy.17.1 R1: ip route 100.100.42.0 255.255.255.0 yy.yy.14.4 R4: ip nat inside source static yy.yy.17.7 100.100.17.7 ip nat inside source static yy.yy.42.10 100.100.42.10 interface serial 0/0/0 ip nat outside ! interface serial 0/1/0 ip nat outside R2: ip route 100.100.17.0 255.255.255.0 yy.yy.24.4 SW4: interface loopback 100 ip address 100.100.42.10 255.255.255.0 ! ip route 100.100.17.0 255.255.255.0 yy.yy.42.2 Now the solution is working : SW1#ping 100.100.42.10 source lo100 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 100.100.42.10, timeout is 2 seconds: Packet sent with a source address of 100.100.17.7 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/5/9 ms SW1# R4#show ip nat translations Pro Inside global Inside local Outside local Outside global icmp 100.100.17.7:0 yy.yy.17.7:0 yy.yy.42.10:0 yy.yy.42.10:0 --- 100.100.17.7 yy.yy.17.7 --- --- icmp 100.100.42.10:0 yy.yy.42.10:0 100.100.17.7:0 100.100.17.7:0 --- 100.100.42.10 yy.yy.42.10 --- --- ---------------------------------------------------------------------------------------------------- The problem is that even if i use Loopback0 the ping is getting reply: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 100.100.42.10, timeout is 2 seconds: Packet sent with a source address of yy.yy.7.7 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/5/9 ms SW1# R4#show ip nat translations Pro Inside global Inside local Outside local Outside global --- 100.100.17.7 yy.yy.17.7 --- --- icmp 100.100.42.10:2 yy.yy.42.10:2 yy.yy.7.7:2 yy.yy.7.7:2 --- 100.100.42.10 yy.yy.42.10 --- --- The other question i have is about K6++ ipv6 multicast section: i configured my solution below and i didnt get any result: R2: interface Serial0/0/0 ip address yy.yy.24.2 255.255.255.0 ip pim sparse-mode encapsulation ppp ipv6 address FEC1:CC1E:24::2/64 ipv6 ospf 1 area 142 no fair-queue ppp chap password 0 CCIE ! ipv6 router ospf 1 router-id yy.yy.2.2 log-adjacency-changes passive-interface FastEthernet0/0 ! ipv6 pim rp-address FEC1:CC1E:44::4 ipv6 multicast-routing R1: interface Serial0/0/0 ip address yy.yy.14.1 255.255.255.0 ip pim sparse-mode encapsulation ppp ipv6 address FEC1:CC1E:14::1/64 ipv6 ospf 1 area 142 no fair-queue ppp chap password 0 CCIE ! ipv6 router ospf 1 router-id yy.yy.1.1 log-adjacency-changes passive-interface FastEthernet0/0 ipv6 pim rp-address FEC1:CC1E:44::4 ipv6 multicast-routing ! R4: ipv6 router ospf 1 router-id yy.yy.4.4 log-adjacency-changes passive-interface FastEthernet0/0 ! interface Serial0/0/0 (face to R1) ip address yy.yy.14.4 255.255.255.0 ip wccp 61 redirect in ip wccp 62 redirect out ip pim sparse-mode ip nat outside ip virtual-reassembly encapsulation ppp ipv6 address FEC1:CC1E:14::4/64 ipv6 ospf 1 area 142 no fair-queue clock rate 2000000 ppp authentication chap ! interface Serial0/1/0(facing R2) ip address yy.yy.24.4 255.255.255.0 ip wccp 61 redirect in ip wccp 62 redirect out ip pim sparse-mode ip nat outside ip virtual-reassembly encapsulation ppp ipv6 address FEC1:CC1E:24::4/64 ipv6 ospf 1 area 142 clock rate 2000000 ppp authentication chap ipv6 pim rp-address FEC1:CC1E:44::4 ipv6 multicast-routing ! interface FastEthernet0/0 ip address yy.yy.44.4 255.255.255.0 ip pim sparse-mode duplex auto speed auto ipv6 address FEC1:CC1E:44::4/64 ipv6 ospf 1 area 142 ---------------------------------------------------------------------------------------------- The problem is when i do show ipv6 mroute i cant see any mroute cach on my R2. but i can see mroute cach on R1 there isnt any RPF faliure to the RP because when i do show ipv6 route i can see the RP address via serial0/0/0 of R2 . anyway can tell me what is the problem? My exam coming really soon so any help will be appreciate Thanks
  5. I am really getting stuck on K6 BB3--->SW2 connection and cannot seem to find the problem in IOU. Physical: BB3---> SW3 eth2/0 (vlan 33) SW2 - (vlan 33 - ip address 150.3.6.1 255.255.255.0) Trying to ping from SW2 to 150.3.6.254 (BB3) fails. Trunk ports have been configured, mst configured, spanning-tree portfast edge trunk removed from SW2 ports, no shut on vlan 33 on SW2 (showing up/up) but ping still not going through at all. Vlan 33 is also allowed on trunk between SW2 and SW3. Please help on this or let me know if more info needed.
