CCIE R&S Advanced Lab Workbook Vol1

CCIE LAB Routing & Switching (V4.0)

www.passccielab.com All rights reserved Created by lofrent - 1 -


Ver:K1

Update 2009-12-13

© www.passccielab.com All Rights Reserved.

www.CareerCert.info

http://www.careercert.info



Part 1: Core Knowledge Questions

There are 4 open ended questions in this section. You should answer at least 3 out

of 4 correctly to get 100% in this section. If you fail to do so, your score will be 0% in

this section.

See the another file for the same(open ended questions for CCIE RS lab)

www.CareerCert.info




Part 2: Troubleshooting

Troubleshooting:

1. Troubleshooting has 29 devices,no switch

2. you must find 11 questions and solve these questions

3. Please notes, ip address will be change in your real exam

www.CareerCert.info




www.CareerCert.info




Pre-configured for Troubleshooting

R1

Passccielab.com_Rack30R1#sh run

Building configuration...

Current configuration : 1408 bytes

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Passccielab.com_Rack30R1

!

boot-start-marker

boot-end-marker

!

!

ip subnet-zero

ip cef

!

!

no ip domain-lookup

!

no mpls traffic-eng auto-bw timers frequency 0

call rsvp-sync

!

!

!

!

!

mpls label protocol ldp

mpls ldp router-id lo0

!

!

!

interface Loopback0

ip address 1.1.1.1 255.255.255.255

no clns route-cache

!

interface FastEthernet0/0

ip address 171.13.13.1 255.255.255.0

duplex half

www.CareerCert.info




no clns route-cache

mpls ip

!

interface Serial1/0

no ip address

no fair-queue

serial restart-delay 0

no clns route-cache

!

interface Serial1/1

no ip address


no clns route-cache

!

interface Serial1/2

no ip address


no clns route-cache

!

interface Serial1/3

no ip address


no clns route-cache

!


ip address 171.15.15.1 255.255.255.0

duplex half

no clns route-cache

no shu

mpls ip

!


ip address 171.14.14.1 255.255.255.0

duplex half

no clns route-cache

rate-limit input 8000 1000 2000 conform-action transmit exceed-action drop

mpls ip

no shu

!


ip address 171.16.16.1 255.255.255.0

duplex half

no clns route-cache

no shu

www.CareerCert.info




mpls ip

!

router ospf 1

log-adjacency-changes

network 0.0.0.0 255.255.255.255 area 0

!

ip classless

!

no ip http server

!

!

!

!

!

!

control-plane

!

!

dial-peer cor custom

!

!

!

!

line con 0

exec-timeout 0 0

logging synchronous

stopbits 1

line aux 0

stopbits 1

line vty 0 4

no login

!

!

end

R2


!

boot-start-marker

boot-end-marker

!

!

ip subnet-zero

ip cef

www.CareerCert.info




!

!

no ip domain-lookup

!


call rsvp-sync

!

!

!

!



!

!

!

!

interface Loopback0

ip address 2.2.2.2 255.255.255.255

no clns route-cache

!


ip address 171.25.25.2 255.255.255.0

duplex half

no clns route-cache

mpls ip

no shu

!


ip address 171.24.24.2 255.255.255.0

duplex half

no clns route-cache

no shu

mpls ip

!


no ip address

duplex half

no clns route-cache

!

interface Serial5/0

ip address 171.26.26.2 255.255.255.0

no fair-queue


no clns route-cache

www.CareerCert.info




mpls ip

no shu

!

interface Serial5/1

no ip address


no clns route-cache

!

interface Serial5/2

no ip address


no clns route-cache

!

interface Serial5/3

no ip address


no clns route-cache

!


ip address 171.23.23.2 255.255.255.0

duplex half

no clns route-cache

mpls ip

no shu

!

ip classless

!

no ip http server

!

!

!

router os 1

net 0.0.0.0 0.0.0.0 a 0

!

!

!

control-plane

!

!


!

!

!

!

www.CareerCert.info




line con 0

exec-timeout 0 0

logging synchronous

stopbits 1

line aux 0

stopbits 1

line vty 0 4

!

!

end

R3




!

version 12.2




!


!

boot-start-marker

boot-end-marker

!

username Passccielab.com_Rack30R1 password 0 cisco

!

ip subnet-zero

ip cef

!

!



no ip domain-lookup

!

ip vrf site-b

rd 34:22

route-target export 34:22

www.CareerCert.info




!


call rsvp-sync

!

!

!

!

!

!

!

!

interface Loopback0

ip address 3.3.3.3 255.255.255.255

no clns route-cache

!

interface Serial1/0

ip vrf forwarding site-b

ip address 171.3.22.3 255.255.255.0

no fair-queue

ppp authentication chap


clockrate 64000

no clns route-cache

mpls ip

!

interface Serial1/1

no ip address


no clns route-cache

!

interface Serial1/2

no ip address

shutdown


no clns route-cache

!

interface Serial1/3

no ip address

shutdown


no clns route-cache

!


ip address 171.13.13.3 255.255.255.0

www.CareerCert.info




duplex half

no clns route-cache

mpls ip

no shu

!


ip address 171.23.23.3 255.255.255.0

duplex half

no clns route-cache

mpls ip

no shu

!


duplex half

no clns route-cache

no shu

!

router eigrp 100

no auto-summary

!

address-family ipv4 vrf site-b

redistribute bgp 10 metric 10000 100 255 1 1500

network 171.3.22.3 0.0.0.0

no auto-summary

exit-address-family

autonomous-system 100

!

router ospf 1


network 0.0.0.0 255.255.255.255 area 0

!

router bgp 10

no bgp default ipv4-unicast

bgp log-neighbor-changes

neighbor 4.4.4.4 remote-as 10

neighbor 4.4.4.4 update-source seaial1/1


neighbor 5.5.5.5 update-source Loopback0



!

address-family ipv4

neighbor 4.4.4.4 activate

www.CareerCert.info






no auto-summary

no synchronization

exit-address-family

!

address-family vpnv4


neighbor 4.4.4.4 send-community extended





exit-address-family

!


no auto-summary

redistribute eigrp 100

no synchronization

exit-address-family

!

ip classless

!

no ip http server

!

!

!

!

!

!

control-plane

!

!


!

!

!

!

line con 0

exec-timeout 0 0

logging synchronous

stopbits 1

line aux 0

stopbits 1

www.CareerCert.info




line vty 0 4

no login

!

!

end

R4




!

version 12.2




!


!

boot-start-marker

boot-end-marker

!

!

ip subnet-zero

ip cef

!



!

no ip domain-lookup

!

ip vrf site-b

rd 34:22


!


call rsvp-sync

!

!

!

!

www.CareerCert.info




!

!

!

!

interface Loopback0

ip address 4.4.4.4 255.255.255.255

no clns route-cache

!


ip address 171.14.14.4 255.255.255.0

duplex half

mpls ip

no clns route-cache

no shu

!


ip address 171.24.24.4 255.255.255.0

duplex half

no clns route-cache

mpls ip

no shu

!


ip vrf forwarding site-b

ip address 171.4.15.4 255.255.255.0

duplex half

mpls ip

no clns route-cache

no shut

interface Serial3/0

no ip address

shutdown

no fair-queue


no clns route-cache

!

interface Serial3/1

no ip address

shutdown


no clns route-cache

!

interface Serial3/2

www.CareerCert.info




no ip address

shutdown


no clns route-cache

!

interface Serial3/3

no ip address

shutdown


no clns route-cache

!

router ospf 101 vrf site-b


redistribute bgp 10 subnets

network 0.0.0.0 255.255.255.255 area 0

!

router ospf 1


network 0.0.0.0 255.255.255.255 area 0

!

router bgp 10









!

address-family ipv4




no auto-summary

no synchronization

exit-address-family

!







www.CareerCert.info





exit-address-family

!


redi ospf 101

no auto-summary

no synchronization

exit-address-family

!

ip classless

!

no ip http server

!

!

!

!

!

!

control-plane

!

!


!

!

!

!

line con 0

exec-timeout 0 0

logging synchronous

stopbits 1

line aux 0

stopbits 1

line vty 0 4

no login

!

!

end

R5



www.CareerCert.info





!

version 12.2




!


