8/22/2019 K6 OLD.pdf
1/24
K6 OLD SOLUTION BOOK
CCIE SOLDIER1.2 Implement Access Switch Ports of Switched Network
SW1
vtp domain CCIE
vtp password ciscovtp version 2
vtp mode server
SW2 SW3 SW4
vtp domain CCIE
vtp password ciscovtp version 2
vtp mode client
SW1 SW2 SW3 SW4
spanning-tree portfast defaultspanning-tree portfast bpduguard defaultinterface fa0/10
spanning-tree bpduguard disablespanning-tree bpdufilter enable
Note : Remember to configure the backbone interface before configuring theportfast defaultandportfast
bpduguard defaultglobally... as otherwise those interface would go to err-disabled state...
8/22/2019 K6 OLD.pdf
2/24
1.3 Spanning-Tree Domains for Switched Network
On SW1, SW2, SW3, SW4
spanning-tree mode mst
spanning-tree mst configuration
instance 1 vlan 11, 22, 33
instance 2 vlan 42, 44, 55, 123, 999
exit
spanning-tree mst max-age 30SW1spanning-tree mst 1 root primaryspanning-tree mst 2 root secondarySW2spanning-tree mst 2 root primaryspanning-tree mst 1 root secondary
1.4 Switch Trunking and Ether Channel
SW1, SW2, SW3, SW4interface range fastethernet 0/19-24switchport trunk encapsulation dot1qswitchport mode trunkSW1
interface range fa0/23-24
channel-group 1 mode active
SW2
interface range fa0/23-24
channel-group 1 mode passive
SW3
interface range fa0/23-24
channel-group 1 mode desirable
8/22/2019 K6 OLD.pdf
3/24
SW4
interface range fa0/23-24
channel-group 1 mode auto
1.5 Spanning-Tree Tuning
On SW1
interface fastethernet 0/19
spanning-tree mst 1 port-priority 240
On SW2
interface fastethernet 0/19spanning-tree mst 2 port-priority 240
1.6 RSPAN
SW1
vlan 999
remote-span
monitor session 1 source vlan 11 , 22 rx
monitor session 1 destination remote vlan 999
SW2
monitor session 1 source vlan 11 , 22 rx
monitor session 1 destination remote vlan 999
SW4
monitor session 1 source remote vlan 999
monitor session 1 destination interface fastEthernet 0/15
monitor session 2 source interface port-channel 34 both
monitor session 2 destination interface fastEthernet 0/16
interface range f0/15-16
no shutdown
8/22/2019 K6 OLD.pdf
4/24
1.7 PPP & CHAP
On R4
aaa new-model
aaa authentication login default line /* none required at the end only if no line password is configured */
aaa authentication ppp default group radius local-case
radius host YY.YY.44.200 key CISCO
username password 0 CCIE
username password 0 CCIE
interface s0/0/0 /* interface facing R1 */
encapsulation ppp
ppp authentication chap default
interface s0/1/0 /* interface facing R2 */
encapsulation ppp
ppp authentication chap default
On R1 & R2
interface s0/0/0 /* interface facing R4
encapsulation ppp
ppp chap password 0 CCIE
Note: If the question says to use AAA list name R1 and R2 for authenticating R1 and R2 respectively, use the
below configuration
On R4
aaa new-model
aaa authentication login default line /* none required at the end only if no line password is configured */
aaa authentication ppp R1 group radius local-case
aaa authentication ppp R2 group radius local-case
radius host YY.YY.44.200 key CISCO
username password 0 CCIE
username password 0 CCIE
interface s0/0/0 /* interface facing R1 */
8/22/2019 K6 OLD.pdf
5/24
encapsulation ppp
ppp authentication chap R1
interface s0/1/0 /* interface facing R2 */
encapsulation ppp
ppp authentication chap R2
On R1 & R2
interface s0/0/0 /* interface facing R4 */
encapsulation ppp
ppp chap password 0 CCIE
Section 2 Layer 3 Technologies
2.1 Configure OSPF Area 0, 142 and 51 as per diagram
R1
router ospf YY
router-id YY.YY.1.1
network YY.YY.1.1 0.0.0.0 area 142
network YY.YY.14.1 0.0.0.0 area 142
network YY.YY.17.1 0.0.0.0 area 142
R2
router ospf YY
router-id YY.YY.2.2
network YY.YY.24.2 0.0.0.0 area 142
network YY.YY.42.2 0.0.0.0 area 142
redistribute connected subnets route-map EXT
route-map EXT
match interface fastethernet 0/1
R3
router ospf YY
router-id YY.YY.3.3
network YY.YY.3.3 0.0.0.0 area 51
network YY.YY.35.3 0.0.0.0 area 51
8/22/2019 K6 OLD.pdf
6/24
R4
router ospf YY
router-id YY.YY.4.4