  6. Hi guys, Lets say we are in the lab and we allready pass the Troubleshoot. Now we have 6 hours of configuration part. for most of the people it is the easy part of the exam, but i think it is qual to the troubleshooting section. I think so because you can do 1 or 2 minor faults that can imact your whole LAB score. So in this topic i will discuss the minor things that can break your configuration LAB: * in any time you can add/remove things that you think should/shouldnt be here. K8: Section 1: - i didnt find anything complicated here. Section 2: - IPV6 section : at EIGRP section, you should add the eigrp router-id before you issue the command "no shut" under the ipv6 router eigrp - IPV6 section : IPV6 topology need to pay attantion which interfaces are in the IPV6 domain !! its not the same interfaces as in the IPV4 domain - MPLS : remember to add the " MPLS LDP EXPLICIT-NULL or else your MPLS wont work ( it allso include MPLS QOS) Section 3: - Multicast: Remember to add the ip pim dr-priority on SW1 vlan 68 or you wont get points on section 3.1 - Multicast : Section 3.2 - > i still unable to get it 100% work , sorry. Section 4: - MPLS QOS : look at section 2 for more info , allso pay attantion to the number of 0 in the 3M - NTP : R1 allso need the command " ntp source loopback0" Section 5: - i didnt find anything complicated here. K7: Section 1: - 802.1q Tunneling - Remember to add "system mtu 1504" and "system mtu routing 1500" in SW1/SW2. just for best practice. - vlan 1 : at instance 3 - MST : spanning-tree mst 0 root primary , not spanning-tree mst 3 root primary because of CIST allways going via instance 0 . - PPP : dont forget to do the ppp authentication step - Frame-relay : dont forget to user IETF encapsulation on the frame relay links " encapsulation frame-relay IETF" Section 2: - Ospf :dont forget to add the BB networks into the ospf proccess (on R1/R2) - Redistribution part still has 2 solution, each solution break somthing else in the rules of the lab. 1 ) solution is to redistribute the X.X.45.0/24 netowrk to ospf via route-map 2) solution is to use ip ospf 1 area 1 and ip ospf passive interface, under the interface facing R4. - Ebgp : remember to add at the warning-only statement : " neighbor X.X.X.X maximum-prefix 5 100 warning-only" - IPV6 : remember to add ipv6 nd ra suppress on all interfaces (not loopback) -IPV6: remember enable ipv6 cef. Section 3: - i didnt find anything complicated here. Section 4: - ZBF : remember to add all interfaces to the ZBF policy , the "in" zone is the interfaces that going into our domain, the "out" zone is the interface going to BB. -Private-vlan : remember to add the private vlan to instance 1 on ALL DEVICES -MQC : dont forget to add class internet , allso dont forget to add max-reseve-bandwith 100 and bandwith 2000 if its not pre-configured. - TBACL : remember the reverse logic. K6 Section 1: -VLAN 1: dont add him into your instance 1 - RSPAN : remember to add both vlans 11,22 rx on both switchs - RADIUS: remember to add the line " aaa authentication login default line" , and check if there is a line password configured. Section 2: -RIP: remember to add neighbor X.X.X.254 into the rip procces for unicast connection - RIP: remember to use 2 lines in the route-map , 1 for changing the route-type, and 2nd for the metric of the rest of the prefix -BGP: remember that in SW2 you have to do for all of your neighbors " send-community both" , while R2/R3 are the only routers that have to . -PFR: no need to specify udp port on the ACL of EF traffic. -PFR : remember to add the load-interval on the external interfaces of R1/R2 -PFR: remember to add ip sla responder on R5/R2 Section 3: -Multicast: Remember that SW4 suppose to be the "2nd switch" to be configured with dr-priority , because he is the closet to the RP (R2/R1). Section 4: -QOS : remember to add on ALL interconnect ports " mpls trust cos" on all switchs. Section 5: -EEM : remember to enable archive K6++ Section 1: -VLAN 1 : remember to add him to SW1 root primary - PPP : same as K6 Section 2: -RIP: remember that you need 2 seq in the redistribution part , " from RIP to OSPF" -BGP: same as K6 -PFR: remember to add under the external interfaces "max-xmit-utilization XX" -PFR same as K6 -IPV6 : remember to add passive-interfaces on R1/R2 (fastethernet 0/0) and on R4 (fastethernet 0/0) -IPV6 : remember to add ipv6 access-list that permit any to the specific address of Multicast source. (R1 interface) Section 3: -Multicast : remember to add multicast boundry on SW2 interface going to BB3 (vlan 33 i think) Section 4: -QOS : same as K6 Section 5: - i didnt find anything complicated here. You can allways float anything that you thing i should add. Hope the community will get this discussion seriously so we can discuss the things that everyone afried of. Regards,
