Vous êtes sur la page 1sur 230

CCIE R/S Lab Bootcamp Workbook

Authored By:

Khawar Butt
CCIE # 12353
(R/S, Security, SP, Voice) CCIE R/S Lab Bootcamp Workbook

Netmetric Solutions
http://www.netmetric-solutions.com

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
1 of 230
Module 1 – Frame Relay

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
2 of 230
Lab 1 – Hub-n-Spoke using Frame-relay map
statements

R1

R2
R4
Frame-Relay

R3

IP addressing and DLCI information Chart


Routers IP address Local DLCI Connecting to:
R1 S0/0: 192.1.234.1/24 102 R2
103 R3
104 R4
R2 S0/0: 192.1.234.2 /24 201 R1

R3 S0/0: 192.1.234.3 /24 301 R1

R4 S0/0: 192.1.234.4 /24 401 R1

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
3 of 230
Task 1

Configure the frame-relay cloud in a hub and spoke topology using frame-relay map
statements. The frame-relay switch is configured in a full mesh; these routers should
NOT reply to inverse-arp inquiries.

R1 R2

Int S0/0 Int S0/0


Ip address 192.1.234.1 255.255.255.0 Ip address 192.1.234.2 255.255.255.0
Encapsulation frame Encapsulation frame
Frame-relay map ip 192.1.234.2 102 b Frame-relay map ip 192.1.234.1 201 b
Frame-relay map ip 192.1.234.3 103 b No frame-relay inverse-arp
Frame-relay map ip 192.1.234.4 104 b No shut
No frame-relay inverse-arp
No shut
R3 R4

Int s0/0 Int s0/0


Ip address 192.1.234.3 255.255.255.0 Ip address 192.1.234.4 255.255.255.0
Encapsulation frame Encapsulation frame
Frame-relay map ip 192.1.234.1 301 b Frame-relay map ip 192.1.234.1 401 b
No frame-relay inverse-arp No frame-relay inverse-arp
No shut No shut

Task 2

Ensure that every router can ping every address connected to the frame-relay cloud
including their own.

R1 R2

Int S0/0 Int S0/0


Frame-relay map ip 192.1.234.1 102 Frame-relay map ip 192.1.234.3 201
Frame-relay map ip 192.1.234.4 201
Frame-relay map ip 192.1.234.2 201
R3 R4

Int S0/0 Int S0/0


Frame-relay map ip 192.1.234.2 301 Frame-relay map ip 192.1.234.2 401
Frame-relay map ip 192.1.234.4 301 Frame-relay map ip 192.1.234.3 401
Frame-relay map ip 192.1.234.3 301 Frame-relay map ip 192.1.234.4 401

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
4 of 230
Task 3

Erase the startup config and reload the routers before proceeding to the next lab.

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
5 of 230
Lab 2 –Configuring Frame-relay point-to-point
sub-interfaces

R1

R2
R4
Frame-Relay

R3

IP addressing and DLCI information Chart


Routers IP address Local DLCI Connecting to:
R1 S0/0.12: 192.1.12.1/24 102 R2
S0/0.13: 192.1.13.1/24 103 R3
S0/0.14: 192.1.14.1/24 104 R4
R2 S0/0.21: 192.1.12.2/24 201 R1

R3 S0/0.31: 192.1.13.3 /24 301 R1

R4 S0/0.41: 192.1.14.4 /24 401 R1

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
6 of 230
Task 1

Configure the frame-relay cloud in a hub and spoke topology; the routers should be
configured in a point-to-point configuration.

R1 R2

Int S0/0 Int S0/0


Encap frame-relay Encap frame-relay
No shut No shut
Exit Exit
! !
Int S0/0.12 point-to-point Int S0/0.21 point-to-point
Ip address 192.1.12.1 255.255.255.0 Ip address 192.1.12.2 255.255.255.0
Frame-relay interface-dlci 102 Frame-relay interface-dlci 201
!
Int S0/0.13 point-to-point
Ip address 192.1.13.1 255.255.255.0
Frame-relay interface-dlci 103
!
Int S0/0.14 point-to-point
Ip address 192.1.14.1 255.255.255.0
Frame-relay interface-dlci 104
R3 R4

Int S0/0 Int S0/0


Encap frame-relay Encap frame-relay
No shut No shut
Exit Exit
! !
Int S0/0.31 point-to-point Int S0/0.41 point-to-point
Ip address 192.1.13.3 255.255.255.0 Ip address 192.1.14.4 255.255.255.0
Frame-relay interface-dlci 301 Frame-relay interface-dlci 401

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
7 of 230
Lab 3 – Point-to-point and Multipoint

R1

R2
R4
Frame-Relay

R3

Task 1

Configure the routers connected to the frame-relay cloud as follows:

o R1 (The HUB) must be configured with two sub-interfaces, one of the two
sub-interfaces must be configured to connect R1 to R4, this sub-interface
should be configured in a point-to-point manner using the following IP
addressing:
R1 = 192.1.14.1 /24, and R4 = 192.1.14.4 /24.
o The second sub-interface on R1 must be configured in a multipoint manner,
and this sub-interface must be configured to connect R1 to routers R2 and R3
using the following IP addressing:
R1 = 192.1.123.1 /24, R2 = 192.1.123.2 /24 and R3 = 192.1.123.3 /24
o Make sure that you are pretending that R1 is not a Cisco router when
configuring the Encapsulation Framing.

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
8 of 230
o Routers R2, R3 should not be configured with a sub-interface and these
routers should NOT rely on Inverse-arp.

o R4 should be configured with a sub-interface in a point-to-point manner.

o The routers connecting to the frame-relay cloud should be configured in a hub


and spoke, with R1 being the hub and R2, R3 and R4 the spokes.

o Ensure that the routers can ping every IP address including their own within
their IP address space.

R1 R2

Int S0/0 Int S0/0


Encapsulation frame-relay ietf Ip address 192.1.123.2 255.255.255.0
No frame-relay inverse Encapsulation frame
No shut No frame-relay inverse
! Frame-relay map ip 192.1.123.1 201 ietf b
Int S0/0.14 point-to-point Frame-relay map ip 192.1.123.3 201 ietf
Ip address 192.1.14.1 255.255.255.0 Frame-relay map ip 192.1.123.2 201 ietf
Frame-relay interface-dlci 104 No shut
! Exit
Int S0/0.123 multipoint
Ip address 192.1.123.1 255.255.255.0
Frame-relay map ip 192.1.123.1 102
Frame-relay map ip 192.1.123.2 102 b
Frame-relay map ip 192.1.123.3 103 b
R3 R4

Int S0/0 Int S0/0


Encapsulation frame Encap frame
Ip address 192.1.123.3 255.255.255.0 No frame-relay inverse
Frame-relay map ip 192.1.123.1 301 ietf b No shut
Frame-relay map ip 192.1.123.2 301 ietf !
Frame-relay map ip 192.1.123.3 301 ietf Inter S0/0.41 point-to-point
No frame-relay inverse Ip address 192.1.14.4 255.255.255.0
No shut Frame-relay interface 401 ietf

Task 2

Ensure that R1 and R4 use CHAP authentication using Cisco as the password. These
routers must authenticate each other before they can communicate.

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
9 of 230
R1 R4

Username R4 password Cisco Username R1 password Cisco

Interface S0/0.14 Inter S0/0.41


No ip address No ip address

Inter virtual-template 1 Inter virtual-template 1


Ip address 192.1.14.1 255.255.255.0 Ip address 192.1.14.4 255.255.255.0
Ppp authentication chap Ppp authentication chap

Int S0/0.14 Int S0/0.41


Frame-relay interface-dlci 104 ppp virtual- Frame-relay interface-dlci 401 ppp virtual-
template 1 template 1

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
10 of 230
Module 2 – Basic Switching

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
11 of 230
Lab 1
Basic 3550 Configuration

R5
F 0/0 (.5)

192.1.15.0/24 VLAN 10

F 0/0.1 (.1)

R1

F 0/0.2 (.1)

192.1.13.0/24 VLAN 20

F0/0.1 (.3)

R3

F0/0.2 (.3)
192.1.34.0/24 VLAN 30

VLAN 30 (.15)
F 0/0 (.4)

R4 SW1
VLAN 40 (.15)
192.1.2.0/24 VLAN 40

F 0/0 (.2)

R2

Task 1

Configure Switch1 as the VTP Server and the other Switch(s) as VTP Clients. Use CCIE
as the Domain name. Authenticate the relationship using CCIERS as the password.

Switch1 Switch2

VTP domain CCIE VTP domain CCIE


VTP mode server VTP mode client
VTP password CCIERS VTP password CCIERS
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
12 of 230
Switch3 Switch4
VTP domain CCIE VTP domain CCIE
VTP mode client VTP mode client
VTP password CCIERS VTP password CCIERS

Task 2

Ensure that you can enhances network bandwidth use through the trunk ports by reducing
the unnecessary traffic flooding of VLANs throughout the switches in your network.

All Switches

Vtp pruning

Task 3

Ensure that the Trunk ports of your Rack are statically configured to trunk using an
industry standard protocol. Configure these ports such that they will trunk even if the
negotiation fails. Also make sure to disable DTP on the trunk interfaces.

All Switches

Interface range F0/XX – XX


Switchport trunk encapsulation dot1q
Switchport mode trunk
Switchport nonegotiate

Task 4

Assign Ports to the appropriate VLANs based on the Network Diagram. Use the physical
topology diagram for your rack to accomplish this. Make sure the ports are either set to
Trunk or Access statically.

SwitchX
interface F0/XX
Switchport mode access
Switchport access vlan XX
!
interface F0/XX
Switchport trunk encapsulation dot1q
Swithcport mode trunk

Task 5
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
13 of 230
Enable flow-control on SW1 interface fa0/2 and make sure that when the router
connected to this port announce congestion, the switch should reduce it's throughput for
this port.

Switch1
interface F0/2
flowcontrol receive on

Task 6

Test by pinging directly connected interfaces on each router or Switch1.

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
14 of 230
Module 3 – RIP V2

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
15 of 230
Lab 1 – Basic RIP V2 Configuration

Note: It builds on the topology created in the previous lab.

Lab Objective:

Task 1

Configure Loopback 0 on all routers and Switch1. Use the format of X.X.X.X/8 for the
IP address of the loopback. Use 15 for Switch1.

Task 2

Configure RIP V2 on all Devices to advertise all directly connected networks. Disable
Auto-summary.

R1 R2

Router Rip Router Rip


Version 2 Version 2
No auto-summary No auto-summary
Network 1.0.0.0 Network 2.0.0.0
Network 192.1.13.0 Network 192.1.2.0
Network 192.1.15.0
R3 R4

Router Rip Router Rip


Version 2 Version 2
No auto-summary No auto-summary
Network 3.0.0.0 Network 4.0.0.0
Network 192.1.34.0 Network 192.1.34.0
Network 192.1.13.0
R5 Switch1

Router Rip IP Routing


Version 2 !
No auto-summary Router RIP
Network 5.0.0.0 Version 2
Network 192.1.15.0 No auto-summary
Network 15.0.0.0
Network 192.1.2.0
Network 192.1.34.0

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
16 of 230
Lab 2 – RIP V2 Authentication

(Builds on Lab1)
Lab Objective:

Task 1

Configure Clear Text authentication between R1 and R5. Use ccie as the key-string with
a key-id of 1.

R1 R5

Key chain AUTH Key chain AUTH


Key 1 Key 1
Key-string ccie Key-string ccie
! !
Interface F 0/0.1 Interface F 0/0
Ip rip authentication key-chain AUTH Ip rip authentication key-chain AUTH

Task 2

Configure MD5 authentication for all links except the previously configured link between
R1 and R5. Use the same key and key-string.

R1 R2

Interface F 0/0.2 Key chain AUTH


Ip rip authentication key-chain AUTH Key 1
IP rip authentication mode MD5 Key-string ccie
!
Interface F 0/0
Ip rip authentication key-chain AUTH
Ip rip authentication mode MD5
R3 R4

Key chain AUTH Key chain AUTH


Key 1 Key 1
Key-string ccie Key-string ccie
! !
Interface F 0/0.1 Interface F 0/0
Ip rip authentication key-chain AUTH Ip rip authentication key-chain AUTH
IP rip authentication mode MD5 Ip rip authentication mode MD5
!
Interface F 0/0.2
Ip rip authentication key-chain AUTH
IP rip authentication mode MD5
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
17 of 230
Switch 1

Key chain AUTH


Key 1
Key-string ccie
!
Interface VLAN 30
Ip rip authentication key-chain AUTH
Ip rip authentication mode MD5
!
Interface VLAN 40
Ip rip authentication key-chain AUTH
Ip rip authentication mode MD5

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
18 of 230
Lab
Lab9 – IP
3 RIP Triggered
– Route Filtering using Distribute Lists

(Builds on Lab 2)

Lab Objective:

Task 1

Configure the following Loopback Interfaces on R3 and advertise them under RIP:

Loopback 21: 201.1.1.1/24


Loopback 22: 201.1.2.1/24
Loopback 23: 201.1.3.1/24
Loopback 24: 201.1.4.1/24
Loopback 25: 201.1.5.1/24
Loopback 26: 201.1.6.1/24

R3

Interface loopback 21
Ip address 201.1.1.1 255.255.255.0
Interface loopback 22
Ip address 201.1.2.1 255.255.255.0
Interface loopback 23
Ip address 201.1.3.1 255.255.255.0
Interface loopback 24
Ip address 201.1.4.1 255.255.255.0
Interface loopback 25
Ip address 201.1.5.1 255.255.255.0
Interface loopback 26
Ip address 201.1.6.1 255.255.255.0
!
Router RIP
Network 201.1.1.0
Network 201.1.2.0
Network 201.1.3.0
Network 201.1.4.0
Network 201.1.5.0
Network 201.1.6.0

Task 2

R1 should only receive routes from the 201.1.X.0 range that have an even number in the
3rd Octet. Use the minimum number of lines possible to accomplish this task. No
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
19 of 230
configuration should be done on R1. Make sure R4 and Switch1 receive all 201.1.X.0
routes.

R3

Access-list 2 deny 201.1.1.0 0.0.254.255


Access-list 2 permit any
!
Router RIP
Distribute-list 2 out F0/0.1

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
20 of 230
Lab 4 – Route Filtering using Prefix-List

(Builds on Lab 3)

Lab Objective:

Task 1

Configure the following Loopback Interfaces on R5 and advertise them under RIP:

Loopback 21: 150.50.1.1/24


Loopback 22: 150.50.2.1/24
Loopback 23: 150.50.3.1/24
Loopback 24: 205.1.1.33/27
Loopback 25: 206.1.1.17/28
Loopback 26: 107.1.1.1/16

R5

Interface loopback 21
Ip address 150.50.1.1 255.255.255.0
Interface loopback 22
Ip address 150.50.2.1 255.255.255.0
Interface loopback 23
Ip address 150.50.3.1 255.255.255.0
Interface loopback 24
Ip address 205.1.1.33 255.255.255.224
Interface loopback 25
Ip address 206.1.1.1 255.255.255.240
Interface loopback 26
Ip address 107.1.1.1 255.255.0.0
!
Router Rip
Network 150.50.0.0
Network 205.1.1.0
Network 206.1.1.0
Network 107.0.0.0

Task 2

R1 should only receive prefixes with a prefix-length of 8 to 24 from R5. Configure the
Filtering on R1.

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
21 of 230
R1

ip prefix-list VALID-PREF seq 5 permit 0.0.0.0/0 ge 8 le 24


!
Router RIP
distribute-list prefix VALID-PREF in F0/0.1

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
22 of 230
Lab 5 – Route Summarization with RIP

(Builds on Lab 4)

Lab Objective:

Task 1

Configure the following Loopback Interfaces on Switch1 and advertise them under RIP:

Loopback 41: 154.1.8.1/24


Loopback 42: 154.1.9.1/24
Loopback 43: 154.1.10.1/24
Loopback 44: 154.1.11.1/24
Loopback 45: 154.1.12.1/24
Loopback 46: 154.1.13.1/24
Loopback 47: 154.1.14.1/24
Loopback 48: 154.1.15.1/24

Switch1

Interface loopback 41
Ip address 154.1.8.1 255.255.255.0
Interface loopback 42
Ip address 154.1.9.1 255.255.255.0
Interface loopback 43
Ip address 154.1.10.1 255.255.255.0
Interface loopback 44
Ip address 154.1.11.1 255.255.255.0
Interface loopback 45
Ip address 154.1.12.1 255.255.255.0
Interface loopback 46
Ip address 154.1.13.1 255.255.255.0
Interface loopback 47
Ip address 154.1.14.1 255.255.255.0
Interface loopback 48
Ip address 154.1.15.1 255.255.255.0
!
Router Rip
Network 154.1.0.0

Task 2

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
23 of 230
Ensure that all routers except R2 only get a summary route from Switch1 for the new
Loopback interfaces that were created in Task 1. R2 should get all the specific routes. Do
not eable auto summary on Switch1.

Switch1

int VLAN 30
ip summary-address rip 154.1.8.0 255.255.248.0

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
24 of 230
Module 4 – EIGRP

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
25 of 230
Lab 1 – Basic EIGRP Configuration

R1 R2
Loopback 0 E 0/0 E 0/0 Loopback 0

S 0/0

S 0/0

Loopback 0 E 0/0 E 0/0 Loopback 0


R4 R3

Interface IP Address Configuration

R1

Interface IP Address Subnet Mask


Loopback 0 1.1.1.1 255.0.0.0
E 0/0 192.1.12.1 255.255.255.0

R2

Interface IP Address Subnet Mask


Loopback 0 2.2.2.2 255.0.0.0
E 0/0 192.1.12.2 255.255.255.0
S 0/0 192.1.23.2 255.255.255.0

R3

Interface IP Address Subnet Mask


Loopback 0 3.3.3.3 255.0.0.0
S 0/0 192.1.23.3 255.255.255.0
E 0/0 192.1.34.3 255.255.255.0

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
26 of 230
R4

Interface IP Address Subnet Mask


Loopback 0 4.4.4.4 255.0.0.0
E 0/0 192.1.34.4 255.255.255.0

Lab Objective:

Task 1

Configure the interfaces with the appropriate addresses. Configure the Serial interfaces
between R2 and R3 using Frame Relay. Configure the interface as a Regular Frame
Relay interface. Configure the Frame Relay mapping manually.

R1 R2

Interface Loopback 0 Interface Loopback 0


Ip address 1.1.1.1 255.0.0.0 Ip address 2.2.2.2 255.0.0.0
Interface E 0/0 Interface E 0/0
Ip address 192.1.12.1 255.255.255.0 Ip address 192.1.12.2 255.255.255.0
No shut No shut
Interface S 0/0
Ip address 192.1.23.2 255.255.255.0
Encap frame-relay
No frame-relay inverse-arp
Frame-relay map ip 192.1.23.3 203 broad
No shut
R3 R4

Interface Loopback 0 Interface Loopback 0


Ip address 3.3.3.3 255.0.0.0 Ip address 4.4.4.4 255.0.0.0
Interface E 0/0 Interface E 0/0
Ip address 192.1.34.3 255.255.255.0 Ip address 192.1.34.4 255.255.255.0
No shut No shut
Interface S 0/0
Ip address 192.1.23.3 255.255.255.0
Encap frame-relay
No frame-relay inverse-arp
Frame-relay map ip 192.1.23.2 302 broad
No shut

Task 2

Configure EIGRP on all 4 routers in AS 12353. Disable Auto-summary.

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
27 of 230
R1 R2

Router EIGRP 12353 Router EIGRP 12353


No auto-summary No auto-summary
Network 1.0.0.0 Network 2.0.0.0
Network 192.1.12.0 Network 192.1.12.0
Network 192.1.23.0
R3 R4

Router EIGRP 12353 Router EIGRP 12353


No auto-summary No auto-summary
Network 3.0.0.0 Network 4.0.0.0
Network 192.1.34.0 Network 192.1.34.0
Network 192.1.23.0

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
28 of 230
Lab 2 – EIGRP Authentication

(Builds on Lab1)

Lab Objective:

Task 1

Configure MD5 authentication for all links. Use ccie as the key-string with a key-id of 1.

R1 R2

Key chain AUTH Key chain AUTH


Key 1 Key 1
Key-string ccie Key-string ccie
! !
Interface E 0/0 Interface S 0/0
Ip authentication key-chain eigrp 12353 AUTH Ip authentication key-chain eigrp 12353 AUTH
Ip authentication mode eigrp 12353 MD5 Ip authentication mode eigrp 12353 MD5
!
Interface E 0/0
Ip authentication key-chain eigrp 12353 AUTH
Ip authentication mode eigrp 12353 MD5
R3 R4

Key chain AUTH Key chain AUTH


Key 1 Key 1
Key-string ccie Key-string ccie
! !
Interface S 0/0 Interface E 0/0
Ip authentication key-chain eigrp 12353 AUTH Ip authentication key-chain eigrp 12353 AUTH
Ip authentication mode eigrp 12353 MD5 Ip authentication mode eigrp 12353 MD5
!
Interface E 0/0
Ip authentication key-chain eigrp 123453 AUTH
Ip authentication mode eigrp 12353 MD5

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
29 of 230
Lab 9Lab
– IP RIP
3 – Triggered
Advanced EIGRP Configurations

(Builds on Lab 2)

Lab Objective:

Task 1

Configure all routers such that they advertise EIGRP routes with greater than 110 hops as
unreachable.

R1 R2

router eigrp 12353 router eigrp 12353


metric maximum-hops 110 metric maximum-hops 110
R3 R4

router eigrp 12353 router eigrp 12353


metric maximum-hops 110 metric maximum-hops 110

Task 2

Change the administrative distance of all internal and external EIGRP networks to be 95.

R1 R2

router eigrp 12353 router eigrp 12353


distance eigrp 95 95 distance eigrp 95 95
R3 R4

router eigrp 12353 router eigrp 12353


distance eigrp 95 95 distance eigrp 95 95

Task 3

Ensure that R2 never uses more than 45% of the bandwidth for EIGRP updates; you
should use an EIGRP specific command to accomplish this task.

R2

Interface S 0/0
ip bandwidth-percent eigrp 12353 45
Interface E 0/0
ip bandwidth-percent eigrp 12353 45

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
30 of 230
Task 4

The Serial link between R3 and R2 sometimes is experiencing congestion and most of the
time R3 declares R2 in Stuck-In-Active. Change the time that R3 will wait after sending a
query to R2, before declaring the routes on R2 to be in SIA state to 10 minutes.

R3

Router eigrp 12353


Timers active-time 10

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
31 of 230
Lab 4 – Route Filtering using Distribute Lists
(Builds on Lab 3)

Lab Objective:

Task 1

Configure the following Loopback Interfaces on R2 and advertise them in EIGRP:

Loopback 21: 201.1.1.1/24


Loopback 22: 201.1.2.1/24
Loopback 23: 201.1.3.1/24
Loopback 24: 201.1.4.1/24
Loopback 25: 201.1.5.1/24
Loopback 26: 201.1.6.1/24

R2

Interface loopback 21
Ip address 201.1.1.1 255.255.255.0
Interface loopback 22
Ip address 201.1.2.1 255.255.255.0
Interface loopback 23
Ip address 201.1.3.1 255.255.255.0
Interface loopback 24
Ip address 201.1.4.1 255.255.255.0
Interface loopback 25
Ip address 201.1.5.1 255.255.255.0
Interface loopback 26
Ip address 201.1.6.1 255.255.255.0
!
Router EIGRP 12353
Network 201.1.1.0
Network 201.1.2.0
Network 201.1.3.0
Network 201.1.4.0
Network 201.1.5.0
Network 201.1.6.0

Task 2

R1 should only receive routes from the 201.1.X.0 range that have an even number in the
3rd Octet. Use the minimum number of lines possible to accomplish this task. No
configuration should be done on R1. Make sure R3 and R4 receive all 201.1.X.0 routes.
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
32 of 230
R2

Access-list 2 deny 201.1.1.0 0.0.254.255


Access-list 2 permit any
!
Router EIGRP 12353
Distribute-list 2 out E 0/0

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
33 of 230
Lab 5 – Route Filtering using Prefix-List

(Builds on Lab 4)

Lab Objective:

Task 1

Configure the following Loopback Interfaces on R3 and advertise them under EIGRP:

Loopback 21: 150.50.1.1/24


Loopback 22: 150.50.2.1/24
Loopback 23: 150.50.3.1/24
Loopback 24: 205.1.1.33/27
Loopback 25: 206.1.1.17/28
Loopback 26: 107.1.1.1/16

R3

Interface loopback 21
Ip address 150.50.1.1 255.255.255.0
Interface loopback 22
Ip address 150.50.2.1 255.255.255.0
Interface loopback 23
Ip address 150.50.3.1 255.255.255.0
Interface loopback 24
Ip address 205.1.1.33 255.255.255.224
Interface loopback 25
Ip address 206.1.1.1 255.255.255.240
Interface loopback 26
Ip address 107.1.1.1 255.255.0.0
!
Router EIGRP 12353
Network 150.50.0.0
Network 205.1.1.0
Network 206.1.1.0
Network 107.0.0.0

Task 2

R4 should only receive prefixes with a prefix-length of 8 to 24 from R3.

R4

ip prefix-list VALID-PREF seq 5 permit 0.0.0.0/0 ge 8 le 24


Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
34 of 230
!
Router EIGRP 12353
distribute-list prefix VALID-PREF in F0/0

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
35 of 230
Lab 6 – Route Summarization with EIGRP
(Builds on Lab 5)

Lab Objective:

Task 1
Configure the following Loopback Interfaces on R3 and advertise them under EIGRP:

Loopback 41: 194.1.8.1/24


Loopback 42: 194.1.9.1/24
Loopback 43: 194.1.10.1/24
Loopback 44: 194.1.11.1/24
Loopback 45: 194.1.12.1/24
Loopback 46: 194.1.13.1/24
Loopback 47: 194.1.14.1/24
Loopback 48: 194.1.15.1/24
R3

Interface loopback 41
Ip address 194.1.8.1 255.255.255.0
Interface loopback 42
Ip address 194.1.9.1 255.255.255.0
Interface loopback 43
Ip address 194.1.10.1 255.255.255.0
Interface loopback 44
Ip address 194.1.11.1 255.255.255.0
Interface loopback 45
Ip address 194.1.12.1 255.255.255.0
Interface loopback 46
Ip address 194.1.13.1 255.255.255.0
Interface loopback 47
Ip address 194.1.14.1 255.255.255.0
Interface loopback 48
Ip address 194.1.15.1 255.255.255.0
!
Router EIGRP 12353
Network 194.1.8.0
Network 194.1.9.0
Network 194.1.10.0
Network 194.1.110
Network 194.1.12.0
Network 194.1.13.0
Network 194.1.14.0
Network 194.1.150
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
36 of 230
Task 2

Ensure that all routers only get a summary route from R3 for the new Loopback
interfaces that were created in Task 1. R3 should NOT enable auto summary.

R3

int E0/0
ip summary-address eigrp 12353 194.1.8.0 255.255.248.0
!
int S0/0
ip summary-address eigrp 12353 194.1.8.0 255.255.248.0

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
37 of 230
Lab 7 – EIGRP Stub
(Builds on Lab 6)

Task 1

Create a new Loopback interface on R1. Assign it an IP Address of 10.1.1.1/24.


Advertise it in EIGRP 12353 without using the “network” command.

Task 2

Make sure R2 does not send any query packets to R1.

