2 CCIE Routing and Switching Practice Labs

Table of Contents
Copyright................................................................................................................................ 1 About the Author.................................................................................................................... 2 About the Technical Reviewer................................................................................................. 2 Acknowledgments................................................................................................................. . 3 ntroduction........................................................................................................................... ! "ractice #ab 1.......................................................................................................................... $
Equipment List................................................................................................................................................................................................................................ 9 Setting Up the Lab......................................................................................................................................................................................................................... 10 Pre-lab Tasks.................................................................................................................................................................................................................................. 13 Practice Lab One............................................................................................................................................................................................................................ 1 Secti!n 1" L#$ S%itching an& 'rame (ela) *+, P!ints-............................................................................................................................................................... 1. Secti!n +" /P0 /1P Pr!t!c!ls *++ P!ints-.................................................................................................................................................................................... 1, Secti!n 3" 21P *1 P!ints-............................................................................................................................................................................................................. +1 Secti!n " /P03 *1 P!ints-............................................................................................................................................................................................................ ++ Secti!n ." 4!S *, P!ints-.............................................................................................................................................................................................................. + Secti!n 3" Securit) *3 P!ints-........................................................................................................................................................................................................ +. Secti!n 5" 6ulticast * P!ints-...................................................................................................................................................................................................... +. /P Ser0ices * P!ints-..................................................................................................................................................................................................................... +. 7#sk the Pr!ct!r8........................................................................................................................................................................................................................... +3 Secti!n 1" L#$ S%itching an& 'rame (ela)................................................................................................................................................................................. +3 Secti!n +" /P0 /1P Pr!t!c!ls....................................................................................................................................................................................................... +, Secti!n 3" 21P............................................................................................................................................................................................................................... 30 Secti!n " /P03............................................................................................................................................................................................................................... 31 Secti!n ." 4!S................................................................................................................................................................................................................................ 33 Secti!n 3" Securit)......................................................................................................................................................................................................................... 3 Secti!n 5" 6ulticast....................................................................................................................................................................................................................... 3 Secti!n ," /P Ser0ices.................................................................................................................................................................................................................... 3 Lab 9ebrie:.................................................................................................................................................................................................................................... 33 Secti!n 1" L#$ S%itching an& 'rame (ela) *+, P!ints-.............................................................................................................................................................. 33 Secti!n +" /P0 /1P Pr!t!c!ls *++ P!ints-.................................................................................................................................................................................... 5 Secti!n 3" 21P *1 P!ints-............................................................................................................................................................................................................ 33 Secti!n " /P03 *1 P!ints-............................................................................................................................................................................................................ 5 Secti!n ." 4!S *, P!ints-.............................................................................................................................................................................................................. ,, Secti!n 3" Securit) *3 P!ints-........................................................................................................................................................................................................ 9 Secti!n 5" 6ulticast * P!ints-...................................................................................................................................................................................................... 9, /P Ser0ices * P!ints-................................................................................................................................................................................................................... 101 Lab ;(#P-UP............................................................................................................................................................................................................................. 10
"ractice #ab 2...................................................................................................................... 1%&

Equipment List............................................................................................................................................................................................................................ 10. Setting Up the Lab....................................................................................................................................................................................................................... 103 Pre-lab Tasks................................................................................................................................................................................................................................ 110 Practice Lab T%!........................................................................................................................................................................................................................... 111 Secti!n 1" L#$ S%itching an& 'rame-(ela) *+ P!ints-............................................................................................................................................................. 11+ Secti!n +" /P0 /1P Pr!t!c!ls *+, P!ints-................................................................................................................................................................................... 11 Secti!n 3" 21P *1. P!ints-............................................................................................................................................................................................................ 115 Secti!n " /P03 *1+ P!ints-........................................................................................................................................................................................................... 119 Secti!n ." 4!S *3 P!ints-............................................................................................................................................................................................................. 1+1 Secti!n 3" 6ulticast *5 P!ints-..................................................................................................................................................................................................... 1+1 Secti!n 5" Securit) *5 P!ints-....................................................................................................................................................................................................... 1+1 7#sk the Pr!ct!r8.......................................................................................................................................................................................................................... 1++ Secti!n 1" L#$ S%itching an& 'rame-(ela)............................................................................................................................................................................... 1++ Secti!n +" /P0 /1P Pr!t!c!ls...................................................................................................................................................................................................... 1+3 Secti!n 3" 21P............................................................................................................................................................................................................................. 1+3 Secti!n " /P03............................................................................................................................................................................................................................. 1+3 Secti!n ." 4!S.............................................................................................................................................................................................................................. 1+3 Secti!n 3" 6ulticast...................................................................................................................................................................................................................... 1+5 Secti!n 5" Securit)........................................................................................................................................................................................................................ 1+5 Practice Lab 9ebrie:.................................................................................................................................................................................................................... 1+, Secti!n 1" L#$ S%itching an& 'rame-(ela) *+ P!ints-............................................................................................................................................................ 1+, Secti!n +" /P0 /1P Pr!t!c!ls *+, P!ints-.................................................................................................................................................................................. 133 Secti!n 3" 21P *1. P!ints-........................................................................................................................................................................................................... 1.3 Secti!n " /P03 *1+ P!ints-........................................................................................................................................................................................................... 13. Secti!n ." 4!S *3 P!ints-............................................................................................................................................................................................................. 15 Secti!n 3" 6ulticast *5 P!ints-..................................................................................................................................................................................................... 153 Secti!n 5" Securit) *5 P!ints-...................................................................................................................................................................................................... 1,0 Lab ;(#P-UP............................................................................................................................................................................................................................. 1,
"ractice #ab 3'The (") #ab............................................................................................... 1*&

Equipment List............................................................................................................................................................................................................................ 1,.
Setting Up the Lab....................................................................................................................................................................................................................... 1,3 Pre-Lab Tasks.............................................................................................................................................................................................................................. 1,9 Practice Lab Three........................................................................................................................................................................................................................ 191 Secti!n 1" L#$ S%itching an& 'rame (ela) *3 P!ints-............................................................................................................................................................... 19+ Secti!n +" 6PLS an& OSP' *19 P!ints-....................................................................................................................................................................................... 19 Secti!n 3" 21P *. P!ints-............................................................................................................................................................................................................. 195 Secti!n " E/1(P an& 6P-21P *9 P!ints-.................................................................................................................................................................................. 19, Secti!n ." OSP' an& 6P-21P *9 P!ints-.................................................................................................................................................................................... 199 Secti!n 3" 6PLS *5 P!ints-......................................................................................................................................................................................................... +00 Secti!n 5" <PLS Simulati!n *10 P!ints-..................................................................................................................................................................................... +00 Secti!n ," 6ulticast *10 P!ints-................................................................................................................................................................................................. +00 Secti!n 9" /P03 *3 P!ints-............................................................................................................................................................................................................ +01 Secti!n 10" 4!S *13 P!ints-......................................................................................................................................................................................................... +01 Secti!n 11" Securit) *13 P!ints-................................................................................................................................................................................................... +0+ Practice Lab 3" 7#sk the Pr!ct!r8................................................................................................................................................................................................ +0+ Secti!n 1" L#$ S%itching an& 'rame (ela)............................................................................................................................................................................... +0+ Secti!n +" 6PLS an& OSP'......................................................................................................................................................................................................... +03 Secti!n 3" 21P............................................................................................................................................................................................................................. +03 Secti!n " E/1(P an& 6P-21P.................................................................................................................................................................................................. +0 Secti!n ." OSP' an& 6P-21P.................................................................................................................................................................................................... +0 Secti!n 3" 6PLS.......................................................................................................................................................................................................................... +0. Secti!n 5" <PLS Simulati!n........................................................................................................................................................................................................ +0. Secti!n ," 6ulticast.................................................................................................................................................................................................................... +03 Secti!n 9" /P03............................................................................................................................................................................................................................ +03 Secti!n 10" 4!S........................................................................................................................................................................................................................... +03 Secti!n 11" Securit)...................................................................................................................................................................................................................... +05 Practice Lab 3 9ebrie:................................................................................................................................................................................................................. +0, Secti!n 1" L#$ S%itching an& 'rame (ela) *3 P!ints-.............................................................................................................................................................. +0, Secti!n +" 6PLS an& OSP' *19 P!ints-....................................................................................................................................................................................... +11 Secti!n 3" 21P *. P!ints-............................................................................................................................................................................................................ ++3 Secti!n " E/1(P an& 6P-21P *9 P!ints-................................................................................................................................................................................. ++. Secti!n ." OSP' an& 6P-21P *9 P!ints-................................................................................................................................................................................... +30 Secti!n 3" 6PLS *5 P!ints-......................................................................................................................................................................................................... +3 Secti!n 5" <PLS Simulati!n *10 P!ints-..................................................................................................................................................................................... + 0 Secti!n ," 6ulticast *10 P!ints-.................................................................................................................................................................................................. + Secti!n 9" /P03 *3 P!ints-........................................................................................................................................................................................................... + , Secti!n 10" 4!S *13 P!ints-......................................................................................................................................................................................................... +.+ Secti!n 11" Securit) *13 P!ints-................................................................................................................................................................................................... +. Lab 3 ;rap-Up............................................................................................................................................................................................................................ +3+
Chapter !. +ummary........................................................................................................... 2,3

#re =!u (ea&)>........................................................................................................................................................................................................................... +33 'urther (ea&ing.......................................................................................................................................................................................................................... +33 ?elp an& #&0ice.......................................................................................................................................................................................................................... +3 ?!% @an / Sche&ule 6) @@/E Lab EAam>................................................................................................................................................................................. +3. The 9a) 2e:!re............................................................................................................................................................................................................................ +3. The 9a) !: the EAam................................................................................................................................................................................................................... +3. Pass !r 'ailB ;hat $eAt>............................................................................................................................................................................................................. +33
Practice Lab 1 Practice Lab 2 Practice Lab 3The VPN Lab Chapter 4 Summary
1 97 177 255
CCIE Routing and Switching v4.0 Configuration Practice Labs
Martin J !u""an
ci#c$pre## c$m
%b$ut the %uth$r

Martin James Duggan, CCIE No. 7942, is a network architect for AT&T. He designs network solutions for customers globally and specializes in data center networking and QoS. artin mentors colleagues through their !isco "ualifica# tions and holds regular internal training classes. $re%ious to this artin was a network architect for &' performing &$ network designs and global network re%iews. artin has been in the industry for () years focusing on !isco solutions for the pre%ious ** years. artin is the co#author of the !isco $ress CCIE Routing and Switching Practice Labs, +irst ,dition.
%b$ut the Technica& 'e(ie)er

Maurilio de Paula Gorito, CCIE No. 38 7, is a triple !!&,, ha%ing certified in -outing and Switching in *../, 0A1 Switching in ())*, and Security in ())2. aurilio has more than (3 years of e4perience in networking, including !isco networks and &' 5S1A en%ironment. aurilio6s e4perience includes the planning, designing, implementation, and troubleshooting of large &$ networks running -&$, &7-$, ,&7-$, '7$, 8S$+, QoS, and S1A worldwide. He also has more than 9 years of e4perience in teaching technical classes at schools and companies. aurilio worked for !isco as part of the !!&, team for . years. As the program manager for the !!&, -outing and Switching certification e4ams, aurilio was responsible for managing the content de%elopment process for the !!&, -outing and Switching :ab and 0ritten ,4ams, supporting candidates as part of the !!&, customer ser%ice, and proctoring !!&, lab e4ams at the !!&, lab in San ;ose, !A, and worldwide. aurilio also has presented $ower Sessions at !isco seminars and at !isco:i%e. aurilio currently works for -i%erbed Technology as a certification manager responsible for o%erseeing the certifica# tions and programs for -i%erbed<s $rofessional Ser%ices business unit. aurilio is the co#author of the !isco $ress CCIE Routing and Switching Practice Labs and has re%iewed se%eral other !isco $ress books. aurilio holds degrees in mathematics and pedagogy.
* 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
!e.icati$n
Martin James Duggan! & would like to dedicate this publication to my family. um and =ad, thanks for your care and support in trying times recently for which & am e4tremely grateful. 1eil and ;o, you are always there when & need your help. To my honorary !!1As Anna and ;ames, & am blessed to ha%e children as wonderful as you. >ou are growing up far too "uickly for my liking, but you make me the proudest father in the world. !harlotte, what can & say? >ou are usually late but your timing when we met was impeccable@ & cannot imagine you not being in my life now.
%c0n$)&e."ment#
Martin James Duggan! This is my third opportunity to write for !isco $ress, so & would like to thank 'rett 'artow for once again pro%iding me with this en%iable opportunity. To aurilio, who has re%iewed this publication, & would like to say thank you for the time and e4perience you ha%e put into this@ you ha%e shaped my work and & really %alue your contribution. &6d like to thank my pre%ious manager, =a%e ack. & was %ery lucky to ha%e you as a manager =a%e@ you ga%e me some really interesting proAects, encouraged me with this book, and were a pleasure to work with. To $ete =a%ison and ike Bmountain goatC ;ones, my cycling buddies who ne%er seem to get bored with me talking networks or cracking ;ethro Aokes when we manage to get out, either that or they wanted me out of breath for the hills. To -ichard 'urbage, my oldest friend, your suggestion really helped me, & owe you one.
C$mman. Synta1 C$n(enti$n#

The con%entions used to present command synta4 in this book are the same con%entions used in the &8S !ommand -ef# erence. The !ommand -eference describes these con%entions as followsD
E
"old#a$e indicates commands and keywords that are entered literally as shown. &n actual configuration e4amples and output Bnot general command synta4C, boldface indicates commands that are manually input by the user Bsuch as a s%o& commandC. Italics indicate arguments for which you supply actual %alues. Fertical bars BGC separate alternati%e, mutually e4clusi%e elements. S"uare brackets H I indicate optional elements. 'races J K indicate a re"uired choice. 'races within brackets HJ KI indicate a re"uired choice within an optional element.
E E E E E
-ntr$.ucti$n
+or more than ten years, the !!&, program has identified networking professionals with the highest le%el of e4pertise. :ess than 2 percent of all !isco certified professionals actually achie%e !!&, status. The maAority of candidates that take the e4am fail at the first attempt because they are not fully prepared@ they generally find that their study plan did not match what was e4pected of them in the e4am. This practice e4am has been designed to take you as close as possible to actually taking the real lab e4am. &t will show whether you are ready to schedule your lab, or if you need to ree%aluate your study plan.
21am 3(er(ie)
The !!&, "ualification consists of two e4ams, a (#hour written e4am followed by an /#hour hands#on lab e4am that now includes a troubleshooting section. 0ritten e4ams are computer#based, multiple choice e4ams lasting ( hours and a%ailable at hundreds of authorized testing centers worldwide. The written e4am is designed to test your theoretical
knowledge to ensure you are ready to take the lab e4am@ as such, you are only eligible to schedule the lab e4am after you ha%e passed the written e4am. Ha%ing purchased this publication, it is assumed that you ha%e passed the written e4am and are ready to practice for the lab e4am. The lab e4am is a L *5(#hour, hands#on e4am in which you are re"uired to configure a series of comple4 scenarios in strict accordance to the "uestions@ it6s tough but achie%able. Troubleshoot# ing is now included for ( hours, and you are also presented with a series of further "uestions for a 2)#minutes period of the e4am. !urrent lab blueprint content information can be found on the following M-:D httpsD55learningnetwork.cisco.com5docs5=8!#3N)2.
Sc$rin" P$int Sy#tem

&n the actual e4am a higher number of a%ailable points for certain "uestions would generally indicate that the re"uired solution would take more time to achie%e or that there would be multiple lines of configuration in%ol%ed. This practice lab closely echoes the scoring system in place in the actual e4am. &f you find you are running short on time, try to get the smaller tasks completed and then return to the more comple4 "uestions.
Stu.y '$a.map
Taking the lab e4am is all about e4perience@ you can6t e4pect to take it and pass after Aust completing your written e4am, relying on your theoretical knowledge. >ou will need to spend countless hours of rack time configuring features and learning how protocols interact with one another. To be confident enough to schedule your lab e4am, re%iew the follow# ing outlined points.
%##e##in" 4$ur Stren"th#

Msing the content blueprint, determine your e4perience and knowledge in the maAor topic areas. +or areas of strength, practicing for speed should be your focus. +or weak areas, you might need training or book study in addition to practice.
Stu.y Materia&#
!hoose lab materials that pro%ide configuration e4amples and take a hands#on approach. :ook for materials appro%ed or pro%ided by !isco and its :earning $artners.
5an.#63n Practice
'uild and practice your lab scenarios on a per#topic basis. 7o beyond the basics and practice additional features. :earn the s%o& and de'ug commands along with each topic. &f a protocol has multiple ways of configuring a feature, practice all of them.
Ci#c$ !$cumentati$n C!
ake sure you can na%igate the !isco documentation != with confidence because this is the only resource you will be allowed during the lab Bor restricted access to the same content on !isco.comC. ake the != part of your regular study@ if you are familiar with it, you can sa%e time during the e4am.
5$me Lab#
Although ac"uiring a personal home lab is ideal, it can be costly to gather all the e"uipment you will need.
Ci#c$ 37+ Pr$"ram

The !isco 2N) :earning $rogram encompasses si4 stages of acti%ity to support successful learning for studentsD
1 2 3
(ssessment! Students take a diagnostic pre#assessment lab to benchmark their knowledge of %arious networking top# ics. Planning! 'ased on the pre#assessment, students create a learning plan that uses a mi4 of learning components to fo# cus their study. )earning! Students learn by participating in lessons and lectures, reading materials, and working with peers and in# structors.
4 5
Pra$ti$e! Students use the practice e4ercises to apply learning on actual network e"uipment. Master*! Students measure their understanding by completing assessments of knowledge and skill for %arious ap# proaches to sol%ing network problems.
7 +e,ie&! Students re%iew their work with a mentor or instructor and tune their skills with tips and best practices.
=etailed information on the 2N) program can be found on the following M-:D httpsD55learningnetwork.cisco.com5community5learningOcenter5ciscoO2N)52N)#rs.
28uipment Li#t an. -3S 'e8uirement#

The lab e4am tests any feature that can be configured on the e"uipment and the &8S %ersions indicated hereD
E E E
*/3* Series routersP&8S *(.3BTC Q Ad%anced ,nterprise Ser%ices 2/(L Series routersP&8S *(.3BTC Q Ad%anced ,nterprise Ser%ices !atalyst 2LN) Series switches running &8S %ersion *(.(PAd%anced &$ Ser%ices
This page intentionally left blank
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J.
uggan
!"#
Practice Lab "

The !!&, e4am commences with ( hours of troubleshooting followed by L *5( hours of configuration and a final 2) minutes of additional "uestions. This lab has been timed to last for / hours of configuration and self#troubleshooting, so aim to complete the lab within this period. Then either score yourself at this point or continue until you feel you ha%e met all the obAecti%es. >ou will now be guided through the e"uipment re"uirements and prelab tasks in preparation for taking this practice lab. &f you don6t own si4 routers and four switches, consider using the e"uipment a%ailable and additional lab e4ercises and training facilities a%ailable within the !!&, -&S 2N) program. >ou can find detailed information on the 2N) program and !!&, -&S e4am on the following M-:s, respecti%elyD httpsD55learningnetwork.cisco.com5community5learningOcenter5ciscoO2N)52N)#rs httpsD55learningnetwork.cisco.com5community5certifications5ccieOroutingOswitching
28uipment Li#t
>ou need the following hardware and software components to begin this practice labD
E
Si4 routers loaded with !isco &8S Software -elease *(.3 Ad%anced ,nterprise image and the minimum interface configuration, as documented in Table *#*
$ardware Re%uired &er Router
M$.e& 2thernet -:; Seria& -:;
T%9L2 161
'$uter
N3T2
The 2/(Ls used in this lab were loaded with $382-.ad,enter/rise09. m1.224.3.4.'in, and the 29(L was loaded with $372-.ad,enter/rise09. m1.224.3.4.'in.
-* -( -2 -3 -L -N
2/(L 29(L 2/(L 2/(L 2/(L 2/(L
* * * ( ( (
* ( * P * P
uggan
!'#
N3T2
1otice in the initial con# figurations supplied that some interfaces will not ha%e &$ address pre# configured. This is be# cause you either will not be using that interface or you need to configure this interface from de# fault within the e4ercise. The initial configurations supplied should be used to preconfigure your routers and switch before the lab starts. &f your routers ha%e dif# ferent interface speeds than those used within this book, adAust the bandwidth statements on the rele%ant interfaces to keep all interface speeds in line. This can ensure that you do not get un# wanted beha%ior due to differing &7$ metrics.
8ne 2LL) switch with &8S *(.( &$ Ser%ices and three 2LN) switches with &8S *(.( &$ Ser%ices
Settin" <p the Lab