  7. CCIEx3king

    Failed K6

    Hey guys, I feel terrible after I get the score, I wasn't expecting it at all. I got msdp for TS and it wasn't easy at all. I solved all the tickets except for msdp ticket. I didn't bother to go through and waste time, I reviewed the other tts in the time left. I faced an issue in BGP, he is asking to match the output with the count of 23. The local preference should be 150. I got 23 routes but wasn't able to get the desired preference, they put a restriction on As100,300. Any one knows how to match the preference without changing it on r26,27? In lab, regular K6 with some twists, on rip there was no requirement of unicast only, neither passive interface was needed. For BGP I think I messed up and used R1 as a route reflector instead of Sw2. Not sure if he did ask for R1 though, am not sure. But the weirdest thing was that am getting a community of 254 253 from BB1 on R3, I tried adding the additive communities and local preference on R3. The local preference was shown, the communities didn't !! Any ideas? In OSPF, I didn't use Network command under the ospf process, I used ip ospf 4 area 0 under the interface, was faster for me to do that. Is it not allowed to do so?! :-/ Section 4, I used the solution just like in forums, 50% only?? Section 3 and 5 are 100 %
  8. Hello everyone, Sorry if this is a topic that is a repeat r ben asked before, but I couldn't find it. Can someone tell me the differences between K6 and K6++? Any help and info is really appreciated Regards!
  9. Guys, I have gone through lot of threads and saw variations in K6/K6++ pfr solutions. Can some share the final solution, that was tested in real rack and real lab exam too ? Thanks, Kapss
  10. Guys, I have been working off the following page for all labs including K6 - [Hidden Content] I also have K6++ and K6-Q&A-Xgeneno pdf format labs. But in not of these pdfs could I find the variations of individual questions which are discussed under the following pages for K6 (got this from the same all discussions url above)- K6 Section by section Section 1.2 [Hidden Content] Section 1.3 - 1.6 [Hidden Content] Section 1.7 [Hidden Content] Section 2.1 [Hidden Content] Sections 2.2 and 2.3 [Hidden Content] Section 2.4 [Hidden Content] Section 2.8 [Hidden Content] So... my question - Is there another K6 lab with other such different questions that I may have missed out on? Thanks in advance!
  11. Can any one....PLZ guide me which version of PFR is active in Real Exam?? OER Or PFR.... as per my knowledge we have to follow....12.4(t) IOS version which follows OER so is it right???? [Hidden Content] THANKS in advance
  12. Hi all, Great thanks to this forum and especially UldisD, CJ, RIKITEE, Paulno1, Netizen. Some feedback abt TS and Lab I got MPLS & K6. K6 was same as shared in this forum No new faults in MPLS. MPLS Tickets(All Tickets solved) 1. Frame-Relay : R22 Missing frame-relay class EEk under serial interface(facing R23). 2. NAT : Wrong NAT statement (outside, changed it to inside) 3. MST : SW1 vlan assignment to R10 is not there.(No restriction) 4. QOS : Wrong Class-map (Cannot modify Access-list on R7/8/9) 5. OSPF : R27 Loopback 0 advertised into area 0 R21 Area range for R26 Loopback not-advertise (remove it) 6. DHCP : UDP traffic is drop by control plane policy.(change conform-action to transmit) 7. EEM : Did not check for fault i just recreated it and worked perfectly 8. BGP : R2 has Control plane policy which is blocking every protocol, just changed it to transmit R3 weight 1 is configured for R1 (Removed It) 9. IPv6 : R5 didn`t have IPv6 Routing Process (Created and advertised interface in it.) 10. MPLS : R1/2 MPLS ldp neighborship to R4 was down cause of access-list, permit particular statement. R5 Wrong route-target configured (change it to same as R4) Regarding k6 nothing new, though some notes 1. All device has logging console informational/All line has password configured. 2. R4 f0/1 has IP but no vlan Assigned 3. you need to find out ip of Backbone for EBGP peering (in my case i got 51 and 46) 4. i used notepad for config throughout the lab 5. for IPv6 there is four five interface missing ipv6 address and on switch you need to configure sdm and reload 6. checked twice for verification and reachability checked by tcl script. Once again thank you guys for all your help and support !!!
