Scribd Logo
Upload

Welcome to Scribd!

  • K6 ++ Solution BOOK

    Uploaded by

    satourism
    589 views21 pages
    K6++ SOLUTION BOOK CCIE SOLDIER 1. Implement Access Switch Ports of Switched Network. Configure the switches according to the following requirements: SW1, SW2, SW3, SW4 interface range fastethernet 0 / 19-24 switchport trunk encapsulation dot1q switchport mode trunk SW1 vlan 999 remote-span monitor session 1 source vlan 11, 22 rx monitor session 1 destination remote vlan 1.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    K6++ SOLUTION BOOK CCIE SOLDIER 1. Implement Access Switch Ports of Switched Network. Configure the switches according to the following requirements: SW1, SW2, SW3, SW4 interface range fastethernet 0 / 19-24 switchport trunk encapsulation dot1q switchport mode trunk SW1 vlan 999 remote-span monitor session 1 source vlan 11, 22 rx monitor session 1 destination remote vlan 1.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    589 views21 pages

    K6 ++ Solution BOOK

    Uploaded by

    satourism
    K6++ SOLUTION BOOK CCIE SOLDIER 1. Implement Access Switch Ports of Switched Network. Configure the switches according to the following requirements: SW1, SW2, SW3, SW4 interface range fastethernet 0 / 19-24 switchport trunk encapsulation dot1q switchport mode trunk SW1 vlan 999 remote-span monitor session 1 source vlan 11, 22 rx monitor session 1 destination remote vlan 1.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 21

    K6++ SOLUTION BOOK

    CCIE SOLDIER
    1.2 Implement Access Switch Ports of Switched Network
    SW1 vtp domain CCIE vtp password cisco vtp version 2 vtp mode server SW2 SW3 SW4 vtp domain CCIE vtp password cisco vtp version 2 vtp mode client SW1 SW2 SW3 SW4 spanning-tree portfast default spanning-tree portfast bpduguard default interface fa0/10 spanning-tree bpduguard disable spanning-tree bpdufilter enable Note : Remember to configure the backbone interface before configuring the portfast default and portfast bpduguard default globally... as otherwise those interface would go to err-disabled state...

    1.3 Spanning-Tree Domains for Switched Network Configure the switches according to the following requirements: SW1 spanning-tree mode rpvst spanning-tree vlan 1,11,33,55,123,999 root primary spanning-tree vlan 22,42,44 root secondary SW2 spanning-tree mode rpvst spanning-tree vlan 1,11,33,55,123,999 root secondary spanning-tree vlan 22,42,44 root primary

    SW1-SW4 spanning-tree vlan 1-4094 max-age 30


    1.4 Switch Trunking and Ether Channel

    SW1, SW2, SW3, SW4 interface range fastethernet 0/19-24 switchport trunk encapsulation dot1q switchport mode trunk SW1 interface range fa0/23-24 channel-group 1 mode active SW2 interface range fa0/23-24 channel-group 1 mode passive SW3 interface range fa0/23-24 channel-group 1 mode desirable

    SW4 interface range fa0/23-24 channel-group 1 mode auto

    1.5 Spanning-Tree Tuning SW2 spanning-tree vlan 42 priority 12288 int f0/19 spanning-tree vlan 22,42,44 port-priority 240

    1.6 RSPAN

    SW1 vlan 999 remote-span monitor session 1 source vlan 11 , 22 rx monitor session 1 destination remote vlan 999 SW2 monitor session 1 source vlan 11 , 22 rx monitor session 1 destination remote vlan 999 SW4 monitor session 1 source remote vlan 999 monitor session 1 destination interface fastEthernet 0/15 monitor session 2 source interface port-channel 34 both monitor session 2 destination interface fastEthernet 0/16 interface range f0/15-16 no shutdown