!

boot-start-marker

boot-end-marker

!

!



ip subnet-zero

ip cef

!

!

no ip domain-lookup

!

ip vrf site-a

rd 56:22


!


call rsvp-sync

!

!

!

!

!

!

!

!

interface Loopback0

ip address 5.5.5.5 255.255.255.255

no clns route-cache

!


ip vrf forwarding site-a

www.CareerCert.info




ip address 171.5.11.5 255.255.255.0

duplex half

mpls ip

no clns route-cache

no shu

!

interface Serial1/0

no ip address

shutdown


no clns route-cache

!

interface Serial1/1

no ip address

shutdown


no clns route-cache

!

interface Serial1/2

no ip address

shutdown


no clns route-cache

!

interface Serial1/3

no ip address

shutdown


no clns route-cache

!


ip address 171.15.15.5 255.255.255.0

duplex half

mpls ip

no clns route-cache

no shu

!


ip address 171.25.25.5 255.255.255.0

duplex half

mpls ip

no clns route-cache

!

router ospf 101 vrf site-a

www.CareerCert.info





redistribute bgp 10 subnets

network 0.0.0.0 255.255.255.255 area 0

!

router ospf 1


network 0.0.0.0 255.255.255.255 area 0

!

router bgp 10









!

address-family ipv4




no auto-summary

no synchronization

exit-address-family

!








exit-address-family

!

address-family ipv4 vrf site-a

redistribute ospf 101 vrf site-a

no auto-summary

no synchronization

exit-address-family

!

ip classless

!

no ip http server

www.CareerCert.info




!

!

!

!

!

!

control-plane

!

!


!

!

!

!

line con 0

exec-timeout 0 0

logging synchronous

stopbits 1

line aux 0

stopbits 1

line vty 0 4

no login

!

!

end

R6




!

version 12.2



service password-encryption

!


!

boot-start-marker

boot-end-marker

www.CareerCert.info




!

!



ip subnet-zero

ip cef

!

!

no ip domain-lookup

!

ip vrf site-a

rd 56:22


!

ip multicast-routing

mpls traffic-eng tunnels


mpls ldp router-id Loopback0 force


pseudowire-class fr-fe

encapsulation mpls

interworking ip

!

call rsvp-sync

!

!

!

!

!

!

!

!

!

interface Loopback0

ip address 6.6.6.6 255.255.255.255

no clns route-cache

!


ip vrf forwarding site-a

ip address 171.67.67.6 255.255.255.0

www.CareerCert.info




duplex half

mpls ip

no clns route-cache

no shut

!


ip address 171.16.16.6 255.255.255.0

duplex half

mpls ip

no clns route-cache

no shu

!

interface Serial3/0

ip address 171.26.26.6 255.255.255.0


no clns route-cache

mpls ip

no shut

!

interface Serial3/2

no ip address


no clns route-cache

!

interface Serial3/3

no ip address


no clns route-cache

!

router os 100 vrf site-a

net 0.0.0.0 255.255.255.255 a 0

!

router ospf 1


network 0.0.0.0 255.255.255.255 area 0

!

router bgp 10







www.CareerCert.info






!

address-family ipv4




no auto-summary

no synchronization

exit-address-family

!








exit-address-family

!

address-family ipv4 vrf site-a

no auto-summary

no synchronization

exit-address-family

!

ip classless

!

no ip http server

!

ip bgp-community new-format

!

!

!

!

!

control-plane

!

!


!

!

!

!

line con 0

www.CareerCert.info




exec-timeout 0 0

logging synchronous

stopbits 1

line aux 0

stopbits 1

line vty 0 4

no login

!

!

end

R7




!

version 12.2




!


!

boot-start-marker

boot-end-marker

!

!

ip subnet-zero

ip cef

!

!

no ip domain-lookup

!


call rsvp-sync

!

!

www.CareerCert.info




!

!

!

!

!

!

interface Loopback0

ip address 7.7.7.7 255.255.255.255

no clns route-cache

!


ip address 171.78.78.7 255.255.255.0

duplex auto

speed auto

no clns route-cache

ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 cisco

!


ip address 171.67.67.7 255.255.255.0

duplex auto

speed auto

no clns route-cache

!

interface Serial1/0

ip address 171.7.11.7 255.255.255.0

no fair-queue


no clns route-cache



!

interface Serial1/1

ip address 171.7.12.7 255.255.255.0


no clns route-cache



!

interface Serial1/2

no ip address


no clns route-cache

www.CareerCert.info




!

interface Serial1/3

no ip address


no clns route-cache

!

router ospf 1


network 0.0.0.0 255.255.255.255 area 0

!

ip classless

!

no ip http server

!

!

!

!

!

!

control-plane

!

!


!

!

!

!

line con 0

exec-timeout 0 0

logging synchronous

stopbits 1

line aux 0

stopbits 1

line vty 0 4

no login

!

!

end

R8


www.CareerCert.info






!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec


!


!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

memory-size iomem 10

!

!

ip cef

no ip domain lookup

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

www.CareerCert.info




!

interface Loopback0

ip address 8.8.8.8 255.255.255.255

!

interface Ethernet0/0

ip address 171.89.89.8 255.255.255.0

half-duplex



no sh

!

interface Serial0/0

ip address 171.8.11.8 255.255.255.0



no sh

!


ip address 171.78.78.8 255.255.255.0

half-duplex



no sh

!

interface Serial0/1

no ip address

!


no ip address

half-duplex

!


no ip address

half-duplex

!

router ospf 1


network 0.0.0.0 255.255.255.255 area 0

!

no ip http server

no ip http secure-server

!

!

!

www.CareerCert.info




!

!

!

control-plane

!

!

!

!

!

!

!

!

!

!

line con 0

exec-timeout 0 0

logging synchronous

line aux 0

line vty 0 4

login

!

R9




!

version 12.3




!


!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

www.CareerCert.info




ip subnet-zero

no ip domain lookup

!

!

!

!

!

interface Loopback0

ip address 9.9.9.9 255.255.255.255

!

interface Ethernet0

ip address 171.90.90.9 255.255.255.0



no shut

!

interface Ethernet1

ip address 171.89.89.9 255.255.255.0



no shu

!

interface Serial0

no ip address

shutdown

no fair-queue

!

interface Serial1

no ip address

shutdown

!

router ospf 1


network 0.0.0.0 255.255.255.255 area 0

!

ip http server

ip classless

!

!

!

!

line con 0

exec-timeout 0 0

logging synchronous

www.CareerCert.info




line aux 0

line vty 0 4

login

!

en

R10




!

version 12.1

no service single-slot-reload-enable




!


!

!

!

!

!

!

ip subnet-zero

no ip domain-lookup

!

partition flash 2 8 8

!

!

!

!

interface Loopback0

ip address 10.10.10.10 255.255.255.255

!

interface Ethernet0

ip address 171.90.90.10 255.255.255.0



no sh

!

interface Ethernet1

www.CareerCert.info




no ip address

!

interface Serial0

no ip address

shutdown

!

interface Serial1

no ip address

shutdown

!

router ospf 1


network 0.0.0.0 255.255.255.255 area 0

!

ip classless

no ip http server

!

!

line con 0

exec-timeout 0 0

logging synchronous

line aux 0

line vty 0 4

login

!

end

R11



!

version 12.2




!


!

boot-start-marker

boot-end-marker

www.CareerCert.info




!

!

ip subnet-zero

ip cef

!

!

no ip domain-lookup

!


call rsvp-sync

!

!

!

!

!

!

!

!

interface Loopback0

ip address 11.11.11.11 255.255.255.255

no clns route-cache

!


ip address 171.5.11.11 255.255.255.0

duplex half

no clns route-cache



no shut

!

interface Serial3/0

ip address 171.7.11.11 255.255.255.0

no fair-queue


clockrate 64000

no clns route-cache



no shu

!

interface Serial3/1

ip address 171.11.12.11 255.255.255.0


no clns route-cache

www.CareerCert.info






no shu

!

interface Serial3/2

ip address 171.8.11.11 255.255.255.0


no clns route-cache



no shu

!

interface Serial3/3

no ip address


no clns route-cache

!

router ospf 1


network 0.0.0.0 255.255.255.255 area 0

!

ip classless

!

no ip http server

!