  13. Hello Colleagues, Could you be so kind to share your experience what TS topology/questions and Configuration Labs are active on this week ? Based on my assumptions/feelings they are TS3(n+) and TS4 for Troubleshooting and K3 (or EEM lab) and 4.1(K6) for Configuration tasks. Am I right ? What are the other options ? Thank you! Ricko.
  14. Hi folks, having a good Sunday? . The question asks us to make sure "PIM Register" reaches the RP via SW1. After applying the solution(s) discussed in this forum, the PIM Register messages are seen in the R4 --- R1 segment only! (from multicast sender router to the Rendezvous Point router) I wish more people verfiy their solutions with show and debug commands Q: K6 3.2 [PIM TUNING] "Ensure the PIM register should reach RP via SW1. If SW1 goes down the PIM register messages should reach the RP via one of the switches in area 0." The sheer volume of PIM debug messages can overwhelm your tty line. I suggest using a log tool like LogExpert - www.log-expert.de
  15. I happened to stumble across this new K6 IOU, don't ask me how, it was totally unexpected, was reading their fake site policy and voila I was inside their new IOU. Please download ASAP, don't know till when the link will last All K Labs/TS including new K6 - size : 1.1 GB (open .vmx file, need vmware workstation installed) [Hidden Content] K6.rar - Small file [Hidden Content] Tutorials removed, couldn't find compatible link.[CrackerJoe69]
  16. Dear All, sorry for used another account but anu way i hope to share my exp with you for VS4++ i fixed 9 as i confirmed but i don't know why Troubleshooting - FAIL L2 switching Sw2 allow trunk vlan 810,114 telnet work fine FR FramRelay map missing broadcast on R22,R23 NAT telnet access list configured with wrong subnet 172.16.0.0 0.0.0.255 // changed to 172.16.0.0 0.0.255.255 after that work fine QoS service polociy not assigin on interface to R7 after that ping with TOS work fine DHCP access-list deny udp modify it and work fine after that BGP R3 wight command remove it / Lo0 not advertise under bgp after that show ip bgp fine EEM configure with wrong interface and state dowm / changed to correct interface and change the admin down after that tested and work fine IPv6 R5 interface to R8 wrong configuration corrcet it and work fine Red Lo1 on R26 with wring subnet 192.168.20.1 255.255.255.128 correct it after that i can ping from R20 but i think there is some thing wrong ---- taked long time from me MPLS not worked with me this ticket maked me crazy i found below faluts -R4/R5 ospf redis under bgp with wrong corect it -R4 configured with mpls ldp router-id lo1 force --- removed it and maked mpls ldp router-id lo0 -i check all configuration on R1/R2 R8/R20 all normal. untill this i can ping vrf from R4 to R20andR8 but the problem from R4 mpls ldp nei not established --- i check mpls ip under interfaces to R1/R2 and no access-list on R1/R2 also mpls ip configured any way i thinked i will pass without MPLS solve however i confirm from another 9 TT but finally i got Troubleshooting - FAIL with missing 6 point from 22 NOW for crazy lab K6 i can't add more than my friend here but i have an idea we need to collect 100 % configuration or more 80% to can compare between this soluations Section Section Score 1. Layer 2 Technologies 2. Layer 3 Technologies 3. IP Multicast 100% 4. Advanced Services 5. Optimize the Network and below my multicast soluation On R1, R2 and R4 ip multicast-routing On SW1~SW44 ip multicast-routing distributed On R1 interface Loopback0 ip pim sparse-mode interface FastEthernet0/0 ip pim sparse-mode interface Serial0/0 ip pim sparse-mode ip pim rp-candidate Loopback0 priority 254 On R2 interface Loopback0 ip pim sparse-mode interface FastEthernet0/0 ip pim sparse-mode interface Serial0/0 ip pim sparse-mode ip pim rp-candidate Loopback0 priority 255 On R4 interface Loopback0 ip pim sparse-mode interface FastEthernet0/0 ip pim sparse-mode interface FastEthernet0/1 ip pim sparse-mode interface Serial0/0 ip pim sparse-mode interface Serial0/1 ip pim sparse-mode ip pim bsr-candidate Loopback0 0 On SW1 interface FastEthernet1/1 ip pim sparse-mode interface Vlan123 ip pim sparse-mode ip pim dr-priority 4294967294 On SW2 interface Vlan123 ip pim sparse-mode interface Vlan33 ip pim sparse-mode ip igmp join-group 239.5.5.1 On SW3 interface Vlan123 ip pim sparse-mode ip pim dr-priority 4294967290 On SW4 interface Vlan123 ip pim sparse-mode interface Vlan42 ip pim sparse-mode ======================================================= My Notes L2 i used below command only to BB spanning-tree guard root spanning-tree bpduguard disable but may be i must need to enable bpdufilter may be my mistaks int this section L3 BGP i adverise lo 0 under bgp after asked the proctor and also bgp router-id SW2 creat peer group and send commuinty to this group - may be need to send community to R2/R3 only IPV6 i useed area nssa ---- now i am sure this wrong OER from beging i got problem in memory when used below command set active-probe udp-echo 3.3.55.5 target-port 7777 set active-probe echo 3.3.55.5 but proctor solve this issue after some time i leve the lab with oer inpolcy but i am sure my soluation still wrong Advanced Services need to confirem DHCP soluation EEM stil not correct i used below archive log config logging enable hidekeys notify syslog event manager applet CONF_CHANGE event syslog pattern "%PARSER-5-CFGLOG_LOGGEDCMD" action 1.0 cli command “enable” action 2.0 cli command "show clock | append flash:ccie.txt" action 3.0 syslog msg "Configuration Changed" and loop appear with my best for all
  17. Hi All, I have K6 with me. I can share it with anyone interested (free). I have some doubts aout the lab initial config and topology. If someone can spend ome time to clarify it, i can offer K6 in return.\\ Think and let me know. -sonet
  18. Hi guys, i passed TS3 and K6 last week and i am so glad to get my number finally!!! All information are here in this forum .. i mostly used Xgeneo, nandha007 and ccie36060 Threads!!! It's all in there! TS3: nothing new.. but i suggest .. lab it up..it will be very difficult just to "remember" the faults... You need at least your troubleshooting skills to solve the tickets. K6: I tried OER..but it didnt work..was a mess..then i removed everything..anyway..i passed and i am so thrilled about it!! Many many thanks to Xgeneo, nandha007 and ccie36060!!! You guys rock!!