>ou can use any combination of routers as long as you fulfill the re"uirements within the topology diagram, as shown in +igure *#*. Howe%er, it is recommended to use the same model of routers because this can make life easier if you load configurations directly from those supplied with your own de%ices.
Lab T$p$&$"y
This practice :ab uses the topology outlined in +igure *#*, which you need to re#create with your own e"uipment or by simply using the !!&, Assessor.
;-=<'2 161
Lab (o&o)ogy iagra*
uggan
!+#
S)itch -n#tructi$n#
N3T2
The !!&, Assessor to# pology %ersion ' is used for this lab. Additional interfaces a%ailable on the Assessor that are not re"uired for this lab were omitted from +igure *#*. &f you are not using the !!&, Assessor, use +ig# ure *#* and +igure *#3 to determine how many interfaces you need to complete your own to# pology.
!onfigure F:A1 assignments from the configurations supplied or from Table *#( with the e4ception of Switch( +a)53. BThis will be configured during the lab.C
T%9L2 162
VL%N
,L-. -ssign*ent
S)itch2 S)itch3 S)itch4
S)itch1
23 3L 3N *)) ()) 2))
+a)52, +a)53 +a)5L +a)5N P P &5+ F:A12))
P See Questions See Questions +a)5* +a)5( +a)5L, +a)5N, &5+ F:A12))
P P P P P &5+ F:A12))
P P P P P &5+ F:A12))
!onnect your switches with -;3L ,thernet !ross 8%er cables, as shown in +igure *#(.
N3T2
Switch( will be config# ured during the actual lab "uestions for F:A13L and 3N interface +a)53.
;-=<'2 162
Switch to Switch Connectivity
uggan
!4#
;rame 'e&ay -n#tructi$n#

!onfigure one of your routers you are going to use in the lab as a +rame -elay switch, or ha%e a dedicated router purely for this task. This lab uses a dedicated router within the !!&, Assessor Fersion ' topology for the +rame -elay switch. A fully meshed en%ironment is configured between all the +rame -elay routers@ pay attention in the lab as to which $F!s are actually re"uired. Reep the encapsulation and :ocal anagement &nterface B: &C settings to default for this e4ercise, but e4periment with the settings outside the labs because you could be re"uired to configure the +rame -elay switching within your actual lab. &f you are using your own e"uipment, keep the =!, cables at the frame switch end for simplicity and pro%ide a clock rate to all links from this end. The +rame -elay connecti%ity after configuration represents the logical +rame -elay network, as shown in +igure *#2.
;-=<'2 163
/ra*e Re)ay Logica) Connectivity
-P %..re## -n#tructi$n#
>ou will find in the real !!&, lab that the maAority of your &$ addresses will be preconfigured@ for this e4ercise you are re"uired to configure your &$ addresses, as shown in +igure *#3, or load the initial router configurations supplied. &f you are manually configuring your e"uipment, ensure you include the following :oopback addressesD -* :o) *().*)).*.*5(3 -( :o) *().*)).(.*5(3 -N :o) *().*)).N.*5(3 S0* :o) *().*)).9.*5(3
uggan
!0#
-2 :o) *().*)).2.*5(3 -3 :o) *().*)).3.*5(3 -L :o) *().*)).L.*5(3

;-=<'2 164
IP -ddressing iagra*
S0( :o) *().*))./.*5(3 S02 :o) *().*))...*5(3 S03 :o) *().*)).*).*5(3
Pre6&ab Ta#0#
E E E
'uild the lab topology as per +igure *#* and +igure *#(. !onfigure your +rame -elay switch router to pro%ide the necessary =ata :ink !ontrol &dentifiers B=:!&C as per +igure *#2. !onfigure the &$ addresses on each router, as shown in +igure *#3, and add the :oopback addresses. Alterna# ti%ely, you can load the initial configuration files supplied if your router is compatible with those used to create
uggan
!1#
this e4ercise. -* re"uires a secondary &$ address on its 7igabit,thernet )5* interface for this lab@ details can be found on the accompanying initial configuration for -*.
=enera& =ui.e&ine#
E E E E
$lease read the whole lab before you start. =o not configure any static5default routes unless otherwise specified. Mse only the =:!&s pro%ided in the appropriate figures. ,nsure full &$ %isibility between routers for ping testing5telnet access to your de%ices with e4ception to the Switch :oopback addresses. These will not be %isible to the maAority of your network because of the configura# tion tasks. &f you find yourself running out of time, choose "uestions that you are confident you can answer@ failing this choose "uestions with a higher point rating to ma4imize your potential score. 7et into a comfortable and "uiet en%ironment where you can focus for the ne4t / hours. Take a 2)#minute break midway through the e4ercise. Ha%e a%ailable a !isco =ocumentation !=#-8 or access online the latest documentation from the following M-:D httpD55www.cisco.com5en5MS5product s5psN2L)5productsOinstallationOandOconfigurationOguidesOlist.html.
E E E E
N3T2
Access only this M-:, not the whole !isco.com website@ because if you are permitted to use documentation during your !!&, lab e4am, it will be restricted. !on# sider opening se%eral windows with the pages you are likely to look at to sa%e time during your lab.
Practice Lab 3ne

>ou will now answer "uestions in relation to the network topology, as shown in +igure *#L.
uggan
!2#
;-=<'2 165
Lab (o&o)ogy iagra*
Secti$n 1> L%N S)itchin" an. ;rame 'e&ay ?2@ P$int#A

E
!onfigure your switches as a collapsed backbone network with Switches * and ( performing core and distribu# tion functionality and Switches 2 and 3 as access switches in your topology. Switches 2 and 3 should connect only to the core switches. B( pointsC Switch * and ( should run spanning tree in /)(.*w mode@ Switches 2 and 3 should operate in their default span# ning#tree mode. B( pointsC !onfigure Switch * to be the root bridge and Switch ( the secondary root bridge for F:A1s * and 2)). ,nsure that Switches 2 and 3 can ne%er become root bridges for any F:A1s for which Switch * and Switch ( are root bridges by configuring only Switches * and (. B( pointsC
E E
uggan
!3#
E E E
,nsure you fully utilize the a%ailable bandwidth between switches by grouping together your interswitch links as trunks. ,nsure that only dot*" and ,ther!hannel are supported. B2 pointsC ,nsure traffic is distributed on indi%idual ,thernet trunks between switches based on the destination dress of indi%idual flows. B( pointsC A! ad#
,nsure that user interfaces are shut down dynamically by all switches should they toggle e4cessi%ely@ if they re# main stable for 2L seconds, they should be reenabled. !onfigure +ast ,thernet $ort )5*) on each switch so that if multicast traffic is recei%ed on this port, the port is automatically disabled. B( pointsC +ast ,thernet $orts )5**#*9 will be used for future connecti%ity on each switch. !onfigure these ports as access ports for F:A12)), which should begin forwarding traffic immediately on connection. =e%ices connected to these ports will dynamically recei%e &$ addresses from a =H!$ ser%er due to be connected to $ort )5*/ on sw*. +or security purposes, this is the only port on the network from which =H!$ addresses should be allocated. ,n# sure the switches intercept the =H!$ re"uests and add the ingress port and F:A1 and switch A! address prior to sending onward to the =H!$ ser%er. :imit =H!$ re"uests to N)) packets per minute per user port. BN pointsC +or additional security ensure the user ports on Switches *Q3 and **Q*9 can communicate only with the network with &$ addresses gained from the =H!$ feature configured pre%iously. Mse a dynamic feature to ensure the only information forwarded upon connection is =H!$ re"uest packets, then any traffic that matches the =H!$ &$ in# formation recei%ed from the =H!$ binding for additional security. B2 pointsC -L and -N ha%e been preconfigured with &$ addresses on their ,thernet interfaces. !onfigure -3 and its associ# ated switch port accordingly without using secondary addressing to communicate with -L and -N. !onfigure -3 with an &$ address of *().*)).3L.35(3 to communicate with -L, and configure -3 with an &$ address of *().*)).3N.35(3 to communicate with -N. !onfigure -3 7i)5* and Switch ( +,)53 only. B2 pointsC >our initial +rame -elay configuration has been supplied for the -*#-(#-2 connecti%ity and -(#-L. !onfigure each de%ice per +igure *#N to ensure each de%ice is reachable o%er the +rame -elay network. Mse only the indi# cated =:!&s. B( pointsC
uggan
!4#
;-=<'2 167
/ra*e Re)ay Connectivity
uggan
!"0#
Secti$n 2> -P(4 -=P Pr$t$c$&# ?22 P$int#A

Secti$n 2 1> 3SP;
;-=<'2 167
5SP/ (o&o)ogy
Mse a process &= of *@ all 8S$+ configuration where possible should not be configured under the process &=. =o not change the preconfigured interface types where applicable, The :oopback interfaces of -outers -*, -(, and -2 should be configured to be in Area ). -3 should be in Area 23 and -L in Area L. B( pointsC All :oopback networks should not be ad%ertised as host routes. B* pointC ,nsure that -* does not ad%ertise the preconfigured secondary address under interface 7igabit )5* of *().*)).*)).*5(3 to the 8S$+ network. =o not use any filtering techni"ues to achie%e this. B( pointsC
E E
uggan
!""#
-L should use the +rame -elay link within Area L for its primary communication to the 8S$+ network. &f this network should fail either at :ayer * or :ayer (, -L should form a neighbor relationship with -3 under Area L to maintain connecti%ity. >our solution should be dynamic ensuring that while the Area L +rame -elay link is operational there is no neighbor relationship between -3 and -L@ howe%er, the ,thernet interfaces of -3 and -L must remain up. To confirm the operational status of the +rame -elay network, you should ensure that the serial interface of -L is reachable by configuration of -L. >ou are permitted to define neighbor statements between -L and -3. B3 pointsC
Secti$n 2 2> 2-='P

;-=<'2 16@
EI6RP (o&o)ogy
!onfigure ,&7-$ using an AS number of *. The :oopback interfaces of all routers and switches should be ad# %ertised within ,&7-$. B( pointsC
uggan
!"'#
,nsure that -3 does not install any of the ,&7-$ :oopback routes from any of the switches into its routing table@ as such these routes should also not be present in the 8S$+ network post redistribution. =o not use any route# filtering A!:s, prefi4 lists, or admin distance manipulation to achie%e this, and perform configuration only on -3. B2 pointsC -3 will ha%e dual e"ual cost routes to F:A12)) Bnetwork *L).*)).2.)C from -L and -N. ,nsure -3 sends traffic to this destination network to -L rather than load sharing. &f the route from -L becomes una%ailable, traffic should be sent to -N. >ou cannot policy route, alter the bandwidth, or delay statements on -36s interfaces, or use an offset list. $erform your configuration on -3 only. >our solution should be applied to all routes recei%ed from -L and -N as opposed to solely the route to network F:A12)). B2 pointsC
Secti$n 2 3> 'e.i#tributi$n

E
$erform mutual redistribution of &7$ protocols on -3. All routes should be accessible with the e4ception of the switch :oopback networks because these should not be %isible %ia -3 from an earlier "uestion. ,&7-$ routes re# distributed within the 8S$+ network should remain with a fi4ed cost of L))) throughout the network. B2 pointsC !onfigure -3 to redistribute only up to fi%e ,&7-$ routes and generate a system warning when the fourth route is redistributed. =o not use any access#lists in your solution. B( pointsC.
uggan
!"+#
Secti$n 3> 9=P ?14 P$int#A

;-=<'2 169
76P (o&o)ogy
!onfigure i'7$ peering as followsD -*#-2, -(#-2, -N#-L, Sw*#-N, and Sw*#-L. Mse minimal configuration and use :oopback interfaces for your peering. !onfigure e'7$ peering as followsD -2#-3, -3#-N, -3#-L, and -L#-(. Mse minimal configuration and use :oopback interfaces for your peering with the e4ception of -3 to -L. B( pointsC Mse the AS numbers supplied in +igure *#.. B( pointsC AS()) is to be used as a backup transit network for traffic between AS*)) and AS2))@ as such, if the +- net# work between -L and -( fails, ensure the peering between -( and -L is not maintained %ia the ,thernet net# work. =o not use any A!: type restrictions or change the e4isting peering. B( pointsC !onfigure a new :oopback interface ( on -( of *2).*)).()).*5(3, and ad%ertise this into '7$ using the network command. !onfigure -( in such a way that if the +rame -elay connection between -( and -L fails, AS2)) no longer recei%es this route. =o not use any filtering between neighbors to achie%e this or neighbor#specific com# mands. B2 pointsC
uggan
!"4#
!onfigure HS-$ between -L and -N on F:A12)) with -L acti%e for .*5(3. &f the network *2).*)).()).)5(3 is no longer %isible to AS2)), -N should dynamically become the HS-$ acti%e. !onfigure -L to achie%e this solu# tion. B3 pointsC !onfigure two new :oopback interfaces on -* and -( of *(N.*.*.*5(3 and *2).*.*.*5(3, respecti%ely, and ad%er# tise these into '7$ using the net&or0 command. -2 should be configured to enable only '7$ routes originated from -* up to network *(/.).).) and from abo%e network *(/.).).) originated from -(. Mse only a single A!: on -2 as part of your solution. B2 pointsC
Secti$n 4> -P(7 ?14 P$int#A

;-=<'2 161+
IPv1 (o&o)ogy
!onfigure &$%N addresses on your network as followsD ())9D!*LD!)D*)DD5N3 Q -* 7i)5) ())9D!*LD!)D**DD*5N3 Q -* S)5)5)
uggan
!"0#
())9D!*LD!)D**DD(5N3 Q -( S)5) ())9D!*LD!)D**DD25N3 Q -2 S)5)5) ())9D!*LD!)D*(5N3 # -( +,)5* ())9D!*LD!)D*3DD(5N3 Q -( S)5* ())9D!*LD!)D*3DDL5N3 Q -L S)5)5* ())9D!*LD!)D*LDD25N3 Q -2 7i)5) ())9D!*LD!)D*LDD35N3 Q -3 7i)5) ())9D!*LD!)D*NDDL5N3 Q -L 7i)5* ())9D!*LD!)D*NDDN5N3 Q -N 7i)5*
Secti$n 4 1> '-Pn"

E
!onfigure -&$ng ensuring your &$%N routes are %isible throughout your -&$ng domain. =o not disable split# horizon. B2 pointsC
Secti$n 4 2> 3SP;(3

E E
!onfigure 8S$+%2 with a process &= of * with all 8S$+ interfaces assigned to Area ). B( pointsC. The &$%N network is deemed to be stable@ therefore, reduce the number of :SAs flooded within the 8S$+ do# main. B( pointsC

E E
-edistribute -&$ng routes into the 8S$+%2 demand Bone wayC. -&$ routes should ha%e a fi4ed cost of L))) asso# ciated to them within the 8S$+ network. B* pointC ,nsure the 8S$+2 network is reachable from the -&$ network by a single route of ())9DD5*N, which should be seen within the -&$ domain. !onfigure -L only to achie%e this. The 8S$+ domain should continue to recei%e specific -&$ng subnets. B( pointsC ,nsure that if the serial link fails between the 8S$+ and -&$ng domain, routing is still possible between -L and -3 o%er F:A13L. =o not enable -&$ on the F:A13L interfaces of -3 and -L. !onfigure -3 and -L to achie%e this, which should be considered as an alternati%e path only if a failure occurs. B2 pointsC
uggan
!"1#
,nsure the summary route configured pre%iously is not seen back on the routing table of -L@ configure only -L to achie%e this. B* pointC
Secti$n 5> B$S ?@ P$int#A

E
>ou are re"uired to configure QoS on switch* according to the !isco QoS baseline model. !reate a odular QoS configuration for all user ports B+ast ,thernet *#(3C that facilitates the following re"uirements B2 pointsCD *C All ports should trust the =S!$ %alues recei%ed from their connecting de%ices.
(C $ackets recei%ed from the user ports with =S!$ %alues of 3/, 3N, 23, 2(, (3, (/, *N, and *) should be remarked to =S!$ / B$H' !S*C in the e%ent of traffic flowing abo%e L bps on a per port basis. This traffic could be a combi# nation of any of the preceding =S!$ %alues with any source5destination combination. ,nsure a minimum burst %alue is configured abo%e the L bps. E Switch* will be connected to a new trusted domain in the future using interface gigabit )5*. A =S!$ %alue re# cei%ed locally on sw* of A+32 should be mapped to A+3( when destined for the new domain. B( pointsC
E
!onfigure !isco odular QoS as follows on -* for the following traffic types based on their associated $er Hop 'eha%ior into classes. &ncorporate these into an o%erall policy that should be applied to the T* interface S)5)5). Assume a $F! of line rate on the +rame -elay network and allow each class the effecti%e bandwidth as detailed B( pointsCD
C&a## P59 %##i"ne. Spee.
-outing Fo&$ &nteracti%e Fideo ission !ritical =ata !all#Signaling Transactional =ata 1etwork# gmt 'ulk =ata Sca%enger =efault
!SN ,+ A+3* A+2* !S2 A+(* !S( Af** !S* )
3N Rbps (39 Rbps (39 Rbps (39 Rbps 3N Rbps (*N Rbps 3N Rbps 3N Rbps *L Rbps 2/N Rbps
uggan
!"2#
!onfigure -( so that traffic can be monitored on the +rame -elay network with a %iew to a dynamic policy being generated in the future that trusts the =S!$ %alue of traffic identified on this media. B* pointC
Secti$n 7> Security ?7 P$int#A

E
!onfigure -2 to identify and discard the following custom %irus@ the %irus is characterized by the AS!&& charac# ters SHastingsO'eerT within the payload and utilizes M=$ ports **NN3 to **NNN. The &= of the %irus begins on the third character of the payload. The %irus originated on F:A1 23. B( pointsC An infected host is on F:A1 ()) of *L).*)).(.*))@ ensure that only within '7$ AS*), traffic destined for this host is directed to null) of each local router. >ou cannot use any A!:s to block traffic to this host specifically but can use a static route pointing to null ) for traffic destined to *.(.).(.) 5(3 on routers within AS*). -( can ha%e an additional static route pointing to null). Mse a '7$ feature on -( to ensure traffic to this source is blocked. $re%ent unnecessary replies when traffic is passed to the null) interface for users residing on F:A1*)). B2 pointsC &n a %iew of protecting the control plane on -outer -N, configure !o$$ so that &$ $ackets with a TT: of ) or * are dropped rather than processed with a resulting &! $ redirect sent to the originator. B* pointC
Secti$n 7> Mu&tica#t ?4 P$int#A

E
!onfigure -outers -*, -(, -2, and -3 for &$%3 ulticast@ configure -2 to send multicast ad%ertisements of its own time by use of 1T$ sourced from interface 7ig )5). !onfigure $& spare mode on all re"uired interfaces. -2 should also be used to ad%ertise its own gigabit interface &$ address as an -$. -2 should also ad%ertise the &$ address you are using for the 1T$ ad%ertisements that will be ((3.).*.*. =o not use the command nt/ ser,er in any configurations. -outers -*, -(, and -3 should all show a clock synchronized to that of -2. B3 pointsC
-P Ser(ice# ?4 P$int#A
E
!onfigure the following commands on -outer -*D aaa new#model logging buffered logging *().*))....*
uggan
!"3#
!onfigure a policy on -outer -* so that if a user tries to remo%e AAA ser%ices or disable logging %ia the !:& that a syslog message of M1AMTH8-&U,=#!8 A1=#,1T,-,= is generated. The policy should ensure ei# ther command is not e4ecuted and should consist of a single#line command for the !:& pattern detection. The policy and !:& should run asynchronously. The policy should also generate an email from the router to a mail ser%er residing on &$ address *().*))....( Bto securityVlab#e4am.net from eemVlab#e4am.net subAect WMser# &ssueW with the message body consisting of details of who was logged on the time either of the commands were enteredC. B( pointsC !isco 0AAS de%ices are to be installed on Switches * and ( in the future on F:A12)). !onfigure -outers -L and -N to pro%ide 0!!$%( redirection for clients residing on F:A12)) to ensure that all T!$ traffic other than telnet is redirected only to the 0A,s that will reside on addresses *L).*)).2.L) and .L* within F:A12)). >ou are not re"uired to configure the switches for 0!!$ and can assume that incoming 0AAS traffic from the net# work will arri%e at interfaces 7i)5) on both -L and -N. Secure your 0!!$ with this passwordD !!&,. B( pointsC
C%#0 the Pr$ct$rD

N3T2
This section should be used only if you re"uire clues to complete the "uestions. &n the actual !!&, lab, the $roctor will not enter into any discussions regarding the "uestions or answers@ he or she will be present to ensure you do not ha%e problems with the lab en%ironment and to maintain the timing ele# ment of the e4am.
Secti$n 1> L%N S)itchin" an. ;rame 'e&ay

QD =o you want me to configure the collapsed backbone network by manipulating spanning tree to ensure that Switch * and Switch ( are the cores for each F:A1 in use? AD >ou are re"uested to configure root bridges in a later "uestion. QD All the switches are already connected, so & can6t change this unless & shut down some of the connections between switches. &s this acceptable? AD >es. QD &f & e4plicitly configure Switches * and ( as root bridges, surely this will ne%er enable Switches 2 and 3 to become root bridges? AD 1o it won<t. &f a superior '$=M is recei%ed on ports connecting to Switches 2 and 3 from Switches * and (, Switches 2 and 3 could become root bridges@ use a feature that effecti%ely ignores a superior '$=M if recei%ed. QD =o you want me to disable spanning tree down to Switches 2 and 3? &s this acceptable? AD 1o, spanning tree must remain in operation.
.
uggan
!"4#
QD !an & configure a
A! address type access#list to block all multicast at :ayer (?
AD 1o, this wouldn6t disable the port if multicast traffic was present on it@ look for a dynamic solution that does not re# "uire an A!:. QD !an & configure the s&it$%/ort 'lo$0 multi$ast command? AD 1o, this would block the traffic but wouldn6t disable the port. QD 0ould you like me to F:A1 load balance to utilize bandwidth? AD 1o, the "uestion directs you how to use the trunks. QD 0ould you like me configure Switch * to allocate =H!$ addresses? AD 1o, the "uestion relates to a fictitious =H!$ ser%er that would be connected to +a)5*/ on Switch*. QD !an & manipulate a helper#address function to answer the =H!$ "uestion by using A!:s? AD 1o, use a recognized =H!$ security#related solution. QD !an & configure port security to bind my A! addresses? AD 1o, use a feature that complements your =H!$ solution. QD !an & Aust configure -3 to trunk to Switch( and ha%e a subinterface in both F:A13L and F:A13N? AD >es. QD &6%e configured my trunk on Switch( to -3 and & can6t ping between -3 and -L@ similarly & can6t ping between -3 and -N. &s there anything else & need to do? AD -emember the switches are in FT$ transparent mode@ you might want to check that Switch( has the re"uired F:A1s configured to enable propagation within your switched network. QD y +rame -elay network picks up the =:!&s automatically. is this okay? AD 1o, you need to ensure that you do not use additional =:!&s other than those specified. QD =o you want me to manually map to the =:!&s & should be using? AD >es.
uggan
!'0#
Secti$n 2> -P(4 -=P Pr$t$c$&#