R1

Interface Loopback 10
Ip address 10.1.1.1 255.255.255.0
!
Route-map REDCON permit 10
Match interface Loopback10
!
Router EIGRP 12353
No auto-summary
Network 192.1.12.0
Eigrp stub connected
Redistribute connected route-map REDCON

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
38 of 230
Module 5 – OSPF

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
39 of 230
Lab 1 – Basic OSPF Configuration on BMA

R1 R2
Loopback 0 Loopback 0

E 0/0 E 0/0

Loopback 0 Loopback 0

E 0/0 E 0/0

R3 R4

Interface IP Address Configuration

R1

Interface IP Address Subnet Mask


Loopback 0 1.1.1.1 255.0.0.0
E 0/0 100.0.0.1 255.0.0.0

R2

Interface IP Address Subnet Mask


Loopback 0 2.2.2.2 255.0.0.0
E 0/0 100.0.0.2 255.0.0.0

R3

Interface IP Address Subnet Mask


Loopback 0 3.3.3.3 255.0.0.0
E 0/0 100.0.0.3 255.0.0.0

R4

Interface IP Address Subnet Mask


Loopback 0 4.4.4.4 255.0.0.0
E 0/0 100.0.0.4 255.0.0.0

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
40 of 230
Lab Objective:

Configure the Interface IP addresses based on the above table

Task 1

Configure OSPF on a Broadcast Multi-Access(BMA) Ethernet network in Area 0.


Advertise all networks on all routers. Hard Code the Router-id based on the following:
R1 – 11.11.11.11
R2 – 22.22.22.22
R3 – 33.33.33.33
R4 – 44.44.44.44

R1 R2

Router OSPF 1 Router OSPF 1


Router-id 11.11.11.11 Router-id 22.22.22.22
Network 1.0.0.0 0.255.255.255 area 0 Network 2.0.0.0 0.255.255.255 area 0
Network 100.0.0.0 0.255.255.255 area 0 Network 100.0.0.0 0.255.255.255 area 0
R3 R4

Router OSPF 1 Router OSPF 1


Router-id 33.33.33.33 Router-id 44.44.44.44
Network 3.0.0.0 0.255.255.255 area 0 Network 4.0.0.0 0.255.255.255 area 0
Network 100.0.0.0 0.255.255.255 area 0 Network 100.0.0.0 0.255.255.255 area 0

Task 2

Configure the routers such that R1 becomes the DR and R2 as the BDR on the 100
Network.

R1 R2

Interface E 0/0 Interface E 0/0


Ip ospf priority 100 Ip ospf priority 50

Note: Shut the Switch interface that connect to the routers using the Interface Range
command and bring them back up to reset the DR/BDR setup.

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
41 of 230
Lab 2 – OSPF and Frame Relay

R1

R2
R4
Frame-Relay

R3

Task 1

Configure the following loopback on all the routers:


R1 – Loopback 0 – 1.1.1.1/8
R2 – Loopback 0 – 2.2.2.2/8
R3 – Loopback 0 – 3.3.3.3/8
R4 – Loopback 0 – 4.4.4.4/8

R1 R2

Interface Loopback 0 Interface Loopback 0


Ip address 1.1.1.1 255.0.0.0 Ip address 2.2.2.2 255.0.0.0
R3 R4

Interface Loopback 0 Interface Loopback 0


Ip address 3.3.3.3 255.0.0.0 Ip address 4.4.4.4 255.0.0.0

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
42 of 230
Task 2

Configure the link between R1 and R4 using Frame Relay. Keep in mind that R1 will
also be connected to R2 and R3 over a Multipoint interface. Do not create any sub-
interfaces on R4. Do not rely on Inverse ARP for Frame Relay mappings. Do not use the
Frame-relay map command on R1 for this task. Use 192.1.14.0/24 as the network for this
link.

R1 R4

Interface S 0/0 Interface S0/0


Encap frame-relay Ip address 192.1.14.4 255.255.255.0
No frame-relay inverse-ARP Encap frame-relay
No shut No frame-relay inverse-arp
Interface S0/0.4 point-to-point Frame-relay map ip 192.1.14.1 401 broad
Ip address 192.1.14.1 255.255.255.0 No shut
Frame-relay interface-dlci 104

Task 3

Configure the link between R1, R2 and R3 using Frame Relay. This link should be a
multipoint link Do not create any sub-interfaces on R2 and R3. Do not rely on Inverse
ARP for Frame Relay mappings. Use 192.1.123.0/24 as the network for this link.
All routers should be able to ping each other and their own local frame-relay interfaces.

R1 R2

Interface S0/0.23 multipoint Interface S0/0


Ip address 192.1.123.1 255.255.255.0 Ip address 192.1.123.2 255.255.255.0
Frame-relay map ip 192.1.123.1 102 Encap frame-relay
Frame-relay map ip 192.1.123.2 102 broad No frame-relay inverse-arp
Frame-relay map ip 192.1.123.3 103 broad Frame-relay map ip 192.1.123.1 201 broad
Frame-relay map ip 192.1.123.2 201
Frame-relay map ip 192.1.123.3 201
No shut
R3

Interface S0/0
Ip address 192.1.123.3 255.255.255.0
Encap frame-relay
No frame-relay inverse-arp
Frame-relay map ip 192.1.123.1 301 broad
Frame-relay map ip 192.1.123.2 301
Frame-relay map ip 192.1.123.3 301
No shut
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
43 of 230
Task 4
Configure OSPF in Area 0 as the routing protocol between R1, R2, R3 and R4. All
loopback networks should be visible in all routing tables. They should be using a /8
mask. Hard-code the router ID based on the Loopback 0 addresses. Do not use the OSPF
network type broadcast on any of the Frame Relay links. Do not use the Neighbor
command for this task.

R1 R2

Interface S0/0.23 Interface S0/0


Ip ospf network point-to-multipoint Ip ospf network point-to-multipoint
! !
Interface Loopback 0 Interface Loopback 0
Ip ospf network point-to-point Ip ospf network point-to-point
! !
Router OSPF 1 Router OSPF 1
Router-id 1.1.1.1 Router-id 2.2.2.2
Network 1.0.0.0 0.255.255.255 area 0 Network 2.0.0.0 0.255.255.255 area 0
Network 192.1.123.0 0.0.0.255 area 0 Network 192.1.123.0 0.0.0.255 area 0
Network 192.1.14.0 0.0.0.255 area 0
R3 R4

Interface S0/0 Interface S0/0


Ip ospf network point-to-multipoint Ip ospf network point-to-point
! !
Interface Loopback 0 Interface Loopback 0
Ip ospf network point-to-point Ip ospf network point-to-point
! !
Router OSPF 1 Router OSPF 1
Router-id 3.3.3.3 Router-id 4.4.4.4
Network 3.0.0.0 0.255.255.255 area 0 Network 4.0.0.0 0.255.255.255 area 0
Network 192.1.123.0 0.0.0.255 area 0 Network 192.1.14.0 0.0.0.255 area 0

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
44 of 230
Lab 3 – Virtual Link

R1 R2
Lo 0 E 0/0 E 0/0 Lo 0

192.1.12.0/24
S 0/0
R4
192.1.234.0/24

Switch 1 S 0/0
192.1.3.0/24
Lo 0 VLAN 3 E 0/0 Lo 0
R3
VLAN 5
192.1.5.0/24

R5

R1

Interface IP Address Subnet Mask


Loopback 0 1.1.1.1 255.0. 0.0
E 0/0 192.1.12.1 255.255.255.0

R2

Interface IP Address Subnet Mask


E 0/0 192.1.12.2 255.255.255.0
S 0/0 192.1.234.2 255.255.255.0
Loopback 0 2.2.2.2 255.0.0.0

R3

Interface IP Address Subnet Mask


S 0/0 192.1.234.3 255.255.255.0
E 0/0 192.1.3.3 255.255.255.0
Loopback 0 3.3.3.3 255.0.0.0

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
45 of 230
R4

Interface IP Address Subnet Mask


Loopback 0 4.4.4.4 255.0.0.0
S 0/0 192.1.234.4 255.255.255.0

R5

Interface IP Address Subnet Mask


Loopback 0 5.5.5.5 255.0.0.0
E 0/0 192.1.5.5 255.255.255.0

Switch 1

Interface IP Address Subnet Mask


Loopback 0 55.55.55.55 255.0.0.0
VLAN 3 192.1.3.33 255.255.255.0
VLAN 5 192.1.5.55 255.255.255.0

Interface Configuration

R1 R2

interface Loopback0 interface Loopback0


ip address 1.1.1.1 255.0.0.0 ip address 2.2.2.2 255.0.0.0
! !
interface Ethernet0/0 interface Ethernet0/0
ip address 192.1.12.1 255.255.255.0 ip address 192.1.12.2 255.255.255.0
no shutdown no shut down
!
interface Serial0/0
ip address 192.1.234.2 255.255.255.0
encapsulation frame-relay
frame-relay map ip 192.1.234.3 203 broadcast
frame-relay map ip 192.1.234.4 204 broadcast
no frame-relay inverse-arp
no shutdown
R3 R4

interface Loopback0 interface Loopback0


ip address 3.3.3.3 255.0.0.0 ip address 4.4.4.4 255.0.0.0
! !
interface Ethernet0/0 interface Serial0/0
ip address 192.1.3.3 255.255.255.0 ip address 192.1.234.4 255.255.255.0
no shutdown encapsulation frame-relay
! frame-relay map ip 192.1.234.2 402 broadcast
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
46 of 230
interface Serial0/0 frame-relay map ip 192.1.234.3 402
ip address 192.1.234.3 255.255.255.0 no frame-relay inverse-arp
encapsulation frame-relay no shutdown
frame-relay map ip 192.1.234.2 302 broadcast
frame-relay map ip 192.1.234.4 302
no frame-relay inverse-arp
no shutdown
R5 Switch

interface Loopback0 interface Loopback0


ip address 5.5.5.5 255.0.0.0 ip address 55.55.55.55 255.0.0.0
! !
interface Ethernet0/0 interface Vlan3
ip address 192.1.5.5 255.255.255.0 ip address 192.1.3.33 255.255.255.0
no shutdown no shutdown
!
interface Vlan5
ip address 192.1.5.55 255.255.255.0
no shutdown

Lab Objective:

Task 1

Run OSPF as your Routing Protocol on all Routers and the Switch. Advertise the
networks in the following areas:

Area 0 – R1 Loopback 0, R1 E 0/0, R2 E 0/0, R2 Loopback 0


Area 10 – R2 S 0/0, R3 S 0/0, R3 Loopback 0, R4 S 0/0, R4 Loopback 0
Area 100 – R3 E 0/0, SW VLAN 3, SW VLAN 5, SW Loopback 0, R5 E 0/0, R5
Loopback 0

Configure a Virtual Link between the appropriate devices.

R1 R2

router ospf 1 router ospf 1


network 1.0.0.0 0.255.255.255 area 0 router-id 2.2.2.2
network 192.1.12.0 0.0.0.255 area 0 area 10 virtual-link 3.3.3.3
network 2.0.0.0 0.255.255.255 area 0
network 192.1.12.0 0.0.0.255 area 0
network 192.1.234.0 0.0.0.255 area 10

interface S 0/0
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
47 of 230
ip ospf network point-to-mulitpoint
R3 R4

router ospf 1 router ospf 1


router-id 3.3.3.3 network 4.0.0.0 0.255.255.255 area 10
area 10 virtual-link 2.2.2.2 network 192.1.234.0 0.0.0.255 area 10
network 3.0.0.0 0.255.255.255 area 10 !
network 192.1.3.0 0.0.0.255 area 100 interface S 0/0
network 192.1.234.0 0.0.0.255 area 10 ip ospf network point-to-mulitpoint
!
interface S 0/0
ip ospf network point-to-mulitpoint
R5 Switch

router ospf 1 router ospf 1


network 5.0.0.0 0.255.255.255 area 100 network 55.0.0.0 0.255.255.255 area 100
network 192.1.5.0 0.0.0.255 area 100 network 192.1.3.0 0.0.0.255 area 100
network 192.1.5.0 0.0.0.255 area 100

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
48 of 230
Lab 4 – OSPF Authentication

(Builds on Lab 3)

Lab Objective:

Task 1

All routers and the switch should Authenticate Routing updates using the most secure
authentication method. The Virtual Link should also be authenticated. Use Key 1 with a
key-string of ccie. Do not use wide authentication.

R1

interface Ethernet0/0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 ccie
R2

interface Ethernet0/0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 ccie
!
interface Serial0/0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 ccie
!
router ospf 1
area 10 virtual-link 3.3.3.3 authentication message-digest
area 10 virtual-link 3.3.3.3 message-digest-key 1 md5 ccie
R3

interface Ethernet0/0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 ccie
!
interface Serial0/0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 ccie
!
router ospf 1
area 10 virtual-link 2.2.2.2 authentication message-digest
area 10 virtual-link 2.2.2.2 message-digest-key 1 md5 ccie

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
49 of 230
R4 Switch

interface Serial0/0 interface Vlan3


ip ospf authentication message-digest ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 ccie ip ospf message-digest-key 1 md5 ccie
!
interface Vlan5
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 ccie
R5

interface Ethernet0/0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 ccie

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
50 of 230
Lab 5 – Multi-Area Configurations with
Filtering

R1 R2
Lo 0 E 0/0 E 0/0 Lo 0

192.1.12.0/24
S 0/0
R4
192.1.234.0/24

Switch 1 S 0/0

192.1.3.0/24
Lo 0 VLAN 3 E 0/0 Lo 0
R3
VLAN 5
192.1.5.0/24

R5

R1

Interface IP Address Subnet Mask


Loopback 0 1.1.1.1 255.0. 0.0
E 0/0 192.1.12.1 255.255.255.0

R2

Interface IP Address Subnet Mask


E 0/0 192.1.12.2 255.255.255.0
S 0/0 192.1.234.2 255.255.255.0
Loopback 0 2.2.2.2 255.0.0.0

R3

Interface IP Address Subnet Mask


S 0/0 192.1.234.3 255.255.255.0
E 0/0 192.1.3.3 255.255.255.0

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
51 of 230
Loopback 0 3.3.3.3 255.0.0.0

R4

Interface IP Address Subnet Mask


Loopback 0 4.4.4.4 255.0.0.0
S 0/0 192.1.234.4 255.255.255.0

R5

Interface IP Address Subnet Mask


Loopback 0 5.5.5.5 255.0.0.0
E 0/0 192.1.5.5 255.255.255.0

Switch 1

Interface IP Address Subnet Mask


Loopback 0 55.55.55.55 255.0.0.0
VLAN 3 192.1.3.33 255.255.255.0
VLAN 5 192.1.5.55 255.255.255.0

Interface Configuration

R1 R2

interface Loopback0 interface Loopback0


ip address 1.1.1.1 255.0.0.0 ip address 2.2.2.2 255.0.0.0
! !
interface Ethernet0/0 interface Ethernet0/0
ip address 192.1.12.1 255.255.255.0 ip address 192.1.12.2 255.255.255.0
no shutdown no shut down
!
interface Serial0/0
ip address 192.1.234.2 255.255.255.0
encapsulation frame-relay
frame-relay map ip 192.1.234.3 203 broadcast
frame-relay map ip 192.1.234.4 204 broadcast
no frame-relay inverse-arp
no shutdown
R3 R4

interface Loopback0 interface Loopback0


ip address 3.3.3.3 255.0.0.0 ip address 4.4.4.4 255.0.0.0
! !
interface Ethernet0/0 interface Serial0/0

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
52 of 230
ip address 192.1.3.3 255.255.255.0 ip address 192.1.234.4 255.255.255.0
no shutdown encapsulation frame-relay
! frame-relay map ip 192.1.234.2 402 broadcast
interface Serial0/0 frame-relay map ip 192.1.234.3 402
ip address 192.1.234.3 255.255.255.0 no frame-relay inverse-arp
encapsulation frame-relay no shutdown
frame-relay map ip 192.1.234.2 302 broadcast
frame-relay map ip 192.1.234.4 302
no frame-relay inverse-arp
no shutdown
R5 Switch

interface Loopback0 interface Loopback0


ip address 5.5.5.5 255.0.0.0 ip address 55.55.55.55 255.0.0.0
! !
interface Ethernet0/0 interface Vlan3
ip address 192.1.5.5 255.255.255.0 ip address 192.1.3.33 255.255.255.0
no shutdown no shutdown
!
interface Vlan5
ip address 192.1.5.55 255.255.255.0
no shutdown

Task 1

Run OSPF as your Routing Protocol on all Routers and the Switch. Configure the Frame
Relay links as Point-to-multipoint network types. Advertise the networks in the following
areas:

Area 0 – R2 S 0/0, R3 S 0/0, R3 Loopback 0, R4 S 0/0, R4 Loopback 0


Area 10 – R1 Loopback 0, R1 E 0/0, R2 E 0/0, R2 Loopback 0
Area 100 – R3 E 0/0, SW VLAN 3, SW Loopback 0

R1 R2

router ospf 1 router ospf 1


router-id 1.1.1.1 router-id 2.2.2.2
network 1.0.0.0 0.255.255.255 area 10 network 2.0.0.0 0.255.255.255 area 10
network 192.1.12.0 0.0.0.255 area 10 network 192.1.12.0 0.0.0.255 area 10
network 192.1.234.0 0.0.0.255 area 0
!
interface S 0/0
ip ospf network point-to-mulitpoint
R3 R4

router ospf 1 router ospf 1


Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
53 of 230
router-id 3.3.3.3 network 4.0.0.0 0.255.255.255 area 0
network 3.0.0.0 0.255.255.255 area 100 network 192.1.234.0 0.0.0.255 area 0
network 192.1.3.0 0.0.0.255 area 100 !
network 192.1.234.0 0.0.0.255 area 0 interface S 0/0
! ip ospf network point-to-mulitpoint
interface S 0/0
ip ospf network point-to-mulitpoint
Switch

router ospf 1
network 55.0.0.0 0.255.255.255 area 100
network 192.1.3.0 0.0.0.255 area 100

Task 2

Run RIP as a Routing Protocol between R5 and the Switch. Advertise the Loopback on
R5 in RIP. Mutually Redistribute RIP and OSPF on the Switch.

R5 Switch

router rip router rip


network 5.0.0.0 network 192.1.5.0
network 192.1.5.0 redistribute ospf 1 metric 1
!
router ospf 1
redistribute rip subnets

Task 3

Create the following Loopbacks on R2:

Loopback 21 – 12.1.1.1/24
Loopback 22 – 12.1.2.1/24

Advertise these newly created loopbacks in OSPF using the network command. Make
sure they appear in the routing table using a /24 mask. Filter these routes going into Area
10. The configuration needs to be done on R2.

R2

interface Loopback21
ip address 12.1.1.1 255.255.255.0
ip ospf network point-to-point
!
interface Loopback21
ip address 12.1.2.1 255.255.255.0
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
54 of 230
ip ospf network point-to-point
!

Ip prefix-list A10-IN deny 12.1.1.0/24


Ip prefix-list A10-IN deny 12.1.2.0/24
Ip prefix-list A10-IN permit 0.0.0.0/0 le 32
!
Router OSPF 1
Network 12.1.1.0 0.0.0.255 area 0
Network 12.1.2.0 0.0.0.255 area 0
Area 10 filter-list prefix A10-IN in

Task 4

Create the following Loopbacks on R4:

Loopback 41 – 44.1.1.1/24
Loopback 42 – 44.1.2.1/24
Loopback 43 – 44.1.3.1/24
Loopback 44 – 44.1.4.1/24

Advertise these newly created loopbacks in OSPF without using the network command.

R4

interface Loopback41
ip address 44.1.1.1 255.255.255.0
!
interface Loopback42
ip address 44.1.2.1 255.255.255.0
!
interface Loopback43
ip address 44.1.3.1 255.255.255.0
!
interface Loopback44
ip address 44.1.4.1 255.255.255.0
!
access-list 1 permit 44.1.1.0 0.0.0.255
access-list 1 permit 44.1.2.0 0.0.0.255
access-list 1 permit 44.1.3.0 0.0.0.255
access-list 1 permit 44.1.4.0 0.0.0.255
!
route-map redcon permit 10
match ip address 1
!
router ospf 1
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
55 of 230
redistribute connected subnets route-map redcon

Task 5

Area 10 should not receive any Inter Area or External Routes. The devices in Area 10
should have full connectivity to the rest of the network. Do not use any filtering
mechanism.

R1 R2

router ospf 1 router ospf 1


area 10 stub area 10 stub no-summary

Task 6

Area 100 should not receive any Inter Area or External Routes from the Backbone. It
should have full connectivity to all routes. It Should maintain connectivity to routes
learned via RIP and propagate these routes to other Areas.

Switch R3

router ospf 1 router ospf 1


area 100 nssa area 100 nssa no-summary

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
56 of 230
Lab 6 – Summarization Inter-Area and
External Routes
(Builds on Lab 5)

Task 1

Create the following Loopbacks on R1:

Loopback 201 – 201.1.4.1/24


Loopback 202 – 201.1.5.1/24
Loopback 203 – 201.1.6.1/24
Loopback 204 – 201.1.7.1/24

Advertise these newly created loopbacks in OSPF using the network command. Make
sure they appear in the routing table using a /24 mask. These routes should be seen as a
single summarized route outside of area 10.

R1 R2

interface Loopback 201 Router OSPF 1


ip address 201.1.4.1 255.255.255.0 Area 10 range 201.1.4.0 255.255.252.0
ip ospf network point-to-point
!
interface Loopback 202
ip address 201.1.5.1 255.255.255.0
ip ospf network point-to-point
!
interface Loopback 203
ip address 201.1.6.1 255.255.255.0
ip ospf network point-to-point
!
interface Loopback 204
ip address 201.1.7.1 255.255.255.0
ip ospf network point-to-point
!
Router OSPF 1
Network 201.1.4.0 0.0.0.255 area 10
Network 201.1.5.0 0.0.0.255 area 10
Network 201.1.6.0 0.0.0.255 area 10
Network 201.1.7.0 0.0.0.255 area 10

Task 2

Create the following Loopbacks on R4:

Loopback 205 – 202.1.4.1/24


Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
57 of 230
Loopback 206 – 202.1.5.1/24
Loopback 207 – 202.1.6.1/24
Loopback 208 – 202.1.7.1/24

Advertise these newly created loopbacks in OSPF without using the network command.
Make sure they appear in the routing table using a /24 mask. These routes should be seen
be summarized.

R4

interface Loopback 205


ip address 202.1.4.1 255.255.255.0
ip ospf network point-to-point
!
interface Loopback 206
ip address 202.1.5.1 255.255.255.0
ip ospf network point-to-point
!
interface Loopback 207
ip address 202.1.6.1 255.255.255.0
ip ospf network point-to-point
!
interface Loopback 208
ip address 202.1.7.1 255.255.255.0
ip ospf network point-to-point
!
access-list 5 permit 202.1.4.0 0.0.0.255
access-list 5 permit 202.1.5.0 0.0.0.255
access-list 5 permit 202.1.6.0 0.0.0.255
access-list 5 permit 202.1.7.0 0.0.0.255
!
route-map redcon permit 10
match ip address 5
!
Router OSPF 1
Redistribute connected route-map redcon
Summary-address 202.1.4.0 255.255.252.0

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
58 of 230
Lab 7 – Redistribution

R1 R2
Lo 0 E 0/0 E 0/0 Lo 0

192.1.12.0/24
S 0/0
R4
192.1.234.0/24

Switch 1 S 0/0
192.1.3.0/24
Lo 0 VLAN 3 E 0/0 Lo 0
R3
VLAN 5
192.1.5.0/24

R5

R1

Interface IP Address Subnet Mask


Loopback 0 1.1.1.1 255.0. 0.0
E 0/0 192.1.12.1 255.255.255.0

R2

Interface IP Address Subnet Mask


E 0/0 192.1.12.2 255.255.255.0
S 0/0 192.1.234.2 255.255.255.0
Loopback 0 2.2.2.2 255.0.0.0

R3

Interface IP Address Subnet Mask


S 0/0 192.1.234.3 255.255.255.0
E 0/0 192.1.3.3 255.255.255.0
Loopback 0 3.3.3.3 255.0.0.0

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
59 of 230
R4

Interface IP Address Subnet Mask


Loopback 0 4.4.4.4 255.0.0.0
S 0/0 192.1.234.4 255.255.255.0

R5

Interface IP Address Subnet Mask


Loopback 0 5.5.5.5 255.0.0.0
E 0/0 192.1.5.5 255.255.255.0

Switch 1

Interface IP Address Subnet Mask


Loopback 0 55.55.55.55 255.0.0.0
VLAN 3 192.1.3.33 255.255.255.0
VLAN 5 192.1.5.55 255.255.255.0

Interface Configuration

R1 R2

interface Loopback0 interface Loopback0


ip address 1.1.1.1 255.0.0.0 ip address 2.2.2.2 255.0.0.0
! !
interface Ethernet0/0 interface Ethernet0/0
ip address 192.1.12.1 255.255.255.0 ip address 192.1.12.2 255.255.255.0
no shutdown no shut down
!
interface Serial0/0
ip address 192.1.234.2 255.255.255.0
encapsulation frame-relay
frame-relay map ip 192.1.234.3 203 broadcast
frame-relay map ip 192.1.234.4 204 broadcast
no frame-relay inverse-arp
no shutdown
R3 R4

interface Loopback0 interface Loopback0


ip address 3.3.3.3 255.0.0.0 ip address 4.4.4.4 255.0.0.0
! !
interface Ethernet0/0 interface Serial0/0
ip address 192.1.3.3 255.255.255.0 ip address 192.1.234.4 255.255.255.0
no shutdown encapsulation frame-relay
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
60 of 230
! frame-relay map ip 192.1.234.2 402 broadcast
interface Serial0/0 frame-relay map ip 192.1.234.3 402
ip address 192.1.234.3 255.255.255.0 no frame-relay inverse-arp
encapsulation frame-relay no shutdown
frame-relay map ip 192.1.234.2 302 broadcast
frame-relay map ip 192.1.234.4 302
no frame-relay inverse-arp
no shutdown
R5 Switch

interface Loopback0 interface Loopback0


ip address 5.5.5.5 255.0.0.0 ip address 55.55.55.55 255.0.0.0
! !
interface Ethernet0/0 interface Vlan3
ip address 192.1.5.5 255.255.255.0 ip address 192.1.3.33 255.255.255.0
no shutdown no shutdown
!
interface Vlan5
ip address 192.1.5.55 255.255.255.0
no shutdown

Lab Objective:

Task 1

Create the following Loopbacks on R1. Run RIP V2 as the Routing Protocol between R1
and R2. Advertise all directly connected networks including the newly created loopbacks
in RIP. Advertise the Loopback and the E 0/0 Interface on R2 in RIP.