!

!

!

!

!

control-plane

!

!


!

!

!

!

line con 0

exec-timeout 0 0

logging synchronous

stopbits 1

line aux 0

stopbits 1

www.CareerCert.info




line vty 0 4

no login

!

!

end

R12




!

version 12.4




!


!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

!

resource policy

!

memory-size iomem 10

ip subnet-zero

!

!

ip cef

no ip dhcp use vrf connected

!

!

no ip ips deny-action ips-interface

!

!

!

!

!

www.CareerCert.info




!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

interface Loopback0

ip address 12.12.12.12 255.255.255.255

!


ip address 171.12.13.12 255.255.255.0

half-duplex



no shu

!

interface Serial0/0

ip address 171.7.12.12 255.255.255.0



no shu

!


no ip address

half-duplex

!

interface Serial0/1

ip address 171.11.12.12 255.255.255.0

clockrate 64000



no shu

!


www.CareerCert.info




no ip address

half-duplex

!


no ip address

half-duplex

!

router ospf 1

no log-adjacency-changes

network 12.12.12.12 0.0.0.0 area 0

network 171.7.12.12 0.0.0.0 area 0

network 171.11.12.12 0.0.0.0 area 0

network 171.12.13.12 0.0.0.0 area 2

!

no ip http server


ip classless

!

!

!

!

!

!

control-plane

!

!

!

!

!

!

!

!

!

!

line con 0

line aux 0

line vty 0 4

login

!

!

end

www.CareerCert.info




R13




!

version 12.2




!


!

!

ip subnet-zero

!

!

!

!

interface Loopback0

ip address 13.13.13.13 255.255.255.255

!

interface Ethernet0

ip address 171.12.13.13 255.255.255.0



no shu

!

interface Ethernet1

ip address 171.13.14.13 255.255.255.0



no shu

!

interface Serial0

no ip address

!

interface Serial1

no ip address

!

www.CareerCert.info




router ospf 1


network 0.0.0.0 255.255.255.255 area 0

!

ip classless

no ip http server

!

!

!

line con 0

line aux 0

line vty 0 4

login

!

R14




!

version 12.1

no service single-slot-reload-enable




!


!

!

!

!

!

!

ip subnet-zero

no ip domain-lookup

!

!

!

!

interface Loopback0

www.CareerCert.info




ip address 14.14.14.14 255.255.255.255

!

interface Ethernet0

ip address 171.13.14.14 255.255.255.0

no shu

!

interface Serial0

no ip address

shutdown

!

interface Serial1

no ip address

shutdown

!

interface BRI0

no ip address

shutdown

!

router ospf 1


network 0.0.0.0 255.255.255.255 area 0

!

ip classless

no ip http server

!

!

line con 0

exec-timeout 0 0

logging synchronous

line aux 0

line vty 0 4

login

R15




!

www.CareerCert.info




version 12.3




!


!

boot-start-marker

boot-end-marker

!

!

no network-clock-participate slot 1

no network-clock-participate wic 0

no aaa new-model

ip subnet-zero

!

!

!

ip cef

ip audit po max-events 100

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

interface Loopback0

ip address 15.15.15.15 255.255.255.255

!


ip address 171.15.17.15 255.255.255.0

www.CareerCert.info




duplex auto

speed auto

no sh

!

interface Serial0/0

ip address 171.15.16.15 255.255.255.0

encapsulation frame-relay

frame-relay map ip 171.15.16.16 112 broadcast

frame-relay lmi-type cisco

ip ospf network point-to-point


no shu

!


ip address 171.4.15.15 255.255.255.0

duplex auto

speed auto

no shu

!

router ospf 100


network 15.15.15.15 0.0.0.0 area 0

network 171.4.15.15 0.0.0.0 area 0

network 171.15.17.15 0.0.0.0 area 0

network 171.15.16.15 0.0.0.0 area 1

area 1 authentication message-digest

!

ip http server


ip classless

!

!

!

!

!

!

!

!

!

!

!

line con 0

line aux 0

line vty 0 4

www.CareerCert.info




login

!

!

end

R16

Passccielab.com_Rack30R16#SH RUN



!

version 12.2




!


!

!

ip subnet-zero

no ip domain-lookup

!

!

!

!

interface Loopback0

ip address 16.16.16.16 255.255.255.255

!

interface Ethernet0

no ip address

!

interface Serial0

ip address 171.15.16.16 255.255.255.0



frame-relay map ip 171.15.16.15 211 broadcast

ip ospf network point-to-point


no sh

www.CareerCert.info




!

interface Serial1

no ip address

!

interface BRI0

no ip address

encapsulation hdlc

shutdown

!

router ospf 1


network 16.16.16.16 0.0.0.0 area 1

network 171.15.16.16 0.0.0.0 area 1


!

ip classless

no ip http server

!

!

!

line con 0

exec-timeout 0 0

logging synchronous

line aux 0

line vty 0 4

login

!

end

R17

Passccielab.com_Rack30R17#s run



!

version 12.2




www.CareerCert.info




!


!

!

ip subnet-zero

no ip domain-lookup

!

!

!

!

interface Ethernet0

ip address 171.15.17.17 255.255.255.0

!

interface Serial0

no ip address



!

interface Serial0.18 point-to-point

ip address 171.78.17.17 255.255.255.0


frame-relay interface-dlci 315

!


ip address 171.207.17.17 255.255.255.0



!

interface Serial1

no ip address

shutdown

!

router ospf 1



network 171.15.17.17 0.0.0.0 area 0

network 171.78.17.17 0.0.0.0 area 2

network 171.100.100.7 0.0.0.0 area 2

!

ip classless

no ip http server

!

!

!

www.CareerCert.info




line con 0

exec-timeout 0 0

logging synchronous

line aux 0

line vty 0 4

login

!

end

R18




!

version 12.2




!


!

!

ip subnet-zero

no ip domain-lookup

!

!

!

!

interface Loopback0

ip address 18.18.18.18 255.255.255.255

!

interface Ethernet0

ip address 171.18.19.18 255.255.255.0


!

interface Serial0

no ip address


no fair-queue


!

www.CareerCert.info





ip address 171.78.17.18 255.255.255.0



!


ip address 171.208.28.18 255.255.255.0



!

interface Serial1

no ip address

shutdown

!

interface BRI0

no ip address

encapsulation hdlc

shutdown

!

router ospf 1



network 0.0.0.0 255.255.255.255 area 2

!

ip classless

no ip http server

!

!

!

line con 0

exec-timeout 0 0

logging synchronous

line aux 0

line vty 0 4

login

!

end

R19



www.CareerCert.info





!

version 12.2




!


!

!

ip subnet-zero

no ip domain-lookup

!

!

!

!

interface Loopback0

ip address 19.19.19.19 255.255.255.255

!

interface Ethernet0

ip address 171.18.19.19 255.255.255.0


no shu

!

interface Serial0

no ip address

shutdown

!

interface Serial1

no ip address

shutdown

!

interface BRI0

no ip address

encapsulation hdlc

shutdown

!

router ospf 1


network 0.0.0.0 255.255.255.255 area 2


!

ip classless

no ip http server

www.CareerCert.info




!

!

!

line con 0

exec-timeout 0 0

logging synchronous

line aux 0

line vty 0 4

login

!

end

R20




!

version 12.2




!


!

!

ip subnet-zero

no ip domain-lookup

!

!

!

!

interface Loopback0

ip address 20.20.20.20 255.255.255.255

!

interface Ethernet0

ip address 171.20.21.20 255.255.255.0


!

interface Serial0

www.CareerCert.info




no ip address



!


ip address 171.208.28.20 255.255.255.0



!


ip address 171.207.17.20 255.255.255.0



!

interface Serial1

no ip address

shutdown

!

interface BRI0

no ip address

encapsulation hdlc

shutdown

!

router ospf 1



network 0.0.0.0 255.255.255.255 area 2

!

ip classless

no ip http server

!

!

!

line con 0

exec-timeout 0 0

logging synchronous

line aux 0

line vty 0 4

login

!

end

R21

www.CareerCert.info







!

version 12.3




!


!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

ip subnet-zero

no ip domain lookup

!

!

!

!