  19. K2: A) 3.1 Multicast PIM SM between SW2, SW3, SW4 The QA and Support Vlan should handle multicast traffic Configure Auto-RP, with SW3 loopback 0 serving as RP only for the multicast group 239.10.5.0 /24 and SW4 serving as the mapping-agent. Enable SW2 loopback 0 to join group 239.10.5.1 To verify you should be able to successfully generate multicast traffic for the group 239.10.5.1 using R2 as the source. Why we dont enable PIM on SW2: int vlan 243 R2: int f0/1 (vlan 234) question says that R2 should be able to ping, if PIM is not enabled then how can R2 ping it? After enabling PIM on sw2 int vlan 243 and r2 f0/1, i get successful ping for 239.10.5.1 B ) 4.1 Link Fragmentation Part 1 Configure on R1 and R3 by the following requirements Use endpoint identifier for multilink bundling Use a policy map to define priority of 45 to all VOIP traffic only traffic whose proceeding as critical. (No named extended ACL) Implement LLQ Regarding ACL on R1 and R3, should we specify the ports range from 16384 to 32767 or its ok if we not specified it, because question only says about matching precedence critical. K4: A) 3.2 Multicast Joins Configure R2 s0/0/0.z as an IPV6 receiver for the multicast group FF08::4000:4000. R2 should be able to ping the multicast group FF08::4000:4000. R2 interface Serial0/1/1.100 point-to-point ipv6 mld join-group FF08::4000:4000 X:X:X:X RP is properly specified on R1, R2 and R4 as specified by previous question. but i have a doubt that what is that XXX while R2 joins and we have to verify it by pinging from R2. Right? K6: A) SOLVED, Solution is perfect 4.1 Network Address Translations (NAT) You are required to implement NAT. You need to match the output in the screenshots provided. Do not propagate and prefix from the network 100.0.0.0/8 in any routing protocol. You are allowed to add one /24 static in too four devices. Do not add any static route in R4. interface serial1/0 ip nat outside interface serial2/0 ip nat outside ip nat inside source static YY.YY.17.7 100.100.17.7 ip nat inside source static YY.YY.42.10 100.100.42.10 Regarding this question, i have a doubt that solution specifies R4's both interface as outside, where NATing is done from inside to outside as per specified NAT. Isnt there should be 1 inside and other outside NAT interface? B ) SOLVED, Solution is perfect 4.6 Implement Layer 2 Security Continue securing the DHCP deployment according to the following requirements In the near future the customer will connect a printer to SW1’s Fa0/14 in VLAN 44 and assign it the static IP address YY.YY.44.100. The printers MAC address is abcd.abcd.abcd Ensure that the printer is able to communicate with the users on VLAN 44 and ensure that your solution survives a reload (use the file flash:CCIE.TXT) Enable a feature on the switch to dynamically protect interface Fa 0/14 against spoofed IP packets and ARP request ip dhcp snooping binding abcd.abcd.abcd vlan 44 YY.YY.44.100 interface fastEthernet 0/14 expiry 4294967295 /* exec level command*/ regarding this question I am having only doubt regarding static binding of DHCP request from mac to IP. Is this syntax proper, because I cant find it on my switch. (having 3750) K7: A) SOLVED 1.3 Switch Trunking and Etherchannel Use encapsulation 802.1q In future if more links (ports) are added to the bundle, make sure that interface fa0/24 is always chosen first for traffic flow along with the channel Why only on SW1: interface range fastethernet 0/24 lacp port-priority 1 Solution : Requires on both SW1 and SW2 interface range fastethernet 0/24 lacp port-priority 1