Loopback 1 – 192.2.1.1/24
Loopback 2 – 192.2.2.1/24
Loopback 3 – 192.2.3.1/24
Loopback 4 – 192.2.4.1/24
Loopback 5 – 192.2.5.1/24
Loopback 6 – 192.2.6.1/24
Loopback 7 – 192.2.7.1/24
Loopback 8 – 192.2.8.1/24

R1 R2

interface Loopback1 router rip


ip address 192.2.1.1 255.255.255.0 version 2
! network 2.0.0.0
interface Loopback2 network 192.1.12.0
ip address 192.2.2.1 255.255.255.0 no auto-summary
!
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
61 of 230
interface Loopback3
ip address 192.2.3.1 255.255.255.0
!
interface Loopback4
ip address 192.2.4.1 255.255.255.0
!
interface Loopback5
ip address 192.2.5.1 255.255.255.0
!
interface Loopback6
ip address 192.2.6.1 255.255.255.0
!
interface Loopback7
ip address 192.2.7.1 255.255.255.0
!
interface Loopback8
ip address 192.2.8.1 255.255.255.0
!
router rip
version 2
network 1.0.0.0
network 192.1.12.0
network 192.2.1.0
network 192.2.2.0
network 192.2.3.0
network 192.2.4.0
network 192.2.5.0
network 192.2.6.0
network 192.2.7.0
network 192.2.8.0
no auto-summary

Task 2

Run EIGRP in AS 234 as the Routing Protocol between R2, R3 and R4. Advertise all
directly connected networks on R4 in EIGRP. Advertise the S 0/0 interfaces on R2 and
R3 in EIGRP. Also advertise the Loopback 0 network of R3 in EIGRP.

R2 R3

router eigrp 234 router eigrp 234


network 192.1.234.0 network 3.0.0.0
no auto-summary network 192.1.234.0
no auto-summary
R4

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
62 of 230
router eigrp 234
network 4.0.0.0
network 192.1.234.0
no auto-summary

Task 3

Run OSPF in Area 0 as the Routing Protocol between R3, the Switch and R5. Advertise
all directly connected networks on R5 in OSPF. Advertise the 2 VLAN interfaces and the
Loopback on the Switch in OSPF. Advertise the E 0/0 network in OSPF on R3.

R3 R5

router ospf 1 router ospf 1


network 192.1.3.0 0.0.0.255 area 0 network 5.0.0.0 0.255.255.255 area 0
network 192.1.5.0 0.0.0.255 area 0
Switch

router ospf 1
network 55.0.0.0 0.255.255.255 area 0
network 192.1.3.0 0.0.0.255 area 0
network 192.1.5.0 0.0.0.255 area 0

Task 4

Configure Mutual redistribution between RIP and EIGRP at the appropriate router.
Configure Mutual redistribution between EIGRP and OSPF at the appropriate router.
Make sure OSPF adds the cost of the links in the OSPF metric for the External Routes.

R2 R3

router eigrp 234 router eigrp 234


redistribute rip metric 1 1 1 1 1 redistribute ospf 1 metric 1 1 1 1 1
! !
router rip router ospf 1
redistribute eigrp 234 metric 5 redistribute eigrp 234 metric 150 metric-type 1 subnets

Task 5

The RIP routes should not be leaked to OSPF and OSPF routes should not be leaked to
RIP. Do not use the Distribute-list or Prefix-list command to accomplish this task. You
might have to re-configure the redistribution from the previous task to accomplish this.

R2

Route-map STAG per 10


Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
63 of 230
Set tag 120
!
Route-map MTAG deny 10
Match tag 110
Route-map MTAG permit 20
!
router eigrp 234
redistribute rip metric 1 1 1 1 1 route-map STAG
!
router rip
redistribute eigrp 234 metric 5 route-map MTAG
R3

Route-map STAG per 10


Set tag 110
!
Route-map MTAG deny 10
Match tag 120
Route-map MTAG permit 20
!

router eigrp 234


redistribute ospf 1 metric 1 1 1 1 1 route-map STAG
!
router ospf 1
redistribute eigrp 234 metric 150 metric-type 1 route-map MTAG subnets

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
64 of 230
Module 6 – BGP

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
65 of 230
Lab 1 – Connecting EBGP

Physical Layout

R1 R2
Loopback 0
Loopback 0 E 0/0 E 0/0

S 0/0
Loopback 1 Loopback 1
Loopback 1 S 0/0 Loopback 1

Loopback 0 E 0/0 E 0/0 Loopback 0


R4 R3

Logical Layout

AS 1 AS 2

R2
R1

R4
R3

AS 4 AS 3

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
66 of 230
Interface IP Address Configuration

R1

Interface IP Address Subnet Mask


Loopback 0 1.1.1.1 255.0.0.0
Loopback 1 11.1.0.1 255.255.0.0
E 0/0 192.1.12.1 255.255.255.0

R2

Interface IP Address Subnet Mask


Loopback 0 2.2.2.2 255.0.0.0
Loopback 1 12.1.0.1 255.255.0.0
E 0/0 192.1.12.2 255.255.255.0
S 0/0 192.1.23.2 255.255.255.0

R3

Interface IP Address Subnet Mask


Loopback 0 3.3.3.3 255.0.0.0
Loopback 1 13.1.0.1 255.255.0.0
S 0/0 192.1.23.3 255.255.255.0
E 0/0 192.1.34.3 255.255.255.0

R4

Interface IP Address Subnet Mask


Loopback 0 4.4.4.4 255.0.0.0
Loopback 1 14.1.0.1 255.255.0.0
E 0/0 192.1.34.4 255.255.255.0

Lab Objective:

Task 1

Configure a BGP neighbor relationship between R1 and R2. R1 should be in AS 1 and


R2 should be in AS 2. Advertise the loopback networks in BGP. Hard-code the Router ID
for the BGP routers as 11.11.11.11 for R1 and 22.22.22.22 for R2.

R1 R2

Router BGP 1 Router BGP 2


no auto-summary no auto-summary

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
67 of 230
no sync no sync
bgp router-id 11.11.11.11 bgp router-id 22.22.22.22
Network 1.0.0.0 Network 2.0.0.0
Network 11.1.0.0 mask 255.255.0.0 Network 12.1.0.0 mask 255.255.0.0
Neighbor 192.1.12.2 remote-as 2 Neighbor 192.1.12.1 remote-as 1

Task 2

Configure a BGP neighbor relationship between R2 and R3. R2 should already be


configured in AS 2 and R3 should be in AS 3. Advertise the loopback network of R3 in
BGP. Hard-code the Router ID for R3 as 33.33.33.33

R2 R3

Router BGP 2 Router BGP 3


Neighbor 192.1.23.3 remote-as 3 no auto-summary
no sync
bgp router-id 33.33.33.33
Network 3.0.0.0
Network 13.1.0.0 mask 255.255.0.0
Neighbor 192.1.23.2 remote-as 2

Task 3

Configure a BGP neighbor relationship between R3 and R4. R# should already be


configured in AS 3 and R4 should be in AS 4. Advertise the loopback network of R4 in
BGP. Hard-code the Router ID for R4 as 44.44.44.44. Establish the neighbor relationship
based on Loopback 0 addresses. You are allowed to create a static route on each router to
accomplish this task.

R3 R4

Ip route 4.0.0.0 255.0.0.0 192.1.34.4 Ip route 3.0.0.0 255.0.0.0 192.1.34.3


! !
Router BGP 3 Router BGP 4
Neighbor 4.4.4.4 remote-as 4 no auto-summary
Neighbor 4.4.4.4 update-source loop 0 no sync
Neighbor 4.4.4.4 ebgp-multihop bgp router-id 44.44.44.44
Network 4.0.0.0
Network 14.1.0.0 mask 255.255.0.0
Neighbor 3.3.3.3 remote-as 3
Neighbor 3.3.3.3 update-source loop 0
Neighbor 3.3.3.3 ebgp-mulithop

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
68 of 230
Lab 2 – BGP Neighbor MD5 Authentication

(Builds on Lab 1)

Lab Objective:

Task 1

Configure MD5 Authentication between R1 and R2 using a password of cciers.

R1 R2

Router BGP 1 Router BGP 2


Neighbor 192.1.12.2 password cciers Neighbor 192.1.12.1 password cciers

Task 2

Configure MD5 Authentication between R2 and R3 using a password of cciesec.

R2 R3

Router BGP 2 Router BGP 3


Neighbor 192.1.23.3 password cciesec Neighbor 192.1.23.2 password cciesec

Task 3

Configure MD5 Authentication between R3 and R4 using a password of cciers.

R3 R4

Router BGP 3 Router BGP 4


Neighbor 4.4.4.4 password cciers Neighbor 3.3.3.3 password cciers

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
69 of 230
Lab 3 – Configuring Route Reflectors

Physical Layout

R1 R2
Loopback 0 E 0/0 E 0/0 Loopback 0

S 0/0

S 0/0

Loopback 0 E 0/0 E 0/0 Loopback 0


R4 R3

Logical Layout

R3

AS 234
AS 1

R3

R1 R2 R4

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
70 of 230
Interface IP Address Configuration
R1

Interface IP Address Subnet Mask


Loopback 0 1.1.1.1 255.0.0.0
Loopback 1 11.1.0.1 255.255.0.0
E 0/0 192.1.12.1 255.255.255.0

R2

Interface IP Address Subnet Mask


Loopback 0 2.2.2.2 255.0.0.0
Loopback 1 12.1.0.1 255.255.0.0
E 0/0 192.1.12.2 255.255.255.0
S 0/0 192.1.23.2 255.255.255.0

R3

Interface IP Address Subnet Mask


Loopback 0 3.3.3.3 255.0.0.0
Loopback 1 13.1.0.1 255.255.0.0
S 0/0 192.1.23.3 255.255.255.0
E 0/0 192.1.34.3 255.255.255.0

R4

Interface IP Address Subnet Mask


Loopback 0 4.4.4.4 255.0.0.0
Loopback 1 14.1.0.1 255.255.0.0
E 0/0 192.1.34.4 255.255.255.0

Lab Objective:

Task 1

Configure a neighbor relationship between R1 and R2 based on the Logical diagram.


Advertise the Loopback networks on both Routers. Hard-code the Router ID for the BGP
routers as 11.11.11.11 for R1 and 22.22.22.22 for R2.

R1 R2

Router BGP 1 Router BGP 234


no auto-summary no auto-summary

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
71 of 230
no sync no sync
bgp router-id 11.11.11.11 bgp router-id 22.22.22.22
Network 1.0.0.0 Network 2.0.0.0
Network 11.1.0.0 mask 255.255.0.0 Network 12.1.0.0 mask 255.255.0.0
Neighbor 192.1.12.2 remote-as 234 Neighbor 192.1.12.1 remote-as 1

Task 2

Configure RIP V2 as the routing protocol within AS 234. Only advertise the internal
physical link in RIP on R2, R3 and R4. Do not advertise the link between R1 and R2 in
RIP.

R2 R3

Router RIP Router RIP


Version 2 Version 2
no auto-summary no auto-summary
Network 192.1.23.0 Network 192.1.23.0
Network 192.1.34.0
R4

Router RIP
no auto-summary
Network 192.1.34.0

Task 3

Configure neighbor relationships between R2 and R3 and another one between R3 and
R4. Do not configure a neighbor relationship between R2 and R4. Advertise the
Loopback networks under BGP. Make sure routes from R1 can get propagated to R3 and
R4. Do not use a Confederation to accomplish this.

R2 R3

Router BGP 234 Router BGP 234


no auto-summary no auto-summary
no sync no sync
Network 2.0.0.0 Network 3.0.0.0
Network 12.1.0.0 mask 255.255.0.0 Network 13.1.0.0 mask 255.255.0.0
Neighbor 192.1.23.3 remote-as 234 Neighbor 192.1.23.2 remote-as 234
Neighbor 192.1.23.3 next-hop-self Neighbor 192.1.23.2 route-reflector-client
Neighbor 192.1.34.4 remote-as 234
Neighbor 192.1.34.4 route-reflector-client
R4

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
72 of 230
Router BGP 234
no auto-summary
no sync
Network 4.0.0.0
Network 14.1.0.0 mask 255.255.0.0
Neighbor 192.1.34.3 remote-as 234

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
73 of 230
Lab 4 – Route Filtering using Distribute List

(Builds on R3)

Lab Objective:

Task 1

Create the following Loopbacks on R2

Loopback 1 – 192.2.1.1/24
Loopback 2 – 192.2.2.1/24
Loopback 3 – 192.2.3.1/24
Loopback 4 – 192.2.4.1/24
Loopback 5 – 192.2.5.1/24
Loopback 6 – 192.2.6.1/24
Loopback 7 – 192.2.7.1/24
Loopback 8 – 192.2.8.1/24

R2

interface Loopback1
ip address 192.2.1.1 255.255.255.0
!
interface Loopback2
ip address 192.2.2.1 255.255.255.0
!
interface Loopback3
ip address 192.2.3.1 255.255.255.0
!
interface Loopback4
ip address 192.2.4.1 255.255.255.0
!
interface Loopback5
ip address 192.2.5.1 255.255.255.0
!
interface Loopback6
ip address 192.2.6.1 255.255.255.0
!
interface Loopback7
ip address 192.2.7.1 255.255.255.0
!
interface Loopback8
ip address 192.2.8.1 255.255.255.0

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
74 of 230
Task 2

Advertise the newly created routes in BGP. Do not use the network command to
accomplish this. These routes should have an origin code of “igp”.

R2

Access-list 1 permit 192.2.1.1 0.0.0.255


Access-list 1 permit 192.2.2.1 0.0.0.255
Access-list 1 permit 192.2.3.1 0.0.0.255
Access-list 1 permit 192.2.4.1 0.0.0.255
Access-list 1 permit 192.2.5.1 0.0.0.255
Access-list 1 permit 192.2.6.1 0.0.0.255
Access-list 1 permit 192.2.7.1 0.0.0.255
Access-list 1 permit 192.2.8.1 0.0.0.255
!
Route-map redcon permit 10
Match address 1
Set origin igp
!
Router bgp 234
Redistribute connected route-map redcon

Task 3

Configure R2 such that it blocks all the 192.2.X.0 routes that have an odd number in the
third octet from propagating outside the local AS. Use the distribute-list command to
accomplish this task.

R2

Access-list 1 deny 192.2.1.0 0.0.254.255


Access-list 1 permit any
!
Router bgp 234
Neighbor 192.1.12.1 distribute-list 1 out

Task 4

Configure R4 such that it blocks all the 192.2.X.0 routes that have an even number in the
third octet from coming in. Make sure that even if in the future that a neighbor
relationship is established between R2 and R4 these routes don’t come into R4. Use the
distribute-list command to accomplish this task.

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
75 of 230
R4

Access-list 1 deny 192.2.0.0 0.0.254.255


Access-list 1 permit any
!
Router bgp 234
distribute-list 1 in

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
76 of 230
Lab 5 – Route Filtering using Prefix-List

(Builds on R4)

Task 1

Create the following Loopbacks on R3

Loopback 1 – 150.3.16.1/20
Loopback 2 – 150.3.36.1/22
Loopback 3 – 150.3.40.1/22
Loopback 4 – 150.3.50.1/23
Loopback 5 – 150.3.65.1/24
Loopback 6 – 150.13.0.1/16
Loopback 7 – 150.14.64.1/18

R3

interface Loopback1
ip address 150.3.16.1 255.255.240.0
!
interface Loopback2
ip address 150.3.36.1 255.255.252.0
!
interface Loopback3
ip address 150.3.40.1 255.255.252.0
!
interface Loopback4
ip address 150.3.50.1 255.255.254.0
!
interface Loopback5
ip address 150.3.65.1 255.255.255.0
!
interface Loopback6
ip address 150.13.0.1 255.255.0.0
!
interface Loopback7
ip address 150.14.64.1 255.255.192.0

Task 2

Advertise the newly created routes in BGP using the Network command.

R3

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
77 of 230
Router bgp 234
Network 150.3.16.0 mask 255.255.240.0
Network 150.3.36.0 mask 255.255.252.0
Network 150.3.40.0 mask 255.255.252.0
Network 150.3.50.0 mask 255.255.254.0
Network 150.3.65.0 mask 255.255.255.0
Network 150.13.0.0
Network 150.14.64.0 mask 255.255.192.0

Task 3

Configure R2 such that it blocks all the 150.X.X.0 routes that have a subnet mask
between 17 and 23 bits.

R2

IP Prefix-list PLIST deny 150.0.0.0/8 ge 17 le 23


IP Prefix-list PLIST permit 0.0.0.0/0 le 32
!
Router bgp 234
Neighbor 192.1.23.3 prefix-list PLIST in

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
78 of 230
Lab 6 – AS Path-Filter

Physical Layout

R1 R2
Loopback 0 E 0/0 E 0/0 Loopback 0

S 0/0

S 0/0

Loopback 0 E 0/0 E 0/0 Loopback 0


R4 R3

Logical Layout

AS 1

R2
R1

AS 23

R4
R3

AS 4

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
79 of 230
Interface IP Address Configuration
R1

Interface IP Address Subnet Mask


Loopback 0 1.1.1.1 255.0.0.0
Loopback 1 11.1.0.1 255.255.0.0
E 0/0 192.1.12.1 255.255.255.0

R2

Interface IP Address Subnet Mask


Loopback 0 2.2.2.2 255.0.0.0
Loopback 1 12.1.0.1 255.255.0.0
E 0/0 192.1.12.2 255.255.255.0
S 0/0 192.1.23.2 255.255.255.0

R3

Interface IP Address Subnet Mask


Loopback 0 3.3.3.3 255.0.0.0
Loopback 1 13.1.0.1 255.255.0.0
S 0/0 192.1.23.3 255.255.255.0
E 0/0 192.1.34.3 255.255.255.0

R4

Interface IP Address Subnet Mask


Loopback 0 4.4.4.4 255.0.0.0
Loopback 1 14.1.0.1 255.255.0.0
E 0/0 192.1.34.4 255.255.255.0

Lab Objective:

Task 1

Configure a neighbor relationship between R1 and R2 based on the Logical diagram.


Advertise the Loopback networks on both Routers. Hard-code the Router ID for the BGP
routers as 11.11.11.11 for R1 and 22.22.22.22 for R2.

R1 R2

Router BGP 1 Router BGP 23

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
80 of 230
no auto-summary no auto-summary
no sync no sync
bgp router-id 11.11.11.11 bgp router-id 22.22.22.22
Network 1.0.0.0 Network 2.0.0.0
Network 11.1.0.0 mask 255.255.0.0 Network 12.1.0.0 mask 255.255.0.0
Neighbor 192.1.12.2 remote-as 23 Neighbor 192.1.12.1 remote-as 1

Task 2

Configure a neighbor relationship between R3 and R4 based on the Logical diagram.


Advertise the Loopback networks on both Routers. Hard-code the Router ID for the BGP
routers as 33.33.33 for R3 and 44.44.44.44 for R4.

R3 R4

Router BGP 23 Router BGP 4


no auto-summary no auto-summary
no sync no sync
bgp router-id 33.33.33.33 bgp router-id 44.44.44.44
Network 3.0.0.0 Network 4.0.0.0
Network 13.1.0.0 mask 255.255.0.0 Network 14.1.0.0 mask 255.255.0.0
Neighbor 192.1.34.4 remote-as 4 Neighbor 192.1.34.3 remote-as 23

Task 3

Configure a neighbor relationship between R2 and R3 based on the Logical diagram.


When R2 sends routes that it learns from R1, it should sent 192.1.23.2 as the next hop for
those routes. When R3 sends routes that it learns from R4, it should sent 192.1.23.3 as the
next hop for those routes.

R2 R3

Router BGP 23 Router BGP 23


Neighbor 192.1.23.3 remote-as 23 Neighbor 192.1.23.2 remote-as 23
Neighbor 192.1.23.3 next-hop-self Neighbor 192.1.23.2 next-hop-self

Task 4

Configure BGP such that AS 4 does not use AS 23 to get AS 1 routes. Configuration
should be done in AS 4.

R4

Ip as-path access-list 1 deny _1$


Ip as-path access-list 1 permit .*
!
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
81 of 230
Router BGP 4
Neighbor 192.1.34.3 filter-list 1 in

Task 5

Configure BGP such that AS 1 does not use AS 23 to get AS 4 routes. Configuration
should be done in AS 23. You are only allowed a single line in the AS-path filter.

R2

Ip as-path access-list 1 permit ^$


!
Router BGP 23
Neighbor 192.1.12.1 filter-list 1 out

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
82 of 230
Lab 7 – Route Aggregation

(Builds on Lab 6)

Task 1

Create the following Loopbacks on R3 and advertise them under BGP:

Loopback 1 – 203.1.4.1/24
Loopback 2 – 203.1.5.1/24
Loopback 3 – 203.1.6.1/24
Loopback 4 – 203.1.7.1/24

R3

interface Loopback1
ip address 203.1.4.1 255.255.255.0
!
interface Loopback2
ip address 203.1.5.1 255.255.255.0
!
interface Loopback3
ip address 203.1.6.1 255.255.255.0
!
interface Loopback4
ip address 203.1.7.1 255.255.255.0
!
Router BGP 23
Network 203.1.4.0
Network 203.1.5.0
Network 203.1.6.0
Network 203.1.7.0

Task 2

Configure Route Aggregation on R3 such that these routes are summarized as a single
route. Only the Summary route should be send to R3’s neighbors.

R3

Router bgp 234


Aggregate-address 203.1.4.0 255.255.252.0 summary-only

Task 3

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
83 of 230
Create the following Loopbacks on R4 and advertise them under BGP:

Loopback 1 – 204.1.4.1/24
Loopback 2 – 204.1.5.1/24
Loopback 3 – 204.1.6.1/24
Loopback 4 – 204.1.7.1/24

R4

interface Loopback1
ip address 204.1.4.1 255.255.255.0
!
interface Loopback2
ip address 204.1.5.1 255.255.255.0
!
interface Loopback3
ip address 204.1.6.1 255.255.255.0
!
interface Loopback4
ip address 204.1.7.1 255.255.255.0
!
Router BGP 4
Network 204.1.4.0
Network 204.1.5.0
Network 204.1.6.0
Network 204.1.7.0

Task 4

Configure Route Aggregation on R4 such that these routes are summarized as a single
route. Only the Summary route should be send to R4’s neighbor. The routes should not
be seen as suppressed on R4. Use the minimum number of lines in your filtering
mechanism.

R4

IP Prefix-list PLIST deny 204.1.4.0/22 ge 24


IP Prefix-list PLIST permit 0.0.0.0/0 le 32
!
Router bgp 4
Aggregate-address 204.1.4.0 255.255.252.0
Neighbor 192.1.34.3 prefix-list PLIST out

Task 5

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
84 of 230
Create the following Loopbacks on R2 and advertise them under BGP:

Loopback 1 – 202.1.4.1/24
Loopback 2 – 202.1.5.1/24
Loopback 3 – 202.1.6.1/24
Loopback 4 – 202.1.7.1/24

R2

interface Loopback1
ip address 202.1.4.1 255.255.255.0
!
interface Loopback2
ip address 202.1.5.1 255.255.255.0
!
interface Loopback3
ip address 202.1.6.1 255.255.255.0
!
interface Loopback4
ip address 202.1.7.1 255.255.255.0
!
Router BGP 23
Network 202.1.4.0
Network 202.1.5.0
Network 202.1.6.0
Network 202.1.7.0

Task 6

Configure Route Aggregation on R2 such that these routes are summarized as a single
route. Only the Summary route and the 202.1.5.0 route should be send to R2’s neighbor.

R2

Access-list 5 permit 202.1.5.0 0.0.0.255


!
Route-map SUPMAP deny 10
Match address 5
Route-map SUPMAP permit 20
!
Router bgp 4
Aggregate-address 202.1.4.0 255.255.252.0 supress-map SUPMAP

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
85 of 230
Lab 8 – Working with AS #’s

Physical Layout

R1 R2
Loopback 0 E 0/0 E 0/0 Loopback 0

S 0/0

S 0/0

Loopback 0
R3

Logical Layout

AS 1 AS 2

R2
R1

R3

AS 65500

Interface IP Address Configuration


Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
86 of 230
R1

Interface IP Address Subnet Mask


Loopback 0 1.1.1.1 255.0.0.0
E 0/0 192.1.12.1 255.255.255.0

R2

Interface IP Address Subnet Mask


Loopback 0 2.2.2.2 255.0.0.0
E 0/0 192.1.12.2 255.255.255.0
S 0/0 192.1.23.2 255.255.255.0

R3

Interface IP Address Subnet Mask


Loopback 0 3.3.3.3 255.0.0.0
S 0/0 192.1.23.3 255.255.255.0

Lab Objective:

Task 1

Configure R2 for BGP under AS 2. Hard-code the Router-id as 22.22.22.22. Advertise


the Loopback 0 network under BGP.

R2

Router bgp 2
No auto-summary
No Sync
Bgp router-id 22.22.22.22
Network 2.0.0.0

Task 2

Configure R1 for BGP under AS 1. Hard-code the Router-id as 11.11.11.11. Advertise


the Loopback 0 network under BGP. Setup a neighbor relationship between R1 and R2.
R1 sees R2 in AS 12. You cannot change the AS # on R2 to accomplish this task.

R1 R2

Router BGP 1 Router BGP 2


No auto-summary Neighbor 192.1.12.1 remote-as 1
No Sync Neighbor 192.1.12.1 local-as 12
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
87 of 230
Bgp router-id 11.11.11.11
Network 1.0.0.0
Neighbor 192.1.12.2 remote-as 12

Task 3

Configure R3 for BGP under AS 65500. Hard-code the Router-id as 33.33.33.33.


Advertise the Loopback 0 network under BGP. Setup a neighbor relationship between R3
and R2. R3 sees R2 in AS 23. You cannot change the AS # on R2 to accomplish this task.

R3 R2

Router BGP 65500 Router BGP 2


No auto-summary Neighbor 192.1.23.3 remote-as 65500
No Sync Neighbor 192.1.23.3 local-as 23
Bgp router-id 33.33.33.33
Network 3.0.0.0
Neighbor 192.1.23.2 remote-as 23

Task 4

Reconfigure R1, R2 and R3 such that they use the actual AS number for R2 (2).

R1

Router BGP 1
No Neighbor 192.1.12.2 remote-as 12
Neighbor 192.1.12.2 remote-as 2
R3

Router BGP 65500


No Neighbor 192.1.23.2 remote-as 23
Neighbor 192.1.23.2 remote-as 2
R2

Router BGP 1
No Neighbor 192.1.12.1 local-as 12
No Neighbor 192.1.23.3 local-as 23

Task 5

Configure R2 such that the Private AS number is removed from the AS Path when 3.0.0.0
gets send to R1. You are only allowed a single command to accomplish this task.

R2

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
88 of 230
Router BGP 2
Neighbor 192.1.12.1 remove-private-as

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
89 of 230
Lab 9 – Confederations

Physical Layout

R1 R2
Loopback 0 E 0/0 E 0/0 Loopback 0

S 0/0

S 0/0

Loopback 0 E 0/0 E 0/0 Loopback 0


R4 R3

Logical Layout

R2

AS 2 AS 4

AS 123
R1 R3 R4
AS 1 AS 3

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
90 of 230
Interface IP Address Configuration
R1

Interface IP Address Subnet Mask


Loopback 0 1.1.1.1 255.0.0.0
E 0/0 192.1.12.1 255.255.255.0

R2

Interface IP Address Subnet Mask


Loopback 0 2.2.2.2 255.0.0.0
E 0/0 192.1.12.2 255.255.255.0
S 0/0 192.1.23.2 255.255.255.0

R3

Interface IP Address Subnet Mask


Loopback 0 3.3.3.3 255.0.0.0
S 0/0 192.1.23.3 255.255.255.0
E 0/0 192.1.34.3 255.255.255.0

R4

Interface IP Address Subnet Mask


Loopback 0 4.4.4.4 255.0.0.0
E 0/0 192.1.34.4 255.255.255.0

Lab Objective:

Task 1

Configure RIP V2 as the routing protocol between R1, R2 and R3. Only advertised the
R1-R2 and R2-R3 links in RIP on the appropriate routers.