network YY.YY.4.4 0.0.0.0 area 142network YY.YY.14.4 0.0.0.0 area 142
network YY.YY.24.4 0.0.0.0 area 142
network YY.YY.44.4 0.0.0.0 area 142
R5
router ospf YY
router-id YY.YY.5.5
network YY.YY.5.5 0.0.0.0 area 51
network YY.YY.35.5 0.0.0.0 area 51
network YY.YY.55.5 0.0.0.0 area 51
SW1
ip routing
router ospf YY
router-id YY.YY.7.7
network YY.YY.7.7 0.0.0.0 area 0
network YY.YY.123.7 0.0.0.0 area 0
network YY.YY.17.7 0.0.0.0 area 142
interface vlan 123
ip ospf priority 255
SW2
ip routing
router ospf YY
router-id YY.YY.8.8
network YY.YY.8.8 0.0.0.0 area 0
network YY.YY.123.8 0.0.0.0 area 0network YY.YY.55.8 0.0.0.0 area 51
interface vlan 123
ip ospf priority 254
SW3
8/22/2019 K6 OLD.pdf
7/24
ip routing
router ospf YY
router-id YY.YY.9.9
network YY.YY.9.9 0.0.0.0 area 0network YY.YY.123.9 0.0.0.0 area 0
SW4
ip routing
router ospf YY
router-id YY.YY.10.10
network YY.YY.10.10 0.0.0.0 area 0
network YY.YY.123.10 0.0.0.0 area 0
network YY.YY.42.10 0.0.0.0 area 142
2.2 Implement IPv4 EIGRP
SW2
router eigrp 100
no auto-summary
network 150.3.YY.1 0.0.0.0
2.3 Implement RIP Version 2
R3
router rip
version 2
passive-interface default
no passive-interface f0/0 /* interface facing BB1
neighbor 150.1.YY.254
network 150.1.0.0
distribute-list 1 in fastethernet 0/0 /* interface facing BB1 */
no auto-summary
access-list 1 permit 199.172.5.0 0.0.10.0
8/22/2019 K6 OLD.pdf
8/24
2.4 Redistribute RIP into OSPF
R3
access-list 2 permit 199.172.5.0 0.0.2.0
route-map RIP permit 10
match ip address 2
set metric-type type-1
route-map RIP permit 20
set metric 30
router ospf YY
redistribute rip subnets route-map RIP
area 51 nssa
R5
router ospf YY
area 51 nssa
SW2
router ospf YY
area 51 nssa
2.5 Redistribute EIGRP into OSPF
router ospf YY
redistribute eigrp 100 subnets
area 51 nssa no-summary no-redistribution
8/22/2019 K6 OLD.pdf
9/24
2.6 Implement IPv4 BGP
R1 / R2 / R3 / R5
router bgp YY
bgp router-id YY.YY.X.X
neighbor YY.YY.8.8 remote-as YY
neighbor YY.YY.8.8 update-source loopback0
neighbor YY.YY.8.8 send-community ------> you don't need this command on R1, R5 since there is no
community on them to send it .. only on the routers facing the BB and on the route-reflector
SW2
router bgp YY
bgp router-id YY.YY.X.X
neighbor YY.YY.1.1 remote-as YYneighbor YY.YY.1.1 update-source loopback 0
neighbor YY.YY.1.1 route-reflector-client
neighbor YY.YY.1.1 send-community
neighbor YY.YY.2.2 remote-as YY
neighbor YY.YY.2.2 update-source loopback 0
neighbor YY.YY.2.2 route-reflector-client
neighbor YY.YY.2.2 send-community
neighbor YY.YY.3.3 remote-as YY
neighbor YY.YY.3.3 update-source loopback 0
neighbor YY.YY.3.3 route-reflector-client
neighbor YY.YY.3.3 send-community
neighbor YY.YY.5.5 remote-as YY
neighbor YY.YY.5.5 update-source loopback 0
neighbor YY.YY.5.5 route-reflector-client
neighbor YY.YY.5.5 send-community
R2
neighbor 150.2.YY.254 remote-as 254
neighbor 150.2.YY.254 send-communityneighbor 150.2.YY.254 route-map BB2 in
route-map BB2
set community 104 208 additive
R3
8/22/2019 K6 OLD.pdf
10/24
neighbor 150.1.YY.254 remote-as 254
neighbor 150.1.YY.254 route-map BB1 in
neighbor 150.1.YY.254 send-community
route-map BB1
set local-preference 200set community 103 207 additive
NOTE: if the question saying something like: you have to use the least command for the route-reflector .. then
you should make the Peer group
2.7 Implement Performance Routing
on R1/2/4
key chain PFR
key 1
key-string cisco
on R1/2
pfr border
local Loopback0
master yy.yy.4.4 key-chain PFR
active-probe address source interface Loopback0
on R1interface Tunnel12
ip address 12.12.12.1 255.255.255.252
tunnel source Loopback0
tunnel destination yy.yy.2.2
on R2
interface Tunnel12
ip address 12.12.12.2 255.255.255.252
tunnel source Loopback0
tunnel destination yy.yy.1.1
on sw2
router bgp yy
network yy.yy.55.0 mask 255.255.255.0 route-map COMM
route-map COMM permit 10
set community no-export
8/22/2019 K6 OLD.pdf
11/24
on R5
ip sla responder
on r4
pfr master
policy-rules PFR
no max-range-utilization
logging
!