    1.7 PPP & CHAP On R4 aaa new-model aaa authentication login default line /* none required at the end only if no line password is configured */ aaa authentication ppp default group radius local-case radius host YY.YY.44.200 key CISCO username <Hostname of R1> password 0 CCIE username <Hostname of R2> password 0 CCIE interface s0/0/0 /* interface facing R1 */ encapsulation ppp ppp authentication chap default interface s0/1/0 /* interface facing R2 */ encapsulation ppp ppp authentication chap default On R1 & R2 interface s0/0/0 /* interface facing R4 encapsulation ppp ppp chap password 0 CCIE Note: If the question says to use AAA list name R1 and R2 for authenticating R1 and R2 respectively, use the below configuration On R4 aaa new-model aaa authentication login default line /* none required at the end only if no line password is configured */ aaa authentication ppp R1 group radius local-case aaa authentication ppp R2 group radius local-case radius host YY.YY.44.200 key CISCO username <Hostname of R1> password 0 CCIE username <Hostname of R2> password 0 CCIE interface s0/0/0 /* interface facing R1 */ encapsulation ppp ppp authentication chap R1

    interface s0/1/0 /* interface facing R2 */ encapsulation ppp ppp authentication chap R2 On R1 & R2 interface s0/0/0 /* interface facing R4 */ encapsulation ppp ppp chap password 0 CCIE

    Section 2 Layer 3 Technologies 2.1 Configure OSPF Area 0, 142 and 51 as per diagram R1 router ospf YY router-id YY.YY.1.1 network YY.YY.1.1 0.0.0.0 area 142 network YY.YY.14.1 0.0.0.0 area 142 network YY.YY.17.1 0.0.0.0 area 142 R2 router ospf YY router-id YY.YY.2.2 network YY.YY.24.2 0.0.0.0 area 142 network YY.YY.42.2 0.0.0.0 area 142 redistribute connected subnets route-map EXT route-map EXT match interface fastethernet 0/1 R3 router ospf YY router-id YY.YY.3.3 network YY.YY.3.3 0.0.0.0 area 51 network YY.YY.35.3 0.0.0.0 area 51

    R4 router ospf YY router-id YY.YY.4.4 network YY.YY.4.4 0.0.0.0 area 142 network YY.YY.14.4 0.0.0.0 area 142 network YY.YY.24.4 0.0.0.0 area 142 network YY.YY.44.4 0.0.0.0 area 142 network YY.YY.144.4 0.0.0.0 area 142 R5 router ospf YY router-id YY.YY.5.5 network YY.YY.5.5 0.0.0.0 area 51 network YY.YY.35.5 0.0.0.0 area 51 network YY.YY.55.5 0.0.0.0 area 51 SW1 ip routing router ospf YY router-id YY.YY.7.7 network YY.YY.7.7 0.0.0.0 area 0 network YY.YY.123.7 0.0.0.0 area 0 network YY.YY.17.7 0.0.0.0 area 142 interface vlan 123 ip ospf priority 255 SW2 ip routing router ospf YY router-id YY.YY.8.8 network YY.YY.8.8 0.0.0.0 area 0 network YY.YY.123.8 0.0.0.0 area 0 network YY.YY.55.8 0.0.0.0 area 51

    interface vlan 123 ip ospf priority 254


    SW3

    ip routing router ospf YY router-id YY.YY.9.9 network YY.YY.9.9 0.0.0.0 area 0 network YY.YY.123.9 0.0.0.0 area 0 SW4 ip routing router ospf YY router-id YY.YY.10.10 network YY.YY.10.10 0.0.0.0 area 0 network YY.YY.123.10 0.0.0.0 area 0 network YY.YY.42.10 0.0.0.0 area 142 2.2 Implement IPv4 EIGRP SW2 router eigrp 100 no auto-summary network 150.3.YY.1 0.0.0.0
    2.3 Implement RIP Version 2

    router rip version 2 no auto-summary network 150.1.0.0 distribute-list 1 in interface f0/0 access-list 1 permit 199.172.4.0 0.0.10.0
    2.4 Redistribute RIP into OSPF

    access-list 2 permit 199.172.4.0 0.0.2.0 route-map RIP match ip address 2 set metric-type type-1