R1 R2

Router RIP Router RIP


No auto-summary No auto-summary
Version 2 Version 2
Network 192.1.12.0 Network 192.1.12.0
Network 192.1.23.0
R3

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
91 of 230
Router RIP
No auto-summary
Version 2
Network 192.1.23.0

Task 2

Configure AS 1, AS 2 and AS 3 are Sub Autonomous Systems of a Larger AS 123 using


Confederations. Advertise the Loopback 0 networks under BGP in AS 1, AS 2 and AS 3.
Configure a Neighbor relationship between AS 1 and AS 2 and another Neighbor
relationship between AS 2 and AS 3.

R1 R2

Router BGP 1 Router BGP 2


No auto-summary No auto-summary
No Sync No Sync
Network 1.0.0.0 Network 2.0.0.0
Neighbor 192.1.12.2 remote-as 2 Neighbor 192.1.12.1 remote-as 1
bgp confederation identifier 123 Neighbor 192.1.23.3 remote-as 3
bgp confederation peers 2 bgp confederation identifier 123
bgp confederation peers 1 3
R3

Router BGP 3
No auto-summary
No Sync
Network 3.0.0.0
Neighbor 192.1.23.2 remote-as 2
bgp confederation identifier 123
bgp confederation peers 2

Task 3

Configure a neighbor relationship between R3 and R4. R4 is in AS 4. It peers with R3 in


the confederation AS 123. Advertise the loopback 0 interface under BGP in AS 4.

R3 R4

Router BGP 3 Router BGP 4


Neighbor 192.1.34.4 remote-as 4 No auto-summary
No Sync
Network 4.0.0.0
Neighbor 192.1.34.3 remote-as 123

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
92 of 230
Lab 10 – Configuring MED

Physical Layout

R1 R2
Loopback 0 E 0/0 E 0/0 Loopback 0

S 0/0 S 0/0

S 0/0 S 0/0

Loopback 0 E 0/0 E 0/0 Loopback 0


R4 R3

Logical Layout

R2

AS 1

AS 234
R3

R1

R4

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
93 of 230
Interface IP Address Configuration
R1

Interface IP Address Subnet Mask


Loopback 0 1.1.1.1 255.0.0.0
E 0/0 192.1.12.1 255.255.255.0
S 0/0 192.1.14.1 255.255.255.0

R2

Interface IP Address Subnet Mask


Loopback 0 2.2.2.2 255.0.0.0
E 0/0 192.1.12.2 255.255.255.0
S 0/0 192.1.23.2 255.255.255.0

R3

Interface IP Address Subnet Mask


Loopback 0 3.3.3.3 255.0.0.0
S 0/0 192.1.23.3 255.255.255.0
E 0/0 192.1.34.3 255.255.255.0

R4

Interface IP Address Subnet Mask


Loopback 0 4.4.4.4 255.0.0.0
E 0/0 192.1.34.4 255.255.255.0
S 0/0 192.1.14.4 255.255.255.0

Task 1

Run RIP V2 as the IGP in AS 234. Advertise the directly connected links under RIP. Do
not advertise the external links (192.1.12.0, 192.1.14.0) or the Loopbacks in RIP.

R2 R3

Router RIP Router RIP


Version 2 Version 2
No auto-summary No auto-summary
Network 192.1.23.0 Network 192.1.23.0
Network 192.1.34.0
R4

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
94 of 230
Router RIP
Version 2
No auto-summary
Network 194.1.34.0

Task 2

Configure the routers under BGP based on the Logical diagram. Configure the Neighbor
relationships also based on the Logical diagram. Advertise Loopback 0 Networks on all
routers under BGP. Make sure the 1.0.0.0 gets put into the routing table of R3. Also make
sure that Routes from R2 are getting propagated to R4 and vice versa.

R1 R2

Router BGP 1 Router BGP 234


No auto-summary No auto-summary
No sync No sync
Network 1.0.0.0 Network 2.0.0.0
Neighbor 192.1.12.2 remote-as 234 Neighbor 192.1.12.1 remote-as 1
Neighbor 192.1.14.4 remote-as 234 Neighbor 192.1.23.3 remote-as 234
Neighbor 192.1.23.3 next-hop-self
R3 R4

Router BGP 234 Router BGP 234


No auto-summary No auto-summary
No sync No sync
Network 3.0.0.0 Network 4.0.0.0
Neighbor 192.1.23.2 remote-as 234 Neighbor 192.1.34.3 remote-as 234
Neighbor 192.1.23.2 route-reflector-client Neighbor 192.1.34.3 next-hop-self
Neighbor 192.1.34.4 remote-as 234 Neighbor 192.1.14.1 remote-as 1
Neighbor 192.1.34.4 route-reflector-client

Task 3

All ingress (incoming) traffic to AS 234 should use the path thru R4 using the MED
attribute. Configure the MED on R2 to 100. R4’s MED is 0 by default. Lower MED will
be preferred.

R2

Route-map SETMED permit 10


Set metric 100
!
Router BGP 234
Neighbor 192.1.12.1 route-map SETMED out

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
95 of 230
Lab 11 – Setting Local Preference

(Builds on Lab 10)

Lab Objective:

Task 1

Configure AS 234 such that all traffic destined for AS 1 should go through R2 in the
outbound direction.Use Local-Preference Attribute to accomplish this.

R2

Route-map SETLP permit 10


Set Local-preference 200
!
Router BGP 234
Neighbor 192.1.12.1 route-map SETLP in

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
96 of 230
Lab 12 – Setting Cisco Weight Attribute

(Builds on Lab 11)

Lab Objective:

Task 1

Configure AS 1 such that all traffic destined for network 3.0.0.0 should go thru R2. It is
taking the R1-R4 route because of the MED attribute set in Lab 11. Use the Weight
attribute to accomplish this task.

R1

Access-list 3 permit 3.0.0.0 0.255.255.255


!
Route-map SETWT permit 10
Match address 3
Set weight 5000
Route-map SETWT permit 20
!
Router BGP 1
Neighbor 192.1.12.2 route-map SETWT in

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
97 of 230
Module 7 – Advanced Switching
Part I

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
98 of 230
Lab 1 – Advanced Switch Configurations

Task 1

Configure VTP on both switches as follows:


Domain name = CCIE
Password = Cisco
Mode = Transparent

On Both Switches

Vtp domain CCIE


Vtp password Cisco
Vtp Mode Transparent

Task 2
Configure ports F0/XX and F0/XX as trunk links using an industry standard protocol,
these links should appear to STP as a single link using an IEEE mode and none of the
interfaces should be in blocking state. If one of the links fails, the traffic should use the
other link without any interruption. Any other link on your topology connecting the 2
switches should be shutdown. The protocol should be unconditionally LACP.

SW1 SW2

Interface range F0/13 - 14 Interface range F0/13 - 14


Switchport trunk encap dot1q Switchport trunk encap dot1q
Switchport mode trunk Switchport mode trunk
Channel-group 1 mode active Channel-group 1 mode active

Task 3
Ensure that the EtherChannel created in the previous step uses destination MAC
addresses to load-balance the traffic load. Also make sure it can be able to detect
unidirectional link failure, when a unidirectional link fails, shuts down the affected port.

SW1 SW2

port-channel load-balance dst-mac port-channel load-balance dst-mac


! !
Interface range F0/13 - 14 Interface range F0/13 - 14
udld port aggresive udld port aggresive

Task 4

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
99 of 230
Port F0/18 on SW1 is connected to a Cisco 7960 IP Phone. Voice traffic that originates
from the phone is tagged with a CoS of 5. A PC is connected to the 7960 IP Phone which
is generating traffic with CoS of 3. Ensure that the data traffic belongs to VLAN 3 and
the Voice traffic belongs to VLAN 5. The traffic originated by the 7960 IP Phone should
maintain it’s CoS value, whereas the traffic that originated from the PC connected to the
7960 IP Phone should be re-written with a CoS of 1.

SW1

Mls qos

Interface F0/18
Switchport access Vlan 3
Switchport voice Vlan 5
Switchport priority extend cos 1
Mls qos trust cos

Task 5
Disable the Ether-channeling between SW1 and SW2. Configure Multi-instance of
Spanning Tree on the switches as follows:

 There should be two instances of STP, instance 1 and 2


 Instance 1 should handle VLANs 12 and 34
 Instance 2 should handle VLAN 56
 All future VLANs should use instance 0
 Instance 1 should use F0/13
 Instance 2 should use F0/14
 SW1 should be the root bridge for the first instance
 SW2 should be the root bridge for the second instance
 The name of this configuration should be CCIE
 The revision number should be 1
SW1 SW2

Interface range F0/13 - 14 Interface range F0/13 - 14


No Channel-group 1 mode desirable No Channel-group 1 mode desirable
! !
Spanning-tree mode mst Spanning-tree mode mst
! !
Spanning-tree mst configuration Spanning-tree mst configuration
Revision 1 Revision 1
Name CCIE Name CCIE
Instance 1 vlan 12,34 Instance 1 vlan 12,34
Instance 2 vlan 56 Instance 2 vlan 56
! !
Spanning-tree mst 1 priority 0 Spanning-tree mst 1 priority 4096
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
100 of 230
Spanning-tree mst 2 priority 4096 Spanning-tree mst 2 priority 0
! !
Int F0/13 Int F0/14
Spanning-tree mst 1 port-priority 0 Spanning-tree mst 2 port-priority 0

Task 6

There is a protocol analyzer connected to SW2 port F0/18. You received a request to
monitor and analyze all packets for port F0/16 on SW1, configure the switches to
accommodate this request.

SW1

Vlan 90
Remote-span
Exit
Monitor session 1 source interface F0/16
Monitor session 1 destination remote vlan 90 reflector-port F0/17
SW2

Monitor session 1 source vlan 90


Monitor session 1 destination interface F0/18

Task 7

You have been requested to implement the following policy on SW1:

 Hosts 192.1.34.1 and 192.1.34.2 in VLAN34 should not have access to the server
with an IP address of 192.1.34.100 in their own VLAN

 VLAN34 should NOT forward IGMP protocol

SW1

access-list 121 permit igmp any any


!
access-list 122 permit ip host 192.1.34.1 host 192.1.34.100
access-list 122 permit ip host 192.1.34.2 host 192.1.34.100
Exit
!
Vlan access-map TEST 10
Match ip addr 121
Action drop
Vlan access-map TEST 20
Match ip addr 122
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
101 of 230
Action drop
Vlan access-map TEST 30
Action forward
!
Vlan filter TEST vlan-list 34

Task 8

Configure the ports that the routers are connected such that they only allow one MAC-
address to be connected to their assigned ports. If any other MAC address is detected on
any of these ports, the appropriate switch should automatically shutdown that given port.
Use a regular and smart port macro to accomplish this task.

Cat-1

Define interface-range Router-Ports F0/1 - 6


(The above command defines a range of ports on the switch and names them Router-Ports,
in some documentation this is referred to as a regular macro)

Macro name Port-Secure


Enter macro commands one per line. End with the character '@'.
switchport mode access
switchport port-security
switchport port-security mac-address sticky
@
Cat-1(config)#
(The above configuration configures a smartport macro. A smartport macro is started by
the “Macro name” command and then followed by an arbitrary name that is assigned to the
macro.
Once that command is entered, a message is displayed in the next command line. This
message tells us to use the @ sign in order to end this macro.
Line 3 to line 7 contains the actual commands that the macro will execute. A smartport
macro can be applied to an interface, interface range, or a regular macro.

Lastly the Smartport Macro is applied to the regular macro, as follows;

Interface range macro Router-Ports


Macro apply Port-Secure

Task 9

On Cat-2 port F0/14 configure the amount of bandwidth utilization for broadcast traffic
to 50%.

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
102 of 230
Cat-2
Interface F0/14
Storm-control broadcast level 50.00

Task 10

The PCs that are connected or will be connected to Cat-1 ports F0/17 – 18 should get
authenticated before they are allowed access to the network. This authentication should
use CSACS located at 192.168.1.2 using “cisco” as the key. If the user does not a 802.1X
client, the port should be put in VLAN 250. If the user provides wrong credentials to
login, it should be put in VLAN 260. Upon successful authentication, it should be put in
VLAN 240.

Cat-1
VLAN 240
VLAN 250
VLAN 260
!
Dot1x system-auth-control
!
Aaa new-model
aaa authentication dot1x default group radius
!
Radius-server host 192.168.1.2 key Cisco
!
Interface f0/17
Switch mode access
Switch access vlan 240
Dot1x port-control auto
Dot1x guest-vlan 250
Dot1x auth-fail vlan 260

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
103 of 230
Module 7 – Advanced Switching
Part II

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
104 of 230
Lab 1 – QinQ Configuration

SW1
SW3
Vlan
90

Vlan 80

SW2
SW4
Vlan
90

Vlan 2

Task 1

Configure SW1 and SW2 in transparent mode. Set the Domain name to CCIE. Create
VLAN 80 and 90 on them.

SW1

VTP Domain CCIE


VTP mode Transparent
!
VLAN 80
VLAN 90
SW2

VTP Domain CCIE


VTP mode Transparent
!
VLAN 80
VLAN 90

Task 2

Configure SVI’s on SW1 and SW2 based on the following table:

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
105 of 230
SW1
Interface IP Address Subnet Mask
Int SVI 80 150.1.80.1 255.255.255.0
Int SVI 90 150.1.90.1 255.255.255.0

SW2
Interface IP Address Subnet Mask
Int SVI 80 150.1.80.2 255.255.255.0
Int SVI 90 150.1.90.2 255.255.255.0

SW1

Interface VLAN 80
IP Address 150.1.80.1 255.255.255.0
!
Interface VLAN 80
IP Address 150.1.90.1 255.255.255.0
SW2

Interface VLAN 80
IP Address 150.1.80.2 255.255.255.0
!
Interface VLAN 80
IP Address 150.1.90.2 255.255.255.0

Task 3
Shut all trunk ports on SW1 and SW2. Bring up the lowest Interface on SW1 that is
connecting SW1 to SW3. Bring up the lowest interface on SW2 that is connecting SW2
to SW4. Make sure all the other Trunk ports are down. At the end of this task, the only
link between SW1 and SW2 should be thru SW3 and SW4.

SW1

Interface range F0/XX – XX (All Trunk Ports)


shutdown
!
Interface F 0/X (Lowest Interface connecting SW1 to SW3)
No shut
SW2

Interface range F0/XX – XX (All Trunk Ports)


shutdown

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
106 of 230
!
Interface F 0/X (Lowest Interface connecting SW2 to SW4)
No shut

Task 4
Configure SW3 and SW4 in a VTP Domain CISCO. SW3 should be the VTP Server and
SW4 should be a client. Configure QinQ on SW3 and SW4 to allow Customer Switches
SW1 and SW2 to communicate to each to other. Use VLAN 120 as the Customer VLAN

SW3

System mtu 1504

!Reload the switches to take effect


!
VTP Domain CISCO
VTP mode Server
!
VLAN 120
!
Interface F0/X (Port actively connecting to SW1)
Switchport access vlan 120
Switchport mode dot1q-tunnel
SW4

System mtu 1504

!Reload the switches to take effect


!
VTP Domain CISCO
VTP mode Client
!
VLAN 120
!
Interface F0/X (Port actively connecting to SW2)
Switchport access vlan 120
Switchport mode dot1q-tunnel
SW1

Interface F0/X (Port actively connecting to SW1)


Switchport trunk encapsulation dot1q
Switchport mode trunk
SW2

Interface F0/X (Port actively connecting to SW2)


Switchport trunk encapsulation dot1q
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
107 of 230
Switchport mode trunk

Task 5
You should be able to Ping 150.1.80.1 and 150.1.90.1 from SW1.

Task 6

Configure QinQ and Layer Protocol Forwarding (metro) in such a way that allows
switches to forward CDP, STP cutomer's frames transparently. Configure switches SW1
and SW2 ports facing SW3 and SW4 respectively.

SW3

Interface F0/X (Port actively connecting to SW1)


L2protocol-tunnel cdp
L2protocol-tunnel stp
SW4

Interface F0/X (Port actively connecting to SW2)


L2protocol-tunnel cdp
L2protocol-tunnel stp

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
108 of 230
Lab 2 – Vlan Load Balancing in PVST

FA0/19 FA0/19
FA0/20
SW1 FA0/20 SW2
FA0/21 FA0/21
7

FA0/16 FA0/16
FA0/17 FA0/17
FA0/18 FA0/18
7 7

FA0/22 FA0/22

FA0/23 FA0/23

FA0/24 FA0/24
7 7

FA0/19 FA0/19
SW4 FA0/20 FA0/20 SW3
FA0/21 FA0/21
7

Task 1

Configure VTP Transparent mode on all the switches and the following Vlans
10,20,30,40,50,60,70,80,90,100,200 and 300.

All Switches
!
Vtp mode transparent
!
Vlan 10,20,30,40,50,60,70,80,90,100,200,300
!
Vlan 10,20,30,40,50,60,70,80,90,100,200,300

Task 2

Configure SW1 as the Root for Vlans 10,20 and 30

SW1
!
Spanning-tree vlan 10,20,30 root primary

Task 3

Configure SW2 as the Root for Vlans 40,50,60 and SW3 as the Secondary Root

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
109 of 230
SW2
!
Spanning-tree vlan 40,50,60 root primary
SW3
!
Spanning-tree vlan 40,50,60 root secondary

Task 4

Configure SW3 as the Root for Vlans 70.80,90 and SW4 as the Secondary Root

SW3
!
Spanning-tree vlan 70,80,90 root primary
SW4
!
Spanning-tree vlan 70,80,90 root secondary

Task 5

Configure SW4 as the Root for Vlans 100,200,300 and SW1 as the Secondary Root

SW4
!
Spanning-tree vlan 100,200,300 root primary
SW1
!
Spanning-tree vlan 100,200,300 root secondary

Task 6

Ensure that SW1 uses its highest interface connected to SW4 for vlans 70,80,90.
(This configuration must be done on SW1)

SW1
!
Interface fa0/18
Spanning-tree vlan 70,80,90 port-cost 32

Task 7

Ensure that SW2 traverses its highest interface connected to SW3 for vlans 10,20,30.
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
110 of 230
(This configuration must be done on SW2)

SW2
!
Interface fa0/18
Spanning-tree vlan 10,20,30 port-cost 32

Interface range f0/19 - 21


Spanning-tree vlan 10,20,30 port-cost 256

Task 8

Ensure that SW2 traverses through SW1 on its lowest interface facing SW2 for the vlans
100,200,300
(This configuration must not be done on SW2)

SW1
!
Interface fa0/19
Spanning-tree vlan 100,200,300 port-priority 16

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
111 of 230
Lab 3 – STP Tunning

(Builds on Lab 3)

Task 1

Users in Vlan 90 are complaining about the time it usually takes for a network link to
come up just after they have plugged in the network cable. Configure the TOTAL link
startup delay until the port becomes forwarding to 16 seconds. Config the switches to
accomplish this without jumping any state.

All Switches

Spanning-tree vlan 90 forward-time 8

Task 2

Configure the port range from F0/1 - F0/6 in SW1 in a way that, the link will come up as
soon as someone plugs in a network cable into these ports bypassing STP
learning/listening states.

SW1

Interface range F0/1 - 6


Spanning-tree portfast

Task 3

The IT departament just found out that someone in the lobby area just plugged in a switch
into port F0/6 on SW1. Configure a command globally on SW1 that if someone connects
a hub or a switch to any of the access ports that have been enabled for Portfast, the port
will be disabled. Also make sure that after 4 minutes the disabled port comes up
automatically.

SW1

Spanning-tree portfast bpduguard

Errdisable recovery cause bpduguard


Errdisable recovery interval 240

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
112 of 230
Module 8 – Security

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
113 of 230
Lab 1 – Controlling Telnet Access

R1

F 0/0 (.1)

192.1.12.0/24 VLAN 10

F0/0.1 (.2)

R2

F0/0.2 (.2)
192.1.23.0/24 VLAN 30

VLAN 30 (.15)
F 0/0 (.3)

R3 SW1

Task 1

Configure Switch1 as the VTP Server and the other Switch(s) as VTP Clients. Use CCIE
as the Domain name. Authenticate the relationship using CCIERS as the password.

Switch1 Switch2

VTP domain CCIE VTP domain CCIE


VTP mode server VTP mode client
VTP password CCIERS VTP password CCIERS
Switch3 Switch4
VTP domain CCIE VTP domain CCIE
VTP mode client VTP mode client
VTP password CCIERS VTP password CCIERS

Task 2

Ensure that the Trunk ports of your Rack are statically configured to trunk using an
industry standard protocol. Configure these ports such that they will trunk even if the
negotiation fails.

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
114 of 230
All Switches

Interface range F0/XX – XX


Switchport trunk encapsulation dot1q
Switchport mode trunk

Task 3

Assign Ports to the appropriate VLANs based on the Network Diagram. Use the physical
topology diagram for your rack to accomplish this. Make sure the ports are either set to
Trunk or Access statically.

SwitchX
interface F0/XX
Switchport mode access
Switchport access vlan XX
!
interface F0/XX
Switchport trunk encapsulation dot1q
Swithcport mode trunk

Task 4

Configure Loopback 0 on all routers and Switch1. Use the format of X.X.X.X/8 for the
IP address of the loopback. Use 15 for Switch1.

Task 5

Configure RIP V2 on all Devices to advertise all directly connected networks. Disable
Auto-summary.

R1 R2

Router Rip Router Rip


Version 2 Version 2
No auto-summary No auto-summary
Network 1.0.0.0 Network 2.0.0.0
Network 192.1.12.0 Network 192.1.12.0
Network 192.1.23.0
R3 Switch1

Router Rip IP Routing


Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
115 of 230
Version 2 !
No auto-summary Router RIP
Network 3.0.0.0 Version 2
Network 192.1.23.0 No auto-summary
Network 15.0.0.0
Network 192.1.23.0

Task 6

Configure Telnet on R1 based on the following requirements:

 R1 should only allow the Internal networks 192.1.12.0 and 1.0.0.0 to Telnet in
for Management access to it. R1 should not be able to Telnet out. Do not use an
access-list for this step. Configure a password of “telnet” for this line.

 The administrator of R1 wants to reserve the 5th telnet line for himself by
configuring a telnet port of 3020. Configure the 5th telnet line for the
administrator on port 3020. Assign a password of “ccie” for this line.

R1

access-list 5 permit 1.0.0.0 0.255.255.255


access-list 5 permit 192.1.12.0 0.0.0.255
!
line vty 0 3
access-class 5 in
password telnet
login
transport output none
!
line vty 4
access-class 5 in
password ccie
login
transport output none
rotary 20
!
line console 0
transport output none
!
line aux 0
transport output none

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
116 of 230
Lab 2 – SSH Management Access

(Builds on Lab1)

Task 1

Enable SSH on R2. Use abc.com as the domain name. Use a 512 bit key. Authentication
should be done based on the Local Database. Create a user sshuser with a password of
ccie. Configure R2 with local authentication on the vty lines. No authentication should
be done on the aux and console lines. Make sure of it. Only allow SSH connection to the
VTY lines. Non-ssh Telnets should not be allowed.

R2

ip domain name abc.com


!
crypto key generate rsa usage-keys
!
aaa new-model
!
username sshuser password ccie
!
aaa authentication login l-authen local
aaa authentication login no-authen none
!
line con 0
logging synchronous
login authentication no-authen
line aux 0
login authentication no-authen
line vty 0 15
login authentication l-authen
transport input ssh

Note: Use ssh –l sshuser –c des 192.1.23.2 to test the configuration from R3.

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
117 of 230
Lab 3 – IP TCP Intercept

(Builds on Lab 2)

Task 1

The Web Server is getting overwhelmed by syn-attacks. R2 should watch the traffic and
if it does not complete the TCP handshake in 10 seconds, it should drop the packets. The
router should only do it if the traffic is destined for the Web Server at 2.0.0.80.

R2

Access-list 161 permit tcp any host 2.0.0.80 eq www


!
Ip tcp intercept mode watch
Ip tcp intercept watch-timeout 10
Ip tcp intercept list 161

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
118 of 230
Lab 4 – Blocking Attacks using NBAR

(Builds on Lab3)

Task 1

R3 is under the Code Red attack from R2. The footprint has the following url’s:

 “cmd.exe”
 “root.exe”
 “default.ida”

Using NBAR classify the traffic on the inbound on S 0/0. Drop the classified traffic. You
would also like to block P2P file transfer program like KaZaa, Grokster, BearShare and
LimeWire. You only want to block .mpeg files.

R3

Ip cef

class-map match-any ABC


match protocol http url "*cmd.exe*"
match protocol http url "*root.exe*"
match protocol http url "*default.ida*"
match protocol fasttrack file-transfer “*.mpeg”
match protocol gnutella file-transfer “*.mpeg”
!
policy-map Attacks
class ABC
drop
!
interface S0/0
service-policy input Attacks

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
119 of 230
Lab 5 – IP Source Tracker

(Builds on Lab4)

Task 1

Host 192.1.12.25 is under a DoS service attack. You need to find out the IP address of the
attacker so you can instruct the ISP to block this address. Configure R1 to keep track of
incoming packets with their source addresses, track the amount of traffic generated from
the source and report it to a syslog server every 6 hours. The syslog server is located at
192.1.12.100.

R1

Ip source-track 192.1.12.25
Ip source-track syslog-interval 360
Logging on
Logging 192.1.12.100

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
120 of 230
Lab 6 – IP Spoofing

(Builds on Lab5)

Task 1

Block any RFC 1918 and the loopback address coming into R2 from the F 0/0.2
interface.
All attacks must be logged, all the other traffic should not be logged.

R2

Access-list 105 deny ip 10.0.0.0 0.255.255.255 any log


Access-list 105 deny ip 172.16.0.0 0.15.255.255 any log
Access-list 105 deny ip 192.168.0.0 0.0.255.255 any log
Access-list 105 deny ip 127.0.0.0 0.255.255.255 any log
Access-list 105 permit ip any any

Int Fa0/0.2
ip access-group 105 in

Task 2

Use uRPF to prevent IP spoofing and drop any traffic received that does not have a
corresponding entry in its routing table, a default route can be taken into consideration as
a valid entry. Make sure the packet is permitted only if the packet has been received by
the same interface the router would use to route the traffic. Configure R2 Fa0/0.2 to log
when this event occurs including the input interface in the logs.

R2

Ip cef

Access-list 106 deny ip any any log-input

Int Fa0/0.2
Ip verify unicast source reachable-via rx allow-default 106

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
121 of 230
Lab 7 – Preventing Smurf Attack using CAR
(Builds on Lab 6)

Task 1

R3 is under a Smurf Attack (DoS) from the traffic entering F0/0. Rate limit this traffic to
a maximum of 256 kbps, a normal burst size of 8000 Bytes and an excess burst size of
8000 Bytes any traffic transmission above this rates, drop it. Also prevent R3 from being
a reflector in any future Smurf Attack

R3

access-list 130 permit icmp any any echo


access-list 130 permit icmp any any echo-reply
!
Interface Fa0/0
Rate-limit input access-group 130 256000 8000 8000 conform-action transmit exceed-
action drop

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
122 of 230
Lab 8 – Port Security with Voice Vlan

(Builds on Lab 7)

Task 1

Ciso 7960 IP phones are connected to SW1 f0/18 along whit a desktop PC. The IP phone
belongs to vlan 29 and the desktop belongs to vlan 30. Ensure that only one mac address
is learnt from the desktop pc. This mac# should be learned dynamically and must be
updated to the running config. Also ensure that only 1 mac# is learnt from the IP phone.
In case of a violation, the switch should place the ports in errdisable state..