border yy.yy.2.2 key-chain PFR
interface Serial0/0/0 internal
interface Tunnel12 internal
interface fastEthernet0/0 external
link-group R2
!border yy.yy.1.1 key-chain PFR
interface Tunnel12 internal
interface Serial0/0/0 internal
interface fastEthernet0/0 external
link-group R1
!
periodic 90
no resolve range
no resolve utilization
learn
periodic-interval 0
monitor-period 1
pfr-map PFR 10
match traffic-class access-list CS2
set mode route control
set mode select-exit good
set mode monitor active
set active-probe echo yy.yy.55.5set link-group R1
!
pfr-map PFR 20
match traffic-class access-list CS4
set mode route control
set mode select-exit good
set mode monitor active
8/22/2019 K6 OLD.pdf
12/24
set active-probe echo yy.yy.55.5
set link-group R2
ip access-list extended CS2
permit ip yy.yy.44.0 0.0.0.255 yy.yy.55.0 0.0.0.255 dscp cs2
ip access-list extended CS4
permit ip yy.yy.44.0 0.0.0.255 yy.yy.55.0 0.0.0.255 dscp cs4
2.8 Implement Performance Routing -2
on R4
ip access-list extended VOICE
permit udp yy.yy.44.0 0.0.0.255 yy.yy.55.0 0.0.0.255 range 16384 32768 dscp ef
pfr-map PFR 30
match traffic-class access-list VOICE
set delay threshold 40
set mode route control
set mode select-exit good
set mode monitor fast
set jitter threshold 5
set active-probe jitter yy.yy.55.5 target-port 32767
set probe frequency 2
2.9 Implement IPv6
R1
ipv6 unicast-routing
ipv6 cef
ipv6 router ospf YY
router-id YY.YY.1.1
interface Serial 0/0/0
ipv6 address fec1:cc1e:14::1/64
ipv6 ospf YY area 142
interface fastethernet 0/0
8/22/2019 K6 OLD.pdf
13/24
ipv6 address fec1:cc1e:17::1/64
ipv6 ospf YY area 142
R2
ipv6 unicast-routingipv6 cef
ipv6 router ospf YY
router-id YY.YY.2.2
interface Serial 0/0/0
ipv6 address fec1:cc1e:24::2/64
ipv6 ospf YY area 142
interface FastEthernet 0/0
ipv6 address fec1:cc1e:42::2/64ipv6 ospf YY area 142
R3
ipv6 unicast-routing
ipv6 cef
ipv6 router ospf YY
router id YY.YY.3.3
interface Serial 0/0/0ipv6 address fec1:cc1e:35::3/64
ipv6 ospr YY area 51
R4
ipv6 unicast-routing
ipv6 cef
ipv6 router ospf YY
router-id YY.YY.4.4
interface fastethernet 0/1
ipv6 address fec1:cc1e:44::4/64
ipv6 ospf YY area 142
interface Serial 0/0/0
ipv6 address fec1:cc1e:14::4/64
ipv6 ospf YY area 142
8/22/2019 K6 OLD.pdf
14/24
interface serial 0/0/1
ipv6 address fec1:cc1e:24::4/64
ipv6 ospf YY area 142
R5
ipv6 unicast-routing
ipv6 cef
ipv6 router ospf YY
router-id YY.YY.5.5
interface Serial 0/0/1
ipv6 address fec1:cc1e:35::5/64
ipv6 ospf YY area 51
interface FastEthernet 0/0
ipv6 address fec1:cc1e:58::5/64
ipv6 ospf YY area 51
SW1
sdm prefer dual-ipv4-and-ipv6 default
ipv6 unicast-routing
ipv6 cef
ipv6 router ospf YY
router-id YY.YY.7.7
interface fastethernet 0/1
ipv6 address fec1:cc1e:17::7/64
ipv6 ospf YY area 142
interface vlan 123
ipv6 address fec1:cc1e:123::7/64
ipv6 ospf YY area 0
ipv6 ospf priority 255
SW2
sdm prefer dual-ipv4-and-ipv6 default
ipv6 unicast-routing
ipv6 cef
8/22/2019 K6 OLD.pdf
15/24
ipv6 router ospf YY
router-id YY.YY.8.8
redistribute connected route-map loopback8
interface vlan 55ipv6 address fec1:cc1e:58::8/64
ipv6 ospf YY area 51
interface vlan 123
ipv6 address fec1:cc1e:123::8/64
ipv6 ospf YY area 0