  20. I'll be taking the lab soon, I wanted to clarify several tricky topics that have been explained in multiple places but I don't see any real resolution. If you can clarify any of these areas please let me know. Questions about the task highlighted in green. K2 4.5 MLS QoS for Video Port FastEthernet0/6 on SW4, will host a video server for streaming to devices off the Marketing VLAN on R1. Configure MLS QoS in the network according to : The video server IP yy.yy.128.98 Use policy-maps to assign video traffic to DSCP 56. Define policer for the video traffic with rate of 3Mbits and a burst size of 1Mbits. Additionally when these routes exceed the DSCP value for video traffic they should be marked down from 56 to 8. The distribution ports between all 4 switches should trust the inbound DSCP values for classification. Additionally, for untagged packets the default CoS value should be defined as 1. Finally the expedite queue should be enabled for all these ports. SW4 mls qos ! access-list 100 permit ip host yy.yy.128.98 yy.yy.0.64 0.0.0.31 Is this accurate, since no real specifications are given besides the video server and the subnet traffic will reach? ! class-map match-all VIDEO match access-group 100 ! mls qos map policed-dscp 56 to 8 ! policy-map MLS class VIDEO set dscp 56 police 3000000 125000 exceed-action policed-dscp-transmit ! interface FastEthernet0/6 service-policy input MLS mls qos trust dscp mls qos cos 1 priority-queue out Do we need to configuremls qos cos 1 and mls qos trust dscp on interfaces other than the switch distribution ports? SW1,SW2,SW3,SW4 mls qos ! interface range FastEthernet0/19 - 24 mls qos trust dscp mls qos cos 1 priority-queue out SW2 interface FastEthernet0/1 mls qos trust dscp mls qos cos 1 priority-queue out K4 4.4 – AutoQoS over PPP Address VOIP quality of service (QOS) by configuring Cisco AutoQOS over PPP line between R1 and R5. You cannot discover NBAR. Is the discovery command required, this won't utilize NBAR using the trust keyword, correct? R1: interface serial0/1 auto discovery qos trust auto qos voip trust R5: interface serial0/0 auto discovery qos trust auto qos voip trust K6 4.6 DHCP There is a DHCP server for VLAN 44 on R4's FastEthernet0/0. Your task is to complete the DHCP configuration on R4 and SW1. R4 is the only device which can provide DHCP services. At some point in the future, a printer will be added with the mac-address of abcd.abcd.abcd on SW1, FastEthernet0/14. Ensure that the printer always gets the IP address yy.yy.44.100 and can use after a reboot. Set domain-name to cisco.com DNS Servers yy.yy.44.50 and yy.yy.44.51 If the printer address is assigned statically, exclude the address and use dhcp snooping binding OR if the printer must be assigned an IP address dynamically create a host pool with the proper printer IP address and client-identifier, correct? R4: ip dhcp exclude-address yy.yy.44.4 <------- Interface Address ip dhcp exclude-address yy.yy.44.50 <----- DNS ip dhcp exclude-address yy.yy.44.51 <----- DNS ip dhcp exclude-address yy.yy.44.200 <----- Radius Server ip dhcp exclude-address yy.yy.44.100 <----- Printer / Netflow Destination ip dhcp exclude-address yy.yy.44.240 <----- SNMP ! ip dhcp pool POOL<----- Already configured, verify. network yy.yy.44.0 /24 default-router yy.yy.44.4 dns-server yy.yy.44.50 yy.yy.44.51 domain-name cisco.com ! ip dhcp pool PRINTER <----- Must be created to assign a printer via DHCP. host yy.yy.44.100 255.255.255.0 client-identifier 01AB.CDAB.CDAB.CD Ip dhcp snooping binding abcd.abcd.abcd vlan 44 yy.yy.44.100 interface FastEthernet0/14 expiry 4294967295 <---- Configure if address is statically assigned.