SW1

Interface Fa 0/18
Switchport mode access
Switchport voice vlan 29
Switchport access vlan 30
Switchport port-security
Switchport port-security maximum 2
Switchport port-security maximum 1 vlan voice
Switchport port-security maximum 1 vlan access
Switchport port-security mac-address sticky

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
123 of 230
Module 9 – IOS Services

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
124 of 230
Lab 1 – GRE with RIP

Physical Layout

R1 R2
Loopback 0 E 0/0 E 0/0 Loopback 0

E 0/0 S 0/0

S 0/0
R4
Loopback 0

R3

Interface IP Address Configuration


R1

Interface IP Address Subnet Mask


Loopback 0 10.0.0.1 255.0.0.0
E 0/0 192.1.12.1 255.255.255.0

R2

Interface IP Address Subnet Mask


Loopback 0 2.2.2.2 255.0.0.0
E 0/0 192.1.12.2 255.255.255.0
S 0/0 192.1.23.2 255.255.255.0

R3

Interface IP Address Subnet Mask


Loopback 0 192.168.1.1 255.255.255.0
S 0/0 192.1.23.3 255.255.255.0

R4

Interface IP Address Subnet Mask


Loopback 0 4.4.4.4 255.255.255.0
E 0/0 192.1.12.4 255.255.255.0
Interface Configuration
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
125 of 230
R1 R2

interface Loopback0 interface Loopback0


ip address 10.0.0.1 255.0.0.0 ip address 2.2.2.2 255.0.0.0
! !
interface Ethernet0/0 interface Ethernet0/0
ip address 192.1.12.1 255.255.255.0 ip address 192.1.12.2 255.255.255.0
no shutdown no shutdown
!
interface Serial0/0
ip address 192.1.23.2 255.255.255.0
encapsulation frame-relay
frame-relay map ip 192.1.23.3 203 broadcast
no frame-relay inverse-arp
no shutdown
R3 R4

interface Loopback0 interface Loopback0


ip address 192.168.1.1 255.255.255.0 ip address 4.4.4.4 255.0.0.0
! !
interface Serial0/0 interface Ethernet0/0
ip address 192.1.23.3 255.255.255.0 ip address 192.1.12.4 255.255.255.0
encapsulation frame-relay no shutdown
frame-relay map ip 192.1.23.2 302 broadcast
no frame-relay inverse-arp
no shutdown

Task 1

R2 is the ISP Router. It is simulating the Internet. R1 and R3 should point towards R2
(ISP) as the default gateway

R1 R3

ip route 0.0.0.0 0.0.0.0 192.1.12.2 ip route 0.0.0.0 0.0.0.0 192.1.23.2

Task 2

Configure a GRE Tunnel from R1 to R3. Use a RFC 1918 network for the Tunnel
Interface. The GRE Tunnel should be Authenticated.

R1 R3
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
126 of 230
interface Tunnel13 interface Tunnel13
ip address 172.16.0.1 255.255.0.0 ip address 172.16.0.3 255.255.0.0
tunnel source 192.1.12.1 tunnel source 192.1.23.3
tunnel destination 192.1.23.3 tunnel destination 192.1.12.1
tunnel key 1234 tunnel key 1234

Task 3

You want to RIP as a routing protocol over a GRE tunnel so that the Private networks of
the company are seen on R1 and R3.

R1 R3

router rip router rip


version 2 version 2
network 10.0.0.0 network 172.16.0.0
network 172.16.0.0 network 192.168.1.0
no auto-summary no auto-summary

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
127 of 230
Lab 2 – NAT

(Builds on Lab 1)

Task 1

Translate the 10.0.0.0 Network behind R1 into a range of Class C address (195.1.1.0/24)
assigned to R1 by the ISP.

R1 wants to use this address range in NAT as it has more than 254 hosts connecting to
the Internet, although not all of them at the same time. Configure the router to NAT the
10.0.0.0/8 network going towards the internet to get translated based on this pool.

R1

access-list 121 permit ip 10.0.0.0 0.255.255.255 any


!
ip nat pool DP 195.1.1.1 195.1.1.254 netmask 255.255.255.0
ip nat inside source list 121 pool DP
!
interface Loopback0
ip nat inside
!
interface Ethernet0/0
ip nat outside
R2

ip route 195.1.1.0 255.255.255.0 192.1.12.1

Task 2

ISP (R2) only assigns R1 2 IP’s. (195.1.1.1 and 195.1.1.2). R1 should use 195.1.1.1 to
connect to the Internet. R1 should not translated packets going from 10.0.0.0 network to
192.168.1.0. The GRE Tunnel would route these packets. Reconfigure the Pool to
accommodate the change.

R1

No ip nat pool DP 195.1.1.1 195.1.1.254 netmask 255.255.255.0


No ip nat inside source list 121 pool DP
!
ip nat pool PAT 195.1.1.1 195.1.1.1 netmask 255.255.255.0
ip nat inside source list 121 pool PAT overload
!
access-list 121 deny ip 10.0.0.0 0.255.255.255 192.168.1.0 0.0.0.255
access-list 121 permit ip 10.0.0.0 0.255.255.255 any
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
128 of 230
Task 3

R1 should use 195.1.1.2 for its Web Server so that people on the outside can access it.
The internal web server is at 10.0.0.80.

R1

interface Loopback0
ip address 10.0.0.80 255.0.0.0 secondary
!
ip nat inside source static 10.0.0.80 195.1.1.2

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
129 of 230
Lab 3 –DHCP

(Builds on Lab 2)

Task 1

Configure R3 as a DHCP Server with the following parameters:

 IP ADDRESS : 192.168.1.0
 WINS ADDRESS : 192.168.1.5
 DNS ADDRESS : 192.168.1.6, 192.168.1.8
 DEFAULT GATEWAY : 192.168.1.1
 LEASE TIME : 3 Days 12 hours
 Excluded addresses : 192.168.1.1 – 192.168.1.10

R3

ip dhcp excluded-address 192.168.1.1 192.168.1.10


!
ip dhcp pool CCIE
network 192.168.1.0 255.255.255.0
netbios-name-server 192.168.1.5
dns-server 192.168.1.6 192.168.1.8
default-router 192.168.1.1
lease 3 12

Task 2

Disable the DHCP server service on R1

R1

No service dhcp

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
130 of 230
Lab 4 –Core Dump using FTP

(Builds on Lab 4)

Task 1

Configure R1 to send a Core Dump to a FTP Server located at 192.1.12.100. Set the
Dump size to 32768.

R1

exception dump 192.1.12.100


exception region-size 32768
exception protocol ftp

Task 2

The router logs into the FTP Server using a username of ccie and a password of ccie.

R1

ip ftp username ccie


ip ftp password ccie

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
131 of 230
Lab 5 – HSRP

(Builds on Lab 4)

Task 1

Configure HSRP between R1 and R2 on the Ethernet segment. R1 should be the Active
router and R2 should be the Standby router. Use 192.1.12.12 as the Standby address. Set
the Priority for R1 as 200. Make sure R1 is the Active router whenever it is up. Configure
a authenticated HSRP connection between the routers. Use ccie as the password.

R1 R2

Interface E 0/0 Interface E 0/0


Standby 1 ip 192.1.12.12 Standby 1 ip 192.1.12.12
Standby 1 priority 200 Standby 1 authentication ccie
Standby 1 preempt
Standby 1 authentication ccie

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
132 of 230
Lab 6 – IP Accounting

(Builds on Lab 5)

Task 1

R1 has a web server located at 10.0.080 which was translated to 195.1.1.2. Turn on IP
Accounting for this translated address.

R1

Ip accounting-list 195.1.1.2 0.0.0.0


!
Interface E 0/0
Ip accounting

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
133 of 230
Lab 7 – Broadcast Management
(Builds on Lab 6)

Task 1

Configure R2 F0/0 to forward incoming Mobile IP registration broadcasts to the server


2.2.2.2.

R4

Interface F 0/0
Ip helper-address 2.2.2.2
!
Ip forward-protocol udp mobile-ip

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
134 of 230
Lab 8 – Distributed Director Server Redirect
(Builds on Lab 7)

Task 1

A Distribute Director Server is installed on your network. Enable R3 to respond to these


queries.

R3

Ip drp server

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
135 of 230
Lab 9 – Web Cache Communication Redirect
(Builds on Lab 8)

Task 1

A Web Caching System will be installed on R4 E0/0. Configure R1 to redirect any traffic
going out through its E0/0 with the exception of 192.1.23.0 as a destination segment.
WCCP will be using version 1.

R1

Access-list 101 deny ip any 192.1.23.0 0.0.0.255


Access-list 101 permit ip any any

Ip wccp version 1
Ip wccp web-cache redirect-list 101

Interface E0/0
ip wccp web-cache redirect out

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
136 of 230
Lab 10 – Traffic Engineering
(Builds on Lab 9)

Task 1

Configure R1's loopback 1 with the ip address of 192.1.1.1 255.255.255.0. Configure R2


such that any traffic received on S0/0 destined to this new loopback 1 should be sent sent
to R1's F0/0. It should also be marked with ip precedence 5. You are allowed to add a
static route.

R1

Interface Loopback1
ip address 192.1.1.1 255.255.255.0
R2

Interface Serial0/0
ip address 192.1.23.2 255.255.255.0
ip policy route-map PBR

Access-list 115 permit ip any host 192.1.1.1


!
Route-map PBR permit 10
match ip address 115
set ip precedence critical
set ip next-hop 192.1.12.1
R3

Ip route 192.1.1.1 255.2552.255.255 192.1.23.2

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
137 of 230
Lab 11 – Logging Errors messages

(Builds on Lab 10)

Task 1

You are suspecting that R3 has some errors during during the nights because a night shift
reported that they can't work at all, so you decided to logging errors, critical, alerts and
emergencies on R3 to the buffer. Configure the buffer size to be 16400 and add date and
time to the logging messages including the order number of the messages.

R3

Logging on

Logging count
Service timestamps log datetime localtime msec
Logging buffered 16400 errors

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
138 of 230
Lab 12 – Time Range ACL

(Builds on Lab 11)

Task 1

Users behind R1 are not allowed to use www traffic towards the Internet (R2) during the
week from 07:00 to 17:00. The policy should go into affect on the first day of next month
and should be in affect till the end of the year.

R1

Time-range WEEK_TIME
Absolute start 00:00 1 Apr 2009 end 23:59 31 dec 2009
periodic weekdays 7:00 to 17:00
!
access-list 171 deny tcp any any eq www time-range WEEK_TIME
access-list 171 permit ip any any
!
Interface F 0/0
Ip access-group 171 out

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
139 of 230
Lab 13 – Configuring IPv6 with RIPng

R1 R2
Lo 0 E 0/0 E 0/0 Lo 0

192.1.12.0/24 S 0/0

Frame 192.1.23.0/24

S 0/0
192.1.34.0/24

Lo 0 E 0/0 E 0/0 Lo 0
R4 R3

Task 1

Enable IPv6 routing on R1,R2, R3 and R4. Assign IPv6 addresses to the E0/0 interface of
the routers as follows:

 R1 – 2001:1:1:12::1 /64
 R2 – 2001:1:1:12::2 /64
 R3 – 2001:1:1:34::3 /64
 R4 – 2001:1:1:34::4 /64

R1 R2

ipv6 unicast-routing Ipv6 unicast-routing


! !
Interface F0/0 Interface F0/0
ipv6 address 2001:1:1:12::1/64 Ipv6 address 2001:1:1:12::2/64
no shut No shut
R3 R4

ipv6 unicast-routing Ipv6 unicast-routing


! !
Interface F0/0 Interface F0/0
ipv6 address 2001:1:1:34::3/64 Ipv6 address 2001:1:1:34::4/64
no shut No shut
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
140 of 230
Task 2
Configure the Loopback0 interface on all routers as follows:

 R1 – Loopback0 – 2000:1:1:1::/64
 R2 – Loopback0 – 2000:2:2:2::/64
 R3 – Loopback0 – 2000:3:3:3::/64
 R4 – Loopback0 – 2000:4:4:4::/64

R1 R2

Interface Loopback 0 Interface Loopback 0


Ipv6 address 2000:1:1:1::/64 eui-64 ipv6 address 2000:2:2:2::/64 eui-64
R3 R4

Interface Loopback 0 Interface Loopback 0


Ipv6 address 2000:3:3:3::/64 eui-64 ipv6 address 2000:4:4:4::/64 eui-64

Task 3
Configure Frame-relay between R2 and R3 using the folloing IPV6 addresses:

 R2 – 2000:1:1:23::2/64
 R3 – 2000:1:1:23::3/64

Ensure that the routers can ping each other’s serial interface. Also allow R2 and R3 to
ping their own IP addresses. Use a sun-interface on R2 and R3 for the Frame relay
configuration.

R2

Interface S0/0
Encap frame-relay
No shut
!
Interface S 0/0.3 point-to-point
ipv6 address 2000:1:1:23::2/64
frame-relay interface-dlci 203
R3

Interface S0/0
Encap frame-relay
no shut
!
Interface S 0/0.2 point-to-point
ipv6 address 2000:1:1:23::3/64
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
141 of 230
frame-relay interface-dlci 203
Task 4

Configure RIPng on all routers to route all loopbacks. Enable RIPng under the following
interfaces:

 R1 – E 0/0, Loopback 0
 R2 – E 0/0, Loopback 0, S 0/0
 R3 – E 0/0, Loopback 0, S 0/0
 R4 – E 0/0, Loopback 0

R1 R2

Interface Loopback 0 Interface Loopback 0


ipv6 rip CCIERS enable ipv6 rip CCIERS enable

Interface E 0/0 Interface S 0/0.3


ipv6 rip CCIERS enable ipv6 rip CCIERS enable
!
Interface E 0/0
ipv6 rip CCIERS enable
R3 R4

Interface Loopback 0 Interface Loopback 0


ipv6 rip CCIERS enable ipv6 rip CCIERS enable
!
Interface S0/0 Interface E 0/0
ipv6 rip CCIERS enable ipv6 rip CCIERS enable
!
Interface S0/0.2
ipv6 rip CCIERS enable

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
142 of 230
Lab 14 – Configuring OSPF V3

R1 R2
Lo 0 E 0/0 E 0/0 Lo 0

192.1.12.0/24 S 0/0

Frame 192.1.23.0/24

S 0/0
192.1.34.0/24

Lo 0 E 0/0 E 0/0 Lo 0
R4 R3

Task 1

Disable RIP NG on all routers on all interfaces.

R1 R2

Interface Loopback 0 Interface Loopback 0


No ipv6 rip CCIERS enable No ipv6 rip CCIERS enable

Interface E 0/0 Interface S 0/0


No ipv6 rip CCIERS enable No ipv6 rip CCIERS enable
!
Interface E 0/0
No ipv6 rip CCIERS enable
R3 R4

Interface Loopback 0 Interface Loopback 0


No ipv6 rip CCIERS enable No ipv6 rip CCIERS enable

Interface S 0/0 Interface E 0/0


No ipv6 rip CCIERS enable No ipv6 rip CCIERS enable
!
Interface E 0/0
No ipv6 rip CCIERS enable

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
143 of 230
Task 2

Configure the routers in OSPFv3 area 0 and advertise their directly connected interfaces
in this area

R1 R2

ipv6 unicast-routing ipv6 unicast-routing


! !
ipv6 router ospf 1 ipv6 router ospf 1
router-id 1.1.1.1 router-id 2.2.2.2
! !
Interface Loopback0 Interface Loopback0
ipv6 ospf 1 area 0 ipv6 ospf 1 area 0
! !
Interface E0/0 Interface E0/0
ipv6 ospf 1 area 0 ipv6 ospf 1 area 0
!
Interface S 0/0.3
ipv6 ospf 1 area 0
R3 R4

ipv6 unicast-routing ipv6 unicast-routing


! !
ipv6 router ospf 1 ipv6 router ospf 1
router-id 3.3.3.3 router-id 4.4.4.4
! !
Interface Loopback0 Interface Loopback0
ipv6 ospf 1 area 0 ipv6 ospf 1 area 0
! !
Interface E0/0 Interface E0/0
ipv6 ospf 1 area 0 ipv6 ospf 1 area 0
!
Interface S 0/0.2
ipv6 ospf 1 area 0

Task 3

Ensure that the loopback interfaces are advertised with their correct mask.

R1 R2

Interface Loopback0 Interface Loopback0


ipv6 ospf network point-to-point ipv6 ospf network point-to-point

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
144 of 230
R3 R4

Interface Loopback0 Interface Loopback0


ipv6 ospf network point-to-point ipv6 ospf network point-to-point

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
145 of 230
Lab 15 – Configuring IPv6 through a IPv4
Network using a Tunnel

R1 R2
Lo 0 E 0/0 E 0/0 Lo 0

192.1.12.0/24 S 0/0

Frame 192.1.23.0/24

S 0/0
192.1.34.0/24

Lo 0 E 0/0 E 0/0 Lo 0
R4 R3

Task 1

Enable IPv6 routing on R1,R2, R3 and R4. Assign IPv6 addresses to the E0/0 interface of
the routers as follows:

 R1 – 2001:1:1:12::1 /64
 R2 – 2001:1:1:12::2 /64
 R3 – 2001:1:1:34::3 /64
 R4 – 2001:1:1:34::4 /64

R1 R2

ipv6 unicast-routing Ipv6 unicast-routing


! !
Interface E0/0 Interface E0/0
ipv6 address 2001:1:1:12::1/64 Ipv6 address 2001:1:1:12::2/64
no shut No shut
R3 R4

ipv6 unicast-routing Ipv6 unicast-routing


! !
Interface E0/0 Interface E0/0
ipv6 address 2001:1:1:34::3/64 Ipv6 address 2001:1:1:34::4/64
no shut No shut

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
146 of 230
Task 2

Configure the Loopback0 interface on all routers as follows:

 R1 – Loopback0 – 2000:1:1:1::/64
 R2 – Loopback0 – 2000:2:2:2::/64
 R3 – Loopback0 – 2000:3:3:3::/64
 R4 – Loopback0 – 2000:4:4:4::/64

R1 R2

Interface Loopback 0 Interface Loopback 0


Ipv6 address 2000:1:1:1::/64 eui-64 ipv6 address 2000:2:2:2::/64 eui-64
R3 R4

Interface Loopback 0 Interface Loopback 0


Ipv6 address 2000:3:3:3::/64 eui-64 ipv6 address 2000:4:4:4::/64 eui-64

Task 3

Configure RIPng between R1 and R2. Enable RIPng under the following interfaces:

 R1 – E 0/0, Loopback 0
 R2 – E 0/0, Loopback 0

R1 R2

Interface Loopback 0 Interface Loopback 0


ipv6 rip CCIERS enable ipv6 rip CCIERS enable
! !
Interface E 0/0 Interface E0/0
ipv6 rip CCIERS enable ipv6 rip CCIERS enable

Task 4

Configure RIPng between R3 and R4. Enable RIPng under the following interfaces:

 R3 – E 0/0, Loopback 0
 R4 – E 0/0, Loopback 0

R3 R4

Interface Loopback 0 Interface Loopback 0


ipv6 rip CCIERS enable ipv6 rip CCIERS enable
! !
Interface E 0/0 Interface E0/0
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
147 of 230
ipv6 rip CCIERS enable ipv6 rip CCIERS enable

Task 5

Configure the Frame Relay link between R2 and R3 as an IPv4 Link on the 192.1.23.0/24
network.

R2 R3

Interface S0/0 Interface S0/0


Ip address 192.1.23.2 255.255.255.0 Ip address 192.1.23.3 255.255.255.0
Encap frame-relay Encap frame-relay
No frame-relay inverse-arp No frame-relay inverse-arp
Frame-relay map ip 192.1.23.3 203 b Frame-relay map ip 192.1.23.2 302 b
No shut No shut

Task 6

Create a Tunnel between R2 and R3 Assign it an IPv6 address of 2000:23:23:23::/64.


Set the Tunnel Mode to IPv6. Enable RIPng on the Tunnel Interface.

R2 R3

Interface Tunnel 23 Interface Tunnel 23


Ipv6 address 2000:23:23:23::2/64 Ipv6 address 2000:23:23:23::3/64
Ipv6 enable Ipv6 enable
Ipv6 rip CCIERS enable Ipv6 rip CCIERS enable
Tunnel source S 0/0 Tunnel source S 0/0
Tunnel destination 192.1.23.3 Tunnel destination 192.1.23.2
Tunnel mode IPV6IP Tunnel mode IPV6IP
No shut No shut

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
148 of 230
Lab 16 – Configuring IPv6 over Point-to-point
and Multipoint with OSPFv3

R1

R2
R4
Frame-Relay

R3

IP addressing and DLCI information Chart


Routers IP address Local DLCI Connecting to:
R1 S0/0.123: 2001:1:1:14::1 /64 102 R2
S0/0.104: 2001:1:1:123::1 /64 103 R3
104 R4
R2 S0/0: 2001:1:1:123::2 /64 201 R1
R3
R3 S0/0: 2001:1:1:123::3 /64 301 R1
R2
R4 S0/0: 2001:1:1:14::4 /64 401 R1

Task 1
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
149 of 230
Configure the routers connected to the frame-relay cloud as follows:

o R1 (The HUB) must be configured with two sub-interfaces. One of the two
sub-interfaces must be configured to connect R1 to R4. This sub-interface
should be configured in a point-to-point manner using the following IP
addressing:
R1 = 2001:1:1:14::1 /64, and R4 = 2001:1:1:14::4 /64.
o The second sub-interface on R1 must be configured in a multipoint manner.
This sub-interface must be configured to connect R1 to routers R2 and R3
using the following IP addressing:
R1 = 2001:1:1:123::1 /64, R2 = 2001:1:1:123::2 /64 and
R3 = 2001:1:1:123::3 /64.
o Routers R2, R3 and R4 should not be configured with a sub-interface and
these routers should NOT rely on Inverse-arp.
o The routers connecting to the frame-relay cloud should be configured in a hub
and spoke, with R1 being the hub and R2, R3 and R4 the spokes.
o Ensure R2 and R3 can ping each other.
R1

Ipv6 unicast-routing

Int S0/0
Encapsulation frame-relay
No frame-relay inverse
No shut
!
Int S0/0.14 point-to-point
Ipv6 address 2001:1:1:14::1/64
Frame-relay interface-dlci 104
!
Int S0/0.123 multipoint
Ipv6 address 2001:1:1:123::1/64
Frame-relay map ipv6 2001:1:1:123::2 102 broadcast
Frame-relay map ipv6 2001:1:1:123::3 103 broadcast
Frame-relay map ipv6 Link-Local Address for R2 Broadcast
Frame-relay map ipv6 Link-Local Address for R3 Broadcast
R2

Ipv6 unicast-routing

Int S0/0
Ipv6 address 2001:1:1:123::2/64
Encapsulation frame
No frame-relay inverse
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
150 of 230
Frame-relay map ipv6 2001:1:1:123::1 201 broadcast
Frame-relay map ipv6 2001:1:1:123::3 201
Frame-relay map ipv6 Link-Local Address for R1 Broadcast
No shut
Exit
R3

Ipv6 unicast-routing

Int S0/0
Encapsulation frame
Ipv6 address 2001:1:1:123::3/64
Frame-relay map ipv6 2001:1:1:123::1 301 broadcast
Frame-relay map ipv6 2001:1:1:123::2 301
Frame-relay map ipv6 Link-Local Address for R1 Broadcast
No frame-relay inverse
No shut
R4

Ipv6 unicast-routing

Int S0/0
Encapsulation frame
Ipv6 address 2001:1:1:14::4/64
Frame-relay map ipv6 2001:1:1:14::1 401 broadcast
Frame-relay map ipv6 Link-Local Address for R1 Broadcast
No frame-relay inverse
No shut

Task 2

Ensure that the loopback interfaces are advertised with their correct mask.

R1 R2

Interface Loopback0 Interface Loopback0


ipv6 ospf network point-to-point ipv6 ospf network point-to-point

R3 R4

Interface Loopback0 Interface Loopback0


ipv6 ospf network point-to-point ipv6 ospf network point-to-point

Task 3
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
151 of 230
Configure the routers in OSPFv3 area 0 and advertise their directly connected interfaces
in this area

R1 R2

ipv6 unicast-routing ipv6 unicast-routing


! !
ipv6 router ospf 1 ipv6 router ospf 1
router-id 1.1.1.1 router-id 2.2.2.2
! !
Interface Loopback0 Interface Loopback0
ipv6 ospf 1 area 0 ipv6 ospf 1 area 0
! !
Interface S0/0.14 Interface S0/0
ipv6 ospf 1 area 0 ipv6 ospf 1 area 0
! ipv6 ospf network point-to-multipoint
Interface S0/0.123
ipv6 ospf 1 area 0
ipv6 ospf network point-to-multipoint
R3 R4

ipv6 unicast-routing ipv6 unicast-routing


! !
ipv6 router ospf 1 ipv6 router ospf 1
router-id 3.3.3.3 router-id 4.4.4.4
! !
Interface Loopback0 Interface Loopback0
ipv6 ospf 1 area 0 ipv6 ospf 1 area 0
! !
Interface S 0/0 Interface S0/0
ipv6 ospf 1 area 0 ipv6 ospf 1 area 0
ipv6 ospf network point-to-multipoint ipv6 ospf network point-to-multipoint

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
152 of 230
Module 10 – Quality of Service (QoS)

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
153 of 230
Lab 1 – Frame Relay QoS

R1 R2
Lo 0 E 0/0 E 0/0 Lo 0

192.1.12.0/24 S 0/0

Frame 192.1.23.0/24

S 0/0
192.1.34.0/24

Lo 0 E 0/0 E 0/0 Lo 0
R4 R3

R1

Interface IP Address Subnet Mask


Loopback 0 1.1.1.1 255.0. 0.0
E 0/0 192.1.12.1 255.255.255.0

R2

Interface IP Address Subnet Mask


E 0/0 192.1.12.2 255.255.255.0
S 0/0 192.1.23.2 255.255.255.0
Loopback 0 2.2.2.2 255.0.0.0

R3

Interface IP Address Subnet Mask


S 0/0 192.1.23.3 255.255.255.0
E 0/0 192.1.34.3 255.255.255.0
Loopback 0 3.3.3.3 255.0.0.0

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
154 of 230
R4

Interface IP Address Subnet Mask


Loopback 0 4.4.4.4 255.0.0.0
E 0/0 192.1.34.4 255.255.255.0

Interface Configuration

R1 R2

interface Loopback0 interface Loopback0


ip address 1.1.1.1 255.0.0.0 ip address 2.2.2.2 255.0.0.0
! !
interface Ethernet0/0 interface Ethernet0/0
ip address 192.1.12.1 255.255.255.0 ip address 192.1.12.2 255.255.255.0
no shutdown no shutdown
!
interface Serial0/0
ip address 192.1.23.2 255.255.255.0
encapsulation frame-relay
ip ospf network point-to-point
no shutdown
R3 R4

interface Loopback0 interface Loopback0


ip address 3.3.3.3 255.0.0.0 ip address 4.4.4.4 255.0.0.0
! !
interface Ethernet0/0 interface Ethernet0/0
ip address 192.1.34.3 255.255.255.0 ip address 192.1.34.4 255.255.255.0
no shutdown no shutdown
!
interface Serial0/0
ip address 192.1.23.3 255.255.255.0
encapsulation frame-relay
ip ospf network point-to-point
no shutdown

Task 1

Run OSPF as the Routing protocol on all routers

R1 R2

router ospf 1 router ospf 1


log-adjacency-changes log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0 network 0.0.0.0 255.255.255.255 area 0
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
155 of 230
R3 R4

router ospf 1 router ospf 1


log-adjacency-changes log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0 network 0.0.0.0 255.255.255.255 area 0

Task 2

Make sure that OSPF packets between R2 and R3 are not Discard Eligible.