ipv6 ospf priority 254
interface loopback 8
ipv6 address 2011:cc1e:88:88:88::88/128
route-map loopback8 permit 10
match interface loopback8
SW3
sdm prefer dual-ipv4-and-ipv6 default
ipv6 unicast-routing
ipv6 cef
ipv6 router ospf YYrouter-id YY.YY.9.9
interface vlan 123
ipv6 address fec1:cc1e:123::9/64
ipv6 ospf YY area 0
ipv6 ospf priority 0
SW4
sdm prefer dual-ipv4-and-ipv6 default
ipv6 unicast-routing
ipv6 cef
ipv6 router ospf YY
router-id YY.YY.10.10
8/22/2019 K6 OLD.pdf
16/24
interface vlan 42
ipv6 address fec1:cc1e:42::10/64
ipv6 ospf YY area 142
interface vlan 123
ipv6 address fec1:cc1e:123::10/64ipv6 ospf YY area 0
ipv6 ospf priority 0
R1/ R2 /R4 /SW1 /SW4
ipv6 router ospf YY
area 142 nssa
2.10 Implement Advanced IPv6 feature
ipv6 cef
ipv6 flow-export version 9
ipv6 flow-export source Loopback0
ipv6 flow-export template timeout-rate 2
ipv6 flow-export destination yy.yy.44.100 9876
ipv6 flow-aggregation cache protocol-port
cache entries 20000
cache timeout inactive 180
export version 9
export template timeout-rate 2
export destination yy.yy.44.100 9876
enabled
!
interface FastEthernet0/0
ipv6 flow egress
Section 3 IP Multicast
3.1 IPv4 Multicast
R1
ip multicast-routing
interface loopback0
ip pim sparse-mode
8/22/2019 K6 OLD.pdf
17/24
interface serial0/0/0
ip pim sparse-mode
interface fastethernet 0/0
ip pim sparse-mode
ip pim rp-candidate loopback0 priority 254
R2
ip multicast-routing
interface loopback0
ip pim sparse-mode
interface serial0/0/0
ip pim sparse-mode
interface fastethernet 0/1
ip pim sparse-mode
ip pim rp-candidate loopback0 priority 255
R4
ip multicast-routing
interface loopback0
ip pim sparse-mode
interface serial0/0/0
ip pim sparse-mode
interface serial0/0/1
ip pim sparse-mode
interface fastethernet0/0ip pim sparse-mode
ip pim bsr-candidate loopback0
SW1
ip multicast-routing distributrd
8/22/2019 K6 OLD.pdf
18/24
interface loopback0
ip pim sparse-mode
interface fastethernet0/1
ip pim sparse-mode
interface vlan 123
ip pim sparse-mode
SW2
ip multicast-routing distributrd
interface loopback0
ip pim sparse-mode
interface vlan 123
ip pim sparse-mode
interface vlan 33
ip pim sparse-mode
ip igmp join-group 239.YY.YY.1
SW3
ip multicast-routing distributrd
interface loopback0
ip pim sparse-mode
interface vlan 123
ip pim sparse-mode
SW4
ip multicast-routing distributrd
interface loopback0ip pim sparse-mode
interface vlan 42
ip pim sparse-mode
interface vlan 123
ip pim sparse-mode
8/22/2019 K6 OLD.pdf
19/24
3.2 PIM Tuning
SW1
interface vlan 123
ip pim dr-priority
SW4
interface vlan 123
ip pim dr-priority
Section 4 Advanced Services
4.1 Network Address Translations (NAT)
SW1
interface loopback100
ip address 100.100.17.7 255.255.255.0ip route 100.100.42.0 255.255.255.0 YY.YY.17.1
R1
ip route 100.100.42.0 255.255.255.0 YY.YY.14.4
SW4
interface loopback100
ip address 100.100.42.10 255.255.255.0
ip route 100.100.17.0 255.255.255.0 YY.YY.42.2
R2
ip route 100.100.17.0 255.255.255.0 YY.YY.24.4
R4
8/22/2019 K6 OLD.pdf
20/24
interface serial0/0/0
ip nat outside
interface serial0/0/1
ip nat outside
ip nat inside source static YY.YY.17.7 100.100.17.7
ip nat inside source static YY.YY.42.10 100.100.42.10
4.2 MLS QoS