!

interface Loopback0

ip address 21.21.21.21 255.255.255.0

!

interface Loopback20

ip address 172.16.2.1 255.255.255.0 secondary







ip address 172.16.1.1 255.255.255.0

!

interface Ethernet0

www.CareerCert.info




ip address 172.20.20.21 255.255.255.0


no sh

!

interface Ethernet1

ip address 171.21.25.21 255.255.255.0

no sh

!

interface Serial0

no ip address

!

interface Serial1

no ip address

!

router ospf 1


network 171.20.21.21 0.0.0.0 area 2

area 2 nssa


redis rip sub

area 2 nssa

!

router rip

version 2

network 172.16.0.0

no auto-summary

!

no ip http server

ip classless

!

!

!

!

line con 0

exec-timeout 0 0

logging synchronous

line aux 0

line vty 0 4

login

!

end

R22

www.CareerCert.info




Passccielab.com_Rack30R22# SH RUN



!

version 12.4




!


!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

no network-clock-participate slot 1

no network-clock-participate wic 0

ip cef

!

!

!

!

no ip domain lookup

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

!

!

!

!

key chain cisco

key 1

key-string cisco

!

!

!

!

www.CareerCert.info




!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

interface Loopback0

ip address 22.22.22.22 255.255.255.255

!


ip address 171.234.234.2 255.255.255.0

ip authentication mode eigrp 100 md5

ip authentication key-chain eigrp 100 cisco

no sh

duplex auto

speed auto

!

interface Serial0/0

ip address 171.3.22.22 255.255.255.0

encapsulation ppp

no fair-queue

ppp chap hostname cisco

ppp chap password cisco


no sh

duplex auto

speed auto

!

!

router eigrp 100

network 22.0.0.0

network 171.3.0.0

www.CareerCert.info




network 171.234.0.0

no auto-summary

!

ip forward-protocol nd

!

!

ip http server


!

!

!

!

control-plane

!

!

!

!

!

!

!

ntp authentication-key 1 md5 cisco

ntp authenticate

ntp source Loopback0

ntp master

!

!

!

line con 0

exec-timeout 0 0

logging synchronous

line aux 0

line vty 0 4

login

!

!

R23




!

version 12.3

www.CareerCert.info







!


!

boot-start-marker

boot-end-marker

!

no logging console

!

no aaa new-model

ip subnet-zero

no ip domain lookup

!

!

key chain cisco

key 1

key-string cisco

!

!

!

!

interface Loopback0

ip address 23.23.23.23 255.255.255.255

!

interface Ethernet0

ip address 171.234.234.3 255.255.255.0



no shu

!

interface Ethernet1

ip address dhcp



no shu

!

interface Serial0

no ip address

shutdown

!

interface Serial1

no ip address

www.CareerCert.info




shutdown

!

router eigrp 100

network 23.0.0.0

network 171.200.200.0 0.0.0.255

network 171.234.234.0 0.0.0.255

no auto-summary

!

no ip http server

ip classless

!

!

!

!

line con 0

exec-timeout 0 0

logging synchronous

line aux 0

line vty 0 4

login

!

ntp authentication-key 1 md5 ccie

ntp authenticate

ntp server 22.22.22.22 key 1

ntp trusted-key 1

end

R24

Passccielab.com_Rack30R24>EN




!

version 12.3




!


!

www.CareerCert.info




boot-start-marker

boot-end-marker

!

no logging console

!

no aaa new-model

ip subnet-zero

no ip domain lookup

!

!

key chain cisco

key 1

key-string cisco

!

!

!

!

interface Loopback0

ip address 24.24.24.24 255.255.255.255

!

interface Ethernet0

ip address 171.234.234.4 255.255.255.0



no shu

!

interface Ethernet1

ip address dhcp



no shu

!

interface Serial0

no ip address

shutdown

!

interface Serial1

no ip address

shutdown

!

router eigrp 100

network 24.24.24.24 0.0.0.0

network 171.200.200.0 0.0.0.255

network 171.234.234.0 0.0.0.255

www.CareerCert.info




no auto-summary

!

no ip http server

ip classless

!

!

!

!

line con 0

exec-timeout 0 0

logging synchronous

line aux 0

line vty 0 4

login

!

ntp authentication-key 1 md5 ccie

ntp authenticate

ntp server 22.22.22.22 key 1

ntp trusted-key 1

end

R25

ack30R25#SH RUN



!

version 12.3




!


!

boot-start-marker

boot-end-marker

!

!

www.CareerCert.info




no aaa new-model

ip subnet-zero

no ip domain lookup

!

ip dhcp pool cisco

network 171.200.20.0 255.255.255.0

!

key chain cisco

key 1

key-string cisco

!

!

!

!

interface Loopback0

ip address 25.25.25.25 255.255.255.255

!

interface Ethernet0

ip address 171.200.200.5 255.255.255.0



no shut

!

interface Ethernet1

ip address 171.21.25.25 255.255.255.0

no shu

!

interface Serial0

no ip address

shutdown

!

interface Serial1

no ip address

shutdown

!

router eigrp 100

network 25.25.25.25 0.0.255.255

network 171.21.25.25 0.0.255.255

network 171.200.200.5 0.0.0.255

auto-summary

!

no ip http server

ip classless

!

www.CareerCert.info




!

!

!

line con 0

exec-timeout 0 0

logging synchronous

line aux 0

line vty 0 4

login

!

end

Sw1

Switch#SH RUN


Current configuration:

!

version 12.0

no service pad




!

hostname Switch

!

!

!

!

!

!

vlan

!

ip subnet-zero

!

!

!


switchport access vlan 234

www.CareerCert.info




switchport mode access

!




!




!


!


!


!


!


!


!


!


!


!

interface VLAN1

no ip directed-broadcast

no ip route-cache

!

!

line con 0

transport input none

stopbits 1

line vty 0 4

login

line vty 5 15

login

!

end

www.CareerCert.info




--------------------------------------------------frame-relay

Frame-relay_Switch#s run


Current configuration:

!

version 11.2

!

hostname Frame-relay_Switch

!

!

frame-relay switching

!

interface Ethernet0

no ip address

shutdown

!

interface Serial0

no ip address


clockrate 64000

frame-relay intf-type dce


frame-relay route 413 interface Serial2 314


!

interface Serial1

no ip address


clockrate 64000





!

interface Serial2

no ip address


clockrate 64000





www.CareerCert.info




!

interface Serial3

no ip address


clockrate 64000



frame-relay lmi-type ansi


!

interface Serial4

no ip address


clockrate 64000




!

interface Serial5

no ip address

shutdown

!

interface Serial6

no ip address

shutdown

!

interface Serial7

no ip address

shutdown

!

interface Serial8

no ip address

shutdown

!

interface Serial9

no ip address

shutdown

!

interface BRI0

no ip address

shutdown

!

no ip classless

!

www.CareerCert.info




line con 0

exec-timeout 0 0

line aux 0

line vty 0 4

login

!

end

www.CareerCert.info




Troubleshooting Q&A:

1. R25 can not ping R22

the ip address in DHCP POOL network command and interface ip address mismatch.

change the network in DHCP pool,Let them in the same network

2. R22 is R23 and R24’s NTP Server, but r23 and r24 can not get right time from r22. The

synchronization between them doesn’t work.

NTP password mismatch

remove ntp password and config it again

3. R15 can not establish ospf neighborhood with R16.

LMI-type mismatch between R15, R16 and Frame-relay switch(one side is cisco and another

side is ansi)

change R15, R16 lmi-type to the same as frame-relay switch

4. R18 can not establish ospf neighborhood with R17.

In Frame-relay switch the route dlci number is wrong

change the dlci number

5. R20 can not ping the routes in R21 RIP process.

OSPF neighorhood have problem, one side config area 2 nssa. also the ip address is wrong

remove area 2 nssa and fix the ip address

6. R9 and R10 want to access R11 go though R8-R7-R11, but now it go though R8-R11, Fix this

problem.

config PBR for it

7. The link between R22 and R3 is PPP and this link enable authentication. The link is down now,

try to find the problem and fix it.

the username between R3 and R22 is wrong

change the username

8. R4 try to use extend ping with size 500bytes and ip precedence5 ping R5, but it doesn’t work.

www.CareerCert.info




On R1,there is rate-limit

rate-limit access-group ACL 8000 2000 ZZZZ conform-action transmit exceed-action drop

change those volume

9. R22 and R15 are CEs, they learn the routs though MPLS VPN, but they can not ping vpn

routes.