Secti$n 2 1> 3SP;
QD & am used to configuring 8S$+ under the process@ surely this is the only place & can configure the parameters? AD There ha%e been recent ad%ances in 8S$+ enabling you to configure it purely under specific areas of the router rather like with &$%N. Take a look at the commands a%ailable to you under the interfaces. QD y neighbor relationship is down o%er the +rame -elay network. & notice & ha%e different 8S$+ network types pre# configured. !an & change these? AD 1o, use an alternati%e method of bringing the interface parameters back into line. QD it? y secondary address is ad%ertised automatically under 8S$+@ can & use a distribute#list or prefi4 type list to block
AD 1o, use an 8S$+ feature to disable the ad%ertisement of this secondary address. QD &6%e attempted to form a neighbor relationship with -3 from -L using a backup interface. &s this okay? AD 1o, the "uestion states that your solution should cater for either :ayer * or :ayer ( failures and that the ,thernet should remain up. 'ackup interfaces would be fine for a :ayer * failure but not for a :ayer ( type issue if you had problems with specific =:!&s that caused neighbor failures o%er the +rame relay. This feature would also ensure the ,thernet network would be down until the backup interface is acti%ated. QD How about an 8S$+ demand circuit between -3 and -L? AD 1o, this would in%ol%e a neighbor relationship being maintained. >ou need to allow only the neighbor relationship to be formed if a failure condition occurs. QD !an & use '+= between -3 and -L? AD 1o, this might aid in failure detection, but it does not meet the obAecti%es of the "uestion. QD To confirm the operation status of -L6s serial interface, can & Aust ping it? AD >ou can use &! $ but you need to ensure your solution is dynamic. QD y +rame -elay is up on -L and & can ping across it to -( from -L, but & can6t ping my own +rame -elay inter# face. &s this normal?
uggan
!'"#
AD >es, perform a debug of the +rame -elay packets if you need to@ remember what you need to gain &$ connecti%ity on a +rame -elay network. QD &f & use &$ S:A to automatically ping -L to check the status, is this okay? AD >es. QD 8kay, & ha%e &$ S:A running but &6m stuck. &s this anything to do with tracking the response to the ping? AD >es. QD How about if & use policy routing with the ne4t hop based on the tracking status? AD This is fine@ Aust remember that this traffic will be based locally on the router when applying any policies. QD &6%e worked out how to do this and managed to get a neighbor up when the +rame -elay fails, but my 8S$+ con# necti%ity is still not perfect through the ,thernet. &s this normal? AD 1ot if you ha%e configured correctly@ take a look at your topology and areas. Something might ha%e changed when -L connects o%er the ,thernet.
Secti$n 2 2> 2-='P

QD &f & ad%ertise my :oopbacks into ,&7-$ won6t that mean that -3 and -L will ha%e their :oopbacks ad%ertised by both 8S$+ and ,&7-$? AD >es, this is fine and is in accordance with the "uestion. QD To stop -3 from recei%ing the Switch :oopbacks can & stop ad%ertising them from the switches? AD 1o, you should use a feature on -3 to block them. QD !an & use a neighbor prefi4 list to block the :oopbacks? AD 1o, you cannot use any type of A!:s or prefi4 lists. QD &6%e noticed when & look at the specific :oopback routes that they ha%e a hop count associated with them. &t6s un# usual to associate hop counts with ,&7-$, but can & block routes based on their hop count? AD >es. QD &f & can6t change the bandwidth and delay on -3, can & use a route#map to manipulate the ,&7-$ R %alues associ# ated on a per neighbor basis? AD >es.
uggan
!''#

QD =o you re"uire a distribute#list to block the switch :oopbacks from entering the 8S$+ domain? AD 1o, you should ha%e blocked these from entering your &$ routing table within -3 pre%iously, so additional blocking would not be re"uired. QD & ha%e only one redistribution point, and there is no benefit in creating filtering to protect against potential routing loops between protocols. &s this acceptable? AD >es, in this scenario this would be superfluous. QD !an & use a route#map to enable fi%e specific ,&7-$ routes to be redistributed into 8S$+? AD 1o, the "uestion doesn6t guide you to redistribute specific routes. Mse a more general method of allowing a specific number of routes.
Sect
QD &s it okay to disable auto synchronization in '7$? AD >ou need to determine whether you need this feature on or off. -emember that you should ha%e synchronization on only when you are fully redistributing between '7$ and your &7$. QD =o you want me to configure ebgp multihop but limit it to a %alue of ( on -2 for a TT: security check? AD There is a specific security configuration feature within '7$ to perform the TT: check. QD &f & use the TT: security hops with a %alue of (, is this all you are looking for? AD >ou need to ensure that your peering still works effecti%ely between -2 and -3 when you ha%e configured this fea# ture. QD & find that when the +rame -elay network fails my neighbor relationship is still maintained between -( and -L. This is because the :oopback routes are still a%ailable o%er the alternati%e path through the network. !an & block my :oopbacks or policy route at some point to effecti%ely break the peering? AD >ou do need to effecti%ely break the peering, but there is a far simpler method of achie%ing this that still maintains unaltered communication between -( and -L. Think about what you need to configure when you ha%e ,'7$ peers. QD & might ha%e been a little generous with my original multihop %alue between -( and -L. &f & reduce this to a TT: of (, & can break the peering. &s this okay?
uggan
!'+#
AD >es. QD & think & can stop the :oopback on -( being ad%ertised by using the community %alue of no#e4port, but if & enable this to -(, it wouldn6t make to -L e%en when the +rame -elay is working? AD !orrect, it wouldn6t be ad%ertised to -L AS2)) from -(. ;ust think about whether -( is the best place to send the community to originally. QD +or the HS-$ "uestion is this some form of conditional ad%ertising? AD 1o, the clue is in the "uestion@ Aust find a way of tracking the '7$ route and manipulate the HS-$ process. QD &f & enable &$ S:A to track a route in the routing table, can & use this to control HS-$? AD >es. QD >ou ha%en6t told me what address & should use for HS-$. &s it okay to use the first address in the subnet? AD >es. QD & ha%e configured my two new :oopbacks@ can & use two route#maps inbound from -* and -( both pointing to dif# ferent A!:s so that each route#map calls only one A!:? AD 1o, you still ha%e two A!:s. QD !an & set community %alues on the routes and match on these using a single A!:? AD 1o, you are instructed to use an A!:@ your solution would re"uire additional configuration. QD !an & use a prefi4#list to achie%e this? AD 1o, you are instructed to use an A!:. QD So & need an A!: with a mask suitable for both ranges? AD 1ot necessarily@ you would need to match only one re"uirement on the permit functionality@ the other could be met by deny.
Secti$n 4> -P(7

QD Should & use the eui#N3 address format when configuring my addresses? AD 1o, if these were re"uired you would ha%e been instructed to do so in the "uestion.
uggan
!'4#
QD &6%e configured my &$%N addresses and created a +rame -elay map for these on my e4isting =:!&s but still can6t ping across the +rame -elay network. Should & be able to? AD >es, if you debug your +rame -elay traffic, you will find you need additional configuration. QD & ha%e configured -&$ng between -*, -2, and -(@ -2 recei%es both spoke routes but -* does note see the -( &$%N route and %ice %ersa. &f this is split#horizon beha%ior and & can6t disable it, can & create subinterfaces on my +rame -e# lay network? AD 1o, use a feature that is common when running &$%N o%er &$%3 networks. QD !an & tunnel between -* and -(? AD >es. QD >ou are not re"uesting mutual redistribution between -&$ng and 8S$+%2. How will my -&$ng domain communi# cate with the 8S$+%2 domain? AD This issue is addressed in the following task. QD &f & can6t use -&$ng directly on F:A13L between -3 and -L, can & configure 8S$+%2 on F:A13L? AD 1o, find a way to still run -&$ng between routers without enabling it on the physical interfaces. QD !an & tunnel between -3 and -L? AD >es.

QD & ha%e redistributed -&$ng into 8$S+%2 on -L, which is the only suitable location, and noticed that in my 8S$+%2 domain & do not see the &$%N network configured on the +rame -elay network between -( and -L. &s this okay? AD 1o, this network should be ad%ertised to the 8$S+%2 domain. Mse a feature within the 8$S+%2 process as you would to o%ercome this if this were &$%3 redistribution. QD !an & redistribute a static &$%N route on -L into -&$ng for ())9DD5*N? AD 1o, static routes are permitted unless specified. 0hat would you do if this were &$%3? QD &f & can6t enable -&$ng on F:A13L between -3 and -L, can & enable 8S$+%2? AD 1o, this would also re"uire you to perform redistribution at this point?
uggan
!'0#
QD How about tunneling again and enabling -&$ng o%er the tunnel. &s this 8R ? AD >es. QD & ha%e created my tunnel and found that this is now the primary route rather than an alternati%e path. !an & perform some kind of backup interface to make this come up only if a failure occurs on the +rame -elay? AD 1o, you ha%en6t been gi%en sufficient information to make this Audgment. This approach would also break your &$%3 network@ think why the ,thernet path is preferred and manipulate it. QD !an & use a prefi4#list to block the summary and permit all other &$%N routes? AD >es, this is fine.
Secti$n 5> B$S

QD !an & Aust trust =S!$ on my physical ports? AD 1o, this should be completed as part of your policy. QD Shall & rate#limit my ports to L on a per#port basis? AD 1o, this should be completed as part of your policy. QD >ou ha%en6t indicated what the minimum burst size should be, is this correct? AD >es, Aust use the a%ailable limits within the command options. QD & belie%e & can use a =S!$ mutation map to con%ert the =S!$ %alues for the future, but the command won<t take the %alues A+32 and A+3(. AD 1o, it won<t because these are Assured +orwarding %alues. >ou need to con%ert these to =S!$ %alues@ search your =ocumentation != or a%ailable !isco.com pages. QD & am trying to assign bandwidth within my class with the speeds supplied, but & can see only a percentage option, is this correct? AD >es, you need to do some math. >ou are supplied with the information you re"uire and Aust need to remember how fast a T* line is.
uggan
!'1#
Secti$n 7> Security

QD !an & use a route#map and A!:s to identify the traffic by port number? AD 1o, this would identify the M=:= traffic but not the %irus payload as per the "uestion. &n%estigate the options open to you with 1'A-. QD !an & policy route traffic destined to the infected host to null)? AD 1o, you need to use a '7$#related feature. QD A static route for *.(.).(.)5(3 wont ha%e any bearing on traffic destined to the infected host, why is this rele%ant? AD Think about the way '7$ works. &t6s the only routing protocol where you don6t need to be directly connected to form a neighbor relationship@ as such you transport ne4t#hop information with your updates. QD & ha%e configured !o$$ on -N and seem to ha%e lost all my routes. &s this e4pected beha%ior? =o you want me to fi4 this as part of the !o$$ "uestion? AD &f you ha%e lost your routes, think about why this has happened. >es, pro%ide a fi4 otherwise you would lose points in other sections.
Secti$n 7> Mu&tica#t

QD &f & can6t configure nt/ ser,er on -*, -(, and -3, there won<t be a way & can get these routers to peer with -2. &s this correct? AD >es, you don6t need to specifically peer with -2 as the ser%er@ you should aim to recei%e the ntp stream though that -2 should be configured to multicast. QD =o you want me to create and announce the group ((3.).*.* on -2? AD >es.
Secti$n @> -P Ser(ice#

QD & guess this is an ,, AD !orrect. "uestion looking at the email address?
uggan
!'2#
QD =o you need me to set up a route to *().*))....)5(3? AD 1o. QD & can6t get both commands onto a single !:& pattern e%ent. &s it okay to configure two? AD 1o, you are directed to configure a single !:& pattern e%ent command that will pick up either command. QD =o you want a 7-, type redirection for the 0!!$? AD 1o, you ha%e not been gi%en sufficient information for 7-, mode, or indeed if you should configure tunnels and so on@ keep your configuration simple and follow the "uestion. QD Should & block telnet and then permit all other &$ traffic? AD Think about what 0AAS achie%es. does it optimize all &$ traffic or Aust specific protocols? QD Should & configure 0!!$ ser%ices N* and N( on the switches for F:A12))? AD 1o, you are directed to configure only the routers.
uggan
!'3#
Lab !ebrie/
The lab debrief section now analyzes each "uestion showing you what was re"uired and how to achie%e the desired re# sults. >ou should use this section to produce an o%erall score for this practice lab.
Secti$n 1> L%N S)itchin" an. ;rame 'e&ay ?2@ P$int#A

E
!onfigure your switches as a collapsed backbone network with Switches * and ( performing core and distribu# tion functionality and Switches 2 and 3 as access switches in your topology. Switches 2 and 3 should connect to only the core switches. B( pointsC
This is a simple start to the e4ercise. The switches are fully meshed to begin with@ to create a collapsed backbone topol# ogy, the core switches should be connected together, and each access switch should be dual#homed to the core switches. The only switches that should not connect directly to each other would be the access switches BSw2 and Sw3C. 'y shut# ting down the interfaces between Sw2 and Sw3, you create the re"uired topology. &f you ha%e configured this correctly, as shown in ,4ample *#*, you ha%e scored ( points. ,%en though the resulting topology is not looped at this stage, you can %erify route bridge assignment by using the s%o& s/anning tree root command.
2E%MPL2 161 S)3 an. S)4 C$n/i"urati$n
inter#a$e range #astEt%ernet s%ut 523.24 523.24
SW3(config)#
SW3(config-if-range)# SW4(config)#
SW4(config-if-range)#
inter#a$e range #astEt%ernet s%ut
Switch * and ( should run spanning tree in /)(.*w mode. Switches 2 and 3 should operate in their default span# ning#tree mode. B( pointsC
/)(.*w is rapid spanning tree@ this is backward compatible with the switches< default B$FSTC, so by configuring Switches * and ( into rapid spanning tree mode, spanning tree can still operate effecti%ely with Switches 2 and 3. &f you ha%e configured this correctly, as shown in ,4ample *#(, you ha%e earned another ( points.
uggan
!'4#
2E%MPL2 162
S)1 an. S)2 C$n/i"urati$n