    route-map RIP permit 20 router ospf YY redistribute rip subnets route-map RIP

    On R3/R5/SW2 area 51 nssa 2.5 Redistribute EIGRP into OSPF router ospf YY redistribute eigrp YY subnets area 51 nssa no-summary no-redistribution 2.6 Implement IPv4 BGP R1 / R2 / R3 / R5 router bgp YY bgp router-id YY.YY.X.X neighbor YY.YY.8.8 remote-as YY neighbor YY.YY.8.8 update-source loopback0 neighbor YY.YY.8.8 send-community ------> you don't need this command on R1, R5 since there is no community on them to send it .. only on the routers facing the BB and on the route-reflector SW2 router bgp YY bgp router-id YY.YY.X.X neighbor YY.YY.1.1 remote-as YY neighbor YY.YY.1.1 update-source loopback 0 neighbor YY.YY.1.1 route-reflector-client neighbor YY.YY.1.1 send-community neighbor YY.YY.2.2 remote-as YY neighbor YY.YY.2.2 update-source loopback 0 neighbor YY.YY.2.2 route-reflector-client neighbor YY.YY.2.2 send-community neighbor YY.YY.3.3 remote-as YY neighbor YY.YY.3.3 update-source loopback 0 neighbor YY.YY.3.3 route-reflector-client

    neighbor YY.YY.3.3 send-community neighbor YY.YY.5.5 remote-as YY neighbor YY.YY.5.5 update-source loopback 0 neighbor YY.YY.5.5 route-reflector-client neighbor YY.YY.5.5 send-community R2 neighbor 150.2.YY.254 remote-as 254 neighbor 150.2.YY.254 send-community neighbor 150.2.YY.254 route-map BB2 in route-map BB2 set community 104 208 additive R3 neighbor 150.1.YY.254 remote-as 254 neighbor 150.1.YY.254 route-map BB1 in
    neighbor 150.1.YY.254 send-community

    route-map BB1 set local-preference 200 set community 103 207 additive

    NOTE: if the question saying something like: you have to use the least command for the route-reflector .. then you should make the Peer group

    2.7 Implement Performance Routing

    On R1/R2 key chain PFR key 1 key-string cisco pfr border local Loopback0 master yy.yy.1.1 key-chain PFR active-probe address source interface Loopback0 int f0/0 load-interval 30 On R2

    interface Tunnel12 ip address 12.12.12.2 255.255.255.252 tunnel source Loopback0 tunnel destination yy.yy.1.1 ip route 0.0.0.0 0.0.0.0 yy.yy.42.10 250

    On R1 interface Tunnel12 ip address 12.12.12.1 255.255.255.252 tunnel source Loopback0 tunnel destination yy.yy.2.2 ip route 0.0.0.0 0.0.0.0 yy.yy.17.7 250 pfr master policy-rules PFR no max-range-utilization logging border yy.yy.2.2 key-chain PFR interface f0/0 external max-xmit-utilization percentage 90 link-group R2 interface Serial0/0/0 internal interface Tunnel12 internal border yy.yy.1.1 key-chain PFR interface f0/0 external max-xmit-utilization percentage 80 link-group R1 interface Serial0/0/0 internal interface Tunnel12 internal periodic 90 no resolve range no resolve utilization ip access-list extended CS2 permit ip yy.yy.44.0 0.0.0.255 any dscp cs2 ip access-list extended CS4 permit ip yy.yy.44.0 0.0.0.255 any dscp cs4 pfr-map PFR 10

    match traffic-class access-list CS2 set mode route control set mode select-exit good set mode monitor active set active-probe echo yy.yy.55.5 set link-group R1 ! pfr-map PFR 20 match traffic-class access-list CS4 set mode route control set mode select-exit good set mode monitor active set active-probe echo yy.yy.55.5 set link-group R2 On R5 ip sla responder
    2.8 Implement Performance Routing 2

    ip access-list extended VOICE permit udp yy.yy.44.0 0.0.0.255 any range 16384 32768 dscp ef pfr-map PFR 30 match traffic-class access-list VOICE set delay threshold 40 set mode route control set mode select-exit good set mode monitor fast set jitter threshold 5 set active-probe jitter yy.yy.55.5 target-port 32767 set probe frequency 2 set link-group R1 fallback R2
    2.9 Implement IPv6