  21. 4.5 Implement DHCP R4 has been configured to provide the following parameters for DHCP clients on VLAN 44 IP addresses DNS servers YY.YY.55.50 and YY.YY.55.51 Domain name cisco.com Default gateway is YY.YY.44.4 The administrator wants that the DHCP deployment is as secured as possible. Complete the DHCP configuration on R4 and SW1 according to the following requirements Protect users in VLAN 44 from rogue DHCP servers Ensure that only R4 services the DHCP requests Disable the insertion and removal of option-82 field Protect the DHCP server from DHCP attacks originating from SW1 port Fa0/14, which may lead to resource exhaustion and ensure that maximum 3 different hosts can still connect to that port (Shutdown the port when violation occurred) Note: make sure that SW1 Fa 0/14 is enabled and provisioned so that the customer only needs to connect the printer to the port 4.6 Implement Layer 2 Security Continue securing the DHCP deployment according to the following requirements In the near future the customer will connect a printer to SW1’s Fa0/14 in VLAN 44 and assign it the static IP address YY.YY.44.100. The printers MAC address is abcd.abcd.abcd Ensure that the printer is able to communicate with the users on VLAN 44 and ensure that your solution survives a reload (use the file flash:CCIE.TXT) Enable a feature on the switch to dynamically protect interface Fa 0/14 against spoofed IP packets and ARP request Solution for 4.5 and 4.6 Combined R4 ip dhcp pool 44 network YY.YY.44.0 255.255.255.0 default-router YY.YY.44.4 dns-server YY.YY.55.50.YY.YY.55.51 domain-name cisco.com ip dhcp excluded-address YY.YY.44.4 ip dhcp excluded-address YY.YY.44.100 ip dhcp excluded-address YY.YY.44.200 ip dhcp pool PRINTER client-name PRINTER default-router YY.YY.44.4 host YY.YY.44.100 255.255.255.0 hardware address abcd.abcd.abcd SW1 ip dhcp snooping ip dhcp snooping vlan 44 ip dhcp snooping verify mac-address ip dhcp snooping database flash:CCIE.TXT ip dhcp snooping limit rate 150 /* Prevents Resource Exhaustion */ no ip dhcp snooping information option ip arp inspection vlan 44 interface fastethernet0/4 ip dhcp snooping trust ip arp inspection trust interface fastethernet0/14 switchport mode access switchport access vlan 44 switchport port-security switchport port-security maximum 3 switchport port-security violation shutdown /* Shutdown the port when violation occurred */ switchport port-security mac-address sticky ip verify source /* enable ip source guard - for protection against spoofed IP packets */ exit exit ip dhcp snooping binding abcd.abcd.abcd vlan 44 YY.YY.44.100 interface fastEthernet 0/14 expiry 4294967295 /* exec level command*/ My thoughts If the printer address is assigned statically these is no meaning in having a printer pool... so if there is a pool for printer pre-configured just ignore it... We have to include the Printer IP Address in the DHCP Excluded address list as that IP is not assigned through DHCP... And that is why we are binding the mac address to ip address in the switch... so that dhcp snooping doesnt treat that address as untrusted since that IP is not assigned by DHCP... We cant trust that interface completely because there are other hosts connected to that interface... so snooping binding only the Printer Mac to IP on that interface... ip source guard restricts IP traffic on untrusted Layer 2 ports by filtering traffic based on the DHCP snooping binding database or manually configured IP source bindings. This feature helps prevent IP spoofing attacks when a host tries to spoof and use the IP address of another host. Any IP traffic coming into the interface with a source IP address other than that assigned (via DHCP or static configuration) will be filtered out on the untrusted Layer 2 ports.