s/anning.tree mode ra/id./,st s/anning.tree mode ra/id./,st
SW1(config)# SW2(config)#
!onfigure Switch * to be the root bridge and Switch ( the secondary root bridge for F:A1s * and 2)). ,nsure that Switches 2 and 3 can ne%er become root bridges for any F:A1s for which Switch * and Switch ( are root bridges by configuring only Switches * and (. B( pointsC
This is a straightforward "uestion for the core switches. The root bridge prioritization root guard is configured on the ports that connect Switches * and ( to Switches 2 and 3@ this ensures that if a superior '$=M is recei%ed on these ports, it is ignored. &f you ha%e configured this correctly, as shown in ,4ample *#2, you ha%e ( points.
2E%MPL2 163 S)1 an. S)2 '$$t 9ri."e C$n/i"urati$n
SW1(config)# s/anning.tree ,lan 2 root /rimar* SW1(config)# s/anning.tree ,lan 3 root /rimar* SW1(config-if)# inter#a$e 6astet%ernet 529 SW1(config-if)# s/anning.tree guard root SW1(config-if)# SW1(config-if)# SW1(config-if)# SW1(config-if)# SW1(config-if)# SW1(config-if)# inter#a$e 6astet%ernet inter#a$e 6astet%ernet inter#a$e 6astet%ernet 52 522 522 s/anning.tree guard root s/anning.tree guard root s/anning.tree guard root
SW2(config)# s/anning.tree ,lan 2 root se$ondar* SW2(config)# s/anning.tree ,lan 3 root se$ondar* SW2(config-if)# inter#a$e 6astet%ernet 529 SW2(config-if)# s/anning.tree guard root SW2(config-if)# SW2(config-if)# SW2(config-if)# SW2(config-if)# SW2(config-if)# SW2(config-if)# inter#a$e 6astet%ernet inter#a$e 6astet%ernet 52 522 s/anning.tree guard root s/anning.tree guard root inter#a$e 6astet%ernet 522 s/anning.tree guard root
uggan
!+0#
,nsure that you fully utilize the a%ailable bandwidth between switches by grouping your interswitch links as trunks. ,nsure that only dot*" and ,ther!hannel are supported. B2 pointsC
This is another straightforward "uestion for all switches to create ,ther!hannels between de%ices. Msing the command $%annel.grou/ n mode on under the physical interfaces ensures that only ,ther!hannel is supported, as opposed to pagp or lacp, and dot*" is the trunking protocol. +or :ayer ( ,ther!hannels, you don6t ha%e to create a port#channel interface first by using the inter#a$e /ort.$%annel configuration command before assigning a physical port to a channel group. >ou can use the $%annel.grou/ interface configuration command that automatically creates the port#channel interface, al# though a manual port channel configuration has been shown here for clarity. -emember that now that you ha%e ,ther# !hannels between switches, you will need to configure root guard on these interfaces to ensure that Switches 2 and 3 cannot become root bridges. This is o%er and abo%e the pre%ious physical interface configuration completed pre%iously. &f you ha%e configured this correctly, as shown in ,4ample *#3, you ha%e scored 2 points.
2E%MPL2 164 S)itch 1, 2, 3, an. 4 2therChanne& C$n/i"urati$n
inter#a$e Port.$%annel2 s&it$%/ort trun0 en$a/sulation dot27
SW1(config)#
SW1(config-if)#
SW1(config-if)# s&it$%/ort mode trun0 SW1(config-if)# s/anning.tree guard root SW1(config-if)# inter#a$e Port.$%annel2 SW1(config-if)# s&it$%/ort trun0 en$a/sulation dot27 SW1(config-if)# s&it$%/ort mode trun0 SW1(config-if)# s/anning.tree guard root SW1(config-if)# inter#a$e Port.$%annel3 SW1(config-if)# s&it$%/ort trun0 en$a/sulation dot27 SW1(config-if)# SW1(config-if)# SW1(config-if)# SW1(config-if)# SW1(config-if)# SW1(config-if)# SW1(config-if)# SW2(config)# s&it$%/ort mode trun0 inter#a$e range 6astEt%ernet 529.2 $%annel.grou/ 2 mode on inter#a$e range 6astEt%ernet 522.22 $%annel.grou/ 2 mode on inter#a$e range 6astEt%ernet 523.24 $%annel.grou/ 3 mode on
inter#a$e Port.$%annel2 s&it$%/ort trun0 en$a/sulation dot27 s&it$%/ort mode trun0 inter#a$e Port.$%annel2
SW2(config-if)# SW2(config-if)# SW2(config-if)#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. SW2(config-if)# SW2(config-if)# SW2(config-if)# SW2(config-if)# SW2(config-if)# SW2(config-if)# SW2(config-if)# SW2(config-if)# SW2(config-if)# SW2(config-if)# SW2(config-if)# SW3(config)# s&it$%/ort trun0 en$a/sulation dot27 s&it$%/ort mode trun0 inter#a$e Port.$%annel3 s&it$%/ort trun0 en$a/sulation dot27 s&it$%/ort mode trun0 inter#a$e range 6astEt%ernet 529.2 $%annel.grou/ 2 mode on inter#a$e range 6astEt%ernet 522.22 $%annel.grou/ 2 mode on inter#a$e range 6astEt%ernet 523.24 $%annel.grou/ 3 mode on
uggan
!+"#
inter#a$e Port.$%annel2 s&it$%/ort trun0 en$a/sulation dot27 s&it$%/ort mode trun0 inter#a$e Port.$%annel2 s&it$%/ort trun0 en$a/sulation dot27 s&it$%/ort mode trun0 inter#a$e range 6astEt%ernet 529.2 $%annel.grou/ 2 mode on inter#a$e range 6astEt%ernet 522.22 $%annel.grou/ 2 mode on
SW3(config-if)# SW3(config-if)# SW3(config-if)# SW3(config-if)# SW3(config-if)# SW3(config-if)# SW3(config-if)# SW3(config-if)# SW3(config-if)# SW4(config)#
inter#a$e Port.$%annel2 s&it$%/ort trun0 en$a/sulation dot27 s&it$%/ort mode trun0 inter#a$e Port.$%annel2 s&it$%/ort trun0 en$a/sulation dot27 s&it$%/ort mode trun0 inter#a$e range 6astEt%ernet 529.2 $%annel.grou/ 2 mode on inter#a$e range 6astEt%ernet 522.22 $%annel.grou/ 2 mode on
SW4(config-if)# SW4(config-if)# SW4(config-if)# SW4(config-if)# SW4(config-if)# SW4(config-if)# SW4(config-if)# SW4(config-if)# SW4(config-if)#
SW1# s%o& inter#a$es /ort.$%annel 2 status Port Po1 Name Status connecte Vlan trun# Duplex a-full Spee !"pe a-1$$
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. SW1# s%o& inter#a$es /ort.$%annel 2 status Port Po2 Name Status connecte Vlan trun#
uggan
!+'#
Duplex a-full
Spee !"pe a-1$$
SW1# s%o& inter#a$es /ort.$%annel 3 status Port Po3 Name Status connecte Vlan trun# Duplex a-full Spee !"pe a-1$$
SW1# s%o& et%er$%annel summar* Num%er of c&annel-groups in use' 3 Num%er of aggregators' 3 (roup Port-c&annel Protocol Ports
------)-------------)-----------)----------------------------------------------1 2 3 Po1(S*) Po2(S*) Po3(S*) +a$,1-(P) +a$,21(P) +a$,23(P) +a$,2$(P) +a$,22(P) +a$,24(P)
SW2# s%o& inter#a$es /ort.$%annel 2 status Port Po2 Name 8tatus $onne$ted 9lan Du/le: 8/eed 4*/e a.2
trun0 a.#ull
8;2< s%o& inter#a$es /ort.$%annel 2 status Port Po2 Name Status connecte Vlan trun# Vlan trun# Duplex a-full Duplex a-full Spee !"pe a-1$$ Spee !"pe a-1$$
SW2# s%o& inter#a$es /ort.$%annel 3 status Port Name Status Po3 connecte SW2# s%o& et%er$%annel summar* Num%er of c&annel-groups in use' 3 Num%er of aggregators' 3
(roup Port-c&annel Protocol Ports ------)-------------)-----------)----------------------------------------------* 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. 1 2 3 Po1(S*) Po2(S*) Po3(S*) +a$,1-(P) +a$,21(P) +a$,23(P) +a$,2$(P) +a$,22(P) +a$,24(P)
uggan
!++#
SW3# s%o& inter#a$e /ort.$%annel 2 status Port Po1 Name Status connecte Vlan trun# Duplex a-full Spee !"pe a-1$$
SW3# s%o& et%er$%annel summar* Num%er of c&annel-groups in use' 2 Num%er of aggregators' 2 (roup Port-c&annel Protocol Ports ------)-------------)-----------)----------------------------------------------1 Po1(S*) +a$,1-(P) +a$,2$(P) 2 Po2(S*) +a$,21(P) +a$,22(P)
SW4# s%o& et%er$%annel summar* Num%er of c&annel-groups in use' 2 Num%er of aggregators' 2 (roup Port-c&annel Protocol Ports ------)-------------)-----------)----------------------------------------------1 Po1(S*) +a$,1-(P) +a$,2$(P) Po2(S*) +a$,21(P) +a$,22(P) 2 * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
uggan
!+4#
,nsure traffic is distributed on indi%idual ,thernet trunks between switches based on the destination dress of indi%idual flows. B( pointsC
A! ad#
A common problem with ,ther!hannels is traffic not being distributed e"ually among the physical interfaces. !onfigur# ing channel load balancing based on the destination A! address of an indi%idual flow is Aust one method a%ailable to distribute traffic. &f you ha%e configured this correctly, as shown in ,4ample *#L, you ha%e scored ( points.
2E%MPL2 165 S)itch 1, 2, 3, an. 4 2therChanne& L$a. 9a&ancin" C$n/i"urati$n
/ort.$%annel load.'alan$e dst.ma$
SW1(config)#
SW2(config)# /ort.$%annel load.'alan$e dst.ma$ SW3(config)# /ort.$%annel load.'alan$e dst.ma$ SW4(config)# /ort.$%annel load.'alan$e dst.ma$ SW1# s%o& et%er$%annel load.'alan$e .t&er/&annel 0oa -1alancing 2perational State ( st-mac)' Non-3P' Destination 45/ a ress 3P64' Destination 45/ a ress 3P67' Destination 3P a ress
,nsure that user interfaces are shut down dynamically by all switches if they toggle e4cessi%ely@ if they remain stable for 2L seconds, they should be reenabled. !onfigure +ast ,thernet $ort )5*) on each switch so that if mul# ticast traffic is recei%ed on this port, the port is automatically disabled. B2 pointsC
&nterfaces that flap can cause problems in a network. Toggling would usually indicate a problem such as a faulty con# necting 1&! or faulty cable@ placing the ports into error disable is a method of stabilizing the en%ironment. To disable a port when multicast traffic is present, you need to configure storm control with the multicast option set to ). &f you ha%e configured this correctly, as shown in ,4ample *#N, you ha%e scored 2 points.
2E%MPL2 167 S)itch 1, 2, 3, an. 4 C$n/i"urati$n
errdisa'le re$o,er* $ause lin0.#la/ errdisa'le re$o,er* inter,al 3inter#a$e 6astEt%ernet 52 storm.$ontrol multi$ast le,el storm.$ontrol a$tion s%utdo&n
SW1(config)# SW1(config)# SW1(config)#
SW1(config-if)# SW1(config-if)#
uggan
!+0#
SW2(config)# SW2(config)# SW2(config)#
SW2(config-if)# SW2(config-if)# SW3(config)# SW3(config)# SW3(config)#
+ast ,thernet $orts )5**#*9 will be used for future connecti%ity on each switch. !onfigure these ports as access ports for F:A12)), which should begin forwarding traffic immediately on connection. =e%ices connected to these ports will dynamically recei%e &$ addresses from a =H!$ ser%er due to be connected to $ort )5*/ on sw*. +or security purposes this is the only port on the network where =H!$ addresses should be allocated from. ,n# sure the switches intercept the =H!$ re"uests and add the ingress port and F:A1 and switch A! address prior to sending forward to the =H!$ ser%er. :imit =H!$ re"uests to N)) packets per minute per user port. BN pointsC
This is a =H!$ Snooping "uestion. This is a useful security feature that protects the network from rogue =H!$ ser%ers. 0hen the =H!$ option#/( feature is enabled on the switch with the command i/ d%$/ snoo/ing in#ormation o/tion, a subscriber is identified by the switch port through which it connects to the network and by its A! address. =H!$ snooping also facilitates a rate limiting feature for =H!$ re"uests to pre%ent a =H!$ denial of ser%ice by e4cessi%e false re"uests from a host, which would ha%e the Wgobbler effectW of re"uesting numerous leases from the same port. The "uestion includes a couple of points that could easily be o%erlooked if you are suffering from e4am pressure, namely the ports are re"uired to be configured with s&it$%/ort %ost Bor by configuring portfastC to set the port mode to access and to forward immediately. The rate limiting is configured in packets per second not per minute as implied, so you would need to pay attention to detail. &f you ha%e configured this correctly, as shown in ,4ample *#9, you ha%e scored N points.
uggan
!+1#
2E%MPL2 167
S)itch 1, 2, 3, an. 4 !5CP Sn$$pin" C$n/i"urati$n

i/ d%$/ snoo/ing i/ d%$/ snoo/ing ,lan 3 i/ d%$/ snoo/ing in#ormation o/tion int #astEt%ernet 528 522.27 522.28 i/ d%$/ snoo/ing trust i/ d%$/ snoo/ing limit rate 2 s&it$%/ort %ost s&it$%/ort a$$ess ,lan 3
SW1(config)# SW1(config)# SW1(config)# SW1(config)# SW1(config)# SW1(config)#
SW1(config-if)#
inter#a$e range #astEt%ernet inter#a$e range #astEt%ernet
SW1(config-if-range)# SW1(config-if-range)# SW1(config-if-range)# SW2(config)# SW2(config)# SW2(config)# SW2(config)#
i/ d%$/ snoo/ing i/ d%$/ snoo/ing ,lan 3 i/ d%$/ snoo/ing in#ormation o/tion inter#a$e range #astEt%ernet s&it$%/ort %ost s&it$%/ort a$$ess ,lan 3 522.27 i/ d%$/ snoo/ing limit rate 2
SW4(config-if-range)# SW4(config-if-range)# SW4(config-if-range)# SW1# s% i/ d%$/ snoo/ing
uggan
!+2#
S8itc& D9/P snooping is ena%le D9/P snooping is configure on follo8ing V05Ns' 3$$ 3nsertion of option :2 is ena%le circuit-i format' 6lan-mo -port remote-i format' 45/ 2ption :2 on untruste port is not allo8e Verification of &8a r fiel is ena%le 3nterface !ruste ;ate limit (pps) --------------------------------------------+ast.t&ernet$,11 no 1$ 1$ +ast.t&ernet$,12 no +ast.t&ernet$,13 no 1$ +ast.t&ernet$,14 no 1$ +ast.t&ernet$,1< no 1$ +ast.t&ernet$,17 no 1$ +ast.t&ernet$,1= no 1$ "es unlimite +ast.t&ernet$,1:
+or additional security ensure the user ports on Switches *#3 and **#*9 can communicate only with the network with &$ addresses gained from the =H!$ feature configured pre%iously. Mse a dynamic feature to ensure the only information forwarded upon connection is =H!$ re"uest packets and then any traffic that matches the =H!$ &$ information recei%ed from the =H!$ binding for additional security. B2 pointsC
A complementary feature to =H!$ Snooping is &$ Source 7uard. This feature binds the information recei%ed from the =H!$ address offered and effecti%ely builds a dynamic FA!: on a per port basis to enable only source traffic matched from the =H!$ offer to ingress the switch port for additional security. &f you ha%e configured this correctly, as shown in ,4ample *#/, you ha%e scored 2 points.
2E%MPL2 16@ S)itch 1, 2, 3, an. 4 -P S$urce =uar. C$n/i"urati$n
inter#a$e range #ast 522.27 i/ ,eri#* sour$e
SW1(config)#
SW1(config-if-range)# SW2(config)#
SW3(config)# inter#a$e range #ast 522.27 SW3(config-if-range)# i/ ,eri#* sour$e
uggan
!+3#
SW4(config)#
-L and -N ha%e been preconfigured with &$ addresses on their ,thernet interfaces. !onfigure -3 and its associ# ated switch port accordingly without using secondary addressing to communicate with -L and -N. !onfigure -3 with an &$ address of *().*)).3L.35(3 to communicate with -L, and configure -3 with an &$ address of *().*)).3N.35(3 to communicate with -N. !onfigure -3 7i)5* and Switch ( +,)53 only. B2 pointsC
This is Aust a simple trunking "uestion on Switch( to -3 to enable -3 to connect to F:A13L and F:A13N. 8ne point to remember is that Switch( does not ha%e F:A13L and F:A13N configured locally within the default configuration, so you will need to create the F:A1s locally prior to configuring the trunk. &f you ha%e configured this correctly, as shown in ,4ample *#., you ha%e scored 2 points.
2E%MPL2 169
;4(config)#
S)itch2 an. '4 Trun0in" C$n/i"urati$n

inter#a$e Giga'itEt%ernet 52.4en$a/sulation dot2= 4i/ address 22 .2 .4-.4 2--.2--.2--. inter#a$e Giga'itEt%ernet 52.43 en$a/sulation dot2= 43 i/ address 22 .2 .43.4 2--.2--.2--.
;4(config-if)# ;4(config-if)# ;4(config-if)# ;4(config-if)# ;4(config-if)# SW2(config)# SW2(config)#
,lan 4-.43 inter#a$e 6astEt%ernet 54 s&it$%/ort trun0 en$a/sulation dot27 s&it$%/ort trun0 allo&ed ,lan 4-,43 s&it$%/ort mode trun0
SW2(config-if)# SW2(config-if)# SW2(config-if)#
>our initial configuration has been supplied for the -*#-(#-2 connecti%ity and -(#-L. !onfigure each de%ice as per +igure *#N to ensure each de%ice is reachable o%er the +rame -elay network. 8nly use the indicated =:!&s. B( pointsC
The initial +rame -elay configuration has been supplied for you@ all you need to add is additional maps on -* and -( spokes to enable them to communicate with each other by directing traffic to the Hub router B-2C because the initial con# figuration uses no in%erse arp. !ommunication between -( and -L will work without modification by default. &f you ha%e configured this correctly, as shown in ,4ample *#*), you ha%e scored ( points.
uggan
!+4#
2E%MPL2 161+
;1# $on# t ;1(config)#
'1 an. '2 %..iti$na& ;rame 'e&ay C$n/i"urati$n an. Te#tin"

int s 5 5 #rame.rela* ma/ i/ 22 .2 .223.2 2 3 'road$ast
;1(config-if)#
;2# $on# t .nter configuration comman s> one per line? .n 8it& /N!0,@? ;2(config)# int s 5 ;2(config-if)# #rame.rela* ma/ i/ 22 .2 .223.2 2 3 'road$ast ;1# /ing 22 .2 .223.2
!"pe escape seAuence to a%ort? Sen ing <> 1$$-%"te 3/4P .c&os to 12$?1$$?123?2> timeout is 2 secon s' BBBBB Success rate is 1$$ percent (<,<)> roun -trip min,a6g,max C :,:,: ms
Secti$n 2> -P(4 -=P Pr$t$c$&# ?22 P$int#A