R3 and R4 no import router-target; the update-source between R3 and R4 is wrong.

config import router-target on the vrf and change the update-source.


R4 and R6 no import router-target

config import router-target on R4 and R6


On R12, interface connect to R13 is in area 2, area mismatch.

Change it to area 0

www.CareerCert.info




Part 3: CCIE RS LAB

www.CareerCert.info




www.CareerCert.info




LAB Physical Topology

www.CareerCert.info




www.CareerCert.info




www.CareerCert.info




VLAN and IP Address

-vlan 2 name VLAN_BB2


-vlan 11 name VLAN_A

-vlan 13 name VLAN_B


-vlan 22 name VLAN_C

-vlan 24 name VLAN_H

-vlan 44 name VLAN_F

-vlan 45 name VLAN_G

-frame-realy: (R1-R2)

R1: YY.YY.15.242, R2: YY.YY.15.241

-BB1 is 150.1.YY.254/24

-BB2 is 150.2.YY.254/24

-BB3 is 150.3.YY.254/24

Loopback ip address

Host name Loopback 0 interface IP address

Rack YY R1 YY.YY.1.1/32

Rack YYR2 YY.YY.2.2/32




Rack YYSW1 YY.YY.7.7/32



Rack YYSW4 YY.YY.1010/32

Pre-configuration in real exam

Interface IP

F/R MAPING

VTP and VLAN

On R1

En

Config t

Line console 0

Logg syn

Exec-timeout 0

Line vty 0 4

Pass cisco

Hostname Rack YYR1

Unless specified above, all interface else must be 24 bit mask addressing.

www.CareerCert.info




Interface loopback 0

Ip address YY.YY.1.1 255.255.255.255

Interface fa0/0

No ip address

Shutdown

Duplex auto

Speed auto

Interface s0/0/0

No ip address

Shutdown

Clock rate 256000

Interface s0/1/0

Bandwith 128

No ip address

Encap ppp

Shutdown

On R2

En

Config t

Line console 0

Logg syn

Exec-timeout 0

Line vty 0 4

Pass cisco

Hostname Rack YYR2


Ip address YY.YY.2.2 255.255.255.255

Interface fa0/0

No ip address

Shutdown

Duplex auto

Speed auto

Interface fa0/1

No ip address

Shutdown

Duplex auto

www.CareerCert.info




Speed auto

Interface so0/0/0

No ip address

Shutdown

Clockrate 2000000

On R3

En

Configurate T

Line console 0

Logg syn

Exec-tiemout 0

Line vty 0 4

Pass cisco

Hostname RackYYR3

Interface Loopback 0

Ip address YY.YY.3.3 255.255.255.255

Interface fa0/1

Ip address YY.YY.15.193 255.255.255.224

Shutdown

Duplex auto

Speed auto

Interface s0/0/0

Ip address YY.YY.15.245 255.255.255.252

Clcok rate 512000

Encap ppp

Shutdown

On R4

En

Config t

Line console 0

Logg syn

Exec-timeout 0

Line vty 0 4

Pass cisco

Hostname Rack YYR4

Interface YY.YY.4.4 255.255.255.255

www.CareerCert.info




Interface fa0/0

Ip address YY.YY.15.65 255.255.255.224

Shutdown

Duplex auto

Speed auto

Interface fa0/1

Ip address YY.YY.15.33 255.255.255.224

Shutdown

Duplex auto

Speed auto

Interface s0/0/0

Description conn to R1 s0/0/0

Interface s0/1/0

Description conn to R2 s0/0/0

On R5

En

Config t

Line console 0

Logg syn

Exec-timeout 0

Line vty 0 4

Pass cisco

Hostname Rack YYR5


Ip address YY.YY.15.97 255.255.255.224

Shutdown

Duplex auto

Speed auto

Interface s0/0/0

Bandwith 128

Ip address YY.YY.15.250 255.255.255.252

Encap ppp

Interface s0/1/0

Ip address YY.YY.15.246 255.255.255.252

Encap PPP

On sw1

www.CareerCert.info




En

Config t

Line console 0

Logg syn

Exec-timeout 0

Line vty 0 15

Pass cisco

Host RackYYSW1

Vtp mode server

Vtp domain CCIERouting and switching

Vtp password cisco

Vlan 2

Name vlan_BB2

Vlan 3

Name vlan_BB3

Vlan 11

Name vlan_A

Vlan 13

Name vlan_B

Vlan 15

Name vlan_BB1

Vlan 22

Name vlan_C

Vlan 24

Name vlan_H

Vlan 44

Name vlan_F

Vlan 45

Name vlan_G


Ip address YY.YY.7.7 255.255.255.0

Interface fa0/3

Switchport access vlan 3

Switchport mode access

Interface fa0/4

Swithport access vlan 44


www.CareerCert.info




Interface fa0/5


Swithport mode access

Interface fa0/10


Interface range fa0/19-24

Switchport trunk encap dot1q

Switchport mode trunk

On sw2

En

Config t

Line console 0

Logg syn

Exec-timeout 0

Line vty 0 15

Pass cisco

Host RackYYSW2

Vtp mode client

Vtp domain CCIERouting and switching

Vtp password cisco0


Ip address YY.YY.8.8 255.255.255.0

Interface fa0/1



Interface fa0/3

Swithport access vlan 24


Interface fa0/5



Interface fa0/10


www.CareerCert.info








On SW3

En

Config t

Line console 0

Logg syn

Exec-timeout 0

Line-vty 0 15

Pass cisco

Host Rack YYSW3

Vtp mode client

Vtp domain CCIERoutingandSwitching

Vtp password cisco


Ip address YY.YY.9.9 255.255.255.255

Interface fa0/10




Switchport trunk encapsulation dot1q


Interface fa0/24



On SW4

En

Config

Line console 0

Logg syn

Exec-timeout 0

Line vty 0 15

Pass cisco

www.CareerCert.info




Hostname RackYYSW4

Vtp domain CCIERoutingandswitching

Vtp password cisco


Ip address YY.YY.10.10 255.255.255.255




Interface fa0/24



Secession:

Has Pre-configuration on your exam:

Vlan trunking protocol VTP is domain CCIERoutingandswitching+YY

For example,the rack number of 3 would have a VTP domain of 802.1q trunk between all fout

switches

PPP on the serial links between R1 throug R5 and R3 through R5

Section1-lager 2.Technologies

Errors in the initial config

l SW1 vtp domain name is ccieroutingandswitchingyy and the others are

ccieroutingandswitching.

Solution :change SW1 vtp domain name to ccieroutingandswitching

l SW1 VTP password is cisc0 and the others are cisco.

Solution :change SW1 vtp password to cisco

l On SW2 fastethernet0/10 config “switchport backup f0/4”, this command will cause interface

www.CareerCert.info




fasterthernet 0/4 down.

Solution :remove it

1.1 Troubleshoot layer 2 switching

One-two(or four) faults have been injected into the pre-configurations. These issues may impede

a working solution for certain portions of this labs exam and affect any labs exam section. You

must verify that all of your configurations work as expected. If something is not working as

expected then you must fix the underlying problem

Point will be awarded for solving each problem. However, if you fail to solve a particular problem ,

and the injected fault prevents you from having a working solutions of this lab, then you will lose

points for the fault and the lab that is not working

SW1:

Vtp domain ccieroutingandswitching

Vtp password cisco

SW2:

Interface f0/10

No switchport backup f0/4

R1:

Interface s0/0

Ip add 5.5.15.249 255.255.255.252

R3:

Interface s0/1

Ip add 5.5.15.245 255.255.255.252

R5:

www.CareerCert.info



VLAN ID VLAN NAME Router I/F or function port

3 VLAN_BB3 R3 G0/0

11 VLAN_A R1 G0/1

13 VLAN_B R3 G0/1

15 VLAN_BB1 R5 FA0/1

22 VLAN_C

24 VLAN_H R4 F0/1

44 VLAN_F R4 FA0/0

45 VLAN_G R5 FA0/1

Configure all of the appropriate nontrunking access switch ports on sw1,sw2 and sw3, according

to the following requirements

l Configure the VLANS for the access switch ports show as the vlan tables

l Include the ports to BB1,BB2 and BB3

l Configure trunk between sw2 f0/2 and R2 G0/1

l Make sure that the spanning tree enters the forwarding state immediately

l Only for these access switch ports , by passing the listening and learning states

l Avoid transmitting bridge protocol date units(BPDUS)on these access switch prots, if a


Interface s0/0

Ip add 5.5.15.250 255.255.255.252

Interface s0/1

Ip add 5.5.15.246 255.255.255.252

1.2 implement the Access switch parts of the switched neework.