  22. Hi folks, My first CCIE R/S attempt in 6/18 Monday , But failed. I got K6 , Question the same in the forum. PPP with authentication (RADIUS -> Local) i think it's very strange , in LAB environment 3560, I cannot find "radius host xx.xx.xx.xx" command. it's very strange. and my TS also failed .... Bros , can any one tell me , how many TS scenario activate now ? any how to practice ? and where can I got the TS question and answers? thanks....
  23. Xgeneo

    K6 WCCP Solution

    Web Caching Communication Protocol (WCCP) Configure WCCP on R4 according to the following requirement There will be a WAAS appliance connected to interface of Fa0/1 Any traffic from any client connected to Fa0/0 going out of the 2 serial interfaces must be redirected to the WAAS server on Fa0/1 Traffic redirected from the server to the clients must use WCCP service 61 Traffic redirected from the clients to the server must use WCCP service 62 You are not allowed to modify any configuration of interface Fa0/0 R4 ip wccp ver 2 ip wccp 61 ip wccp 62 ip wccp check services all /* check all configured services for a match and perform redirection for those services */ ip wccp 61 redirect-list S_TO_C ip wccp 62 redirect-list C_TO_S ip access-list extended S_TO_C permit ip any YY.YY.44.0 0.0.0.255 ip access-list extended C_TO_S permit ip YY.YY.44.0 0.0.0.255 any /* ACL is required as its told specifically that the clients are connected to Fa0/0 ( so YY.YY.44.0) and traffic is going out of the 2 serial interfaces ( so any ) - If we Dont specify the ACL it could match any other traffic that is going out or coming in through those interfaces */ interface serial 0/0 ip wccp 61 redirect in ip wccp 62 redirect out interface serial 0/1 ip wccp 61 redirect in ip wccp 62 redirect out /* We have to specify in and out - here we are not matching web requests - we are redirecting traffic using service groups - if in case of web requests either inbound or outbound would do - here traffic from client to server and server to client are treated as separate service groups - so both require redirecting - since we cant do redirecting in fastethernet 0/0 since it is restricted in the question we have to do it in the serial interfaces - else we could have done ip wccp 62 redirect in in the fa0/0 interface without doing ip wccp 62 redirect out on the serial interfaces for service group 62 - either would do - similarly is the case with service group 61 */ interface fastethernet 0/1 ip wccp redirect exclude in
  24. Guys, could someone please upload all initial configs? Thanks
  25. Hey Gents... I know we keep going back and forth on what syslog string to look for when changes are made to runnning config as per the EEM question for the K6 lab. Should we use %SYS-5-CONFIG_I or %PARSER-5-CFGLOG_LOGGEDCMD Well I found a quick line from linkpass.net about this same thing. (not sure you guys found this as well), but Brian McGhan (of INE) is quoted as saying: "Remember that the router always generates a %SYS-5-CONFIG log message when a change is made. So for example suppose the following change was made:.." Below is the lnk to this page... [Hidden Content] so event manager applet Cong_Change event syslog pattern "%SYS-5-CONFIG" action 1.0 cli command "enable" action 2.0 cli command "sh clock | append flash:CCIE.txt" action 3.0 syslog msg "Configuration has been changed" is the right way to go Best, DL
×
×
  • Create New...