Secti$n 2 1> 3SP;
E
Mse a process &= of *@ all 8S$+ configuration where possible should not be configured under the process &=. =o not change the preconfigured interface types where applicable. The :oopback interfaces of -outers -*, -(, and -2 should be configured to be in Area ). -3 should be in Area 23 and -L in Area L. B( pointsC
-ecent ad%ances in 8S$+ ha%e enabled configuration of the network area directly under the interface as opposed to within the 8S$+ process. ,4ample *#** details the 8S$+ configuration.
2E%MPL2 1611 3SP; C$n/i"urati$n
;1(config)# ;1(config)# inter#a$e Giga'itEt%ernet 52 i/ os/# 2 area 2 i/ os/# 2 area inter#a$e )oo/'a$0 i/ os/# 2 area inter#a$e 8erial 5 5 ;1(config-if)# ;1(config-if)# ;1(config-if)# ;1(config-if)#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. ;2(config)# inter#a$e )oo/'a$0 i/ os/# 2 area inter#a$e 8erial 5 i/ os/# 2 area inter#a$e 8erial 52 i/ os/# 2 area inter#a$e 6astEt%ernet i/ os/# 2 area 2 52
uggan
!40#
;2(config-if)# ;2(config-if)# ;2(config-if)# ;2(config-if)# ;2(config-if)# ;2(config-if)# ;2(config-if)# ;3(config)#
inter#a$e loo/'a$0 i/ os/# 2 area inter#a$e 8erial 5 5 i/ os/# 2 area inter#a$e Giga'itEt%ernet i/ os/# 2 area 34 5
;3(config-if)# ;3(config-if)# ;3(config-if)# ;3(config-if)# ;3(config-if)# ;4(config)#
inter#a$e )oo/'a$0 i/ os/# 2 area 34 inter#a$e Giga'itEt%ernet i/ os/# 2 area 34 inter#a$e Giga'itEt%ernet i/ os/# 2 area 52.45
;4(config-if)# ;4(config-if)# ;4(config-if)# ;4(config-if)# ;4(config-if)# ;<(config)#
inter#a$e )oo/'a$0 i/ os/# 2 area inter#a$e Giga'itEt%ernet i/ os/# 2 area inter#a$e 8erial 5 52 i/ os/# 2 area 5
;<(config-if)# ;<(config-if)# ;<(config-if)# ;<(config-if)# ;<(config-if)#
&nitial configuration changes the 8S$+ network interface types on -outer -*, -(, and -2 +rame -elay interfaces@ this changes the hello and dead inter%al timers, which results in a mismatch with neighbor relationship ne%er being formed. ,4ample *#*( shows the differing interface parameters between routers and re"uired configuration on -outers -* and -2. 'ecause you cannot change the network type, you must manually adAust the 8S$+ Hello#inter%al. The most logical place to do this is on the hub -outer -2 to ensure a common configuration. &f you ha%e configured 8S$+ correctly, as shown in ,4amples *#** and *#*(, you ha%e scored ( points.
uggan
!4"#
2E%MPL2 1612
3SP; -nter/ace Parameter# an. C$n/i"urati$n
;1# s%o& i/ os/# inter#a$e 8erial 5 5 Serial$,$,$ is up> line protocol is up 3nternet 5 ress 12$?1$$?123?1,24> 5rea $ Process 3D 1> ;outer 3D 12$?1$$?1?1> Net8or# !"pe P23N!D!2DP23N!> /ost' 74 .na%le %" interface config> inclu ing secon ar" ip a resses !ransmit Dela" is 1 sec> State P23N!D!2DP23N! !imer inter6als configure > 9ello 1$> Dea 4$> Wait 4$> ;etransmit < oo%-res"nc timeout 4$ 9ello ue in $$'$$'$: Supports 0in#-local Signaling (00S) /isco NS+ &elper support ena%le 3.!+ NS+ &elper support ena%le 3n ex 1,2> floo Aueue lengt& $ Next $x$($),$x$($) 0ast floo scan lengt& is $> maximum is $ 0ast floo scan time is $ msec> maximum is $ msec Neig&%or /ount is $> 5 Eacent neig&%or count is $ Suppress &ello for $ neig&%or(s) ;3# s%o& i/ os/# inter#a$e 8erial 5 5 Serial$,$,$ is up> line protocol is up 3nternet 5 ress 12$?1$$?123?3,24> 5rea $ Process 3D 1> ;outer 3D 12$?1$$?3?1> Net8or# !"pe P23N!D!2D4*0!3P23N!> .na%le %" interface config> inclu ing secon ar" ip a resses !ransmit Dela" is 1 sec> State P23N!D!2D4*0!3P23N! !imer inter6als configure > 9ello 3$> Dea 12$> Wait 12$> ;etransmit < oo%-res"nc timeout 12$ 9ello ue in $$'$$'$: Supports 0in#-local Signaling (00S) /isco NS+ &elper support ena%le 3.!+ NS+ &elper support ena%le 3n ex 2,2> floo Aueue lengt& $ Next $x$($),$x$($) 0ast floo scan lengt& is $> maximum is $ 0ast floo scan time is $ msec> maximum is $ msec Neig&%or /ount is $> 5 Eacent neig&%or count is $ Suppress &ello for $ neig&%or(s)
/ost' 74
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. ;3# $on# t ;3(config)# int 8erial 5 5 ;3(config-if)# i/ os/# %ello.inter,al 2 ;3# s%o& i/ os/# neig%'or Neig&%or 3D 12$?1$$?1?1 12$?1$$?2?1 12$?1$$?4?1 Pri $ $ 1 State +*00, +*00, +*00,1D; Dea !ime $$'$$'32 $$'$$'3< $$'$$'3-
uggan
!4'#
5 ress 12$?1$$?123?1 12$?1$$?123?2 12$?1$$?34?4
3nterface Serial$,$,$ Serial$,$,$ (iga%it.t&ernet$,$
E All :oopback networks should not be ad%ertised as host routes. B* pointC :oopback interfaces within 8S$+ will by default be ad%ertised as host routes. To manipulate this beha%ior you need to o%erride the network type that the &8S associates with the :oopback interface. ,4ample *#*2 shows the host routes learned on -(. 1ote that *().*)).*(2.252( is actually a host route generated by 8S$+ for the +rame -elay connection, so this is e4pected beha%ior and acceptable in the routing table. &f you ha%e configured this correctly, as shown in ,4#ample *#*2, you ha%e scored * point. ,XA $:, *#*2 8S$+ :oopback &nterface Host -outes and !onfiguration -(Y sh ip route G inc 52( 8 *().*)).L.*52( H**)5NLI %ia *().*)).(L.L, ))D)3D23, Serial)5*
8 &A *().*)).3.*52( H**)5NNI %ia *().*)).*(2.2, ))D))D3(, Serial)5) 8 8 8 8 *().*)).*(2.2, ))D)*D)), Serial)5) *().*)).*.*52( H**)5*(.I %ia *().*)).*(2.2, ))D)*D)), Serial)5) *().*)).2.*52( H**)5NLI %ia *().*)).*(2.2, ))D)*D)), Serial)5) *().*)).*(2.252( H**)5N3I %ia *().*)).*(2.2, ))D)*D)), Serial)5)
;1# $on# t ;1(config)# int )oo/'a$0 i/ os/# net&or0 /oint.to./oint ;1(config-if)# ;2#$on# t ;2(config)#
inter#a$e )oo/'a$0
;2(config-if)# i/ os/# net&or0 /oint.to./oint ;3# $on# t ;3(config)# int )oo/'a$0 * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. ;3(config-if)# ;4# $on# t ;4(config)# int )oo/'a$0 i/ os/# net&or0 /oint.to./oint ;4(config-if)# ;<# $on# t ;4(config)# int )oo/'a$0 i/ os/# net&or0 /oint.to./oint ;4(config-if)# i/ os/# net&or0 /oint.to./oint
uggan
!4+#
;2# s% i/ route os/# 2 > in$lude 524 1<$?1$$?$?$,24 is su%nette > 2 su%nets 2 35 12$?1$$?4?$,24 F11$,77G 6ia 12$?1$$?123?3> $$'$$'43> Serial$,$ 2 12$?1$$?<?$,24 F11$,7<G 6ia 12$?1$$?2<?<> $$'$1'4$> Serial$,1 2 12$?1$$?1?$,24 F11$,12-G 6ia 12$?1$$?123?3> $$'$$'43> Serial$,$ 2 12$?1$$?3?$,24 F11$,7<G 6ia 12$?1$$?123?3> $$'$$'43> Serial$,$ 2 12$?1$$?4<?$,24 F11$,7<G 6ia 12$?1$$?2<?<> $$'$1'4$> Serial$,1 2 35 12$?1$$?34?$,24 F11$,7<G 6ia 12$?1$$?123?3> $$'$$'43> Serial$,$ 12$?1$$?1$$?$,24 F11$,12-G 6ia 12$?1$$?123?3> $$'$$'$-> Serial$,$ 2 35
,nsure that -* does not ad%ertise the preconfigured secondary address under interface 7igabit )5* of *().*)).*)).*5(3 to the 8S$+ network. =o not use any filtering techni"ues to achie%e this. B( pointsC
The associated beha%ior with configuring 8S$+ directly under the interface is that it will by default ad%ertise any sec# ondary addresses assigned to the interface. -* has a preconfigured secondary address on interface 7igabit )5* that is therefore ad%ertised. 'ecause you cannot filter this ad%ertisement, you need to inform 8S$+ not to include the secon# dary addresses under the interface command. &f you ha%e configured this correctly, as shown in ,4ample *#*3, you ha%e scored ( points.
2E%MPL2 1614 3SP; Sec$n.ary %..re## %.(erti#ement an. C$n/i"urati$n
;1# s%o& i/ os/# int Giga'itEt%ernet 52 (iga%it.t&ernet$,1 is up> line protocol is up 3nternet 5 ress 1<$?1$$?1?1,24> 5rea 1$$ Process 3D 1> ;outer 3D 12$?1$$?1?1> Net8or# !"pe 1;25D/5S!> /ost' 1 .na%le %" interface config> inclu ing secon ar" ip a resses !ransmit Dela" is 1 sec> State D;> Priorit" 1 ;outer (3D) 12$?1$$?1?1> 3nterface a ress 1<$?1$$?1?1 Designate * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
uggan
!44#
No %ac#up esignate router on t&is net8or# !imer inter6als configure > 9ello 1$> Dea 4$> Wait 4$> ;etransmit < oo%-res"nc timeout 4$ 9ello ue in $$'$$'$$ Supports 0in#-local Signaling (00S) /isco NS+ &elper support ena%le 3.!+ NS+ &elper support ena%le 3n ex 1,1> floo Aueue lengt& $ Next $x$($),$x$($) 0ast floo scan lengt& is $> maximum is $ 0ast floo scan time is $ msec> maximum is $ msec Neig&%or /ount is $> 5 Eacent neig&%or count is $ Suppress &ello for $ neig&%or(s) ;1(config)# inter#a$e Giga'itEt%ernet 52 i/ os/# 2 area 2 se$ondaries none
;1(config-if)#
;2# s% i/ route 22 .2 .2 . H Su%net not in ta%le
-L should use the +rame -elay link within Area L for its primary communication to the 8S$+ network. &f this network should fail either at :ayer * or :ayer (, -L should form a neighbor relationship with -3 under Area L to maintain connecti%ity. >our solution should be dynamic, ensuring that while the Area L +rame -elay link is operational, there is no neighbor relationship between -3 and -L@ howe%er, the ,thernet interfaces of -3 and -L must remain up. To confirm the operational status of the +rame -elay network, you should ensure that the serial interface of -L is reachable by configuration of -L. >ou are permitted to define neighbor statements between -L and -3. B3 pointsC
This is a comple4 scenario that can consume your time, but all the clues are in the "uestion, so some lateral thinking is re"uired. >ou can rule out a backup interface solution because the ,thernet needs to remain up, and the solution must cater for :ayer * and :ayer ( rather than purely :ayer *. Similarly, a demand scenario is also out because this would in# %ol%e a neighbor relationship being formed. >ou are also re"uested to confirm operational status of the +rame -elay in# terface on -L with your o%erall solution being dynamic. This would take a great deal of effort and trial and error, but you will find that you can use the &$ S:A feature to monitor the &$ address of the +rame -elay interface on -L by -L itself. &f this responds to the automatic polling with &! $, you know the frame relay is up at :ayers * and (. B:ayer ( would also need to be up for a %alid response because the &! $ packet would be sent o%er the +rame -elay network, and a local map to -L6s own &$ address is re"uired for this.C &f the polling fails, you know the interface is down. &$ S:A
uggan
!40#
can then be used to inform the router, and a forwarding decision can be manipulated@ this feature is known as $olicy# 'ased -outing B$'-C support with multiple Tracking 8ptions. This gi%es $'- access to all the obAects that are a%ailable through the tracking process. The tracking process pro%ides the ability to track indi%idual obAects, such as &! $ ping reachability, and inform the re# "uired $'- process when an obAect state changes. &n summary, if the obAect status changes, -L can simply manipulate the way it sends traffic by policy routing. The traffic it manipulates needs to be 8S$+ that should be directed to -3 to form the adAacency o%er the ,thernet network BF:A13LC, so when -L +rame -elay is up and running, we Aust need to break the adAacency between -L and -3. 0hen the +rame -elay fails, we need to allow the adAacency between -L and -3 to form. The first step in this solution is to configure the &$ S:A obAect tracking on -L. -emember the additional map is needed locally, so it can ping its own serial interface@ this configuration is detailed in ,4ample *#*L.
2E%MPL2 1615 '5 -P SL% C$n/i"urati$n an. Statu#
;<(config)# inter#a$e 8erial 5 52 #rame.rela* ma/ i/ 22 .2 e:it i$m/.e$%o 22 .2 .2-..2-.- -22 'road$ast ;<(config-if)# ;<(config-if)# ;<(config)#
i/ sla 2 i/ sla s$%edule 2 li#e #ore,er start.time no&
;<(config-ip-sla)# ;<(config)#
;<(config-ip-sla-ec&o)#
tra$0 2 rtr 2 rea$%a'ilit*
;<# s%o& i/ sla statisti$s ;oun !rip !ime (;!!) for 3n ex 1 0atest ;!!' 4 millisecon s 0atest operation start time' I21'1='1$?7:3 *!/ 4on +e% 1- 2$$= 0atest operation return co e' 2J Num%er of successes' 2 Num%er of failures' $ 2peration time to li6e' +ore6er
N3T2
8S$+ should ha%e al# ready been configured between -3 and -L within your original peer# ing configuration. The neighbor adAacency takes a while waiting for the dead time to e4pire B*() seconds after changing of the 8S$+ network typeC.
8S$+ needs to be configured between -3 and -L with manual neighbor statements as directed in the "uestion, which ensures the routers unicast traffic to each other. To do this you need to change the network type to nonbroadcast. The unicast traffic between neighbors can be identified by an A!: that the $'- process can match, and then instead of al# lowing normal traffic flow between -L and -3 to form the neighbor relationship, the ne4t hop can be modified and as the 8S$+ TT: is set to * by default, the traffic will effecti%ely be dropped by the ne4t hop and the 8S$+ between -L
uggan
!41#
and -3 will ne%er establish. Similarly, when the obAect tracking fails, the $'- process will be o%erridden and traffic can flow as normal. This will then allow -L and -3 to form an 8S$+ adAacency. So by using the $'- command set i/ ne:t. %o/ ,eri#*.a,aila'ilit* 22 .2 .2-.2 2 tra$0 2, -L can forward normal 8S$+ traffic to *().*)).(L.( B-( +rame -elay to effecti%ely discard the trafficC if the tracked obAect B*C is up. &f the obAect status changes to down, the $'- process is in# formed, and the 8$S+ traffic to *().*)).(L.( would follow the usual ne4t hop. -L must be configured to locally policy route traffic because normal $'- beha%ior is for traffic manipulation for traffic that flows through the router rather than traffic generated by the router itself. ,4ample *#*N shows the re"uired 8S$+ configuration on -3 and -L, the $'- on -L, a debug of -( sending TT: e4pired to -L after the 8S$+ traffic is sent to -( instead of -L, and the resulting neighbor partial adAacency that is formed between -3 and -L.
2E%MPL2 1617 '4 an. '5 3SP; an. P9' C$n/i"urati$n
;4(config)# inter#a$e Giga'itEt%ernet 52.4i/ os/# net&or0 non.'road$ast router os/# 2 neig%'or 22 .2 .4-.;4(config-if)# ;4(config-if)#
;4(config-router)#
;<(config)#
inter#a$e Giga'itEt%ernet 5 i/ os/# net&or0 non.'road$ast router os/# 2 neig%'or 22 .2 e:it /ermit os/# %ost 22 .2 mat$% i/ address 2 set i/ ne:t.%o/ ,eri#*.a,aila'ilit* 22 .2 inter#a$e Giga'itEt%ernet 5 .2-.2 2 tra$0 2 .4-.- %ost 22 .2 .4-.4 .4-.4
;<(config-if)# ;<(config-if)#
;<(config-router)# ;<(config-router)# ;<(config)# ;<(config)#
a$$ess.list 2
route.ma/ 4E84 /ermit 2
;<(config-route-map)# ;<(config-route-map)# ;<(config-route-map)# ;<(config-if)# ;<(config-if)# ;<(config)# e:it
i/ /oli$* route.ma/ 4E84
i/ lo$al /oli$* route.ma/ 4E84
;2# de'ug i/ i$m/ 3/4P pac#et e%ugging is on ;2# I+e% 27 22'1='12?:4=' 3/4P' time excee e
(time to li6e) sent to 12$?1$$?4<?< (
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. est 8as 12$?1$$?4<?4) ;2# ;<# s%o& i/ os/# neig% Neig&%or 3D 12$?1$$?2?1 12$?1$$?4?1 Pri $ 1 State Dea !ime +*00, $$'$$'3= 3N3!,D;2!9.; $$'$1'4<
uggan
!42#
5 ress 3nterface 12$?1$$?2<?2 Serial$,$,1 12$?1$$?4<?4 (iga%it.t&ernet$,$
,4ample *#*9 shows the 8S$+ adAacency formed when the +rame -elay between -( and -L is shut down on -L. The $'- is o%erridden and normal routing occurs because the ne4t hop is not %erified by the obAect tracking. >our routing table needs to be an e4act replica as that shown in ,4ample *#*9. >ou must remember that when an 8S$+ adAacency forms between -L and -(, you are Aoining Area L into Area 23 and a %irtual#link between -2 and -3 is re"uired to e4# tend area ). &f you hadn6t configured a %irtual#link it would ha%e been an easy mistake that would take your points away. A difficult "uestion but a good one to practice with and e4amine how features operate and interact with each other, you may ha%e been scratching your head or cursing me but &6d be surprised if you didn6t learn something new from this "uestion. &f you configured this correctly, including the %irtual link, you ha%e scored 3 pointsPdefinitely a "uestion worth lea%ing to the end of your e4am when hopefully you ha%e time left o%er to e4periment.
2E%MPL2 1617 '3 an. '4 3SP; Virtua& Lin0 C$n/i"urati$n an. '5 Te#t
;3(config)# router os/# 2 area 34 ,irtual.lin0 22 .2 .4.2 ;3(config-router)# ;4(config)#
router os/# 2 area 34 ,irtual.lin0 22 .2 .3.2
;4(config-router)# ;<(config)#
inter#a$e s 5 52
;<(config-if)# s%ut ;<(config-if)# IKan 2 21'<:'17?:11' H2SP+-<-5DK/9(' Process 1> N%r 12$?1$$?2?1 on Serial$,$,1 from +*00 to D2WN> Neig&%or Do8n' 3nterface o8n or etac&e IKan 2 21'<:'1:?:$=' H03NJ-<-/95N(.D' 3nterface Serial$,$,1> c&ange state to a ministrati6el" o8n IKan 2 21'<:'1-?:$=' H03N.P;2!2-<-*PD2WN' 0ine protocol on 3nterface Serial$,$,1> c&ange state to o8n ;<(config-if)# do s%o& i/ os/# neig%
uggan
!43#
Neig&%or 3D Pri State Dea !ime 5 ress 3nterface N,5 $ 5!!.4P!,D;2!9.; $$'$$'33 12$?1$$?4<?4 (iga%it.t&ernet$,$ ;<(config-if)# IKan 2 21'<-'43?<4=' H2SP+-<-5DK/9(' Process 1> N%r $?$?$?$ on (iga%it.t&ernet$,$ from 5!!.4P! to D2WN> Neig&%or Do8n' Dea timer expire ;<(config-if)# IKan 2 22'$$'$:?13<' H2SP+-<-5DK/9(' Process 1> N%r 12$?1$$?4?1 on (iga%it.t&ernet$,$ from 025D3N( to +*00> 0oa ing Done ;<(config-if)# ;<# s% i/ route os/# 1<$?1$$?$?$,24 is su%nette > 3 su%nets 2 35 1<$?1$$?2?$ F11$,7=G 6ia 12$?1$$?4<?4> $$'$-'41> (iga%it.t&ernet$,$ 2 35 1<$?1$$?1?$ F11$,7=G 6ia 12$?1$$?4<?4> $$'$-'41> (iga%it.t&ernet$,$ 12$?$?$?$,: is 6aria%l" su%nette > 13 su%nets> 2 mas#s 2 35 12$?1$$?2<?$,24 F11$,13$G 6ia 12$?1$$?4<?4> $$'$-'41> (iga%it.t&ernet$,$ 2 35 12$?1$$?4?1,32 F11$,2G 6ia 12$?1$$?4<?4> $$'$-'41> (iga%it.t&ernet$,$ 2 35 12$?1$$?1?$,24 F11$,7=G 6ia 12$?1$$?4<?4> $$'$-'41> (iga%it.t&ernet$,$ 2 35 12$?1$$?2?$,24 F11$,7=G 6ia 12$?1$$?4<?4> $$'$-'41> (iga%it.t&ernet$,$ 2 35 12$?1$$?3?$,24 F11$,3G 6ia 12$?1$$?4<?4> $$'$-'41> (iga%it.t&ernet$,$ 2 35 12$?1$$?34?$,24 F11$,2G 6ia 12$?1$$?4<?4> $$'$-'41> (iga%it.t&ernet$,$ 2 35 12$?1$$?123?3,32 F11$,2G 6ia 12$?1$$?4<?4> $$'$-'41> (iga%it.t&ernet$,$ 2 35 12$?1$$?123?$,24 F11$,13$G 6ia 12$?1$$?4<?4> $$'$-'41> (iga%it.t&ernet$,$
Secti$n 2 2> 2-='P

E
!onfigure ,&7-$ using an AS number of *. The :oopback interfaces of all routers and switches should be ad# %ertised within ,&7-$. B( pointsC
1ot a difficult "uestion by any means@ Aust one that has a magnitude of configuration and sets up your ,&7-$ network for the following "uestions. >ou need to remember to include your preconfigured :oopback interfaces and enable rout# ing on the :ayer 2 switches. Mse the s%o& i/ eigr/ neig%'or command to %erify your peering prior to mo%ing onto the ne4t "uestion. &f you ha%e configured this correctly, as shown in ,4ample *#*/, you ha%e scored ( points.
uggan
!44#
2E%MPL2 161@
2-='P C$n/i"urati$n
;4# s% run > 'eg eigr/ router eigrp 1 net8or# 12$?1$$?4?1 $?$?$?$ net8or# 12$?1$$?4<?4 $?$?$?$ net8or# 12$?1$$?47?4 $?$?$?$ no auto-summar"
;<# s% run > 'eg eigr/ router eigrp 1 passi6e-interface 0oop%ac#$ net8or# 12$?1$$?<?1 $?$?$?$ net8or# 12$?1$$?4<?< $?$?$?$ net8or# 1<$?1$$?3?< $?$?$?$ no auto-summar"
;7# s% run > 'eg eigr/ router eigrp 1 net8or# 12$?1$$?7?1 $?$?$?$ net8or# 12$?1$$?47?7 $?$?$?$ net8or# 1<$?1$$?3?7 $?$?$?$ no auto-summar"
SW1(config)#
i/ routing
SW1(config)# e:it SW1# s% run > 'eg eigr/ router eigrp 1 net8or# 12$?1$$?=?1 $?$?$?$ net8or# 1<$?1$$?3?= $?$?$?$ no auto-summar" SW2(config)# i/ routing
SW2(config)# e:it SW2# s% run > 'eg eigr/ router eigrp 1 net8or# 12$?1$$?:?1 $?$?$?$ * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. net8or# 1<$?1$$?3?: $?$?$?$ no auto-summar" SW3(config)# i/ routing
uggan
!00#
SW3(config)# e:it SW3# s% run > 'eg eigr/ router eigrp 1 net8or# 12$?1$$?-?1 $?$?$?$ net8or# 1<$?1$$?3?- $?$?$?$ no auto-summar" SW4(config)#i/ routing SW4(config)#e:it SW4# s% run > 'eg eigr/ router eigrp 1 net8or# 12$?1$$?1$?1 $?$?$?$ net8or# 1<$?1$$?3?1$ $?$?$?$ no auto-summar"
,nsure that -3 does not install any of the ,&7-$ :oopback routes from any of the switches into its routing table@ as such, these routes should also not be present in the 8S$+ network post redistribution. =o not use any route# filtering A!:s, prefi4 lists, or admin distance manipulation to achie%e this, and perform configuration only on -3. B2 pointsC
A distribute or prefi4 list would ha%e been the ob%ious choice here but this is not permitted. Mpon close inspection of the :oopback routes within ,4ample *#*., you will notice that the routes ha%e a hop count of ( associated with them. Hop count isn6t something you would naturally assimilate with ,&7-$, but you can configure the process to ignore routes recei%ed with a hop count larger than a configured threshold with the command metri$ ma:imum.%o/s. 'y configuring the ma4imum hop count of * on -3, you can simply stop the :oopback routes from entering the process. &f you ha%e configured this correctly, as shown in ,4ample *#*., you ha%e scored 2 points.
2E%MPL2 1619 2-='P ma1imum6h$p# C$n/i"urati$n
;4# s%o& i/ route eigr/ 1<$?1$$?$?$,24 is su%nette > 3 su%nets D 1<$?1$$?3?$ F-$,3$=2$G 6ia 12$?1$$?47?7> $$'$$'1$> (iga%it.t&ernet$,1?47 F-$,3$=2$G 6ia 12$?1$$?4<?<> $$'$$'1$> (iga%it.t&ernet$,1?4< 12$?$?$?$,: is 6aria%l" su%nette > 17 su%nets> 2 mas#s * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. D 12$?1$$?:?$,24 F-$,1<:=2$G 6ia F-$,1<:=2$G 6ia 12$?1$$?-?$,24 F-$,1<:=2$G 6ia F-$,1<:=2$G 6ia 12$?1$$?1$?$,24 F-$,1<:=2$G 6ia F-$,1<:=2$G 6ia 12$?1$$?<?$,24 F-$,1<717$G 6ia 12$?1$$?7?$,24 F-$,1<717$G 6ia 12$?1$$?=?$,24 F-$,1<:=2$G 6ia F-$,1<:=2$G 6ia
uggan
!0"#
12$?1$$?47?7> $$'$$'1$> (iga%it.t&ernet$,1?47 12$?1$$?4<?<> $$'$$'1$> (iga%it.t&ernet$,1?4< 12$?1$$?47?7> $$'$$'1$> (iga%it.t&ernet$,1?47 12$?1$$?4<?<> $$'$$'1$> (iga%it.t&ernet$,1?4< 12$?1$$?47?7> $$'$1'$=> (iga%it.t&ernet$,1?47 12$?1$$?4<?<> $$'$1'$=> (iga%it.t&ernet$,1?4< 12$?1$$?4<?<> 12$?1$$?47?7> $$'$$'1$> (iga%it.t&ernet$,1?4< $$'$$'1$> (iga%it.t&ernet$,1?47
D D D
12$?1$$?47?7> $$'$$'1$> (iga%it.t&ernet$,1?47 12$?1$$?4<?<> $$'$$'1$> (iga%it.t&ernet$,1?4<
;4# s%o& i/ route 22 .2 .8. ;outing entr" for 12$?1$$?:?$,24 Jno8n 6ia Leigrp 1L> istance -$> metric 1<:=2$> t"pe internal ;e istri%uting 6ia ospf 1> eigrp 1 5 6ertise %" ospf 1 metric <$$$ su%nets 0ast up ate from 12$?1$$?47?7 on (iga%it.t&ernet$,1?47> $$'$$'1< ago ;outing Descriptor 1loc#s' I 12$?1$$?47?7> from 12$?1$$?47?7> $$'$$'1< ago> 6ia (iga%it.t&ernet$,1?47 ;oute metric is 1<:=2$> traffic s&are count is 1 !otal ela" is <2$$ microsecon s> minimum %an 8i t& is 1$$$$$ J%it ;elia%ilit" 2<<,2<<> minimum 4!* 1<$$ %"tes 0oa ing 1,2<<> 9ops 2 ;4# s%o& i/ route 22 .2 .9. ;outing entr" for 12$?1$$?-?$,24 Jno8n 6ia Leigrp 1L> istance -$> metric 1<:=2$> t"pe internal ;e istri%uting 6ia ospf 1> eigrp 1 5 6ertise %" ospf 1 metric <$$$ su%nets 0ast up ate from 12$?1$$?47?7 on (iga%it.t&ernet$,1?47> $$'$$'2< ago ;outing Descriptor 1loc#s' I 12$?1$$?47?7> from 12$?1$$?47?7> $$'$$'2< ago> 6ia (iga%it.t&ernet$,1?47 ;oute metric is 1<:=2$> traffic s&are count is 1 * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
uggan
!0'#
!otal ela" is <2$$ microsecon s> minimum %an 8i t& is 1$$$$$ J%it ;elia%ilit" 2<<,2<<> minimum 4!* 1<$$ %"tes 0oa ing 1,2<<> 9ops 2
;4(config)#
router eigr/ 2
;4(config-router?< metri$ ma:imum.%o/s 2 ;4(config-router)# do s%o& i/ route eigr/ 1<$?1$$?$?$,24 is su%nette > 3 su%nets D 1<$?1$$?3?$ F-$,3$=2$G 6ia 12$?1$$?47?7> $$'$$'$4> (iga%it.t&ernet$,1?47 F-$,3$=2$G 6ia 12$?1$$?4<?<> $$'$$'$4> (iga%it.t&ernet$,1?4< 12$?$?$?$,: is 6aria%l" su%nette > 13 su%nets> 2 mas#s D 12$?1$$?<?$,24 F-$,1<717$G 6ia 12$?1$$?4<?<> $$'$$'$4> (iga%it.t&ernet$,1?4< D 12$?1$$?7?$,24 F-$,1<717$G 6ia 12$?1$$?47?7> $$'$$'$4> (iga%it.t&ernet$,1?47
-3 will ha%e dual e"ual cost routes to F:A12)) Bnetwork *L).*)).2.)C from -L and -N. ,nsure -3 sends traffic to this destination network to -L rather than load sharing@ should the route from -L become una%ailable, traffic should be sent to -N. >ou may not policy route, alter the bandwidth, or delay statements on -36s interfaces or use an offset list. $erform your configuration on -3 only. >our solution should be applied to all routes recei%ed from -L and -N as opposed to solely the route to network F:A12)). B2 pointsC
To recei%e identical routes your topology must ha%e identical interface types or bandwidth statements used on -3, -L, and -N. ,4ample *#() shows the F:A12)) route B*L).*)).2.)5(3C recei%ed on -3 from both -L and -N with a metric of 2)9(). &f you wanted to manipulate this route the usual best practice method would be to modify the bandwidth or delay on one of the ,thernet interfaces, but this is not permitted. &n fact, you are only left with one method that can be applied on -3, which will influence all routes from -L and -N, as opposed to Aust this indi%idual route. A route#map is re"uired to o%erride the ,&7-$ assigned metrics assigned to routes on one interface by manipulating the bandwidth as# signed to 7igabit *5).3L. 7igabit *5).3N will, by default, ha%e a lower bandwidth assigned to routes recei%ed from it from the permit () statement in the route#map. The route#map is applied inbound to the process as a distribute#list. ,4# ample *# () also shows that when the interface 7igabit )5) is shut down on -L that the route for F:A12)) is still re# cei%ed from -N B-36s feasible successorC, so the route is still a%ailable but with a different metric. &f you ha%e configured this correctly, as shown in ,4ample *#(), you ha%e scored 2 points. B>ou could ha%e also manipulated the delay within the route#map or created a statement for each indi%idual interface as opposed to Aust 7igabit *5).3L.C
uggan
!0+#
2E%MPL2 162+
2-='P Metric Manipu&ati$n C$n/i"urati$n
;4# s% i/ route 2- .2 .3. ;outing entr" for 1<$?1$$?3?$,24 Jno8n 6ia Leigrp 1L> istance -$> metric 3$=2$> t"pe internal ;e istri%uting 6ia ospf 1> eigrp 1 5 6ertise %" ospf 1 metric <$$$ su%nets 0ast up ate from 12$?1$$?4<?< on (iga%it.t&ernet$,1?4<> $$'2<'4$ ago ;outing Descriptor 1loc#s' I 12$?1$$?47?7> from 12$?1$$?47?7> $$'2<'4$ ago> 6ia (iga%it.t&ernet$,1?47 ;oute metric is 3$=2$> traffic s&are count is 1 !otal ela" is 2$$ microsecon s> minimum %an 8i t& is 1$$$$$ J%it ;elia%ilit" 2<4,2<<> minimum 4!* 1<$$ %"tes 0oa ing 1,2<<> 9ops 1 12$?1$$?4<?<> from 12$?1$$?4<?<> $$'2<'4$ ago> 6ia (iga%it.t&ernet$,1?4< ;oute metric is 3$=2$> traffic s&are count is 1 !otal ela" is 2$$ microsecon s> minimum %an 8i t& is 1$$$$$ J%it ;elia%ilit" 2<2,2<<> minimum 4!* 1<$$ %"tes 0oa ing 1,2<<> 9ops 1
;4(config)#
route.ma/ C@(NGEME4+IC /ermit 2 mat$% inter#a$e giga'itEt%ernet set metri$ 2 set metri$ 2 router eigr/ 2 2 2-- 2 22 2-- 2 252.4-
;4(config-route-map)# ;4(config-route-map)# ;4(config-route-map)# ;4(config-route-map)# ;4(config-route-map)# ;4(config-router)# ;4(config-router)# ;4# $lear i/ route C AB
route.ma/ C@(NGEME4+IC /ermit 2
distri'ute.list route.ma/ C@(NGEME4+IC in
;4# s% i/ route 2- .2 .3. ;outing entr" for 1<$?1$$?3?$,24 Jno8n 6ia Leigrp 1L> istance -$> metric 12:2<7$> t"pe internal ;e istri%uting 6ia ospf 1> eigrp 1 5 6ertise %" ospf 1 metric <$$$ su%nets 0ast up ate from 12$?1$$?4<?< on (iga%it.t&ernet$,1?4<> $$'$3'1$ ago ;outing Descriptor 1loc#s' I 12$?1$$?4<?<> from 12$?1$$?4<?<> $$'$3'1$ ago> 6ia (iga%it.t&ernet$,1?4< ;oute metric is 12:2<7$> traffic s&are count is 1 !otal ela" is 1$$ microsecon s> minimum %an 8i t& is 2$$$ J%it * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. ;elia%ilit" 2<<,2<<> minimum 4!* 1<$$ %"tes 0oa ing 1,2<<> 9ops 1 ;<(config)# int gig 5 s%utdo&n
uggan
!04#
;<(config-if)#
;4# s% i/ route 2- .2 .3. ;outing entr" for 1<$?1$$?3?$,24 Jno8n 6ia Leigrp 1L> istance -$> metric 2<72<7$> t"pe internal ;e istri%uting 6ia ospf 1> eigrp 1 5 6ertise %" ospf 1 metric <$$$ su%nets 0ast up ate from 12$?1$$?47?7 on (iga%it.t&ernet$,1?47> $$'$$'1$ ago ;outing Descriptor 1loc#s' I 12$?1$$?47?7> from 12$?1$$?47?7> $$'$$'1$ ago> 6ia (iga%it.t&ernet$,1?47 ;oute metric is 2<72<7$> traffic s&are count is 1 !otal ela" is 1$$ microsecon s> minimum %an 8i t& is 1$$$ J%it ;elia%ilit" 2<<,2<<> minimum 4!* 1<$$ %"tes 0oa ing 1,2<<> 9ops 1