    R1 ipv6 multicast-routing ipv6 unicast-routing ipv6 cef int f0/0 ipv6 ospf yy area 142 ipv6 mld join-group FF15::4000:4000

    int s0/0/0 ipv6 ospf yy area 142 ipv6 router ospf yy passive-interface f0/0 ipv6 pim rp-address fec1:cc1e:44::4 R2 ipv6 multicast-routing ipv6 unicast-routing ipv6 cef int g0/0 ipv6 ospf yy area 142 int s0/0/0 ipv6 ospf yy area 142 ipv6 router ospf yy passive-interface f0/0 ipv6 pim rp-address fec1:cc1e:44::4 R4 ipv6 multicast-routing ipv6 unicast-routing ipv6 cef int f0/0 ipv6 ospf yy area 142 int f0/1 ipv6 ospf yy area 142 int s0/0/0 ipv6 ospf yy area 142 int s0/0/1 ipv6 ospf yy area 142 ipv6 router ospf yy passive-interface f0/0 passive-interface f0/1

    ipv6 pim rp-address fec1:cc1e:44::4 MCAST ipv6 access-list MCAST permit ipv6 any FF15::4000:4000/127
    2.10 Implement Advanced IPv6 feature

    R1/R2/R4 ipv6 icmp error-interval 200 1 R1 ipv6 flow-export source Loopback0 ipv6 flow-export version 9 ipv6 flow-export template timeout-rate 180 ipv6 flow-export destination yy.yy.44.100 9876 ipv6 flow-aggregation cache destination-prefix export template timeout-rate 180 cache entries 20000 cache timeout inactive 120 export version 9 export destination YY.YY.44.100 9876 enabled int g0/0 ipv6 flow ingress 3 Section 3 IP Multicast 3.1 IPv4 Multicast (autorp) R4 ip multicast-routing

    int s0/0/0 ip pim sparse-mode int s0/0/1 ip pim sparse-mode

    int f0/0 ip pim sparse-mode ip pim autorp listener ip pim send-rp-discovery lo0 scope 16 R1 - R2 ip multicast-routing int lo0 ip pim sparse-mode int s0/0/0 ip pim sparse-mode int f0/0 ip pim sparse-mode ip pim autorp listener ip pim send-rp-announce lo0 scope 16 SW1 ip multicast-routing distributed int f0/1 ip pim sparse-mode int vlan 123 ip pim sparse-mode ip pim autorp listener SW2 ip multicast-routing distributed

    int vlan 33 ip pim sparse-mode ip igmp join-group 239.y.y.1 int vlan 123 ip pim sparse-mode ip pim autorp listener SW3 ip multicast-routing distributed int vlan 123 ip pim sparse-mode ip pim autorp listener Sw4 ip multicast-routing distributed int vlan 123 ip pim sparse-mode int vlan 42 ip pim sparse-mode ip pim autorp listener

    3.2 PIM Tuning


    SW1: int vlan 123 ip pim dr-prio <MAX VALUE> SW2:

    access-list 1 deny 224.0.1.39 access-list 1 deny 224.0.1.40 access-list 1 permit any int vlan33 ip multicast boundary 1 filter-autorp SW4: int vlan 123 ip pim dr-prio <MAX VALUE-1>

    Section 4 Advanced Services 4.1 Network Address Translations (NAT) SW1 interface loopback100 ip address 100.100.17.7 255.255.255.0 ip route 100.100.42.0 255.255.255.0 YY.YY.17.1 R1 ip route 100.100.42.0 255.255.255.0 YY.YY.14.4 SW4 interface loopback100 ip address 100.100.42.10 255.255.255.0 ip route 100.100.17.0 255.255.255.0 YY.YY.42.2 R2 ip route 100.100.17.0 255.255.255.0 YY.YY.24.4 R4 interface serial0/0/0 ip nat outside interface serial0/0/1 ip nat outside

    ip nat inside source static YY.YY.17.7 100.100.17.7 ip nat inside source static YY.YY.42.10 100.100.42.10