R2 R3

Access-list 101 deny ospf any any Access-list 101 deny ospf any any
Access-list 101 permit ip any any Access-list 101 permit ip any any
! !
Frame-relay de-list 1 protocol ip list 101 Frame-relay de-list 1 protocol ip list 101
! !
Interface S 0/0 Interface S 0/0
Frame-relay de-group 1 203 Frame-relay de-group 1 302

Task 3

Configure the R2 Frame Relay interface for rate limiting by configuring the parameters
CIR, Bc, Be and MINCIR, considering the following:

Your interface speed is 768000 bps. The router should send at a rate of 384000 bps.
During congestion, your provider will mark any traffic in excess of 48kbps as discard
eligible, make sure your throughput changes accordingly based upon BECNs received
only and throttle down to 192000 bps upon the receipt of BECNs. Allow the Router to
double the speed if it has tokens available. Your token bucket interval is 125 ms. Use a
"map-class" to apply this feature to all PVCs.

R1

Map-class frame-relay FRTS


Frame-relay cir 384000
Frame-relay bc 48000
Frame-relay be 96000
Frame-relay mincir 192000
Frame-relay adaptive-shaping becn
!
Interface s0/0
Frame-relay traffic-shaping
Frame-relay class FRTS

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
156 of 230
Lab 2 – QoS using Class Maps

(Builds on Lab1)

Task 1

Configure R1 for Rate Limiting (Policing) for traffic originating from the 1.0.0.0 network
going towards the Ethernet segment using the following parameters:
 HTTP traffic should be limited to 750 kbps
 FTP traffic should be limited to 400 kbps

R1

Access-list 101 permit tcp 1.0.0.0 0.255.255.255 any eq 80


!
Access-list 102 permit tcp 1.0.0.0 0.255.255.255 any eq 21
Access-list 102 permit tcp 1.0.0.0 0.255.255.255 any eq 20
!
Class-map match-all HTTP
Match access-group 101
Class-map match-all FTP
Match access-group 102
!
Policy-map CB-CAR
Class HTTP
Police 750000
Class FTP
Police 400000
!
Interface E 0/0
Service-policy output CB-CAR

Task 2
R2-R3 has a CIR of 512 and Peak CIR of 1544. Configure R2 such that all HTTP and
HTTPS traffic going from 192.1.12.0 networks towards Network 4.0.0.0 should have a
Precedence of 5 if it is within the CIR. If it exceeds the CIR, it should be set with a
Precedence of 1. Also, set the DE bit on, if it exceeds the CIR. If it exceeds the Peak, the
packet should be dropped. The rest of the traffic should to set to a Precedence of 3.

R2

Access-list 103 permit tcp 192.1.12.0 0.0.0.255 4.0.0.0 0.255.255.255 eq 80


Access-list 103 permit tcp 192.1.12.0 0.0.0.255 4.0.0.0 0.255.255.255 eq 443
!
Class-map match-all WEB
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
157 of 230
Match access-group 103
!
Policy-map SETPREC
Class WEB
Police cir 512000 pir 1544000
Conform-action set-prec-transmit 5
Exceed-action set-frde-transmit
Exceed-action set-prec-transmit 1
Violate-action drop
Class class-default
Set precedence 3
Interface S 0/0
Service-policy output SETPREC

Task 3
Configure R4 Ethernet interface for CB-WFQ using the following:
 HTTP and HTTPS traffic = 30% of the bandwidth
 Telnet Traffic = 15% of the bandwidth. Telnet traffic should use LLQ.

R4

Ip cef
Access-list 104 permit tcp any any eq 80
Access-list 104 permit tcp any any eq 443
!
Access-list 105 permit tcp any any eq 23
!
class-map Telnet
match access-group 105
!
class-map WEB
match access-group 104
!
policy-map QoS
class Telnet
priority percent 15
class WEB
bandwidth percent 30
!
Interface E 0/0
Service-policy output QoS

Task 4
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
158 of 230
Configure R1 Ethernet interface for QoS using the following criteria:
 Configure Policing such that HTTP downloading is policed at 100 kbps for *.gif
or *.jpg files.
R1

class-map match-any FILES


match protocol http url “*.gif*”
match protocol http url “*.jpg*”
!
policy-map FT-PMAP
class FILES
police 100000
!
Interface E 0/0
Service-policy input FT-MAP

Task 5

R2-R3 has a Average CIR of 512 and Peak CIR of 1544. Configure R3 such that all
HTTP and HTTPS traffic going towads 1.0.0.0 network should have a minimum reserved
bandwidth of 256 kbps and should be shaped to the average rate. FTP traffic towards the
1.0.0.0 network should have a minimum of 56Kbps reserved and should be shaped to
Averate rate.

R2

Access-list 110 permit tcp any 1.0.0.0 0.255.255.255 eq 80


Access-list 110 permit tcp any 1.0.0.0 0.255.255.255 eq 443
!
Access-list 111 permit tcp any 1.0.0.0 0.255.255.255 eq 20
Access-list 111 permit tcp any 1.0.0.0 0.255.255.255 eq 21
!
Class-map match-all WEB
Match access-group 110
!
Class-map match-all FTP
Match access-group 111
!
Policy-map SHAPE
Class WEB
Bandwidth 256
Shape average 512000
Class FTP
Bandwidth 56
Shape average 512000
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
159 of 230
!
Interface S 0/0
Service-policy output SHAPE

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
160 of 230
Lab 3 – QoS – CAR
(Builds on Lab2)

Task 1
There is a Server located at 192.1.34.230 with UDP ports ranging from 4000 to 5000.
Configure CAR for outbound traffic on R3 going towards the server. Configure the rate
to 3Mbps with a normal burst size of 200000 Bytes and an excess burst size of 300000
Bytes. If it conforms, set the precedence to 5 and if it exceeds set the precedence to 1.

Task 2
Transmit all other traffic with a rate of 800kbps with a normal burst of 150000 Bytes and
a excess burst of 300000. If it conforms, set the precedence to 0 and if it exceeds, drop
the packet.

R3

Access-list 130 permit udp any host 192.1.34.230 range 4000 5000
!
Interface F0/0
Rate-limit output access-group 130 3000000 200000 300000 conform-action set-prec-transmit 5
exceed-action set-prec-transmit 0
Rate-limit output 800000 150000 300000 conform-action set-prec-transmit 0 exceed-action drop

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
161 of 230
Lab 4 – QoS (Congestion Avoidance)

(Builds on Lab3)

Task 1
Configure R2 such that when 192.1.34.0 network goes towards 192.1.12.0, the
precedence should be set to 3. Reserve 256 kbps for this type of traffic..

Task 2
Reserve 128K for all other traffic leaving F0/0. Do NOT use policing or rate-limiting.
Make sure, in case of congestion, that these packets get dropped randomly. Set the
Precedence to 2.

R2

Access-list 105 permit ip 192.1.34.0 0.0.0.255 192.1.12.0 0.0.0.255

Class-map 34-12
Match access-group 105

Policy-map QoS
Class class-default
Set ip precedence 2
Bandwidth 128
Random-detect
Class 34-12
Set ip precedence 3
Bandwidth 256
!
Interface F0/0
Service-policy ouput QoS

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
162 of 230
Lab 5 – Switch QoS

(Builds on Lab3)

Task 1

Configure SW1 to Map the CoS values to the wrr queues based on the following table on
port F 0/16:

CoS Value Wrr Queue


0, 1, 2 4
3,4 3
5,6 2
7 1

SW1

Mls qos
!
Interface F 0/16
Wrr-queue cos-map 1 7
Wrr-queue cos-map 2 5 6
Wrr-queue cos-map 3 3 4
Wrr-queue cos-map 4 0 1 2

Task 2

Change the bandwidth ratio in each Queue on WRR for port F 0/16 using the following
table:

Bandwidth Wrr Queue


10 4
15 3
25 2
50 1

SW1

Interface F 0/16
Wrr-queue bandwidth 50 25 15 10

Task 3

Configure SRR on Switch 2 such that F 0/11 port using the following parameters:
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
163 of 230
CoS Value Srr Queue
3, 4, 6 4
2 ,7 3
0,1 2
5 1

SW1

Mls qos srr-queu output cos-map queue 1 5


Mls qos srr-queu output cos-map queue 2 0 1
Mls qos srr-queu output cos-map queue 3 2 7
Mls qos srr-queu output cos-map queue 4 3 4 6

Task 4
Configure Shaping on the first queue. It should used 12.5% percent of the interface
Bandwidth. Configure Sharing on the remaining queues. Queues 2, 3 and 4 should be
shared with a ratio breakdown of 50 30 and 20 percentage respectively.

SW1

Interface F 0/16
srr-queue bandwidth shape 8 0 0 0
srr-queue bandwidth share 8 50 30 20

Task 6

Traffic Classification on a Per-Port Per-VLAN Basis Using Class Maps (3550).


Sw1 - port Fa0/18 is assigned to a VLAN_ID 10, mark all Web traffic on that Vlan with
flash on precedence.

SW1

Mls qos

Access-list 101 permit tcp any any eq www


!
Interface F0/18
Switchport mode access
Switchport access vlan 10

Class-map MATCH_TRAFFIC
Mach ip access-group 101
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
164 of 230
!

Class-map MATCH_VLAN
Match VLAN 10
Match class-map MATCH_TRAFFIC
!
Policy-map QoS
Class MATCH_VLAN
Set ip precedence 3
!
Interface F0/18
Service-policy inputt QoS

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
165 of 230
11 – Multicasting

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
166 of 230
Lab 1 – Configuring Multicast Dense-mode

S 0/0
S 0/0
R2
E 0/0 R1
Frame E 0/0

192.1.12.0/24

R1

Interface IP Address Subnet Mask


E 0/0 10.1.1.1 255.255.255.0
S 0/0 192.1.12.1 255.255.255.0
Loopback0 1.1.1.1 255.0.0.0

R2

Interface IP Address Subnet Mask


S 0/0 192.1.12.2 255.255.255.0
E 0/0 10.2.2.2 255.255.255.0
Loopback0 2.2.2.2 255.0.0.0

Task 1

Configure PIM dense mode on the routers.

R1 R2

Ip multicast-routing Ip multicast-routing

Int E0/0 Int E0/0


Ip pim dense-mode Ip pim dense-mode

Int S0/0 Int S0/0


Ip pim dense-mode Ip pim dense-mode

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
167 of 230
Task 2

Configure R1 to join the multicast group 224.11.11.11 and R2 to join the multicast group
224.22.22.22 on the Ethernet interfaces.

R1 R2

Int E0/0 Int E0/0


Ip igmp join-group 224.11.11.11 Ip igmp join-group 224.22.22.22

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
168 of 230
Lab 2 – Configuring Static-RP

S 0/0
S 0/0
R2
E 0/0 R1
Frame E 0/0

192.1.12.0/24

R1

Interface IP Address Subnet Mask


E 0/0 10.1.1.1 255.255.255.0
S 0/0 192.1.12.1 255.255.255.0
Loopback0 1.1.1.1 255.0.0.0

R2

Interface IP Address Subnet Mask


S 0/0 192.1.12.2 255.255.255.0
E 0/0 10.2.2.2 255.255.255.0
Loopback0 2.2.2.2 255.0.0.0

Task 1

Configure RIPv2 on both routers and advertise your directly connected interfaces.

R1 R2

Router RIP Router RIP


Version 2 Version 2
No auto-summary No auto-summary
Network 192.1.12.0 Network 192.1.12.0
Network 1.0.0.0 Network 2.0.0.0
Network 10.0.0.0 Network 10.0.0.0

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
169 of 230
Task 2

Configure R1 to be the RP for all groups. Use the most reliable interface.

R1 R2

Interface loopback0 Ip multicast-routing


Ip pim sparse-mode
Ip pim rp-address 1.1.1.1
Ip multicast-routing
Int F0/0
Ip pim rp-address 1.1.1.1 Ip pim sparse-mode

Int F0/0 Int S0/0


Ip pim sparse-mode Ip pim sparse-mode

Int S0/0
Ip pim sparse-mode

Task 3

Have R2 E 0/0 to join the multicast group 224.12.3.53

R2

Int E0/0
Ip igmp join-group 224.11.11.11

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
170 of 230
Lab 3 – Configuring Multiple RPs using Static-RP

R1 R2
Lo 0 E 0/0 E 0/0 Lo 0

192.1.12.0/24 S 0/0

Frame 192.1.23.0/24

S 0/0
192.1.34.0/24

Lo 0 E 0/0 E 0/0 Lo 0
R4 R3

R1

Interface IP Address Subnet Mask


Loopback 0 1.1.1.1 255.0. 0.0
E 0/0 192.1.12.1 255.255.255.0

R2

Interface IP Address Subnet Mask


E 0/0 192.1.12.2 255.255.255.0
S 0/0 192.1.23.2 255.255.255.0
Loopback 0 2.2.2.2 255.0.0.0

R3

Interface IP Address Subnet Mask


S 0/0 192.1.23.3 255.255.255.0
E 0/0 192.1.34.3 255.255.255.0
Loopback 0 3.3.3.3 255.0.0.0

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
171 of 230
R4

Interface IP Address Subnet Mask


Loopback 0 4.4.4.4 255.0.0.0
E 0/0 192.1.34.4 255.255.255.0

Interface Configuration
R1 R2

interface Loopback0 interface Loopback0


ip address 1.1.1.1 255.0.0.0 ip address 2.2.2.2 255.0.0.0
! !
interface Ethernet0/0 interface Ethernet0/0
ip address 192.1.12.1 255.255.255.0 ip address 192.1.12.2 255.255.255.0
no shutdown no shutdown
!
interface Serial0/0
ip address 192.1.23.2 255.255.255.0
encapsulation frame-relay
no shutdown
R3 R4

interface Loopback0 interface Loopback0


ip address 3.3.3.3 255.0.0.0 ip address 4.4.4.4 255.0.0.0
! !
interface Ethernet0/0 interface Ethernet0/0
ip address 192.1.34.3 255.255.255.0 ip address 192.1.34.4 255.255.255.0
no shutdown no shutdown
!
interface Serial0/0
ip address 192.1.23.3 255.255.255.0
encapsulation frame-relay
no shutdown

Task 1

Configure RIP V2 on all routers and advertise all the directly connected networks.
R1 R2

Router RIP Router RIP


Version 2 Version 2
No auto-summary No auto-summary
Network 1.0.0.0 Network 2.0.0.0
Network 192.1.12.0 Network 192.1.12.0
Network 192.1.23.0
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
172 of 230
R3 R4

Router RIP Router RIP


Version 2 Version 2
No auto-summary No auto-summary
Network 192.1.23.0 Network 192.1.34.0
Network 192.1.34.0 Network 4.0.0.0
Network 3.0.0.0

Task 2

Configure R1 to be the RP for Multicast groups 224.1.1.1 – 2, and R4 to be the RP for the
groups 224.4.4.1 – 2. These two RPs should use their Loopback 0 interface for this
purpose.

R1 R2

Ip multicast-routing Ip multicast-routing
! !
Ip pim rp-address 1.1.1.1 10 Ip pim rp-address 1.1.1.1 10
Ip pim rp-address 4.4.4.4 20 Ip pim rp-address 4.4.4.4 20
! !
Access-list 10 permit 224.1.1.1 Access-list 10 permit 224.1.1.1
Access-list 10 permit 224.1.1.2 Access-list 10 permit 224.1.1.2
! !
Access-list 20 permit 224.4.4.1 Access-list 20 permit 224.4.4.1
Access-list 20 permit 224.4.4.2 Access-list 20 permit 224.4.4.2
R3 R4

Ip multicast-routing Ip multicast-routing
! !
Ip pim rp-address 1.1.1.1 10 Ip pim rp-address 1.1.1.1 10
Ip pim rp-address 4.4.4.4 20 Ip pim rp-address 4.4.4.4 20
! !
Access-list 10 permit 224.1.1.1 Access-list 10 permit 224.1.1.1
Access-list 10 permit 224.1.1.2 Access-list 10 permit 224.1.1.2
! !
Access-list 20 permit 224.4.4.1 Access-list 20 permit 224.4.4.1
Access-list 20 permit 224.4.4.2 Access-list 20 permit 224.4.4.2

Task 3

Configure R1 Loopback 0 and R4 loopback to to join the following Multicast groups:

R1 – 224.1.1.1, 224.1.1.2, 224.1.1.3


R4 – 224.4.4.1, 224.4.4.2, 224.4.4.3
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
173 of 230
R1 R4

Interface Loopback0 Interface Loopback0


Ip igmp join-group 224.1.1.1 Ip igmp join-group 224.4.4.1
Ip igmp join-group 224.1.1.2 Ip igmp join-group 224.4.4.2
Ip igmp join-group 224.1.1.3 Ip igmp join-group 224.4.4.3

Task 4

Configure PIM on the physical and loopback interfaces in such a way that all routers
have access to all the multicast groups, including the ones that are not configured for
RP’s.

R1 R2

Interface E 0/0 Interface E 0/0


Ip pim sparse-dense-mode Ip pim sparse-dense-mode
! !
Interface Loopback0 Interface S0/0
Ip pim sparse-dense-mode Ip pim sparse-dense-mode
R3 R4

Interface E 0/0 Interface E 0/0


Ip pim sparse-dense-mode Ip pim sparse-dense-mode
! !
Interface S0/0 Interface Loopback0
Ip pim sparse-dense-mode Ip pim sparse-dense-mode

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
174 of 230
Lab 4 – Configuring AUTO-RP with a Single
RP

R1 R2
Lo 0 E 0/0 E 0/0 Lo 0

192.1.12.0/24 S 0/0

Frame 192.1.23.0/24

S 0/0
192.1.34.0/24

Lo 0 E 0/0 E 0/0 Lo 0
R4 R3

R1

Interface IP Address Subnet Mask


Loopback 0 1.1.1.1 255.0. 0.0
E 0/0 192.1.12.1 255.255.255.0

R2
Interface IP Address Subnet Mask
E 0/0 192.1.12.2 255.255.255.0
S 0/0 192.1.23.2 255.255.255.0
Loopback 0 2.2.2.2 255.0.0.0

R3
Interface IP Address Subnet Mask
S 0/0 192.1.23.3 255.255.255.0
E 0/0 192.1.34.3 255.255.255.0
Loopback 0 3.3.3.3 255.0.0.0

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
175 of 230
R4

Interface IP Address Subnet Mask


Loopback 0 4.4.4.4 255.0.0.0
E 0/0 192.1.34.4 255.255.255.0

Interface Configuration
R1 R2

interface Loopback0 interface Loopback0


ip address 1.1.1.1 255.0.0.0 ip address 2.2.2.2 255.0.0.0
! !
interface Ethernet0/0 interface Ethernet0/0
ip address 192.1.12.1 255.255.255.0 ip address 192.1.12.2 255.255.255.0
no shutdown no shutdown
!
interface Serial0/0
ip address 192.1.23.2 255.255.255.0
encapsulation frame-relay
no shutdown
R3 R4

interface Loopback0 interface Loopback0


ip address 3.3.3.3 255.0.0.0 ip address 4.4.4.4 255.0.0.0
! !
interface Ethernet0/0 interface Ethernet0/0
ip address 192.1.34.3 255.255.255.0 ip address 192.1.34.4 255.255.255.0
no shutdown no shutdown
!
interface Serial0/0
ip address 192.1.23.3 255.255.255.0
encapsulation frame-relay
no shutdown

Task 1
Configure RIP V2 on all routers and advertise all the directly connected networks.

R1 R2

Router RIP Router RIP


Version 2 Version 2
No auto-summary No auto-summary
Network 1.0.0.0 Network 2.0.0.0
Network 192.1.12.0 Network 192.1.12.0
Network 192.1.23.0
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
176 of 230
R3 R4

Router RIP Router RIP


Version 2 Version 2
No auto-summary No auto-summary
Network 192.1.23.0 Network 192.1.34.0
Network 192.1.34.0 Network 4.0.0.0
Network 3.0.0.0

Task 2

Configure IP Multicast Sparse Mode on R1 (Loopback0, E 0/0), R2 (E0/0, S0/0) and R3


(S0/0, Loopback0). Configure R2 Loopback0 to be the RP for multicast groups 224.3.3.1
and 224.3.3.2 only. Ensure that is sends its RP-announcements every 10 seconds with a
TTL of 5. Do not configure any Static RP on any router. R3 should join the multicast
groups 224.3.3.1 and 224.3.3.2 on the Loopback 0 interface. All multicast routers should
be able to ping all R3 multicast routes.

R2

Interface loopback 0
Ip pim sparse-mode

Ip multicast-routing
Ip pim autorp listener
!
access-list 1 permit 224.3.3.1
access-list 1 permit 224.3.3.2
!
Ip pim send-rp-announce loopback0 scope 5 group-list 1 interval 10
Ip pim send-rp-discovery scope 5
!
Interface S0/0
Ip pim sparse-mode
!
Interface E0/0
Ip pim sparse-mode

R1 R3

Ip multicast-routing Ip multicast-routing
Ip pim autorp listener Ip pim autorp listener
! !
Interface loopback 0 Interface S0/0
Ip pim sparse-mode Ip pim sparse-mode
!
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
177 of 230
Interface E0/0 !
Ip pim sparse-mode Interface Loopback0
Ip pim sparse-mode
Ip igmp join-group 224.3.3.1
Ip igmp join-group 224.3.3.2

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
178 of 230
Lab 5 – Configuring Multicast Rate-Limiting

(Builds on Lab 4)

Task 1

On R1, limit the bandwidth of the multicast traffic sent to group 224.3.3.1 on E0/0 to 4
Mbps and traffic sent to group 224.3.3.2 to 1 Mbps

R1

Access-list 5 permit 224.3.3.1


Access-list 6 permit 224.3.3.2
!
interface E 0/0
ip multicast rate-limit out group-list 5 4000
ip multicast rate-limit out group-list 6 1000

Task 2

Only all IGMP join messages coming into F 0/15 on SW1 for the Multicast groups
224.13.13.13 and 224.13.13.33.

SW1

Ip igmp filter
!
Ip igmp profile 1
Permit
Range 224.13.13.13
Range 224.13.13.33
interface F 0/15
ip igmp filter 1

Task 3

Block all Multicast traffic coming into interface F 0/18

SW1

interface F 0/18
switchport block multicast

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
179 of 230
Task 4

There is a server On R2 E0/0 and Clients on R3 E0/0. Both don’t support multicast
traffic. Server is sending broadcast traffic to the clients on destination port UDP port
2305. You are required to send this broadcast as multicast traffic for this application
from R2 to R3 to avoid congestion on the intermediate link.

Configure R2 to receive the traffic from server E0/0. Translate the broadcast traffic to
multicast address 224.0.1.4 and send this traffic to R3 S0/0. Configure R3 to receive
multicast traffic from R2. Translate it to broadcast so that clients on E0/0 segment of R3
can receive it properly.

R2 R3

Ip forward-protocol udp 2305 Ip forward-protocol udp 2305


! !
access-list 100 permit udp any any eq 2305 access-list 100 permit udp any any eq 2305
! !
Int E0/0 int S 0/0
ip multicast helper-map broadcast 224.0.1.4 100 ip multicast helper-map 224.0.1.4 192.1.34.255 100
!
Int E0/0
Ip directed-broadcast

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
180 of 230
Super Lab – I
Physical Connections and IP Addressing

BB1

(.9)
192.1.15.0/24 VLAN 15
10

F 0/0.1 (.5)

R5
F0/0.2 (.5)

192.1.45.0/24 VLAN 45

E 0/0 (.4)

R4

S 0/0.234 (.4) S 0/0.1 (.4)


R2
E 0/0 (.2) 192.1.14.0/24 E 0/0 (.1)

S 0/0 (.2) 192.1.11.0/24


S 0/0 (.1) R1 VLAN 11
Frame Relay
192.1.234.0/24

192.1.26.0/24 VLAN 26

192.1.36.0/24 VLAN 36 E 0/0.1 (.100)


S 0/0 (.3)

E 0/0.1 (.6) E 0/0.2 (.6)


E 0/0.2 (.3) R3
E 0/0.2 (.100) BB2
R6 E 0/0.1 (.3)

192.1.111.0/24 VLAN 111


(.20) 192.1.3.0/24 VLAN 3 (.21)

(.21)
SW1 SW2

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
181 of 230
IP Addressing

Device Port IP Address


R1 F 0/0 192.1.11.1/24
Loopback 0 1.1.1.1 /8
R2 F 0/0 192.1.26.2/24
S 0/0 192.1.234.2/24
Loopback 0 2.2.2.2/8
R3 S 0/0 192.1.234.3/24
F 0/0.1 192.1.3.3/24
F 0/0.2 192.1.36.3/24
Loopback 0 3.3.3.3/8
R4 F 0/0 192.1.45.4/24
S 0/0.234 192.1.234.4/24
S 0/0.1 192.1.14.4/24
Loopback 0 4.4.4.4/8
R5 F 0/0.1 192.1.15.5/24
F 0/0.2 192.1.45.5/24
Loopback 0 5.5.5.5 / 8
R6 F 0/0.1 192.1.26.6/24
F 0/0.2 192.1.36.6/24
Loopback 0 6.6.6.6/8
SW1 VLAN 3 192.1.3.20/24
SW2 VLAN 3 192.1.3.21/24
VLAN 111 192.1.111.21/24

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
182 of 230
RIP V2 Configuration

R5 R3

BB1 SW1

OSPF Configuration

R5

Area 0

R4

Area 10
R1
R2

Area 100 R6
R3

Area 50
R6

BB2

SW2

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
183 of 230
EIGRP Configuration

R1

AS 100

BB2

BGP Configuration

R5

AS 345
R4
AS 2 AS 1
R2 R1
R3

AS 65500
AS 21
R6
SW2

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
184 of 230
Section 1 – Layer 2 (20 points)
1.1 – Trunking (3 Point)

 Configure all the ports that connect switches together as Trunk ports.

 Set the encapsulation as Dot1q.

 Configure Switch 1 as the VTP Server in a VTP Domain of CCIE.

 Secure VTP with a password of CCIERS.

 Configure the rest of the Switch(s) as VTP Client(s) in the CCIE VTP Domain.

 Only allow appropriate VLANs to cross the trunk

1.2 – VLAN Creation and Assignment (2 Point)

 Create the following VLANs with the appropriate names:


o VLAN 3 – Name : VLAN_03
o VLAN 11 – Name : VLAN_11
o VLAN 15 – Name : VLAN_15
o VLAN 26 – Name : VLAN_26
o VLAN 36 – Name : VLAN_36
o VLAN 45 – Name : VLAN_45
o VLAN 111 – Name : VLAN_111

 Assign the appropriate ports to the appropriate VLANs based on the Diagram.

1.3 – Port Fast with Macros (2 Point)

 Add any 2 unused ports to VLAN 26.

 Define an interface-range with all ports that are part of VLAN 26 except for any
trunk ports.

 Define a Smart Macro that sets the ports in VLAN 26 to Access mode and turns
on Port Fast on them.