E
$erform mutual redistribution of &7$ protocols on -3. All routes should be accessible with the e4ception of the switch :oopback networks because these should not be %isible %ia -3 from an earlier "uestion. ,&7-$ routes re# distributed within the 8S$+ network should remain with a fi4ed cost of L))) throughout the network. B2 pointsC
A simple redistribution "uestion for the warm#up lab, you ha%e only a single redistribution point B-3C, so ha%e no con# cerns when using protocols such as ,&7-$ and 8S$+, with their inherent protection against routing loops. The fi4ed cost of L))) is achie%ed by ad%ertising redistributed routes into 8S$+ using a metric#type of (, which is the default, so no specific configuration is re"uired for this. The only points you need to consider when redistributing into 8S$+ are to use the su'nets command to ensure classless redistribution and to use default#metrics in each protocol. &f you ha%e con# figured this correctly, as shown in ,4ample *#(*, you ha%e scored 2 points.
2E%MPL2 1621 '4 'e.i#tributi$n C$n/i"urati$n an. Veri/icati$n
;4(config)# router eigr/ 2 redistri'ute os/# 2 de#ault.metri$ 2 2 2-- 2 2router os/# 2 redistri'ute eigr/ 2 su'nets ;4(config-router)# ;4(config-router)# ;4(config-router)# ;4(config-router)#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. ;4(config-router)# de#ault.metri$ -
uggan
!00#
;1# s%o& i/ route os/# > in$lude E2 2 .2 1<$?1$$?3?$ F11$,<$$$G 6ia 12$?1$$?123?3> $$'$$'47> Serial$,$,$ 2 .2 12$?1$$?7?$,24 F11$,<$$$G 6ia 12$?1$$?123?3> $$'$$'47> Serial$,$,$ 2 .2 12$?1$$?47?$,24 F11$,<$$$G 6ia 12$?1$$?123?3> $$'$$'47> Serial$,$,$
SW1# s%o& i/ route eigr/ > in$lude ED D .M 1<$?1$$?2?$ F1=$,2:4417G 6ia 1<$?1$$?3?7> $$'$1'43> Vlan3$$ D .M 1<$?1$$?1?$ F1=$,2:4417G 6ia 1<$?1$$?3?7> $$'$1'43> Vlan3$$ D .M 12$?1$$?2<?$,24 F1=$,2:4417G 6ia 1<$?1$$?3?7> $$'$1'43> Vlan3$$ D .M 12$?1$$?1?$,24 F1=$,2:4417G 6ia 1<$?1$$?3?7> $$'$1'43> Vlan3$$ D .M 12$?1$$?2?$,24 F1=$,2:4417G 6ia 1<$?1$$?3?7> $$'$1'43> Vlan3$$ D .M 12$?1$$?3?$,24 F1=$,2:4417G 6ia 1<$?1$$?3?7> $$'$1'43> Vlan3$$ D .M 12$?1$$?34?$,24 F1=$,2:4417G 6ia 1<$?1$$?3?7> $$'$1'43> Vlan3$$ D .M 12$?1$$?123?3,32 F1=$,2:4417G 6ia 1<$?1$$?3?7> $$'$1'43> Vlan3$$ 12$?1$$?123?$,24 F1=$,2:4417G 6ia 1<$?1$$?3?7> $$'$1'44> Vlan3$$ D .M
!onfigure -3 to only redistribute up to fi%e ,&7-$ routes, and generate a system warning when the fourth route is redistributed. =o not use any access#lists in your solution. B( pointsC.
>ou can limit the number of prefi4es redistributed into 8S$+ and generate a warning when the number of prefi4es reaches a defined ma4imum by use of the redistri'ute ma:imum./re#i: command. To generate the warning on the fourth route, you must configure a percentage threshold B/) percentC. &f you ha%e configured this correctly, as shown in ,4am# ple *#((, you ha%e scored ( points.
2E%MPL2 1622 '4 Pre/i1 C$n/i"urati$n
;4(config)# ;4(config-router)# router os/# 2 redistri'ute ma:imum./re#i: - 8

E
!onfigure i'7$ peering as followsD -*#-2, -(#-2, -N#-L, Sw*#-N, and Sw*#-L. Mse minimal configuration and use :oopback interfaces for your peering. !onfigure e'7$ peering as followsD -2#-3, -3#-N, -3#-L, and -L#-(. Mse minimal configuration and use :oopback interfaces for your peering with the e4ception of -3 to -L. B( pointsC Mse the AS numbers supplied in +igure *#.. +or your e'7$ peering on -2, use the TT: security fea#
uggan
!01#
ture, which will not permit a session from -3 to become established if -3 is more than ( hops away. This feature must be configured only on -2 and not on -3. B( pointsC ,asy peering points to begin with but lots of typing to earn them. >ou must remember to use peer groups to minimize configuration where possible, namely on -2, -N, and Switch*, and follow the peering instructions closely as these are rele%ant for the following "uestions. >ou should ha%e noticed that -2 was re"uired to be a route reflector for i'7$ peers -* and -( in AS*) and that no s*n$%roni1ation is re"uired because the underlying &7$ is not redistributed into '7$. -emember to %erify your peering with the s%o& i/ 'g/ neig%'or command. The peering becomes complicated when the TT: security feature is enabled by use of the command neig%'or 22 .2 .4.2 ttl.se$urit* %o/s 2 on -2. This command is a neat feature that will not permit the peering session if the recei%ed neighbor TT: %alue is less than (L2 in this case, which would suggest that the incoming session could be some form of remote attack with spoofed source &$ address of the original neighbor. 'ecause you are not permitted to configure the same feature on -3, the peering will of course break, e%en if you ha%e configured the ebgp multihop feature on -3 with a %alue of (. B8f course this will simply incre# ment the TT: %alue from a default %alue of ).C ,4ample *#(2 shows a debug on -2 for the ebgp peering@ the field highlighted is the TT: He4 %alue displayed from the hidden command BdumpC when performing the debug. >ou need to get the He4 %alue to += B(L2 decimalC to show -2 that the -3 can only be a ma4imum of two hops away by configuring the multihop %alue to (LL on -3. &f you ha%e con# figured this correctly, as shown in ,4ample *#(2, you ha%e scored ( points.
2E%MPL2 1623 9=P Peerin" C$n/i"urati$n
;1# s% run > 'egin 'g/ router %gp 1$ no s"nc&roniNation neig&%or 12$?1$$?3?1 remote-as 1$ neig&%or 12$?1$$?3?1 up ate-source 0oop%ac#$ no auto-summar" ;2# s% run > 'egin 'g/ router %gp 1$ no s"nc&roniNation neig&%or 12$?1$$?3?1 neig&%or 12$?1$$?<?1 neig&%or 12$?1$$?<?1 neig&%or 12$?1$$?<?1 no auto-summar"
remote-as 1$ remote-as 3$$ e%gp-multi&op 2 up ate-source 0oop%ac#$
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. ;3# s% run > 'egin 'g/ router %gp 1$ no s"nc&roniNation neig&%or 31(P peer-group neig&%or 31(P remote-as 1$ neig&%or 31(P up ate-source 0oop%ac#$ neig&%or 31(P route-reflector-client neig&%or 12$?1$$?1?1 peer-group 31(P neig&%or 12$?1$$?2?1 peer-group 31(P neig&%or 12$?1$$?4?1 remote-as 2$$ neig&%or 12$?1$$?4?1 ttl-securit" &ops 2 neig&%or 12$?1$$?4?1 up ate-source 0oop%ac#$ no auto-summar" ;4# s% run > 'egin 'g/ router %gp 2$$ no s"nc&roniNation neig&%or 12$?1$$?3?1 remote-as 1$ neig&%or 12$?1$$?3?1 e%gp-multi&op 2 neig&%or 12$?1$$?3?1 up ate-source 0oop%ac#$ neig&%or 12$?1$$?7?1 remote-as 3$$ neig&%or 12$?1$$?7?1 e%gp-multi&op 2 neig&%or 12$?1$$?7?1 up ate-source 0oop%ac#$ neig&%or 12$?1$$?4<?< remote-as 3$$ no auto-summar" ;3(config)# ;3(config)# a$$ess.list 2 e:it /ermit i/ %ost 22 .2 .4.2 %ost 22 .2 .3.2
uggan
!02#
;3# de'ug i/ /a$0et 2 detail dum/ 3P pac#et e%ugging is on ( etaile ) ( ump) for access list 1$$ ;3# !/P srcC427-2> stC1=-> seAC27$$2=--47> ac#C$> 8inC173 :4 SON $+4$$/$$' /2$4 $=4$$$$$ 1??P?? $+4$$/1$' /2$211.$ $$1$$:$$ 4</$$$2/ 75:=$$$$ 1??Q????.P?>E??? $+4$$/2$' $1$747=. $1$1$1$1 $3$3$3$3 57/4$$13 ??+R????????SD?3 $+4$$/3$' -5+D1+:5 $$$$$$$$ 7$$24$$$ +111$$$$ ?T??????Q?P?AU?? $+4$$/4$' $2$4$21: ???? B !&e !!0 from ;4 is ecremente to $1 9ex C $1 ecimal as ;4 &as e%gp-multi&op 2
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. B B B B B
uggan
!03#
configure an t&e 1(P session 8ill not %e esta%lis&e as ;3 &as t&e !!0 securit" c&ec# ena%le > from ;3Vs perspecti6e ;4 coul %e 2<4 &ops a8a"B /onfigure ;4 so t&e !!0 6alue 8ill rea 2<3 ecimal (+D &ex) %" configuring an e%gp multi&op 6alue of 2<< (t&is 6alue 8ill ecrement o8n to 2<3 8&en it is processe %" ;3)? router 'g/ 2 neig%'or 22 .2 .3.2 e'g/.multi%o/ 2--
;4(config)# ;4(config)#
;3# !/P srcC441$-> stC1=-> seAC3:2<3=$47-> ac#C32$-:<47$7 > 8inC17273 5/J $+=/117$' /2$4 $=4$$$$$ 1??P?? $+=/11=$' /2$211.$ $$1$$:$$ 4</$$$2: :/-5$$$$ 1??Q????.P?(???? $+=/11:$' +D$72:7. $1$1$1$1 $3$3$3$3 5/4D$$13 T?(n????????>4?3 $+=/11-$' .4$2:<7< 1+<2=.:. <$1$3+:= 13+/$$$$ ??eW;R?P?W??X?? $+=/115$' B No8 a &ex 6alue of +D (2<3 Decimal) can %e seen at ;3 from ;4> t&is s&o8s t&at ;4 B can not %e furt&er t&an 2 &ops a8a" from ;3 an t&e securit" c&ec# passes an 1(P B is esta%lis&e ? ;3# s% i/ 'g/ neig%'or > in$lude %o/s > 44) .xternal 1(P neig&%or ma" %e up to 2 &ops a8a"? /onnection is ./N Disa%le > 4inimum incoming !!0 2<3> 2utgoing !!0 2<<
;<# s% run > 'egin 'g/ router %gp 3$$ no s"nc&roniNation neig&%or 12$?1$$?2?1 remote-as 1$ neig&%or 12$?1$$?2?1 e%gp-multi&op 2 neig&%or 12$?1$$?2?1 up ate-source 0oop%ac#$ neig&%or 12$?1$$?7?1 remote-as 3$$ neig&%or 12$?1$$?7?1 up ate-source 0oop%ac#$ neig&%or 12$?1$$?4<?7 remote-as 2$$ neig&%or 1<$?1$$?3?= remote-as 3$$ no auto-summar" ;7# s% run > 'eg 'g/ router %gp 3$$ * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. no s"nc&roniNation neig&%or 31(P peer-group neig&%or 31(P remote-as 3$$ neig&%or 31(P up ate-source 0oop%ac#$ neig&%or 12$?1$$?4?1 remote-as 2$$ neig&%or 12$?1$$?4?1 e%gp-multi&op 2 neig&%or 12$?1$$?4?1 up ate-source 0oop%ac#$ neig&%or 12$?1$$?<?1 peer-group 31(P neig&%or 1<$?1$$?3?= peer-group 31(P no auto-summar" SW1# s% run > 'egin 'g/ router %gp 3$$ no s"nc&roniNation neig&%or 31(P peer-group neig&%or 31(P remote-as 3$$ neig&%or 12$?1$$?<?1 peer-group 31(P neig&%or 12$?1$$?7?1 peer-group 31(P no auto-summar"
uggan
!04#
AS()) is to be used as a backup transit network for traffic between AS*)) and AS2))@ as such if the +- network between -L and -( fails, ensure the peering between -( and -L is not maintained %ia the ,thernet network. =o not use any A!: type restrictions or change the e4isting peering. B( pointsC
As -( and -L peer to each other using their :oopback interfaces, the peering is maintained if the +rame -elay network between -( and -L fails. ,4ample *#(3 shows the path taken between -L and -( when the +rame -elay interface is shut down on -L. To break the peering without using A!:s, you simply need to ensure the e'g/.multi%o/ count used in the original peering is set at ( and no greater. ,4ample *#(3 also shows the &! $ debug with the TT: e4piration mes# sages, which indicate the peering will ha%e failed, e%en though there is &$ connecti%ity between :oopbacks. &f your ebg# multihop count is set at ( between -( and -L, you ha%e scored ( points.
2E%MPL2 1624 e9=P TTL 21pirati$n
;<(config) <int s 5 52 s%ut .2.2 ;<(config-if)# ;<# tra$e 22 .2
!"pe escape seAuence to a%ort? * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. !racing t&e route to 12$?1$$?2?1 1 12$?1$$?4<?4 $ msec $ msec $ msec 2 12$?1$$?34?3 $ msec 4 msec $ msec 3 12$?1$$?123?2 4 msec I 4 msec ;<# de'ug i/ i$m/ 3/4P pac#et e%ugging is on ;<# IKan 1= 21'32'32?4<<' 3/4P' time excee e ;<# IKan 1= 21'32'34?1=-' 3/4P' time excee e ;<# ;2# de'ug i/ i$m/ 3/4P pac#et e%ugging is on ;2# Kan 1= 21'27'11?31$' 3/4P' time excee e ;2# Kan 1= 21'27'13?3$7' 3/4P' time excee e
uggan
!10#
rc6 rc6
from 12$?1$$?34?3 from 12$?1$$?34?3
rc6 rc6
from 12$?1$$?34?4 from 12$?1$$?34?4
!onfigure a new :oopback interface ( on -( of *2).*)).()).*5(3, and ad%ertise this into '7$ using the network command. !onfigure -( in such a way that if the +rame -elay connection between -( and -L fails, AS2)) no longer recei%es this route. =o not use any filtering between neighbors to achie%e this or neighbor#specific com# mands. B2 pointsC
&f the peering between -( and -L fails, the new network route will flow from AS*)) to AS2)) %ia AS()) instead of flowing directly from AS*)) to AS2))@ as such a simple use of communities can be used to ensure the route is not e4# ported to AS()). >ou simply need to apply a no#e4port %alue to the route as it is ad%ertised on -( toward -2@ this way the route is not ad%ertised to AS()) if a failure occurs. Mnder normal conditions, AS()) would still see the route from AS2)). &f you ha%e configured this correctly, as shown in ,4ample *#(L, you ha%e scored 2 points.
2E%MPL2 1625 '$ute %.(erti#ement an. n$6e1p$rt C$n/i"urati$n $n '2
;<# s% i/ 'g/ 2rigin co es' i - 3(P> e - .(P> W - incomplete Net8or# Next 9op IYi13$?1$$?2$$?$,24 12$?1$$?4?1 4etric 0ocPrf Weig&t Pat& $ 1$$ $ 2$$ 1$ i
uggan
!1"#
;2(config)#
inter#a$e )oo/'a$02 i/ address 23 .2 router 'g/ 2 net&or0 23 .2 neig%'or 22 .2 neig%'or 22 .2 e:it .2 . .2 . mas0 2--.2--.2--. .3.2 route.ma/ NE.EDPE+4 out .3.2 send.$ommunit* .2 .2 2--.2--.2--.
;2(config-if)# ;2(config-if)#
;2(config-router)# ;2(config-router)# ;2(config-router)# ;2(config-router)# ;2(config)# ;2(config)#
a$$ess.list - /ermit 23 .2
route.ma/ NE.EDPE+4 /ermit 2 mat$% i/ address set $ommunit* no.e:/ort route.ma/ NE.EDPE+4 /ermit 2
;2(config-route-map)# ;2(config-route-map)# ;2(config-route-map)#
;3# s% i/ 'g/ 23 .2 .2 .2 1(P routing ta%le entr" for 13$?1$$?2$$?$,24> 6ersion 4 Pat&s' (1 a6aila%le> %est #1> ta%le Default-3P-;outing-!a%le> not a 6ertise .1(P peer) 5 6ertise to up ate-groups' 2 0ocal> (;ecei6e from a ;;-client) 12$?1$$?2?1 (metric 7<) from 12$?1$$?2?1 (13$?1$$?2$$?1) 2rigin 3(P> metric $> localpref 1$$> 6ali > internal> %est /ommunit"' no-export ;<# $on# t .nter configuration ;<(config)# int s 5 52 ;<(config-if)# s%ut ;<(config-if)# ;<# s%o& i/ 'g/ ;<# AB
to
comman s> one per line?
.n
8it& /N!0,@?
!onfigure HS-$ between -L and -N on F:A12)) with -L acti%e for .*5(3. &f the network *2).*)).()).)5(3 is no longer %isible to AS2)), -N should dynamically become the HS-$ acti%e. !onfigure -L to achie%e this solu# tion. B3 pointsC
uggan
!1'#
The clue is in the "uestion@ all you need to do is track the specific route with the &$ S:A obAect tracking feature and in# form the HS-$ process whether the '7$ route is withdrawn. >ou might feel that this isn6t strictly a '7$ "uestion, but because the &8S section has been remo%ed from the e4am, it is possible that topics and features such as this crop up within other sections, so it6s best to be aware of as many features as possible. 'ecause the "uestion doesn6t specifically instruct you to configure an e4act &$ address for your HS-$, you are free to use an unallocated &$ address. -L should be the HS-$ acti%e under normal conditions, so this should be configured with the /reem/t command to reinstate control when the route becomes %isible once again post withdrawal. Similarly, -N also re"uires /reem/t to take control when the priority of -L decrements. -L hasn6t been configured with a priority in this e4ample because it uses the default %alue of *)). ,4ample *#(N shows the configuration and testing steps in%ol%ed to withdraw the route by shutting down the +rame -elay interface on -L and toggling the HS-$ functionality between -L and -N. &f you ha%e configured this correctly, as shown in ,4ample *#(N, you ha%e scored 3 points.
2E%MPL2 1627 -P SL% Trac0in" an. 5S'P C$n/i"urati$n $n '5 an. '7
tra$0 2 i/ route 23 .2 .2 . 2--.2--.2--. rea$%a'ilit* ;<(config-trac#)# inter#a$e Giga'itEt%ernet 52 ;<(config)# ;<(config-if)# stand'* 2 i/ 2- .2 .3.2 ;<(config-if)# stand'* 2 /reem/t ;<(config-if)# stand'* 2 tra$0 2 de$rement 2
;7(config)#
inter#a$e Giga'itEt%ernet 52 stand'* 2 i/ 2- .2 stand'* 2 /riorit* 9 stand'* 2 /reem/t .3.2
;7(config-if)# ;7(config-if)# ;7(config-if)#
;<# s% stand'* giga'itEt%ernet 52 (iga%it.t&ernet$,1 - (roup 1 State is 5cti6e 23 state c&anges> last state c&ange $$'2$'11 Virtual 3P a ress is 1<$?1$$?3?1 5cti6e 6irtual 45/ a ress is $$$$?$c$=?ac$1 0ocal 6irtual 45/ a ress is $$$$?$c$=?ac$1 (61 9ello time 3 sec> &ol time 1$ sec Next &ello sent in $?47$ secs
efault)
uggan
!1+#
Preemption ena%le 5cti6e router is local Stan %" router is 1<$?1$$?3?7> priorit" -$ (expires in :?4=2 sec) Priorit" 1$$ ( efault 1$$) !rac# o%Eect 2 state *p ecrement 2$ 3P re un anc" name is L&srp-(i$,1-1L ( efault) ;<# ;<# $on# t ;<(config)# int s 5 52 ;<(config-if)# s%ut ;<(config-if)#
;<#H1(P-3-N2!3+3/5!32N' sent to neig&%or 12$?1$$?2?1 4,$ (&ol time expire ) $ %"tes ;<#H9S;P-7-S!5!./95N(.' (iga%it.t&ernet$,1 (rp 1 state 5cti6e -Y Spea# ;<#H9S;P-7-S!5!./95N(.' (iga%it.t&ernet$,1 (rp 1 state Spea# -Y Stan %" ;<# s% stand'* giga'itEt%ernet 52 (iga%it.t&ernet$,1 - (roup 1 State is Stan %" 2< state c&anges> last state c&ange $$'$$'1$ Virtual 3P a ress is 1<$?1$$?3?1 5cti6e 6irtual 45/ a ress is $$$$?$c$=?ac$1 0ocal 6irtual 45/ a ress is $$$$?$c$=?ac$1 (61 efault) 9ello time 3 sec> &ol time 1$ sec Next &ello sent in 1?::$ secs Preemption ena%le 5cti6e router is 1<$?1$$?3?7> priorit" -$ (expires in :?-:$ sec) Stan %" router is local Priorit" :$ ( efault 1$$) !rac# o%Eect 2 state Do8n ecrement 2$ 3P re un anc" name is L&srp-(i$,1-1L ( efault)
!onfigure two new :oopback interfaces on -* and -( of *(N.*.*.*5(3 and *2).*.*.*5(3, respecti%ely, and ad%er# tise these into '7$ using the net&or0 command. -2 should be configured to enable only '7$ routes originated from -* up to network *(/.).).) and from abo%e network *(/.).).) originated from -(. Mse only a single A!: on -2 as part of your solution. B2 pointsC
uggan
!14#
This is "uite an intricate "uestion because you are permitted to use only a single A!: to filter the routes on -2. The method in which you achie%e this is to use an A!: that matches networks up to *(/.).).) and permits this through one route#map while denying through a separate route#map. The route#maps should be applied on a per#neighbor basis, and both call up the same single A!:. ,4ample *#(9 shows the configuration for the new :oopbacks on -* and -( and the filtering on -2. +urther testing is detailed in ,4ample *#(/ to substantiate the filtering process on -2. &f you ha%e con# figured this correctly, as shown in ,4ample *#(9, you ha%e scored 2 points.
2E%MPL2 1627 '$ute6Map ;i&terin" $n '3
;1(config)# inter#a$e )oo/'a$02 i/ address 223.2.2.2 2--.2--.2--. router 'g/ 2 net&or0 223.2.2. mas0 2--.2--.2--. ;1(config-if)# ;1(config-if)#
;1(config-router)# ;2(config)#
inter#a$e )oo/'a$02 i/ address 23 .2.2.2 2--.2--.2--. router 'g/ 2 net&or0 23 .2.2. mas0 2--.2--.2--.
;2(config-router)# ;3(config)# ;3(config)#
a$$ess.list 2 /ermit . . . 227.2--.2--.2-route.ma/ FP4E228 /ermit 2 mat$% i/ add 2
;3(config-route-map)# ;3(config)#
route.ma/ ("E9E228 /ermit 2 mat$% i/ add 2 route.ma/ ("E9E228 /ermit 2
;3(config-route-map)# ;3(config-route-map)# ;3(config)# router 'g/ 2
;3(config-router)# ;3(config-router)#
neig%'or 22 .2 neig%'or 22 .2
.2.2 route.ma/ FP4E228 in .2.2 route.ma/ ("E9E228 in
;3# s% i/ 'g/ 1(P ta%le 6ersion is :> local router 3D is 12$?1$$?3?1 Status co es' s suppresse > ampe > & &istor"> I 6ali > Y %est> i - internal> r ;31-failure> S Stale 2rigin co es' i - 3(P> e - .(P> W - incomplete
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. Net8or# IYi127?1?1?$,24 IYi13$?1?1?$,24 IYi13$?1$$?2$$?$,24 ;3# Next 9op 12$?1$$?1?1 12$?1$$?2?1 12$?1$$?2?1
uggan
!10#
4etric 0ocPrf Weig&t Pat& $ 1$$ $ i $ 1$$ $ i $ 1$$ $ i
N3T2
This additional testing configuration is not pre# sent on the supplied, final configuration.
+urther testing of the filtering re"uires additional interfaces to be configured and ad%ertised on -* and -(. ,4ample *#(/ shows an interface higher than *(/.).).) ad%ertised on -* and one lower ad%ertised on -(@ -2 simply blocks these from entering '7$.
2E%MPL2 162@
;1(config)#
'$ute6Map ;i&terin" Veri/icati$n