SW1 SW2 SW3 SW4
mls qos
mls qos srr-queue input cos-map queue 1 1 /* Default */mls qos srr-queue input cos-map queue 2 5 --> you have to put it
mls qos srr-queue input threshold 1 40 100
mls qos srr-queue input threshold 2 100 100 /* Default */
interface range fastethernet 0/19 24
mls qos trust cos
SW1
interface range fastethernet 0/1 5
mls qos cos 1
mls qos trust cos
4.3 QoS Class Based Weighted Fair Queuing (CBWFQ)
R2
class-map BB2
match input-interface f0/1 --> interface facing the BB2
policy-map CBWFQclass BB2
bandwidth 10000
interface fastethernet0/0
service-policy output CBWFQ
8/22/2019 K6 OLD.pdf
21/24
R3
class-map BB1
match input-interface f0/0 --> interface facing the BB1
policy-map CBWFQclass BB1
bandwidth 1000
interface serial0/0/0
service-policy output CBWFQ
4.4 Implement Routing Protocol Authentication
SW1 SW2 SW3 SW4
no service password-encryption
interface vlan 123
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco
4.5 Implement DHCP
R4
Service DHCP
ip dhcp pool POOL
network YY.YY.44.0 255.255.255.0
default-router YY.YY.44.4
dns-server YY.YY.55.50 YY.YY.55.51
domain-name cisco.com
ip dhcp excluded-address YY.YY.44.4 /* Interface fastethernet 0/0 */
ip dhcp excluded-address YY.YY.44.100 /* Printer IP Address Statically configured ... Also the IPv6
Netflow Server IP Address */ip dhcp excluded-address YY.YY.44.200 /* Radius Server */
On SW1
ip dhcp snoopingip dhcp snooping vlan 44
8/22/2019 K6 OLD.pdf
22/24
no ip dhcp snooping information option
interface fastethernet0/4
switchport mode access
switchport access vlan 44
ip dhcp snooping trust
interface fastethernet0/14
switchport mode access
switchport access vlan 44
switchport port-security
switchport port-security maximum 3
switchport port-security violation shutdown /* Shutdown the port when violation occurred*/
ip dhcp snooping limit rate 100
no shutdown
4.6 Implement Layer 2 Security
ip dhcp snooping binding abcd.abcd.abcd vlan 44 YY.YY.44.100 interface fastEthernet 0/14 expiry
4294967295
ip dhcp snooping verify mac-address /*Default */
ip dhcp snooping database flash:CCIE.TXT
ip arp inspection vlan 44
interface f0/4ip arp inspection trust
inter f0/14
ip verify source
no shutdown /* dont forget this */
exit
4.7 Web Caching Communication Protocol (WCCP)
R4
ip wccp ver 2 --> dont need this, its default and you can check it by show ip wccp
8/22/2019 K6 OLD.pdf
23/24
ip wccp 61
ip wccp 62ip wccp check services all
interface serial 0/0
ip wccp 61 redirect in
ip wccp 62 redirect out
interface serial 0/1
ip wccp 61 redirect in
ip wccp 62 redirect out
interface fastethernet 0/1
ip wccp redirect exclude in
Section 5 Optimize the Network
5.1 Implement SNMPR5
snmp-server community CiscoWorks RW 55
snmp-server enable traps bgp
snmp-server host YY.YY.55.240 CiscoWorks bgp
access-list 55 permit host YY.YY.55.240
5.2 Embedded Event Manager
R3
logging on
logging consolearchive
log config
logging enable
event manager applet CONF_CHANGE
event syslog pattern ".*SYS-5-CONFIG_I.*"
action 1.0 cli command "enable"
8/22/2019 K6 OLD.pdf
24/24
action 2.0 cli command "show clock | append flash:ConfSave.txt"
action 3.0 syslog Priority informational msg "Configuration changed"