    4.2 MLS QoS SW1 SW2 SW3 SW4 mls qos mls qos srr-queue input cos-map queue 1 1 /* Default */ mls qos srr-queue input cos-map queue 2 5 --> you have to put it mls qos srr-queue input threshold 1 40 100 mls qos srr-queue input threshold 2 100 100 /* Default */ interface range fastethernet 0/19 24 mls qos trust cos SW1 interface range fastethernet 0/1 5 mls qos cos 1 mls qos trust cos

    4.3 QoS Class Based Weighted Fair Queuing (CBWFQ) R2 class-map BB2 match input-interface f0/1 --> interface facing the BB2 policy-map CBWFQ class BB2 bandwidth 10000 interface fastethernet0/0 service-policy output CBWFQ R3 class-map BB1 match input-interface f0/0 --> interface facing the BB1 policy-map CBWFQ

    class BB1 bandwidth 1000 interface serial0/0 service-policy output CBWFQ

    4.4 Implement Routing Protocol Authentication SW1 SW2 SW3 SW4 no service password-encryption interface vlan 123 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 cisco

    4.5 Implement DHCP

    R4 Service DHCP ip dhcp pool POOL network YY.YY.44.0 255.255.255.0 default-router YY.YY.44.4 dns-server YY.YY.55.50.YY.YY.55.51 domain-name cisco.com ip dhcp excluded-address YY.YY.44.4 /* Interface fastethernet 0/0 */ ip dhcp excluded-address YY.YY.44.100 /* Printer IP Address Statically configured ... Also the IPv6 Netflow Server IP Address */ ip dhcp excluded-address YY.YY.44.200 /* Radius Server */ On SW1 ip dhcp snooping ip dhcp snooping vlan 44 no ip dhcp snooping information option interface fastethernet0/4 switchport mode access switchport access vlan 44 ip dhcp snooping trust

    interface fastethernet0/14 switchport mode access switchport access vlan 44 switchport port-security switchport port-security maximum 3 switchport port-security violation shutdown /* Shutdown the port when violation occurred*/ ip dhcp snooping limit rate 100 no shutdown
    4.6 Implement Layer 2 Security

    ip dhcp snooping binding abcd.abcd.abcd vlan 44 YY.YY.44.100 interface fastEthernet 0/14 expiry 4294967295 ip dhcp snooping verify mac-address /* Default */ ip dhcp snooping database flash:CCIE.TXT

    ip arp inspection vlan 44 interface f0/4 ip arp inspection trust

    inter f0/14 ip verify source no shutdown /* dont forget this */ exit


    4.7 Web Caching Communication Protocol (WCCP)

    R4 ip wccp version 2 ip wccp 61 redirect-list S_T_C ip wccp 62 redirect-list C_T_S ip access ext C_T_S permit ip y.y.44.0 0.0.0.255 any ip access ext S_T_C permit ip any y.y.44.0 0.0.0.255

    ip wccp check services all

    int f0/0 ip wccp 62 redirect in int s0/0/0 ip wccp 61 redirect in int s0/0/1 ip wccp 61 redirect in int f0/1 ip wccp redirect exclude in Section 5 Optimize the Network

    5.1 Implement SNMP


    R5 snmp-server community CiscoWorks RW 55 snmp-server enable traps bgp snmp-server host YY.YY.55.240 CiscoWorks bgp access-list 55 permit host YY.YY.55.240

    5.2 Embedded Event Manager

    event manager applet ENABLE_OSPF_DEBUG event syslog pattern ".*%OSPF-5-ADJCHG: Process y, Nbr yy.yy.5.5 on Serial0/0/0 from FULL to DOWN.*" action 1.0 cli command "enable" action 2.0 cli command "debug ip ospf event" action 3.0 cli command "debug ip ospf adj" action 4.0 syslog priority informational msg "ENABLE_OSPF_DEBUG"

    event manager applet DISABLE_OSPF_DEBUG event syslog pattern ".*%OSPF-5-ADJCHG: Process y, Nbr yy.yy.5.5 on Serial0/0/0 from LOADING to FULL.*" action 1.0 cli command "enable" action 2.0 cli command "undebug all" action 3.0 syslog priority informational msg "DISABLE_OSPF_DEBUG" logging on logging console debugging logging buffered debugging

    You might also like