inter#a$e )oo/'a$03 i/ address 232.2.2.2 2--.2--.2--. router 'g/ 2 net&or0 232.2.2. mas0 2--.2--.2--. AB
;1# s% i/ 'g/ neig%'ors 22 .2 .3.2 ad,ertised 1(P ta%le 6ersion is => local router 3D is 127?1?1?1 Status co es' s suppresse > ampe > & &istor"> I 6ali > Y %est> i - internal> r ;31-failure> S Stale 2rigin co es' i - 3(P> e - .(P> W - incomplete Net8or# IY 127?1?1?$,24 IY 132?1?1?$,24 Next 9op $?$?$?$ $?$?$?$ 4etric 0ocPrf Weig&t Pat& $ 32=7: i $ 32=7: i
!otal num%er of prefixes 2 ;3# s% i/ 'g/ 1(P ta%le 6ersion is 4> local router 3D is 12$?1$$?3?1 Status co es' s suppresse > ampe > & &istor"> I 6ali > Y %est> i - internal> r ;31-failure> S Stale 2rigin co es' i - 3(P> e - .(P> W - incomplete Net8or# IYi127?1?1?$,24 IYi13$?1?1?$,24 IYi13$?1$$?2$$?$,24 Next 9op 12$?1$$?1?1 12$?1$$?2?1 12$?1$$?2?1 4etric 0ocPrf Weig&t Pat& $ 1$$ $ i $ 1$$ $ i 1$$ $ i
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. ;2# $on# t ;2(config)# int )oo/'a$03 i/ add 2 .2.2.2 2--.2--.2--. .2.2. mas0 2--.2--.2--. router 'g/ 2 net&or0 2 AB ;2(config-if)# ;2(config-if)#
uggan
!11#
;2# s% i/ 'g/ neig%'or 22 .2 .3.2 ad,ertised 1(P ta%le 6ersion is <> local router 3D is 13$?1$$?2$$?1 Status co es' s suppresse > ampe > & &istor"> I 6ali > Y %est> i - internal> r ;31-failure> S Stale 2rigin co es' i - 3(P> e - .(P> W - incomplete Net8or# IY 1$$?1?1?$,24 IY 13$?1?1?$,24 IY 13$?1$$?2$$?$,24 Next 9op $?$?$?$ $?$?$?$ $?$?$?$ 4etric 0ocPrf Weig&t Pat& $ 32=7: i $ 32=7: i $ 32=7: i
!otal num%er of prefixes 3 ;3# s% i/ 'g/ 1(P ta%le 6ersion is 4> local router 3D is 12$?1$$?3?1 Status co es' s suppresse > ampe > & &istor"> I 6ali > Y %est> i - internal> r ;31-failure> S Stale 2rigin co es' i - 3(P> e - .(P> W - incomplete Next 9op Net8or# IYi127?1?1?$,24 12$?1$$?1?1 IYi13$?1?1?$,24 12$?1$$?2?1 IYi13$?1$$?2$$?$,24 12$?1$$?2?1 4etric 0ocPrf Weig&t Pat& $ 1$$ $ i $ 1$$ $ i $ 1$$ $ i

The prere"uisite to the "uestions is configuration of the &$%N addresses and +rame -elay. >ou should test your &$%N connecti%ity to ensure you are ready to progress to the routing "uestions. >ou will of course need +rame -elay maps to achie%e connecti%ity. Mnlike &$%3, though, you will need two maps, one to reach the &$%N remote address o%er the $F! and one to map to the remote :ink :ocal addresses. ,4ample *#(. shows the initial testing o%er +rame -elay and
uggan
!12#
re"uired &$%N configuration to progress to the routing "uestions. !onsider using the s%o& i/,3 inter#a$es 'rie# command for a "uick check of your interface configuration.
2E%MPL2 1629 -P(7 Te#tin" an. -nitia& C$n/i"urati$n
;1# de'ug #rame.rela* /a$0et +rame ;ela" pac#et e%ugging is on ;1# /ing i/,3 2 7!C2-!C !22!!3
!"pe escape seAuence to a%ort? Sen ing <> 1$$-%"te 3/4P .c&os to 2$$='/1<'/$'11''3> Serial$,$,$'.ncaps faile --no map entr" lin# =-(3PV7) ;1# $on# t ;1(config)# int s 5 5 #rame.rela* ma/ i/,3 2 AB ;1(config-if)# ;1(config-if)# ;1# ;3# $on# t ;3(config)# int s 5 5 #rame.rela* ma/ i/,3 2 AB 7!C2-!C !22!!3 ;3(config-if)# ;3(config-if)# ;1# /ing i/,3 2
timeout is 2 secon s'
7!C2-!C !22!!3 2 3 'road$ast
7!C2-!C !22!!2 3 2 'road$ast
!"pe escape seAuence to a%ort? Sen ing <> 1$$-%"te 3/4P .c&os to 2$$='/1<'/$'11''3> timeout is 2 secon s' BBBBB Success rate is 1$$ percent (<,<)> roun -trip min,a6g,max C 4,4,4 ms ;1#
;3# s% i/,3 int s 5 5 > in$lude lin0.lo$al 3P67 is ena%le > lin#-local a ress is +.:$''214'75++'+.+/'=3-$ No Virtual lin#-local a ress(es)' ;3#
uggan
!13#
;1# s% i/,3 inter#a$e s 5 5 > in$lude lin0.lo$al 3P67 is ena%le > lin#-local a ress is +.:$''213'/3++'+.=1'.3/$ No Virtual lin#-local a ress(es)' ;1# ;2# s% i/,3 inter#a$e s 5 > in$lude lin0.lo$al 3P67 is ena%le > lin#-local a ress is +.:$''213'=+++'+.:4'1..$ No Virtual lin#-local a ress(es)' ;2# s% i/,3 inter#a$e s 52 > in$lude lin0.lo$al 3P67 is ena%le > lin#-local a ress is +.:$''213'=+++'+.:4'1..$ No Virtual lin#-local a ress(es)' ;2# ;<# s% i/,3 inter#a$e s 5 52 > in$lude lin0.lo$al 3P67 is ena%le > lin#-local a ress is +.:$''214'75++'+.+/'+13$ No Virtual lin#-local a ress(es)' ;<#
i/,3 uni$ast.routing inter#a$e giga'itEt%ernet 52 i/,3 address 2 i/,3 address 2 7!C2-!C !2 !!2534 7!C2-!C !22!!2534 inter#a$e 8erial 5 5
;1(config-if)# #rame.rela* ma/ i/,3 2 7!C2-!C !22!!3 2 3 'road$ast ;1(config-if)# #rame.rela* ma/ i/,3 2 7!C2-!C !22!!2 2 3 'road$ast ;1(config-if)# #rame.rela* ma/ i/,3 6E8 !!223!7666!6E84!"EE 2 3 'road$ast ;1(config-if)# #rame.rela* ma/ i/,3 6E8 !!224!3(66!6E6C!739 2 3 'road$ast
i/,3 uni$ast.routing inter#a$e #astEt%ernet 52 i/,3 address 2 i/,3 address 2 7!C2-!C !22!!2534 7!C2-!C !22!!2534 inter#a$e serial 5
;2(config-if)# #rame.rela* ma/ i/,3 2 7!C2-!C !22!!2 2 3 'road$ast ;2(config-if)# #rame.rela* ma/ i/,3 2 7!C2-!C !22!!3 2 3 'road$ast ;2(config-if)# #rame.rela* ma/ i/,3 2 7!C2-!C !2 !!22 2 3 'road$ast ;2(config-if)# #rame.rela* ma/ i/,3 6E8 !!223!C366!6E7"!E3C2 2 3 'road$ast * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. ;2(config-if)# ;2(config-if)# ;2(config-if)# ;2(config-if)# ;2(config-if)#
uggan
!14#
#rame.rela* ma/ i/,3 6E8 !!224!3(66!6E6C!739 2 3 'road$ast inter#a$e serial 52 i/,3 address 2 7!C2-!C !24!!2534 7!C2-!C !24!!- 22- 'road$ast #rame.rela* ma/ i/,3 6E8 !!224!3(66!6E6C!623 22- 'road$ast #rame.rela* ma/ i/,3 2
i/,3 uni$ast.routing inter#a$e giga'itEt%ernet 5 i/,3 address 2 i/,3 address 2 7!C2-!C !2-!!3534 7!C2-!C !22!!3534 7!C2-!C !22!!2 3 2 'road$ast 7!C2-!C !22!!2 3 2 'road$ast inter#a$e serial 5 5 #rame.rela* ma/ i/,3 2 #rame.rela* ma/ i/,3 2
;3(config-if)# ;3(config-if)# ;3(config-if)# ;3(config-if)# ;3(config-if)#
i/,3 uni$ast.routing inter#a$e giga'itEt%ernet 5 i/,3 address 2 7!C2-!C !2-!!4534
;4(config-if)#
;<(config)# ;<(config)# ;<(config)#
i/,3 uni$ast.routing inter#a$e giga'itEt%ernet 52 i/,3 address 2 7!C2-!C !23!!-534 7!C2-!C !24!!-534 7!C2-!C !24!!2 -22 'road$ast inter#a$e 8erial 5 52 i/,3 address 2 #rame.rela* ma/ i/,3 2
;<(config-if)# ;<(config-if)# ;<(config-if)# ;<(config-if)#
#rame.rela* ma/ i/,3 6E8 !!223!7666!6E84!"EE -22 'road$ast
i/,3 uni$ast.routing inter#a$e giga'itEt%ernet 52 i/,3 address 2 7!C2-!C !23!!3534
;7(config-if)#
Secti$n 4 1> '-Pn"