1.4 – SPAN (3 Point)

 There is a Traffic Analyzer connected to port 10 on Switch 1.

 Send a copy of all traffic received on VLANs 15 and 26 to the Traffic Analyzer.

1.5 – MST (3 Point)


Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
185 of 230
 Configure Multi-instance of Spanning Tree on the switches as follows:

o The name of this configuration should be CCIE


o The revision number should be 1
o Instance 1 should handle VLANs 3 , 11 and 15
o Instance 2 should handle VLANs 26 , 36, 45 and 111
o All future VLANs should use instance 0
o SW1 should be the root bridge for the first instance
o SW2 should be the root bridge for the second instance

1.6 – Controlling Multicast and broadcast Traffic (2 Point)

 Configure F0/1 on SW1 such that the maximum amount of bandwidth utilization
for broadcast traffic is 40% and 50% for Multicast traffic.

1.7 – Frame Relay (3 Point)

 Configure frame relay to connect R1, R2, R3 and R4 based on the Diagram.

 You can create 2 sub-interfaces on R4. You cannot create sub-interfaces on R2


and R3.

 R2, R3 and R4 should be configured in a hub-n-spoke configuration. R4 being the


hub and R2 and R3 being spokes.

 R2 should be able to ping R3 and vice versa.

 All routers should be able to ping their local frame relay interface.

 Do not rely on inverse ARP for frame relay mappings.

1.8 – Frame Relay Authentication (2 Point)

 Ensure that R1 and R4 use CHAP authentication using Cisco as the password.
These routers must authenticate each other before they can communicate.

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
186 of 230
Section 2 – IGP (30 points)
2.1 – Configure RIP Version 2 (3 Points)

 Configure RIP V2 on R5 to communicate to BB1 which is already configure with


RIP V2. Advertise the Loopback network on R5 in RIP.

 Configure RIP V2 between R3 and Switch 1. Create the following loopback on


Switch 1:

o Loopback 15: 15.15.15.15/8

 Advertise the Loopbacks on R3 and Switch 1 under RIP V2.

 Configure R3 and Switch 1 such that SW2 does not see RIP traffic.

2.2 – RIP Authentication (2 Points)

 Configure R5 to authenticate with BB1. BB1 has been configured with a Key # of
1 and key-string of cisco.

 Configure authentication between R3 and the Switch. Use a password of ccie with
a key # of 1.

 Use the most secure authentication mechanism.

2.3 – Route Filtering using RIP (2 Points)

 Deny all networks that have an even number in the 195.1.X.0 network range.

 Do the filtering on R5. Use minimum number of lines possible to accomplish this
task.

2.4 – Configuring EIGRP (2 Points)

 Configure EIGRP on R1 in AS 100 to communicate with BB2.

 Don’t advertise the Loopback network in EIGRP.

 Disable auto-summary.

2.5 – EIGRP Authentication (2 Points)

 Authenticate the EIGRP connection with BB2. BB2 has been configured with a
key # 1 with a key-string of cisco.

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
187 of 230
 Use the most secure authentication mechanism.

2.6 – Configuring OSPF (4 Point)

 Configure OSPF between R4 and R5 in Area 0. Advertise the Loopback interface


on R4 in Area 0. Make sure the route appears on R5 with the proper mask and
not a host mask

 Configure OSPF between R2, R3, R4, R6 and SW2 in Area 100. Advertise the
Loopback addresses on R2, R3 and R6 in Area 100. They should appear with the
proper mask and the not a host mask. Do not use the IP OSPF Network Broadcast
command on R2, R3 and R6 to accomplish this task.

 Configure OSPF between R1 and R4 in Area 10. Advertise the Loopback


interface on R1 in Area 10. Make sure the route appears on R4 with the proper
mask and not a host mask

 Configure the appropriate interfaces on SW2 and R1 in Area 50.

 Hard code the router-id on all OSPF devices. Use the following as the router-ids:

o R1 – 11.11.11.11
o R2 – 22.22.22.22
o R3 – 33.33.33.33
o R4 – 44.44.44.44
o R5 – 55.55.55.55
o R6 – 66.66.66.66
o SW2 – 21.21.21.21

2.7 – Configuring OSPF Virtual Links (4 Point)

 Configure Virtual Links on the appropriate routers to connect Area 50 to Area 0.

 Make sure you provide full redundancy for your network.

2.8 –OSPF Authentication (4 Point)

 Configure authentication for OSPF routers in Area 0. Use Message Digest as the
authentication Mechanism. Use ccie as the key with a key id of 1.

 Configure Authentication for OSPF routers in Area 10. Use Message Digest as
the authentication Mechanism. Use ccie as the key with a key id of 1.

 Configure Authentication for the neighbor relationships between R2, R3 and R4


and also between R2 and R6. Use Message Digest as the authentication
Mechanism. Use ccie as the key with a key id of 1.

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
188 of 230
 Configure Authentication on all virtual links.

2.9 – Redistribution (4 Point)

 Mutually redistribute RIP and OSPF at the appropriate router. Routes should be
redistributed in such a way that OSPF adds the link cost at each router.

 When redistributing the 200.1.1.0 routes learned from BB1, only the even
networks should be redistributed at the appropriate router.

 Create loopback 100 with an Ip address of 100.1.1.1/8 on Switch 1. Do not


advertise this network in any routing protocol on Switch 1.

 All routers should have connectivity to this network. You are allowed to create a
single static route on 1 router to accomplish this task.

 All OSPF routers should have access to the EIGRP routes on R1. You are not
allowed to redistribute EIGRP into OSPF. You are allowed a create a single static
route on a router to accomplish this task.

2.10 – Summarization (3 Point)

 Configure the following loopbacks on R1:


o Loopback 201: 201.1.12.1/24
o Loopback 202: 201.1.13.1/24
o Loopback 203: 201.1.14.1/24
o Loopback 204: 201.1.15.1/24

 Advertise the newly created loopbacks under EIGRP on R1.

 These routes should be summarized towards BB2.

 Inject these routes into OSPF as well. Don’t use the network command to
accomplish this task. Only send a summarized route into OSPF.

 Configure the following loopbacks on R6:


o Loopback 201: 206.1.20.1/24
o Loopback 202: 206.1.21.1/24
o Loopback 203: 206.1.22.1/24
o Loopback 204: 206.1.23.1/24

 Advertise the newly created loopbacks under OSPF on R6.

 These routes should be summarized on R4.

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
189 of 230
Section 3 – BGP (12 points)
3.1 –IBGP (3 Point)

 Configure the following Loopbacks:


o R1 – Loopback 125: 125.1.1.1/24
o R2 – Loopback 125: 125.2.2.2/24
o R3 – Loopback 125: 125.3.3.3/24
o R4 – Loopback 125: 125.4.4.4/24
o R5 – Loopback 125: 125.5.5.5/24
o R6 – Loopback 125: 125.6.6.6/24
o SW2 – Loopback 125: 125.21.21.21/24

 Configure R3, R4 and R5 in AS 345.

 R5 should not have a neighbor relationship with R3.

 Advertise the Loopback 125 networks on the appropriate routers.

 Configure the neighbor relationship with redundancy in mind.

 All IBGP routers using the most secure authentication method. Use CCIE as the
password.

3.2 – EBGP (3 Points)

 Configure a EBGP relationship between AS 2 and AS 345. Use R5 in AS 345 to


set this relationship up.

 Advertise the Loopback 125 network in BGP on R2. Don’t use the network
command to accomplish task The origin should be internal.

 Configure a EBGP relationship between AS 2 and AS 65500. Authenticate this


relationship

 Advertise the Loopback 125 network in BGP on R6.

 Configure R1 in AS 1. Advertise the Loopback 125 network under BGP.

 Configure a EBGP neighbor relation between AS 345 and AS 1.

 AS 345 sees AS 1 in AS 1000. Configure the remote-as as 1000 for AS 1 on R4.

 Configure SW2 in AS 21. Advertise the Loopback 125 network under BGP.

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
190 of 230
 Configure an EBGP neighbor relation between AS 21 and AS 345 based on the
network diagram.

 Also configure an EBGP neighbor relation between AS 21 and AS 1 based on the


network diagram.

3.3 – Route Aggregation (2 Points)

 Create the following loopback on R1:


o Loopback 191: 199.1.4.1/24
o Loopback 192: 199.1.5.1/24
o Loopback 193: 199.1.6.1/24
o Loopback 194: 199.1.7.1/24

 Advertise these networks under BGP.

 Summarize these networks on R1.

 Suppress the specific routes from getting propagated to BGP neighbors except for
199.1.5.0/24. This route should get propagated in addition to the summary route.

3.4 – Filtering Private AS number (2 Points)

 R2 should not send the Private AS number in the AS Path for route(s) from AS
65500 to AS 345.

 You can use a single command under the BGP Routing process to accomplish this
task.

3.5 – Path Attributes (2 Points)

 Configure AS 345 such that it uses AS 21 to get to AS 1 routes. Do not use the
AS-Path or Weight Attributes to accomplish this task.

 Configure AS 21 such that it uses AS 1 to get to AS 2 routes.

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
191 of 230
Section 4 – Security (8 points)
4.1 – Dot 1X Authentication (3 Points)

 Configure Ports F 0/13 – 18 on Switch 1 for Dot1X authentication. Assign them


to VLAN 250.

 Authentication should be done based on a RADIUS Server located at 192.1.3.100.


Use cciers as the secret key.

 If the host does not support Dot1X authentication, it should be put in VLAN 300.

4.2 – SSH Configuation (3 Points)

 Configure R3 such that remote management can only be done by SSH.

 Configure a Local User SSHADMIN with a password of cciers. SSH


authentication should be done based on the local database.

 Only allow Remote Management from VLAN 3.

4.3 – ACL Configuration (2 Points)

 Configure RFC 1918 filtering on R5 for anti-spoofing from the Frame cloud.

 Also make sure packets with internal address as source addresses should not be
allowed in. Do not use an ACL for this task.

 There is a web server located at 192.1.15.25. This web server will be going down
for Maintenance on Friday, Saturday and Sunday from 9:00 PM to 11:30 PM. R5
should block access to this server during the Maintenance times. This should be in
affect for the month of December.

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
192 of 230
Section 5 – IOS Services (12 points)
5.1 – IOS DHCP Server (3 Points)

 Enable R5 as a DHCP Server with the following information:

o IP ADDRESS : 192.1.15.0/24
o WINS ADDRESS : 192.1.15.5
o DNS ADDRESS : 192.1.15.6
o DEFAULT GATEWAY : 192.1.15.1
o LEASE TIME : 6 Days
o Exclude-addresses : 192.1.15.1-192.1.15.10

5.2 – Core Dumps (3 Points)

 Configure R1 to send a Core DUMP to a FTP server located at 192.1.12.100. Set


the Dump size to 32768.

 Use CCIE as the Username to log into the FTP with a password of 12353.

5.3 – NAT (3 Points)

 Configure a Loopback 10 on R1. Assign it an address of 10.0.0.1/8.

 Configure NAT on R1 to allow the 10.0.0.0 network to access the rest of routers
using S 0/0 interface address. Do not create a pool to accomplish this.

 There is a web server that will be installed at 10.0.0.80. There is a DNS Server
located at 10.0.0.81.

 Allow the outside user’s access to these servers using a common outside address
of 192.1.14.83.

5.4 – DRP (3 Points)

 R5 will be queried by Cisco DistributedDirector from the following IP Addresses:

o 195.1.5.15
o 195.1.7.35

 Enable the DRP Server Agent on R5

 Only allow DRP Queries from the above listed DistributedDirector’s.

 R5 should be configured to authenticate the DistributedDirector with a key of ccie

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
193 of 230
Section 6 – Multicasting (6 points)
6.1 – Configuring PIM Sparse Mode (3 Points)

 Configure VLAN 26 to receive and send multicast Traffic from and to VLAN 45.

 Perform configurations on R2 and R4 using PIM-Sparse-Mode. R2 should be the RP


for 224.2.2.2 and R4 should be the RP for 224.4.4.4.

6.2 – Configuring IGMP (3 Points)

 Configure R2 to statically join multicast group 224.2.2.2 and R4 to statically join the
multicast group 224.4.4.4.

 R2 and R4 should be able to ping both Multicast groups.

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
194 of 230
Section 7 –QoS (8 points)
7.1 – Configuring CB-WFQ using NBAR (3 Points)

 Configure R3 such that traffic going towards the Frame Cloud uses the following
QoS parameters:

o All HTTP traffic towards a Web Server http://www.netmetric-


solutions.com should be assigned a minimum bandwidth of 35%.
o Telnet Traffic should be assigned a minimum bandwidth of 10%.
Configure it for LLQ.
o FTP traffic should be limited to 256 kbps.

7.2 – Configuring Policing using MQC (3 Points)

 R3-R4 has a CIR of 256 and Peak CIR of 512. Configure R4 such that all HTTP and
HTTPS traffic going from 192.1.15.0 networks towards Network 6.0.0.0 should have
a Precedence of 5 if it is within the CIR. If it exceeds the CIR, it should be set with a
Precedence of 1. Also, set the DE bit on, if it exceeds the CIR. If it exceeds the Peak,
the packet should be dropped. The rest of the traffic should to set to a Precedence of
3.

7.3 – SRR (2 Points)

 Configure SRR on Switch 1 such that F 0/10 port using the following parameters:

CoS Value Srr Queue


3, 4, 6 4
2 ,7 3
0,1 2
5 1

 Configure Shaping on the first queue. It should used 25% percent of the interface
Bandwidth. Configure Sharing on the remaining queues. Queues 2, 3 and 4 should be
shared with a percentage breakdown of 45 30 and 25 percentage respectively.

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
195 of 230
Section 8 – IPV6 (4 points)
8.1 – Configuring IPV6 (2 Points)

 Configure R3 and R6 with the following IPv6 Addresses:

Router Interface IPv6 Address


R3 Loopback 0 2222:1111:3333:3333::3/64
R3 E 0/0.2 2222.1111:3333:3636::3/64
R6 Loopback 0 2222:1111:6666:6666::6/64
R6 E 0/0.2 2222:1111:2222:3636::6/64

8.2 – Running RIPng (2 Points)

 Enable IPv6 Unicast Routing.

 Run RIPng between R3 and R6 and advertise the Loopback networks.

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
196 of 230
Super Lab – I (Answers)
Physical Connections and IP Addressing

BB1

(.9)
192.1.15.0/24 VLAN 15
10

F 0/0.1 (.5)

R5
F0/0.2 (.5)

192.1.45.0/24 VLAN 45

E 0/0 (.4)

R4

S 0/0.234 (.4) S 0/0.1 (.4)


R2
E 0/0 (.2) 192.1.14.0/24 E 0/0 (.1)

S 0/0 (.2) 192.1.11.0/24


S 0/0 (.1) R1 VLAN 11
Frame Relay
192.1.234.0/24

192.1.26.0/24 VLAN 26

192.1.36.0/24 VLAN 36 E 0/0.1 (.100)


S 0/0 (.3)

E 0/0.1 (.6) E 0/0.2 (.6)


E 0/0.2 (.3) R3
E 0/0.2 (.100) BB2
R6 E 0/0.1 (.3)

192.1.111.0/24 VLAN 111


(.20) 192.1.3.0/24 VLAN 3 (.21)

(.21)
SW1 SW2

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
197 of 230
IP Addressing

Device Port IP Address


R1 F 0/0 192.1.11.1/24
Loopback 0 1.1.1.1 /8
R2 F 0/0 192.1.26.2/24
S 0/0 192.1.234.2/24
Loopback 0 2.2.2.2/8
R3 S 0/0 192.1.234.3/24
F 0/0.1 192.1.3.3/24
F 0/0.2 192.1.36.3/24
Loopback 0 3.3.3.3/8
R4 F 0/0 192.1.45.4/24
S 0/0.234 192.1.234.4/24
S 0/0.1 192.1.14.4/24
Loopback 0 4.4.4.4/8
R5 F 0/0.1 192.1.15.5/24
F 0/0.2 192.1.45.5/24
Loopback 0 5.5.5.5 / 8
R6 F 0/0.1 192.1.26.6/24
F 0/0.2 192.1.36.6/24
Loopback 0 6.6.6.6/8
SW1 VLAN 3 192.1.3.20/24
SW2 VLAN 3 192.1.3.21/24
VLAN 111 192.1.111.21/24

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
198 of 230
RIP V2 Configuration

R5 R3

BB1 SW1

OSPF Configuration

R5

Area 0

R4

Area 10
R1
R2

Area 100 R6
R3

Area 50
R6

BB2

SW2

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
199 of 230
EIGRP Configuration

R1

AS 100

BB2

BGP Configuration

R5

AS 345
R4
AS 2 AS 1
R2 R1
R3

AS 65500
AS 21
R6
SW2

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
200 of 230
Section 1 – Layer 2 (20 points)
1.1 – Trunking (3 Point)

 Configure all the ports that connect switches together as Trunk ports.

 Set the encapsulation as Dot1q.

 Configure Switch 1 as the VTP Server in a VTP Domain of CCIE.

 Secure VTP with a password of CCIERS.

 Configure the rest of the Switch(s) as VTP Client(s) in the CCIE VTP Domain.

 Only allow appropriate VLANs to cross the trunk

SW1 SW2

VTP mode server VTP mode client


VTP domain CCIE VTP domain CCIE
VTP password CCIERS VTP password CCIERS
! !
interface FastEthernet0/13 interface FastEthernet0/13
switchport trunk encapsulation dot1q switchport trunk encapsulation dot1q
switchport trunk allowed vlan switchport trunk allowed vlan
3,11,15,26,36,45,111 3,11,15,26,36,45,111
switchport mode trunk switchport mode trunk
! !
interface FastEthernet0/14 interface FastEthernet0/14
switchport trunk encapsulation dot1q switchport trunk encapsulation dot1q
switchport trunk allowed vlan switchport trunk allowed vlan
3,11,15,26,36,45,111 3,11,15,26,36,45,111
switchport mode trunk switchport mode trunk
!
interface FastEthernet0/16
switchport trunk encapsulation dot1q
switchport trunk allowed vlan
3,11,15,26,36,45,111
switchport mode trunk
!
interface FastEthernet0/17
switchport trunk encapsulation dot1q
switchport trunk allowed vlan
3,11,15,26,36,45,111
switchport mode trunk
SW3 SW4
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
201 of 230
VTP mode client VTP mode client
VTP domain CCIE VTP domain CCIE
VTP password CCIERS VTP password CCIERS
! !
interface FastEthernet0/13 interface FastEthernet0/13
switchport trunk encapsulation dot1q switchport trunk encapsulation dot1q
switchport trunk allowed vlan switchport trunk allowed vlan
3,11,15,26,36,45,111 3,11,15,26,36,45,111
switchport mode trunk switchport mode trunk
! !
interface FastEthernet0/14 interface FastEthernet0/14
switchport trunk encapsulation dot1q switchport trunk encapsulation dot1q
switchport trunk allowed vlan switchport trunk allowed vlan
3,11,15,26,36,45,111 3,11,15,26,36,45,111
switchport mode trunk switchport mode trunk

1.2 – VLAN Creation and Assignment (2 Point)

 Create the following VLANs with the appropriate names:


o VLAN 3 – Name : VLAN_03
o VLAN 11 – Name : VLAN_11
o VLAN 15 – Name : VLAN_15
o VLAN 26 – Name : VLAN_26
o VLAN 36 – Name : VLAN_36
o VLAN 45 – Name : VLAN_45
o VLAN 111 – Name : VLAN_111

 Assign the appropriate ports to the appropriate VLANs based on the Diagram.

SW1 SW2

Vlan 3 interface FastEthernet0/2


Name VLAN_3 switchport access vlan 26
Vlan 11 switchport mode access
Name VLAN_11 !
Vlan 15 interface FastEthernet0/4
Name VLAN_15 switchport access vlan 45
Vlan 26 switchport mode access
Name VLAN_26 !
Vlan 36 interface FastEthernet0/6
Name VLAN_36 switchport trunk encapsulation dot1q
Vlan 45 switchport mode trunk
Name VLAN_45 !
Vlan 111 interface FastEthernet0/24
Name VLAN_111 switchport trunk encapsulation dot1q
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
202 of 230
! switchport mode trunk
interface FastEthernet0/1
switchport access vlan 11
switchport mode access
!
interface FastEthernet0/3
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/5
switchport trunk encapsulation dot1q
switchport mode trunk
SW3

interface FastEthernet0/24
switchport access vlan 15
switchport mode access

1.3 – Port Fast with Macros (2 Point)

 Add any 2 unused ports to VLAN 26.

 Define an interface-range with all ports that are part of VLAN 26 except for any
trunk ports.

 Define a Smart Macro that sets the ports in VLAN 26 to Access mode and turns
on Port Fast on them.

SW1

interface FastEthernet0/7
switchport access vlan 26
!
interface FastEthernet0/8
switchport access vlan 26
!
define interface-range VLAN26 FastEthernet0/7 , FastEthernet0/8
!
macro name VLAN26
switchport mode access
switchport access vlan 26
spanning-tree portfast
@

1.4 – SPAN (3 Point)

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
203 of 230
 There is a Traffic Analyzer connected to port 10 on Switch 1.

 Send a copy of all traffic received on VLANs 15 and 26 to the Traffic Analyzer.

SW1

monitor session 1 source vlan 15 , 26 rx


monitor session 1 destination interface Fa0/10

1.5 – MST (3 Point)

 Configure Multi-instance of Spanning Tree on the switches as follows:

o The name of this configuration should be CCIE


o The revision number should be 1
o Instance 1 should handle VLANs 3 , 11 and 15
o Instance 2 should handle VLANs 26 , 36, 45 and 111
o All future VLANs should use instance 0
o SW1 should be the root bridge for the first instance
o SW2 should be the root bridge for the second instance

SW1 SW2

spanning-tree mode mst spanning-tree mode mst


! !
spanning-tree mst configuration spanning-tree mst configuration
name CCIE name CCIE
revision 1 revision 1
instance 1 vlan 3, 11, 15 instance 1 vlan 3, 11, 15
instance 2 vlan 26, 36, 45, 111 instance 2 vlan 26, 36, 45, 111
! !
spanning-tree mst 1 priority 0 spanning-tree mst 2 priority 0
SW3 SW4

spanning-tree mode mst spanning-tree mode mst


! !
spanning-tree mst configuration spanning-tree mst configuration
name CCIE name CCIE
revision 1 revision 1
instance 1 vlan 3, 11, 15 instance 1 vlan 3, 11, 15
instance 2 vlan 26, 36, 45, 111 instance 2 vlan 26, 36, 45, 111

1.6 – Controlling Multicast and broadcast Traffic (2 Point)

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
204 of 230
 Configure F0/1 on SW1 such that the maximum amount of bandwidth utilization
for broadcast traffic is 40% and 50% for Multicast traffic.

SW1

Int F0/1
storm-control broadcast level 40.00
storm-control multicast level 50.00

1.7 – Frame Relay (3 Point)

 Configure frame relay to connect R1, R2, R3 and R4 based on the Diagram.

 You can create 2 sub-interfaces on R4. You cannot create sub-interfaces on R2


and R3.

 R2, R3 and R4 should be configured in a hub-n-spoke configuration. R4 being the


hub and R2 and R3 being spokes.

 R2 should be able to ping R3 and vice versa.

 All routers should be able to ping their local frame relay interface.

 Do not rely on inverse ARP for frame relay mappings.

1.8 – Frame Relay Authentication (2 Point)

 Ensure that R1 and R4 use CHAP authentication using Cisco as the password.
These routers must authenticate each other before they can communicate.

R1 R2

username R4 password 0 Cisco interface Serial0/0


! ip address 192.1.234.2 255.255.255.0
interface Virtual-Template1 encapsulation frame-relay
ip address 192.1.14.1 255.255.255.0 frame-relay map ip 192.1.234.2 204
ppp authentication chap frame-relay map ip 192.1.234.3 204
! frame-relay map ip 192.1.234.4 204
interface Serial0/0 broadcast
no ip address no frame-relay inverse-arp
encapsulation frame-relay
no frame-relay inverse-arp
!
interface Serial0/0.1 point-to-point
frame-relay interface-dlci 104 ppp Virtual-
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
205 of 230
Template1
R3 R4

interface Serial0/0 username R1 password 0 Cisco


ip address 192.1.234.3 255.255.255.0 !
encapsulation frame-relay interface Serial0/0
frame-relay map ip 192.1.234.2 304 no ip address
frame-relay map ip 192.1.234.3 304 encapsulation frame-relay
frame-relay map ip 192.1.234.4 304 no frame-relay inverse-arp
broadcast !
no frame-relay inverse-arp interface Serial0/0.1 point-to-point
frame-relay interface-dlci 401 ppp Virtual-
Template1
!
interface Serial0/0.234 multipoint
ip address 192.1.234.4 255.255.255.0
frame-relay map ip 192.1.234.2 402
broadcast
frame-relay map ip 192.1.234.3 403
broadcast
frame-relay map ip 192.1.234.4 402
!
interface Virtual-Template1
ip address 192.1.14.4 255.255.255.0
ppp authentication chap

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
206 of 230
Section 2 – IGP (30 points)
2.1 – Configure RIP Version 2 (3 Points)

 Configure RIP V2 on R5 to communicate to BB1 which is already configure with


RIP V2. Advertise the Loopback network on R5 in RIP.

 Configure RIP V2 between R3 and Switch 1. Create the following loopback on


Switch 1:

o Loopback 15: 15.15.15.15/8

 Advertise the Loopbacks on R3 and Switch 1 under RIP V2.

 Configure R3 and Switch 1 such that SW2 does not see RIP traffic.

R5 R3

router rip router rip


version 2 version 2
network 5.0.0.0 passive-interface FastEthernet0/0.1
network 192.1.15.0 network 3.0.0.0
network 192.1.3.0
neighbor 192.1.3.20
no auto-summary
SW1

Interface Loopback 15
Ip address 15.15.15.15 255.0.0.0
!
Ip routing
!
router rip
version 2
passive-interface Vlan3
network 15.0.0.0
network 192.1.3.0
neighbor 192.1.3.3
no auto-summary

2.2 – RIP Authentication (2 Points)

 Configure R5 to authenticate with BB1. BB1 has been configured with a Key # of
1 and key-string of cisco.

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
207 of 230
 Configure authentication between R3 and the Switch. Use a password of ccie with
a key # of 1.

 Use the most secure authentication mechanism.

R5 R3

key chain RIP key chain RIP


key 1 key 1
key-string cisco key-string ccie
! !
interface FastEthernet0/0.1 interface FastEthernet0/0.1
ip rip authentication mode md5 ip rip authentication mode md5
ip rip authentication key-chain RIP ip rip authentication key-chain RIP
SW1

key chain RIP


key 1
key-string ccie
!
interface vlan 3
ip rip authentication mode md5
ip rip authentication key-chain RIP

2.3 – Route Filtering using RIP (2 Points)

 Deny all networks that have an even number in the 195.1.X.0 network range.

 Do the filtering on R5. Use minimum number of lines possible to accomplish this
task.

R5

Access-list 101 deny 195.1.0.0 0.0.254.255


Access-list 101 permit any
!
Router rip
distribute-list 101 in

2.4 – Configuring EIGRP (2 Points)

 Configure EIGRP on R1 in AS 100 to communicate with BB2.

 Don’t advertise the Loopback network in EIGRP.