Vlan port assignments are per the following table

2 VLAN_BB2 SW2 F0/10

www.CareerCert.info




BPDU is received on any of these ports, the ports should transition back to the listening,

learning and forward states

l Add any special layer 2 commands that are required that are required on the routers

including trunk configuration

SW1:

Spanning-tree portfast default

Spanning-tree portfast bpdufilter default

Interface fa0/3



Interface fa0/4



Interface fa0/5



Interface fa0/10



Interface vlan 11

Ip address 5.5.15.162 255.255.255.224

Interface vlan 13

www.CareerCert.info




Ip address 5.5.15.194 255.255.255.224

SW2:



Interface fa0/1

Swichport access vlan 11


Interface fa0/2


Switchport trunk allowed vlan 22,24


Interface fa0/3



Interface fa0/4



Interface fa0/5



Interface fa0/10


www.CareerCert.info





Interface vlan 2

Ip address 150.2.5.1 255.255.255.0

Interface vlan 22

Ip address 5.5.15.130 255.255.255.224

SW3:



Interface fa0/10



SW4:



Interface vlan 44

Ip address 5.5.15.66 255.255.255.224

Interface vlan 45

Ip address YY.YY.15.98 255.255.255.224

1.2 Implement frame relay

Use the following requirements to configure R1 and R2 for frame relay and R4 as the frame relay

switch

www.CareerCert.info




l Use ANSL LMH on frame relay switch and auto-sesing on R1 and R2

l Don’t use any static frame relay maps or inverse address resolutions protocol

l Use RFC 1490/RFC2427(IETF)encapsulation

l Use the data-link connection identifier DLCI assignments from the table below

Frame Relay DLCI assignments

ROUTER DLCI assignments

R1 frame-relay interface 100

R2 frame-relay interface 200

R1:

Interface Serial0/1

No ip address

Encapsulation frame-relay

No frame-relay inverse-arp

Frame-relay lmi-type ansi

!

Interface Serial0/1.12 point-to-point

Ip address 5.5.15.242 255.255.255.252

Frame-relay interface-dlci 100 IETF

R2:

Interface Serial0/1

No ip address


No fair-queue

No frame-relay inverse-arp


www.CareerCert.info




!


Ip address 5.5.15.241 255.255.255.252

Frame-relay interface-dlci 200 IETF

R4:

Interface Serial0/0

No ip address


Clockrate 512000


Frame-relay intf-type dce

Frame-relay route 200 interface Serial0/1 100

!

Interface Serial0/1

No ip address


Clockrate 512000


Frame-relay intf-type dce

Frame-relay route 100 interface Serial0/0 200

1.3 Traffic control protection from the backones

configure traffic control on the three backone links, protecting your network from a broadcast

storm. This protection should begin once broadcast traffic is half(50%) avaible bandwith

the port should remain functioning during this time

On SW1—SW3

Interface fa0/10

www.CareerCert.info




Storm-control broadcast level 50

Description:

Storm control prevents traffic on a LAN from begin disrupted by a broadcast

Multicast , or unicast storm on one of the physical interfaces. A vlan storm occurs when packets

flood the lab. Creating excessive traffic and degrading network performance

Specify the rising threshold level for broadcast, multicast,ro unicast traffic as a percentage(up to

two decimal places) of the bandwith. The port blocks traffic when the rising threshold is reached .

the range is 0.00 to 100.00

Sw1:

Interface fastethernet0/10

Storm-control broadcast level 50.00

Sw2:



Sw3:



1.4 Trunking manipulations

Configure the trunk ports between sw1, sw2, sw3 and sw4 according to the following

requirements

l Disable DTP on the six distribution ports for each switch

l Set the list of allowed vlans that can receive and send traffic on these Interfaces in tagged

format, in particular , only allow VLAN 3. 11. 13. 44. 45

SW1/SW2/SW3/SW4:

www.CareerCert.info






Switchport trunk allowed vlan 3,11,13,44,45


Switchport nonegotiate





















www.CareerCert.info









Section II layer 3 technologies

After finishing each of the following questions, make sure that all configured interfaces and

subnets are consistently visible on all pertinent routers and switches

Don’t redistribute between any interior gateway protocol( IGP) and board gateway protocols BGP

You need to ping a bgp route only if it is stated in a question, otherwise the route should be only in

the bgp table

At the end of section 2. All subnets in your topology, including the loopback interface expected

for sw3, must be reachable via ping,

Therefore redistribute as you wish unless directly stated in a question. The backone interface

must be reachable only if they are part of the solution to a question

The loopback interface can be seen as either /24 or /32 in the routing tables unless stated

otherwise in a question

The loopback interfaces can be added into your IGP either via redistribution or added to a routing

process of your choice

2.1 Implement IPV4 OSPF

l Configure open shortest path first ( OSPF)

www.CareerCert.info



Point-to-point 10/40 X

Point-to-multipoint 30/120 X

broadcast 10/40 O

NBMA 30/120 O


l Updates should be advertised only out of the interfaces that are indicated in the IGP topology

diagram

l Don’t manually change the router ID

l Don’t create additional ospf areas

l Configure ospf area 2 such that there are no TYPE5 Advertisements (LSA) in the area, R1

should generate a default route.

l Configure OSPF over frame relay between R1 and R2 choosing a network type that requires

designate router(DR) and backup designate router(BDR) negotiations and has the fatest

recover times

Note

Network type Hello/dead DR

R1:


Ip ospf network broadcast

Ip ospf dead-interval minimal hello-multiplier 20

Router ospf 5

Area 2 nssa default-information-originate

Network 5.5.1.1 0.0.0.0 area 0

Network 5.5.15.161 0.0.0.0 area 0

Network 5.5.15.242 0.0.0.0 area 2

www.CareerCert.info




R3:

Router ospf 5

Network 5.5.3.3 0.0.0.0 area 0

Network 5.5.15.193 0.0.0.0 area 0

SW1:

Router ospf 5

Network 5.5.7.7 0.0.0.0 area 0

Network 5.5.15.162 0.0.0.0 area 0

Network 5.5.15.194 0.0.0.0 area 0

R2:


Ip ospf network broadcast

Ip ospf dead-interval minimal hello-multiplier 20

Router ospf 5

Area 2 nssa

Network 5.5.2.2 0.0.0.0 area 2

Network 5.5.15.129 0.0.0.0 area 2

Network 5.5.15.241 0.0.0.0 area 2

SW2:

Router ospf 5

Area 2 nssa

Network 5.5.8.8 0.0.0.0 area 2

Network 5.5.15.130 0.0.0.0 area 2

www.CareerCert.info




2.2 Implement IPV4 EIGRP

l Configure enchanced interior gateway routing protocol(EIGRP)100 and EIGRP YY per the IGP

topology diagram

l Eigrp updates should be advertise only out to the interface per the IGP topology diagram

l On R1 , redistribute between ospf and eigrp YY. However all of the routes that are indicated

below from backone3 (EIGRP100)should not be redistributed between both protocols

l Use route maps to accomplish this requirement. All route maps should utilize the same

access lists

150.3.YY.0/24

198.198.1.0/30

198.198.4.0/24

198.198.21.0/24

198.198.22.0/24

l On R3, redistrubte from EIGRP 100 into OSPF

l On R3, redistribute from EIGRP 100 into eigrp YY.however three networks 198.2.1.0 198.2.5.0

should be aggregated into a single address with the most specific mask possible

R1:

Router eigrp 5

Redistribute ospf 5 metric 10000 100 255 1 1500 route-map filter

Network 5.5.15.249 0.0.0.0

No auto-summary

Access-list 10 permit 4.1.1.0




www.CareerCert.info






Route-map filter deny 10

Match ip address 10

Route-map filter permit 20

Router ospf 5

Redistribute eigrp 5 subnets route-map filter

R3:

Interface s0/1

Ip summary-address eigrp 5 198.2.0.0 255.255.248.0

Router eigrp 100

Network 150.3.5.1 0.0.0.0

No auto-summary

Router eigrp 5

Redistribute ospf 5 metric 10000 100 255 1 1500

Redistribute eigrp 100

Network 5.5.15.245 0.0.0.0

No auto-summary

Router ospf 5

Redistribute eigrp 100 subnets

Redistribute eigrp 5 subnets

R5:

www.CareerCert.info




Router eigrp 5

Network 5.5.5.5 0.0.0.0

Network 5.5.15.97 0.0.0.0

Network 5.5.15.246 0.0.0.0

Network 5.5.15.250 0.0.0.0

No auto-summary

SW4:

Router eigrp 5

Network 5.5.10.10 0.0.0.0

Network 5.5.15.98 0.0.0.0

No auto-summary

2.3 Implement RIP Version 2

l Configure RIP version 2 (RIP V2) per the IGP topology diagram

l RIP updates should be advertise only out the interface per the IGP topology diagram

l All rip updates should be unicast

l All rip updates must be able to receive and process RIPV1 packets

l Configure RIP and EIGRP on sw4, and mutually resditribute between RIP and ospf on

R2,eigrp learned routes should be preferred over OSPF routes

R2:

Interface Ethernet1/0.24

Ip rip receive version 1 2

Ip rip send version 1 2

Router ospf 5

Redistribute rip subnets

www.CareerCert.info




Router rip

Version 2

Redistribute ospf 5 metric 5 route-map denydefault

Passive-interface default

Network 5.0.0.0

Neighbor 5.5.15.33

No auto-summary

Ip prefix-list default permit 0.0.0.0/0

Route-map denydefault deny 10

Match ip address prefix default

Route-map denydefault permit 20

R4:

Interface Ethernet0/0






Router rip

Version 2


Network 5.0.0.0

Neighbor 5.5.15.66

Neighbor 5.5.15.34

www.CareerCert.info



R4 – G0/1 and R2 – G0/1.Z (VLAN 24) FC01:DB8:74:9::/64 eui-64

R2 – S0/0.Z and R1 – S0/0.Z FC01:DB8:74:A::/64 eui-64

R1 – G0/1 and SW1 – Svi 11 FC01:DB8:74:B::/64 eui-64

l Configure ospfv3 per the IPV6 topology

l Ensure that R4 can ping sw1 using IPV6

R1:


No auto-summary

SW4:

Router eigrp 5

Distance eigrp 90 115

Redistribute rip metric 1000 100 255 1 1500

Router rip

Version 2

Redistribute eigrp 5 metric 1


Network 5.0.0.0

Neighbor 5.5.15.65

No auto-summary

Interface Vlan44



2.4 Implement IPV6

l Internte protocol version 6 ( IPV6) to configure IPV6 unique local unicast address using the

eui-64 interface identifier

www.CareerCert.info




Ipv6 unicast-routing

Ipv6 router ospf 10

Router-id 5.5.1.1


Ipv6 address FC01:DB8:74:B::/64 eui-64

Ipv6 ospf 10 area 1

Interface serial0/0.12

Ipv6 address FC01:DB8:74:A::/64 eui-64

Ipv6 ospf 10 area 1

R2:


Ipv6 router ospf 10

Router-id 5.5.2.2

Interface Ethernet 1/0.24

Ipv6 address FC01:DB8:74:9::/64 eui-64

Ipv6 ospf 10 area 0

Interface serial0/0.21

Ipv6 address FC01:DB8:74:A::/64 eui-64

Ipv6 ospf 10 area 1

R4:


www.CareerCert.info




Ipv6 router ospf 10

Router-id 5.5.4.4


Ipv6 address FC01:DB8:74:9::/64 eui-64

Ipv6 ospf 10 area 0

SW1:

Sdm prefer dual-ipv4-and-ipv6 default


Ipv6 router ospf 10

Router-id 5.5.6.6


Ipv6 address FC01:DB8:74:B::/64 eui-64

Ipv6 ospf 10 area 1

2.5 Implement IPV4 BGP

Referring the BGP routing diagram . Configure BGP with these parameters

l Configure two bgp confederations R1, R3, R5 and sw4 (ASYY1) and R2 and SW2 (ASYY2)

l The confederation peers should neighbor between R1 and R2 and between SW4 and R2

l EBGP: SW2 EBGP peers with the router 150.2.YY.254 on backone 2 in AS 254. This router

advertise five routes with format 197.68.z.0/24 and the AS path 254

l EBGP: R5 EBGP peers with the route 150.1.YY.254 on backone 1 in as 254, this router

advertise five routers with the format 197.68.z.0/24 and the as path 254 253

l The bgp devices should all prefer the path through R5 (150.1.yy.254) for network

197.68.21.0/24 and 197.68.22.0/24 The internal board gateway protocol (IBGP) devices should

www.CareerCert.info




all prefer the path through sw2 (150.2.yy.254) for network 197.68.1.0/24 197.68.4.0/24 and

197.68.5.0/24 this manipulation should be accomplished only on one router using route maps

that refer to a single access list

l Configure only the loopback 0 ip address to propagate BGP route information

l BGP routes should be advertised to AS 254

R1:

Router bgp 52

No synchronization

Bgp router-id 5.5.1.1

Bgp log-neighbor-changes

Bgp confederation identifier 5

Bgp confederation peers 51

Neighbor 5.5.2.2 remote-as 51

Neighbor 5.5.2.2 ebgp-multihop 255

Neighbor 5.5.2.2 update-source Loopback0



No auto-summary

R2:

Router bgp 51

No synchronization







www.CareerCert.info










No auto-summary

R3:

Router bgp 52

No synchronization






No auto-summary

R5:

Router bgp 52

No synchronization




Neighbor as52 peer-group

Neighbor as52 remote-as 52

Neighbor as52 update-source Loopback0

Neighbor as52 route-reflector-client

Neighbor as52 next-hop-self

www.CareerCert.info




Neighbor 5.5.1.1 peer-group as52




Neighbor 150.1.5.254 route-map loc in

No auto-summary

Access-list 5 permit 197.68.21.0 0.0.0.255

Access-list 5 permit 197.68.22.0 0.0.0.255

Route-map loc permit 10

Match ip address 5

Set local-preference 110

Route-map loc permit 20

Set local-preference 90

SW2:

Router bgp 51

No synchronization






Neighbor 5.5.2.2 next-hop-self


No auto-summary

SW4:

www.CareerCert.info




Router bgp 52

No synchronization










No auto-summary

SETION III IP multicast

3.1 implement PIM spares mode for IPV6 multicast

Enable pim sparse mode ( pim-sm) on the lan between R4-fa0/1 and R2-Gi0/1, R1 G0/1 and SW1

Svi, and on the WAN link between R2 and R1, Using these criteria

l Configure R4-fa0/1 to be the redezvous point (RP) for the FF08::4000:4000 multicast group

no other groups should be permited

R1:

Ipv6 cef

Ipv6 multicast-routing

Ipv6 pim rp-address R4’G0/1_IPV6_address multicast

Ipv6 access-list multicast

www.CareerCert.info




Permit ipv6 host FF08::4000:4000 any

R2:

Ipv6 cef





R4:

Ipv6 cef





SW1:

Ipv6 cef





www.CareerCert.info




3.2 multicast joins

l Configure R2 s0/0/0.Z as an ipv6 receiver for the multicast group FF08::4000:4000

l R2 should be able to ping the multicast group FF08::4000:4000

R2:

Interface s0/0/0.Z

Ipv6 mld join-group FF08::4000:4000

4.1 secure HTTP access

Enable secure HTTP access for R5. Enable authentication using the list "HTTP" which utilizes

local user authentication. Configure two different users for access to R5; the user

cisco(password'cisco'), who only has privilege 1 access to R5; and the user

ADMIN(password'cisco')who has privilege 15 access to R5.