 Disable auto-summary.
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
208 of 230
R1

router eigrp 100


network 192.1.11.1 0.0.0.0
no auto-summary

2.5 – EIGRP Authentication (2 Points)

 Authenticate the EIGRP connection with BB2. BB2 has been configured with a
key # 1 with a key-string of cisco.

 Use the most secure authentication mechanism.

R5

key chain EIGRP


key 1
key-string cisco
!
interface FastEthernet0/0
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 EIGRP

2.6 – Configuring OSPF (4 Point)

 Configure OSPF between R4 and R5 in Area 0. Advertise the Loopback interface


on R4 in Area 0. Make sure the route appears on R5 with the proper mask and
not a host mask

 Configure OSPF between R2, R3, R4, R6 and SW2 in Area 100. Advertise the
Loopback addresses on R2, R3 and R6 in Area 100. They should appear with the
proper mask and the not a host mask. Do not use the IP OSPF Network Broadcast
command on R2, R3 and R6 to accomplish this task.

 Configure OSPF between R1 and R4 in Area 10. Advertise the Loopback


interface on R1 in Area 10. Make sure the route appears on R4 with the proper
mask and not a host mask

 Configure the appropriate interfaces on SW2 and R1 in Area 50.

 Hard code the router-id on all OSPF devices. Use the following as the router-ids:

o R1 – 11.11.11.11
o R2 – 22.22.22.22
o R3 – 33.33.33.33
o R4 – 44.44.44.44
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
209 of 230
o R5 – 55.55.55.55
o R6 – 66.66.66.66
o SW2 – 21.21.21.21

R1: R2

Int loopback 0 Interface Loopback 0


Ip ospf network point-to-point ip ospf network point-to-point
! !
router ospf 1 Interface s0/0
router-id 11.11.11.11 ip ospf network point-to-multipoint
log-adjacency-changes !
network 1.1.1.1 0.0.0.0 area 10 router ospf 1
network 192.1.11.1 0.0.0.0 area 50 router-id 22.22.22.22
network 192.1.14.1 0.0.0.0 area 10 log-adjacency-changes
network 192.1.26.2 0.0.0.0 area 100
network 192.1.234.2 0.0.0.0 area 100
network 22.22.22.22 0.0.0.0 area 100
R3 R4

Interface Loopback 0 Interface Loopback 0


ip ospf network point-to-point ip ospf network point-to-point
! !
Interface s0/0 Interface s0/0.234
ip ospf network point-to-multipoint ip ospf network point-to-multipoint
! !
router ospf 1 router ospf 1
router-id 33.33.33.33 router-id 44.44.44.44
log-adjacency-changes log-adjacency-changes
network 192.1.3.3 0.0.0.0 area 100 network 44.44.44.44 0.0.0.0 area 0
network 192.1.234.3 0.0.0.0 area 100 network 192.1.14.4 0.0.0.0 area 10
network 33.33.33.33 0.0.0.0 area 100 network 192.1.45.4 0.0.0.0 area 0
network 192.1.234.4 0.0.0.0 area 100
R5 R6

router ospf 1 Interface Loopback 0


router-id 55.55.55.55 ip ospf network point-to-point
log-adjacency-changes !
network 192.1.45.5 0.0.0.0 area 0 router ospf 1
router-id 66.66.66.66
log-adjacency-changes
network 192.1.26.6 0.0.0.0 area 100
network 66.66.66.66 0.0.0.0 area 100
SW2

router ospf 1
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
210 of 230
router-id 21.21.21.21
log-adjacency-changes
network 192.1.3.21 0.0.0.0 area 100
network 192.1.111.21 0.0.0.0 area 50

2.7 – Configuring OSPF Virtual Links (4 Point)

 Configure Virtual Links on the appropriate routers to connect Area 50 to Area 0.

 Make sure you provide full redundancy for your network.

R1 R4

Router ospf 1 Router ospf 1


area 10 virtual-link 44.44.44.44 area 10 virtual-link 11.11.11.11
area 50 virtual-link 21.21.21.21 area 100 virtual-link 21.21.21.21

SW2

Router ospf 1
area 100 virtual-link 44.44.44.44
area 50 virtual-link 11.11.11.11

2.8 –OSPF Authentication (4 Point)

 Configure authentication for OSPF routers in Area 0. Use Message Digest as the
authentication Mechanism. Use ccie as the key with a key id of 1.

 Configure Authentication for OSPF routers in Area 10. Use Message Digest as
the authentication Mechanism. Use ccie as the key with a key id of 1.

 Configure Authentication for the neighbor relationships between R2, R3 and R4


and also between R2 and R6. Use Message Digest as the authentication
Mechanism. Use ccie as the key with a key id of 1.

 Configure Authentication on all virtual links.

R1 R2

Router ospf 1 Interface s0/0


area 10 authentication message-digest ip ospf authentication message-digest
area 10 virtual-link 44.44.44.44 ip ospf message-digest-key 1 md5 ccie
authentication message-digest !
area 10 virtual-link 44.44.44.44 message- Interface f0/0
digest-key 1 md5 ccie ip ospf authentication message-digest
area 10 authentication message-digest ip ospf message-digest-key 1 md5 ccie
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
211 of 230
area 50 virtual-link 21.21.21.21
authentication message-digest
area 50 virtual-link 21.21.21.21 message-
digest-key 1 md5 ccie
!
interface Serial0/0.1 point-to-point
ip ospf message-digest-key 1 md5 ccie
R3 R4

Interface s0/0 Router ospf 1


ip ospf authentication message-digest area 0 authentication message-digest
ip ospf message-digest-key 1 md5 ccie area 10 authentication message-digest
area 10 virtual-link 11.11.11.11 message-
digest-key 1 md5 ccie
area 100 virtual-link 21.21.21.21 message-
digest-key 1 md5 ccie
!
Interface f0/0
ip ospf message-digest-key 1 md5 ccie
!
Interface s0/0.1
ip ospf message-digest-key 1 md5 ccie
!
Interface s0/0.234
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 ccie

R5 R6

Router ospf 1 Int F0/0.1


area 0 authentication message-digest ip ospf authentication message-digest
! ip ospf message-digest-key 1 md5 ccie
interface f0/0.2
ip ospf message-digest-key 1 md5 ccie
SW2

Router ospf 1
area 100 virtual-link 44.44.44.44
authentication message-digest
area 100 virtual-link 44.44.44.44 message-
digest-key 1 md5 ccie
area 50 virtual-link 21.21.21.21
authentication message-digest
area 50 virtual-link 21.21.21.21 message-
digest-key 1 md5 ccie
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
212 of 230
2.9 – Redistribution (4 Point)

 Mutually redistribute RIP and OSPF at the appropriate router. Routes should be
redistributed in such a way that OSPF adds the link cost at each router.

 When redistributing the 200.1.1.0 routes learned from BB1, only the even
networks should be redistributed at the appropriate router.

 Create loopback 100 with an Ip address of 100.1.1.1/8 on Switch 1. Do not


advertise this network in any routing protocol on Switch 1.

 All routers should have connectivity to this network. You are allowed to create a
single static route on 1 router to accomplish this task.

 All OSPF routers should have access to the EIGRP routes on R1. You are not
allowed to redistribute EIGRP into OSPF. You are allowed a create a single static
route on a router to accomplish this task.

R1: R3

ip route 202.2.0.0 255.255.0.0 Null0 Router ospf 1


! redistribute rip metric-type 1 subnets
Router ospf 1 redistribute static subnets
redistribute static subnets !
Router rip
redistribute ospf 1 metric 5
!
ip route 100.0.0.0 255.0.0.0 192.1.3.20
R5 SW1:

Access-list 121 deny 200.1.1.0 interface Loopback100


0.0.254.255 ip address 100.1.1.1 255.0.0.0
Access-list 121 permit any
!
route-map R-2-O permit 10
match ip address 121
!
Router ospf 1
redistribute rip metric-type 1 subnets route-
map R-2-O
!
Router rip
redistribute ospf 1 metric 5

2.10 – Summarization (3 Point)


Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
213 of 230
 Configure the following loopbacks on R1:
o Loopback 201: 201.1.12.1/24
o Loopback 202: 201.1.13.1/24
o Loopback 203: 201.1.14.1/24
o Loopback 204: 201.1.15.1/24

 Advertise the newly created loopbacks under EIGRP on R1.

 These routes should be summarized towards BB2.

 Inject these routes into OSPF as well. Don’t use the network command to
accomplish this task. Only send a summarized route into OSPF.

 Configure the following loopbacks on R6:


o Loopback 201: 206.1.20.1/24
o Loopback 202: 206.1.21.1/24
o Loopback 203: 206.1.22.1/24
o Loopback 204: 206.1.23.1/24

 Advertise the newly created loopbacks under OSPF on R6.

 These routes should be summarized on R4.

R1 R4:

interface Loopback201 Router ospf 1


ip address 201.1.12.1 255.255.255.0 area 100 range 206.1.20.0 255.255.252.0
!
interface Loopback202
ip address 201.1.13.1 255.255.255.0
!
interface Loopback203
ip address 201.1.14.1 255.255.255.0
!
interface Loopback204
ip address 201.1.15.1 255.255.255.0
!
router eigrp 100
network 201.1.12.1 0.0.0.0
network 201.1.13.1 0.0.0.0
network 201.1.14.1 0.0.0.0
network 201.1.15.1 0.0.0.0
!
Interface f0/0
ip summary-address eigrp 100 201.1.12.0
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
214 of 230
255.255.252.0 5
!
route-map RC permit 10
match interface Loopback201
Loopback202 Loopback203 Loopback204
!
Router ospf 1
Redistribute connected route-map RC
subnets
summary-address 201.1.12.0
255.255.252.0
R6

interface Loopback201
ip address 206.1.20.1 255.255.255.0
!
interface Loopback202
ip address 206.1.21.1 255.255.255.0
!
interface Loopback203
ip address 206.1.22.1 255.255.255.0
!
interface Loopback204
ip address 206.1.23.1 255.255.255.0
!
Router ospf 1
network 206.1.20.1 0.0.0.0 area 100
network 206.1.21.1 0.0.0.0 area 100
network 206.1.22.1 0.0.0.0 area 100
network 206.1.23.1 0.0.0.0 area 100

Section 3 – BGP (12 points)


3.1 –IBGP (3 Point)

 Configure the following Loopbacks:


o R1 – Loopback 125: 125.1.1.1/24
o R2 – Loopback 125: 125.2.2.2/24
o R3 – Loopback 125: 125.3.3.3/24
o R4 – Loopback 125: 125.4.4.4/24
o R5 – Loopback 125: 125.5.5.5/24
o R6 – Loopback 125: 125.6.6.6/24
o SW2 – Loopback 125: 125.21.21.21/24

 Configure R3, R4 and R5 in AS 345.

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
215 of 230
 R5 should not have a neighbor relationship with R3.

 Advertise the Loopback 125 networks on the appropriate routers.

 Configure the neighbor relationship with redundancy in mind.

 All IBGP routers using the most secure authentication method. Use CCIE as the
password.

R1: R2

Int loopback125 Int loopback125


Ip address 125.1.1.1 255.255.255.0 Ip address 125.2.2.2 255.255.255.0
R3 R4:

Int loopback125 Int loopback125


Ip address 125.3.3.3 255.255.255.0 Ip address 125.4.4.4 255.255.255.0
! !
router bgp 345 router bgp 345
no auto-summary no auto-summary
no sync no sync
network 125.3.3.0 mask 255.255.255.0 network 125.4.4.0 mask 255.255.255.0
neighbor 44.44.44.44 remote-as 345 neighbor 33.33.33.33 remote-as 345
neighbor 44.44.44.44 password CCIE neighbor 33.33.33.33 password CCIE
neighbor 44.44.44.44 update-source neighbor 33.33.33.33 update-source
Loopback0 Loopback0
neighbor 33.33.33.33 route-reflector-client
neighbor 55.55.55.55 remote-as 345
neighbor 55.55.55.55 password CCIE
neighbor 55.55.55.55 update-source
Loopback0
neighbor 55.55.55.55 route-reflector-client
R5 R6:

Int loopback125 Int loopback125


Ip address 125.5.5.5 255.255.255.0 Ip address 125.6.6.6 255.255.255.0
!
router bgp 345
no auto-summary
no sync
neighbor 44.44.44.44 remote-as 345
neighbor 44.44.44.44 password CCIE
neighbor 44.44.44.44 update-source
Loopback0

SW1
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
216 of 230
Int loopback125
Ip address 125.21.21.21 255.255.255.0

3.2 – EBGP (3 Points)

 Configure a EBGP relationship between AS 2 and AS 345. Use R5 in AS 345 to


set this relationship up.

 Advertise the Loopback 125 network in BGP on R2. Don’t use the network
command to accomplish task The origin should be internal.

 Configure a EBGP relationship between AS 2 and AS 65500. Authenticate this


relationship

 Advertise the Loopback 125 network in BGP on R6.

 Configure R1 in AS 1. Advertise the Loopback 125 network under BGP.

 Configure a EBGP neighbor relation between AS 345 and AS 1.

 AS 345 sees AS 1 in AS 1000. Configure the remote-as as 1000 for AS 1 on R4.

 Configure SW2 in AS 21. Advertise the Loopback 125 network under BGP.

 Configure an EBGP neighbor relation between AS 21 and AS 345 based on the


network diagram.

 Also configure an EBGP neighbor relation between AS 21 and AS 1 based on the


network diagram.

R1 R2

router bgp 1 route-map RC-2-BGP permit 10


no auto-summary match interface Loopback125
no sync set origin igp
network 125.1.1.0 mask 255.255.255.0 !
neighbor 192.1.3.21 remote-as 21 router bgp 2
neighbor 192.1.3.21 ebgp-multihop 255 no auto-summary
neighbor 192.1.14.4 remote-as 345 no sync
neighbor 192.1.14.4 local-as 1000 redistribute connected route-map RC-2-
BGP
neighbor 192.1.26.6 remote-as 65500
neighbor 192.1.26.6 password CCIE
neighbor 192.1.45.5 remote-as 345
neighbor 192.1.45.5 ebgp-multihop 255
R3 R4
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
217 of 230
router bgp 345 router bgp 345
neighbor 192.1.3.21 remote-as 21 neighbor 192.1.14.1 remote-as 1000
R5 R6

router bgp 345 router bgp 65500


neighbor 192.1.234.2 remote-as 2 no auto-summary
neighbor 192.1.234.2 ebgp-multihop 255 no sync
network 125.6.6.0 mask 255.255.255.0
neighbor 192.1.26.2 remote-as 2
neighbor 192.1.26.2 password CCIE
SW2

router bgp 21
network 125.21.21.0 mask 255.255.255.0
neighbor 192.1.3.3 remote-as 345
neighbor 192.1.14.1 remote-as 1
neighbor 192.1.14.1 ebgp-multihop 255

3.3 – Route Aggregation (2 Points)

 Create the following loopback on R1:


o Loopback 191: 199.1.4.1/24
o Loopback 192: 199.1.5.1/24
o Loopback 193: 199.1.6.1/24
o Loopback 194: 199.1.7.1/24

 Advertise these networks under BGP.

 Summarize these networks on R1.

 Suppress the specific routes from getting propagated to BGP neighbors except for
199.1.5.0/24. This route should get propagated in addition to the summary route.

R1

interface Loopback191
ip address 199.1.4.1 255.255.255.0
!
interface Loopback192
ip address 199.1.5.1 255.255.255.0
!
interface Loopback193
ip address 199.1.6.1 255.255.255.0
!
interface Loopback194
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
218 of 230
ip address 199.1.7.1 255.255.255.0
!
router bgp 1
network 199.1.4.0
network 199.1.5.0
network 199.1.6.0
network 199.1.7.0
aggregate-address 199.1.4.0 255.255.252.0 summary-only suppress-map SM
!
access-list 131 deny 199.1.5.0 0.0.0.255
access-list 131 permit any
!
route-map SM permit 10
match ip address 131

3.4 – Filtering Private AS number (2 Points)

 R2 should not send the Private AS number in the AS Path for route(s) from AS
65500 to AS 345.

 You can use a single command under the BGP Routing process to accomplish this
task.

R2

Router bgp 2
neighbor 192.1.45.5 remove-private-as

3.5 – Path Attributes (2 Points)

 Configure AS 345 such that it uses AS 21 to get to AS 1 routes. Do not use the
AS-Path or Weight Attributes to accomplish this task.

 Configure AS 21 such that it uses AS 1 to get to AS 2 routes.

R3 SW2

ip as-path access-list 1 permit _1$ ip as-path access-list 2 permit _2$


! !
route-map LP permit 10 route-map LP permit 10
match as-path 1 match as-path 2
set local-preference 200 set local-preference 200
! !
route-map LP permit 20 route-map LP permit 20
! !
Router bgp 234 Router bgp 21
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
219 of 230
neighbor 192.1.3.21 route-map LP in neighbor 192.1.14.1 route-map LP in

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
220 of 230
Section 4 – Security (8 points)
4.1 – Dot 1X Authentication (3 Points)

 Configure Ports F 0/13 – 18 on Switch 1 for Dot1X authentication. Assign them


to VLAN 250.

 Authentication should be done based on a RADIUS Server located at 192.1.3.100.


Use cciers as the secret key.

 If the host does not support Dot1X authentication, it should be put in VLAN 300.

SW1

Vlan 250
Vlan 300
!
Under all trunk interfaces:
switchport trunk allowed vlan add 250,300
!
aaa new-model
aaa authentication dot1x default group radius
!
dot1x system-auth-control
!
radius-server host 192.1.3.100 key cciers
!
Interface range F0/13-18
Switchport mode access
Switchport access vlan 250
dot1x port-control auto
dot1x guest-vlan 300

4.2 – SSH Configuation (3 Points)

 Configure R3 such that remote management can only be done by SSH.

 Configure a Local User SSHADMIN with a password of cciers. SSH


authentication should be done based on the local database.

 Only allow Remote Management from VLAN 3.

R3:

username SSHADMIN password 0 cciers


!
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
221 of 230
ip domain name ccie.com
!
crypto key generate rsa
!
access-list 3 permit 192.1.3.0 0.0.0.255
!
line vty 0 4
access-class 3 in
login local
transport input ssh
line vty 5 1180
access-class 3 in
login local
transport input ssh

4.3 – ACL Configuration (2 Points)

 Configure RFC 1918 filtering on R5 for anti-spoofing from the Frame cloud.

 Also make sure packets with internal address as source addresses should not be
allowed in. Do not use an ACL for this task.

 There is a web server located at 192.1.15.25. This web server will be going down
for Maintenance on Friday, Saturday and Sunday from 9:00 PM to 11:30 PM. R5
should block access to this server during the Maintenance times. This should be in
affect for the month of December.

R5

access-list 141 deny ip 10.0.0.0 0.255.255.255 any


access-list 141 deny ip 172.16.0.0 0.15.255.255 any
access-list 141 deny ip 192.168.0.0 0.0.255.255 any
access-list 141 permit ip any any
!
Interface F0/0.2
ip verify unicast source reachable-via rx
ip access-group 141 in
!
time-range SM
absolute start 00:00 01 December 2008 end 23:59 31 December 2008
periodic Friday 21:00 to 23:30
periodic Saturday 21:00 to 23:30
periodic Sunday 21:00 to 23:30
!
Access-list 142 deny ip any host 192.1.15.25 time-range SM
Access-list 142 permit ip any any
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
222 of 230
!
Interface f0/0.1
ip access-group 142 in

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
223 of 230
Section 5 – IOS Services (12 points)
5.1 – IOS DHCP Server (3 Points)

 Enable R5 as a DHCP Server with the following information:

o IP ADDRESS : 192.1.15.0/24
o WINS ADDRESS : 192.1.15.5
o DNS ADDRESS : 192.1.15.6
o DEFAULT GATEWAY : 192.1.15.1
o LEASE TIME : 6 Days
o Exclude-addresses : 192.1.15.1-192.1.15.10

R5

ip dhcp pool CCIE


network 192.1.15.0 255.255.255.0
netbios-name-server 192.1.15.5
dns-server 192.1.15.6
default-router 192.1.15.1
lease 6
!
ip dhcp excluded-address 192.1.15.1 192.1.15.10

5.2 – Core Dumps (3 Points)

 Configure R1 to send a Core DUMP to a FTP server located at 192.1.12.100. Set


the Dump size to 32768.

 Use CCIE as the Username to log into the FTP with a password of 12353.

R1

exception protocol ftp


exception region-size 32768
exception dump 192.1.12.100
!
ip ftp username CCIE
ip ftp password 12353

5.3 – NAT (3 Points)

 Configure a Loopback 10 on R1. Assign it an address of 10.0.0.1/8.

 Configure NAT on R1 to allow the 10.0.0.0 network to access the rest of routers
using S 0/0 interface address. Do not create a pool to accomplish this.
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
224 of 230
 There is a web server that will be installed at 10.0.0.80. There is a DNS Server
located at 10.0.0.81.

 Allow the outside user’s access to these servers using a common outside address
of 192.1.14.83.

R1

Interface Loopback10
Ip address 10.0.0.1 255.0.0.0
Ip nat inside
!
Interface S 0/0.1
Ip nat outside
!
Access-list 161 permit 10.0.0.0 0.255.255.255 any
!
ip nat inside source list 161 interface S 0/0.1 overload
ip nat inside source static tcp 192.1.14.83 80 10.0.0.80 80 extendable
ip nat inside source static udp 192.1.14.83 53 10.0.0.81 53 extendable

5.4 – DRP (3 Points)

 R5 will be queried by Cisco DistributedDirector from the following IP Addresses:

o 195.1.5.15
o 195.1.7.35

 Enable the DRP Server Agent on R5

 Only allow DRP Queries from the above listed DistributedDirector’s.

 R5 should be configured to authenticate the DistributedDirector with a key of ccie

R5

access-list 15 permit 195.1.5.15


access-list 15 permit 195.1.7.35
!
key-chain DRP
key 1
key-string ccie
!
ip drp server
ip drp access-group 15
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
225 of 230
ip drp authentication key-chain DRP

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
226 of 230
Section 6 – Multicasting (6 points)
6.1 – Configuring PIM Sparse Mode (3 Points)

 Configure VLAN 26 to receive and send multicast Traffic from and to VLAN 45.

 Perform configurations on R2 and R4 using PIM-Sparse-Mode. R2 should be the RP


for 224.2.2.2 and R4 should be the RP for 224.4.4.4.

R2 R4

Ip multicast-routing Ip multicast-routing
! !
Interface s0/0 Interface s0/0.234
Ip pim sparse-mode Ip pim sparse-mode
! !
Interface F 0/0 Interface F 0/0
Ip pim sparse-mode Ip pim sparse-mode
! !
ip pim rp-address 2.2.2.2 31 ip pim rp-address 2.2.2.2 31
ip pim rp-address 4.4.4.4 32 ip pim rp-address 4.4.4.4 32
! !
access-list 31 permit 224.2.2.2 access-list 31 permit 224.2.2.2
access-list 32 permit 224.4.4.4 access-list 32 permit 224.4.4.4

6.2 – Configuring IGMP (3 Points)

 Configure R2 to statically join multicast group 224.2.2.2 and R4 to statically join the
multicast group 224.4.4.4.

 R2 and R4 should be able to ping both Multicast groups.

R2 R4

Interface F 0/0 Interface F 0/0


Ip igmp join-group 224.2.2.2 Ip igmp join-group 224.4.4.4

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
227 of 230
Section 7 –QoS (8 points)
7.1 – Configuring CB-WFQ using NBAR (3 Points)

 Configure R3 such that traffic going towards the Frame Cloud uses the following
QoS parameters:

o All HTTP traffic towards a Web Server http://www.netmetric-


solutions.com should be assigned a minimum bandwidth of 35%.
o Telnet Traffic should be assigned a minimum bandwidth of 10%.
Configure it for LLQ.
o FTP traffic should be limited to 256 kbps.

R3

class-map match-all TELNET


match protocol telnet
class-map match-all HTTP
match protocol http url "*http://www.netmetric-solutions.com*"
class-map match-all FTP
match protocol ftp
!
!
policy-map QoS
class HTTP
bandwidth percent 35
class TELNET
priority percent 10
class FTP
police 256000
!
Interface s0/0/0
service-policy output QoS

7.2 – Configuring Policing using MQC (3 Points)

 R3-R4 has a CIR of 256 and Peak CIR of 512. Configure R4 such that all HTTP and
HTTPS traffic going from 192.1.15.0 networks towards Network 6.0.0.0 should have
a Precedence of 5 if it is within the CIR. If it exceeds the CIR, it should be set with a
Precedence of 1. Also, set the DE bit on, if it exceeds the CIR. If it exceeds the Peak,
the packet should be dropped. The rest of the traffic should to set to a Precedence of
3.

R4

Access-list 171 permit tcp 192.1.15.0 0.0.0.255 6.0.0.0 0.255.255.255 eq www


Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
228 of 230
Access-list 171 permit tcp 192.1.15.0 0.0.0.255 6.0.0.0 0.255.255.255 eq 443
!
class-map match-all WEB
match access-group 171
!
policy-map POLICE
class WEB
!
police cir 256000 pir 512000
conform-action set-prec-transmit 5
exceed-action set-prec-transmit 1
exceed-action set-frde-transmit
violate-action drop
class class-default
set precedence 3
!
Interface s0/0.234
service-policy output POLICE

7.3 – SRR (2 Points)

 Configure SRR on Switch 1 such that F 0/10 port using the following parameters:

CoS Value Srr Queue


3, 4, 6 4
2 ,7 3
0,1 2
5 1

 Configure Shaping on the first queue. It should used 25% percent of the interface
Bandwidth. Configure Sharing on the remaining queues. Queues 2, 3 and 4 should be
shared with a percentage breakdown of 45 30 and 25 percentage respectively.

SW1

Mls qos
!
mls qos srr-queue output cos-map queue 1 5
mls qos srr-queue output cos-map queue 2 0 1
mls qos srr-queue output cos-map queue 3 2 7
mls qos srr-queue output cos-map queue 4 3 4 6
!
interface FastEthernet0/10
srr-queue bandwidth share 4 45 30 25
srr-queue bandwidth shape 4 0 0 0
Copyrights Netmetric Solutions 2006-2010
Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
229 of 230
Section 8 – IPV6 (4 points)
8.1 – Configuring IPV6 (2 Points)

 Configure R3 and R6 with the following IPv6 Addresses:

Router Interface IPv6 Address


R3 Loopback 0 2222:1111:3333:3333::3/64
R3 E 0/0.2 2222.1111:3333:3636::3/64
R6 Loopback 0 2222:1111:6666:6666::6/64
R6 E 0/0.2 2222:1111:2222:3636::6/64

R3 R6

Interface F0/0.2 Interface F0/0.2


ipv6 address 2222:1111:3333:3636::3/64 ipv6 address 2222:1111:2222:3636::6/64
Interface loopback0 Interface loopback0
ipv6 address 2222:1111:3333:3333::3/64 ipv6 address 2222:1111:6666:6666::6/64

8.2 – Running RIPng (2 Points)

 Enable IPv6 Unicast Routing.

 Run RIPng between R3 and R6 and advertise the Loopback networks.

R3 R6

ipv6 unicast-routing ipv6 unicast-routing


! !
Interface F0/0.2 Interface F0/0.2
ipv6 rip RIPNG enable ipv6 rip RIPNG enable
Interface loopback0 Interface loopback0
ipv6 rip RIPNG enable ipv6 rip RIPNG enable

Copyrights Netmetric Solutions 2006-2010


Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com
230 of 230