R5:

Aaa new-model

Aaa authentication login HTTP local

Aaa authorization exec HTTP local

Username cisco privilege 1 password cisco

Username ADMIN privilege 15 password CISCO

Ip http secure-server

Ip http authentication aaa login-authentication HTTP

Ip http authentication aaa exec-authorization HTTP

4.2 secure the WAN PPP LINKS

Configure challenge handshake atuthentication protocol(CHAP)on R5 for the link to R1 and R3,

www.CareerCert.info




according to the following requirements

l An authentication, authorization, and according (AAA) list named R1 and R3 for R1 and R3

respectively

l Authentication for R1 should first try the radius server 198.2.3.128 using a key of cisco and

fall back to local login in the event of a failure to connect to the radius server

l R1 should present itself to R5 as RACKYYR1 with a shared password cisco,

l Authentication for R3 should first try the TACAS server 198.2.3.129 using a key of cisco and

fall back to local login in the event of a failure to connect to the TACAS server

l R3 should present itself to R5 as BACKUP with a shared password of CISCO

R5:

Aaa new-model

Aaa authentication ppp R1 group radius local

Aaa authentication ppp R3 group tacacs+ local

Username rackyyr1 password cisco

Username BACKUP password CISCO

Radius-server host 198.2.5.128 key cisco

Tacacs-server host 198.2.5.129 key cisco

Interface s0/0

Ppp authentication chap R1

Interface s0/1

Ppp authentication chap R3

R1:

Aaa new-model

Aaa authentication ppp R1 group radius local

Radius-server host 198.2.5.128 key cisco

www.CareerCert.info




Interface s0/0

Ppp chap hostname rackyyr1

Ppp chap password cisco

R3:

Aaa new-model

Aaa authentication ppp R1 group tacacs+local

Tacacs-server host 198.2.5.129 key cisco

Interface s0/1

Ppp chap hostname BACKUP

Ppp chap password CISCO

4.3 MQC-Based frame-relay traffic shaping

On R2, Configure parent class-default commited information rate(CIR) as 64kb, when no

backward explicit congestion notification(BECNS) are present and 32kb when BECNS are present

Differenatiate between voice packets which should receive a guaranteed bandwith of 40 percent

and data which should receive a guarantedd bandwith of 35 percent

Voice packets are marked as expedited forwarding (EF)

Class 1 or 2(AF11 OR AF21) Enable class-based weighted fair queuing (CBWFQ) for child

class-default

R2:

Class-map match-all DATA

Match ip dscp af11 af21

www.CareerCert.info




Class-map match-all VOICE

Match ip dscp ef

Policy-map CBWFQ

Class VOICE

Priority percent 40

Class DATA

Bandwidth percent 35

Policy-map MQC

Class class-default

Shape average 64000

Shape adaptive 32000

Service-policy CBWFQ

Map-class frame-relay FR

Service-policy output MQC

Int ser0/0.21

Frame-relay interface-dlci 200

Class FR

4.4 autoqos over PPP

To 4.3 continue to address voip quality of service (QOS) by configuring cisco autoqos over PPP

link between R1 and R5

R1:

Interface s0/0

Auto qos voip trust

www.CareerCert.info




R5:

Interface s0/0

Auto qos voip trust

4.5 First Hop Redundancy

To facilitate load balancing and backup for hosts off of VLAN_H, configure GLBP on VLAN_H, Use

any group number. R4 should have the higher priority with the ability for R2 to assume control if

the priority of R4 decreases. Use MD5 authentication to protect the GLBP group. Use the

key-string 'cisco'. Configure the IP yy.yy.35.35 as your GLBP virtual address.

R2:

Interface Ethernet0/1.24

Glbp 1 ip YY.YY.15.35

Glbp 1 preempt

Glbp 1 authentication md5 key-string cisco

R4:


Glbp 1 ip YY.YY.15.35

Glbp 1 priority 105

Glbp 1 preempt

Glbp 1 authentication md5 key-string cisco

4.6 polled and broadcast NTP

Enable network time protocol (NTP) on R2,R3 and R4 according to the following requirement

l R2 should act as an NTP server to R3

l R4 should provide broadcast NTP updates only to VLAN_H

l The hardware clocks on R2,R3 and R4 should be updated by the sofeware clock

www.CareerCert.info




l R4 should use loopback 0 as the source address

l Absent an external time server, R4 should use its own system clock to synchronize R2 and

R3

l Set the clock on R4 as 8:00 am (08:00),January 1 2000

l Ultimately, the clocks on R2,R3 and R4 should be in synchronized

R4:

Clock set 8:00:00 1 jan 2000

Ntp master 2

Ntp update-calendar

Interface e0/1

Ntp broadcast

R2:

Ntp server 5.5.4.4

Ntp server 5.5.4.4 source loopback 0

Ntp update-calendar

Interface e0/1.24

Ntp broadcast client

R3:

Ntp server 5.5.4.4

Ntp server 5.5.4.4 source loopback 0

Ntp update-calendar

4.7 DHCP server

Configure R1 as DHCP server with the following requirement

www.CareerCert.info




l Hosts off VLANS C,H,A and B should be able to assigned address from R1 using DHCP

l Address off of the subnets for VLAN_C,H,Aand B should be aviable to R1 for distribution

l All other YY.YY.15.Z subnet ranges should not be avaible to R1 for use.

l Use the loopback 0 address of R1 for all connections

l Configure the domain name as passccielab.com, the DNS server as YY.YY.15.163, and the

NETBIO server as YY.YY.15.164. These options must be configured only one time

l Each address lease should be valid for only one day

l Each DHCP client should be provided a default router address of a locally connected router

R1:

Ip forward-protocol udp bootpc

Ip dhcp excluded-address 5.5.15.161 5.5.15.162




Ip dhcp pool VLAN_A

Network 5.5.15.160 255.255.255.224

Domain-name passccielab.com

Dns-server 198.2.3.163

Netbios-name-server 198.2.3.165

Default-router 5.5.15.161

Lease 1

Ip dhcp pool VLAN_B

Network 5.5.15.192 255.255.255.224



www.CareerCert.info






Lease 1

Ip dhcp pool VLAN_C

Network 5.5.15.128 255.255.255.224





Lease 1

Ip dhcp pool VLAN_H

Network 5.5.15.32 255.255.255.224




Lease 1

R2:


Interface e0/1.24

Ip helper-address 1.1.1.1

Interface e0/1.22


R4:


www.CareerCert.info




Interface e0/1


SW2:


Interface vlan 22


R3:


Interface e0/1


SW1:


Interface vlan 11


Interface vlan 13


Section V. Optimize the network

5.1 Netflow data export

Configure netflow on R4 to according to the following requirement

www.CareerCert.info




source should be VLAN_H

Export all data to 198.2.5.10

Use UDP port 9991 for exporting

Use netflow version 9 only

R2:

Ip flow-export source e0/1.24

Ip flow-export destination 198.2.5.10 9991

Ip flow-export version 9

5.2 Embedded event manager monitor of cpu

Configure three different event manager applets on R3 acconding to the following requirements:

l If the 5 min CPU value(cpmcputotal5minrev) goes above 60 percent, the first 10 lines of the

show processes cpu command output should be emailed to [email protected]

from [email protected] with a subject of "cpualert5min" using the mail server

198.2.5.10 Polling should be every 60 seconds

R3:

Event manager applet CPU

Event snmp oid "xxx" get-type exact entry-op ge entry-val "60" poll-interval 60000

Action 1.0 cli command enable

Action 2.0 cli command "show process cpu | include ^___[1-9]|^__10"

Action 3.0 mail server 198.2.5.10 to [email protected] from [email protected]

subject cpualert5min body $_cli_result

5.3 TFTP SERVER

Configure R3 as a TFTP server with the following requirements

l R4 should be able to copy the file TEST from the flash memory of R3

l No other files should be aviable from R3

l No other devices should be able to copy the files TEST from R3

Note: You do not need to create the TEST file on R3 or attempt to make a actual copy

www.CareerCert.info




R3:

Access-list 4 permit YY.YY.4.4



Tftp-server flash:TEST 4

www.CareerCert.info


Documents

CCIE R&S Advanced Lab Workbook Vol1