E
!onfigure -&$ng ensuring your &$%N routes are %isible throughout your -&$ng domain. =o not disable split# horizon. B2 pointsC
uggan
!20#
-2 by default has split horizon enabled on the +rame -elay interface@ the hub recei%es both -* and -( ,thernet associ# ated &$%N routes but because of split#horizon will not ad%ertise these back out onto the same interface. As you are not permitted to disable split#horizon, you will need to create a tunnel between -* and -(. ,4ample *#2) shows the initial -&$ng configuration and routing tables of -* and -( without each other<s ,thernet &$%N routes present and the re"uired tunnel configuration. &f you ha%e configured this correctly, as shown in ,4ample *#2), you ha%e scored 2 points.
2E%MPL2 163+ '-Pn" C$n/i"urati$n an. Te#tin"
;1(config)# inter#a$e giga'itEt%ernet 52 i/,3 ri/ CCIE ena'le inter#a$e 8erial 5 5 i/,3 ri/ CCIE ena'le ;1(config-if)# ;1(config-if)# ;1(config-if)#
;2(config)#
inter#a$e #astEt%ernet 52 i/,3 ri/ CCIE ena'le inter#a$e serial 5 i/,3 ri/ CCIE ena'le inter#a$e serial 52 i/,3 ri/ CCIE ena'le
;2(config-if)# ;2(config-if)# ;2(config-if)# ;2(config-if)# ;2(config-if)# ;3(config)#
inter#a$e giga'itEt%ernet 5 i/,3 ri/ CCIE ena'le inter#a$e serial 5 5 i/,3 ri/ CCIE ena'le
;3(config-if)# ;3(config-if)# ;3(config-if)# ;4(config)#
inter#a$e giga'itEt%ernet 5 i/,3 ri/ CCIE ena'le
;4(config-if)# ;<(config)#
inter#a$e 8erial 5 52 i/,3 ri/ CCIE ena'le
;<(config-if)#
;1# s%o& i/,3 route ri/ 3P67 ;outing !a%le - 1$ entries /o es' / - /onnecte > 0 - 0ocal> S - Static> ; - ;3P> 1 1(P * - Per-user Static route 31 - 3S3S 01> 32 - 3S3S 02> 35 - 3S3S interarea> 3S - 3S3S summar" 2 - 2SP+ intra> 23 - 2SP+ inter> 2.1 - 2SP+ ext 1> 2.2 - 2SP+ ext 2 * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. 2N1 - 2SP+ NSS5 ext 1> 2N2 - 2SP+ NSS5 ext 2 D - .3(;P> .M - .3(;P external 2$$='/1<'/$'1<'',74 F12$,2G 6ia +.:$''214'75++'+.+/'=3-$> Serial$,$,$
uggan
!2"#
;2# s%o& i/,3 route ri/ 3P67 ;outing !a%le - 1$ entries /o es' / - /onnecte > 0 - 0ocal> S - Static> ; - ;3P> 1 1(P * - Per-user Static route 31 - 3S3S 01> 32 - 3S3S 02> 35 - 3S3S interarea> 3S - 3S3S summar" 2 - 2SP+ intra> 23 - 2SP+ inter> 2.1 - 2SP+ ext 1> 2.2 - 2SP+ ext 2 2N1 - 2SP+ NSS5 ext 1> 2N2 - 2SP+ NSS5 ext 2 D - .3(;P> .M - .3(;P external ; 2$$='/1<'/$'1<'',74 F12$,2G 6ia +.:$''214'75++'+.+/'=3-$> Serial$,$ ;3# s%o& i/,3 route ri/ 3P67 ;outing !a%le - 1$ entries /o es' / - /onnecte > 0 - 0ocal> S - Static> ; - ;3P> 1 1(P * - Per-user Static route 31 - 3S3S 01> 32 - 3S3S 02> 35 - 3S3S interarea> 3S - 3S3S summar" 2 - 2SP+ intra> 23 - 2SP+ inter> 2.1 - 2SP+ ext 1> 2.2 - 2SP+ ext 2 2N1 - 2SP+ NSS5 ext 1> 2N2 - 2SP+ NSS5 ext 2 D - .3(;P> .M - .3(;P external ; 2$$='/1<'/$'1$'',74 F12$,2G 6ia +.:$''213'/3++'+.=1'.3/$> Serial$,$,$ ; 2$$='/1<'/$'12'',74 F12$,2G 6ia +.:$''213'=+++'+.:4'1..$> Serial$,$,$ ;1(config)# inter#a$e 4unnel2 i/,3 address 2 7!C2-!C !23!!2534 i/,3 ri/ CCIE ena'le tunnel sour$e 8erial 5 5 tunnel destination 22 .2 tunnel mode i/,3i/ .223.2
;1(config-if)# ;1(config-if)# ;1(config-if)# ;1(config-if)# ;1(config-if)#
;2(config)# inter#a$e 4unnel2 ;2(config-if)# i/,3 address 2
7!C2-!C !23!!2534
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. ;2(config-if)# ;2(config-if)# ;2(config-if)# ;2(config-if)# i/,3 ri/ CCIE ena'le tunnel sour$e 8erial 5 tunnel destination 22 .2 tunnel mode i/,3i/ .223.2
uggan
!2'#
;1# s%o& i/,3 route ri/ 3P67 ;outing !a%le - 11 entries /o es' / - /onnecte > 0 - 0ocal> S - Static> ; - ;3P> 1 1(P * - Per-user Static route 31 - 3S3S 01> 32 - 3S3S 02> 35 - 3S3S interarea> 3S - 3S3S summar" 2 - 2SP+ intra> 23 - 2SP+ inter> 2.1 - 2SP+ ext 1> 2.2 - 2SP+ ext 2 2N1 - 2SP+ NSS5 ext 1> 2N2 - 2SP+ NSS5 ext 2 D - .3(;P> .M - .3(;P external ; 2$$='/1<'/$'12'',74 F12$,2G 6ia +.:$''=:74'=1$2> !unnel1 ; 2$$='/1<'/$'14'',74 F12$,2G 6ia +.:$''=:74'=1$2> !unnel1 2$$='/1<'/$'1<'',74 F12$,2G ; 6ia +.:$''214'75++'+.+/'=3-$> Serial$,$,$ ;2# s%o& i/,3 route ri/ 3P67 ;outing !a%le - 13 entries /o es' / - /onnecte > 0 - 0ocal> S - Static> ; - ;3P> 1 1(P * - Per-user Static route 31 - 3S3S 01> 32 - 3S3S 02> 35 - 3S3S interarea> 3S - 3S3S summar" 2 - 2SP+ intra> 23 - 2SP+ inter> 2.1 - 2SP+ ext 1> 2.2 - 2SP+ ext 2 2N1 - 2SP+ NSS5 ext 1> 2N2 - 2SP+ NSS5 ext 2 D - .3(;P> .M - .3(;P external ; 2$$='/1<'/$'1$'',74 F12$,2G 6ia +.:$''=:74'=1$1> !unnel1 ; 2$$='/1<'/$'1<'',74 F12$,2G 6ia +.:$''214'75++'+.+/'=3-$> Serial$,$
Secti$n 4 2> 3SP;(3

E
!onfigure 8S$+%2 with a process &= of * with all 8S$+ interfaces assigned to area ). B( pointsC.
uggan
!2+#
This is a clear#cut 8S$+%2 configuration. &f you ha%e configured this correctly, as shown in ,4ample *#2*, you ha%e scored ( points.
2E%MPL2 1631 '5 an. '7 3SP;(3 C$n/i"urati$n
;<(config)# inter#a$e giga'itEt%ernet 52 i/,3 os/# 2 area ;<(config-if)# ;7(config)#
inter#a$e giga'itEt%ernet 52 i/,3 os/# 2 area
;7(config-if)#
;<# s%o& i/,3 os/# neig%'or Neig&%or 3D 12$?1$$?7?1 Pri 1 State +*00,D; Dea !ime $$'$$'3$ 3nterface 3D 3 3nterface (iga%it.t&ernet$,1
;7# s%o& i/,3 os/# neig%'or Neig&%or 3D 12$?1$$?<?1 Pri 1 State +*00,1D; Dea !ime $$'$$'33nterface 3D 3 3nterface (iga%it.t&ernet$,1
The &$%N network is deemed to be stable@ as such, reduce the number of :SAs flooded within the 8S$+ domain. B( pointsC
To suppress the unnecessary flooding of link#state ad%ertisements in stable topologies, the i/,3 os/# #lood.redu$tion command is re"uired under interface configuration mode. &f you ha%e configured this correctly, as shown in ,4ample *# 2(, you ha%e scored ( points.
2E%MPL2 1632 '5 an. '7 ;&$$.6'e.ucti$n C$n/i"urati$n
;<(config)# inter#a$e giga'itEt%ernet 52 i/,3 os/# #lood.redu$tion ;<(config-if)# ;7(config)#
;7(config-if)#
inter#a$e giga'itEt%ernet 52 i/,3 os/# #lood.redu$tion
uggan
!24#

E
-edistribute -&$ng routes into the 8S$+%2 demand Bone wayC@ -&$ routes should ha%e a fi4ed cost of L))) asso# ciated to them within the 8S$+ network. B* pointC
As per %anilla 8S$+, the default beha%ior for 8S$+%2 is for redistributed routes to be ad%ertised with a fi4ed cost as type ( e4ternal routes, so a simple redistribution configuration with a default#metric of L))) on -L is re"uired. ,4ample *#22 shows the re"uired configuration and routing table on -N for the redistributed -&$ng routes. $ay attention to ensure you ha%e full route %isibility because the +rame -elay network on -L B())9D!*LD!)D*3DDC will not be present within the 8S$+%2 domain unless -L specifically redistributes its own connected interfaces. &f you ha%e configured this correctly, as shown in ,4ample *#22, you ha%e scored * point.
2E%MPL2 1633 '5 3SP;(3 'e.i#tributi$n C$n/i"urati$n
;<(config)# i/,3 router os/# 2 redistri'ute ri/ CCIE metri$ ;<(config-router)#
;7# s% i/,3 route os/# 3P67 ;outing !a%le - 1$ entries /o es' / - /onnecte > 0 - 0ocal> S - Static> ; - ;3P> 1 1(P * - Per-user Static route 31 - 3S3S 01> 32 - 3S3S 02> 35 - 3S3S interarea> 3S - 3S3S summar" 2 - 2SP+ intra> 23 - 2SP+ inter> 2.1 - 2SP+ ext 1> 2.2 - 2SP+ ext 2 2N1 - 2SP+ NSS5 ext 1> 2N2 - 2SP+ NSS5 ext 2 D - .3(;P> .M - .3(;P external 2.2 2$$='/1<'/$'1$'',74 F11$,<$$$G 6ia +.:$''214'75++'+.+/'+131> (iga%it.t&ernet$,1 2.2 2$$='/1<'/$'11'',74 F11$,<$$$G 6ia +.:$''214'75++'+.+/'+131> (iga%it.t&ernet$,1 2.2 2$$='/1<'/$'12'',74 F11$,<$$$G 6ia +.:$''214'75++'+.+/'+131> (iga%it.t&ernet$,1 2.2 2$$='/1<'/$'13'',74 F11$,<$$$G 6ia +.:$''214'75++'+.+/'+131> (iga%it.t&ernet$,1 2.2 2$$='/1<'/$'1<'',74 F11$,<$$$G 6ia +.:$''214'75++'+.+/'+131> (iga%it.t&ernet$,1 ;<(config)# i/,3 router os/# 2 redistri'ute ri/ CCIE metri$ -
;<(config-rtr)#
in$lude.$onne$ted
uggan
!20#
;7# s%o& i/,3 route 2 7!C2-!C !24!! 3P67 ;outing !a%le - 1$ entries /o es' / - /onnecte > 0 - 0ocal> S - Static> ; - ;3P> 1 1(P * - Per-user Static route 31 - 3S3S 01> 32 - 3S3S 02> 35 - 3S3S interarea> 3S - 3S3S summar" 2 - 2SP+ intra> 23 - 2SP+ inter> 2.1 - 2SP+ ext 1> 2.2 - 2SP+ ext 2 2N1 - 2SP+ NSS5 ext 1> 2N2 - 2SP+ NSS5 ext 2 D - .3(;P> .M - .3(;P external 2.2 2$$='/1<'/$'14'',74 F11$,<$$$G 6ia +.:$''214'75++'+.+/'+131> (iga%it.t&ernet$,1
,nsure the 8S$+2 network is reachable from the -&$ network by a single route of ())9DD5*N, which should be seen within the -&$ domain. !onfigure -L only to achie%e this. The 8S$+ domain should continue to recei%e specific -&$ng subnets. B( pointsC
As you are not mutually redistributing protocols, you are re"uired to configure an &$%N summary route into the -&$ng domain on -L to pro%ide full connecti%ity from the -&$ng domain into 8S$+%2. &f you ha%e configured this correctly, as shown in ,4ample *#23, you ha%e scored ( points.
2E%MPL2 1634 '5 '-Pn" Summary C$n/i"urati$n an. C$nnecti(ity Te#tin"
;<(config-if)# ;<(config-if)# int s 5 52 i/,3 ri/ CCIE summar*.address 2 7!!523
;1# s%o& i/,3 route ri/ 3P67 ;outing !a%le - 13 entries ; 2$$='',17 F12$,3G 6ia +.:$''213'=+++'+.:4'1..$> !unnel1 ; 2$$='/1<'/$'12'',74 F12$,2G 6ia +.:$''213'=+++'+.:4'1..$> !unnel1 ; 2$$='/1<'/$'14'',74 F12$,2G 6ia +.:$''213'=+++'+.:4'1..$> !unnel1 ; 2$$='/1<'/$'1<'',74 F12$,2G 6ia +.:$''214'75++'+.+/'=3-$> Serial$,$,$ ;1# ;1# /ing i/,3 2 7!C2-!C !23!!-
!"pe escape seAuence to a%ort? Sen ing <> 1$$-%"te 3/4P .c&os to 2$$='/1<'/$'17''<>
uggan
!21#
BBBBB Success rate is 1$$ percent (<,<)> roun -trip min,a6g,max C 12,12,17 ms ;1# /ing i/,3 2 7!C2-!C !23!!3
!"pe escape seAuence to a%ort? Sen ing <> 1$$-%"te 3/4P .c&os to 2$$='/1<'/$'17''7> timeout is 2 secon s' BBBBB Success rate is 1$$ percent (<,<)> roun -trip min,a6g,max C 12,1<,17 ms
,nsure if the serial link fails between the 8S$+ and -&$ng domain that routing is still possible between -L and -3 o%er F:A13L. =o not enable -&$ on the F:A13L interfaces of -3 and -LPconfigure -3 and -L to achie%e this, and this should be considered as an alternati%e path only if a failure occurs. B2 pointsC
-3 and -L both belong to the -&$ng domain. &f you can6t enable -&$ng on the F:A13L interfaces, all you can do is cre# ate a tunnel between the de%ices. >ou might ha%e considered enabling 8S$+%2 between routers, but you ha%e not been gi%en sufficient information to perform this, and it would then create additional problems in terms of redistribution points. ,4ample *#2L shows the re"uired configuration to tunnel &$%N through &$%3 on -3 and -L. >ou should notice that certain routes will ha%e a lower hop count through the tunnel as opposed to through the physical -&$ng network. The "uestion states that the newly configured link should be used only if a failure occurs. As such, you need to penalize the tunnel by use of an o##set.list applied directly to the tunnel interface of -3 and -L. -L will still recei%e the summary 5*N route configured earlier %ia the tunnel regardless of how high you set the hop count. The following "uestion ad# dresses this condition. &f you ha%e configured this correctly, as shown in ,4ample *#2L, you ha%e scored 2 points.
2E%MPL2 1635 '4 an. '5 Tunne& C$n/i"urati$n an. Veri/icati$n
;4(config)# inter#a$e 4unnel i/,3 address 2 7!C2-!C !27!!4534 i/,3 ri/ CCIE ena'le tunnel sour$e Giga'itEt%ernet 52.4tunnel destination 22 .2 tunnel mode i/,3i/ .4-.;4(config-if)# ;4(config-if)# ;4(config-if)# ;4(config-if)# ;4(config-if)# ;<(config)#
inter#a$e 4unnel i/,3 address 2 7!C2-!C !27!!-534 i/,3 ri/ CCIE ena'le tunnel sour$e Giga'itEt%ernet 5 tunnel destination 22 .2 tunnel mode i/,3i/ .4-.4
;<(config-if)# ;<(config-if)# ;<(config-if)# ;<(config-if)# ;<(config-if)#
uggan
!22#
;4# s%o& i/,3 route ri/ 3P67 ;outing !a%le - 12 entries /o es' / - /onnecte > 0 - 0ocal> S - Static> ; - ;3P> 1 1(P * - Per-user Static route 31 - 3S3S 01> 32 - 3S3S 02> 35 - 3S3S interarea> 3S - 3S3S summar" 2 - 2SP+ intra> 23 - 2SP+ inter> 2.1 - 2SP+ ext 1> 2.2 - 2SP+ ext 2 2N1 - 2SP+ NSS5 ext 1> 2N2 - 2SP+ NSS5 ext 2 D - .3(;P> .M - .3(;P external ; 2$$='',17 F12$,4G 6ia +.:$''214'75++'+.+/'=3-$> (iga%it.t&ernet$,$ ; 2$$='/1<'/$'1$'',74 F12$,3G 6ia +.:$''214'75++'+.+/'=3-$> (iga%it.t&ernet$,$ ; 2$$='/1<'/$'11'',74 F12$,2G 6ia +.:$''214'75++'+.+/'=3-$> (iga%it.t&ernet$,$ ; 2$$='/1<'/$'12'',74 F12$,3G 6ia +.:$''214'75++'+.+/'=3-$> (iga%it.t&ernet$,$ 6ia +.:$''=:74'2D$<> !unnel$ ; 2$$='/1<'/$'13'',74 F12$,3G 6ia +.:$''214'75++'+.+/'=3-$> (iga%it.t&ernet$,$ 6ia +.:$''=:74'2D$<> !unnel$ ; 2$$='/1<'/$'14'',74 F12$,2G 6ia +.:$''=:74'2D$<> !unnel$ ;<# s%o& i/,3 route ri/ 3P67 ;outing !a%le - 14 entries /o es' / - /onnecte > 0 - 0ocal> S - Static> ; - ;3P> 1 1(P * - Per-user Static route 31 - 3S3S 01> 32 - 3S3S 02> 35 - 3S3S interarea> 3S - 3S3S summar" 2 - 2SP+ intra> 23 - 2SP+ inter> 2.1 - 2SP+ ext 1> 2.2 - 2SP+ ext 2 2N1 - 2SP+ NSS5 ext 1> 2N2 - 2SP+ NSS5 ext 2 D - .3(;P> .M - .3(;P external ; 2$$='',17 F12$,<G 6ia +.:$''=:74'2D$4> !unnel$ ; 2$$='/1<'/$'1$'',74 F12$,3G 6ia +.:$''213'=+++'+.:4'1..$> Serial$,$,1 ; 2$$='/1<'/$'11'',74 F12$,2G 6ia +.:$''213'=+++'+.:4'1..$> Serial$,$,1 ; 2$$='/1<'/$'12'',74 F12$,2G 6ia +.:$''213'=+++'+.:4'1..$> Serial$,$,1 * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. ; ; 2$$='/1<'/$'13'',74 F12$,2G 6ia +.:$''213'=+++'+.:4'1..$> 2$$='/1<'/$'1<'',74 F12$,2G 6ia +.:$''=:74'2D$4> !unnel$ inter#a$e 4unnel i/,3 ri/ CCIE metri$.o##set 4
uggan
!23#
Serial$,$,1
;<(config)#
;<(config-if)#
;<(config-if)# do s%o& i/,3 route ri/ 3P67 ;outing !a%le - 14 entries /o es' / - /onnecte > 0 - 0ocal> S - Static> ; - ;3P> 1 1(P * - Per-user Static route 31 - 3S3S 01> 32 - 3S3S 02> 35 - 3S3S interarea> 3S - 3S3S summar" 2 - 2SP+ intra> 23 - 2SP+ inter> 2.1 - 2SP+ ext 1> 2.2 - 2SP+ ext 2 2N1 - 2SP+ NSS5 ext 1> 2N2 - 2SP+ NSS5 ext 2 D - .3(;P> .M - .3(;P external ; 2$$='',17 F12$,:G 6ia +.:$''=:74'2D$4> !unnel$ ; 2$$='/1<'/$'1$'',74 F12$,3G 6ia +.:$''213'=+++'+.:4'1..$> Serial$,$,1 ; 2$$='/1<'/$'11'',74 F12$,2G 6ia +.:$''213'=+++'+.:4'1..$> Serial$,$,1 ; 2$$='/1<'/$'12'',74 F12$,2G 6ia +.:$''213'=+++'+.:4'1..$> Serial$,$,1 ; 2$$='/1<'/$'13'',74 F12$,2G 6ia +.:$''213'=+++'+.:4'1..$> Serial$,$,1 ; 2$$='/1<'/$'1<'',74 F12$,3G 6ia +.:$''213'=+++'+.:4'1..$> Serial$,$,1 ;4(config)# inter#a$e 4unnel i/,3 ri/ CCIE metri$.o##set 4
;4(config-if)#
;4(config-if)# do s%o& i/,3 route ri/ 3P67 ;outing !a%le - 12 entries /o es' / - /onnecte > 0 - 0ocal> S - Static> ; - ;3P> 1 1(P * - Per-user Static route 31 - 3S3S 01> 32 - 3S3S 02> 35 - 3S3S interarea> 3S - 3S3S summar" 2 - 2SP+ intra> 23 - 2SP+ inter> 2.1 - 2SP+ ext 1> 2.2 - 2SP+ ext 2 2N1 - 2SP+ NSS5 ext 1> 2N2 - 2SP+ NSS5 ext 2 D - .3(;P> .M - .3(;P external ; 2$$='',17 F12$,4G 6ia +.:$''214'75++'+.+/'=3-$> (iga%it.t&ernet$,$ * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. ; ; ; ; ; 2$$='/1<'/$'1$'',74 F12$,3G 6ia +.:$''214'75++'+.+/'=3-$> 2$$='/1<'/$'11'',74 F12$,2G 6ia +.:$''214'75++'+.+/'=3-$> 2$$='/1<'/$'12'',74 F12$,3G 6ia +.:$''214'75++'+.+/'=3-$> 2$$='/1<'/$'13'',74 F12$,3G 6ia +.:$''214'75++'+.+/'=3-$> 2$$='/1<'/$'14'',74 F12$,3G 6ia +.:$''214'75++'+.+/'=3-$>
uggan
!24#
(iga%it.t&ernet$,$ (iga%it.t&ernet$,$ (iga%it.t&ernet$,$ (iga%it.t&ernet$,$ (iga%it.t&ernet$,$
,nsure that the summary route configured pre%iously is not seen back on the routing table of -L. !onfigure only -L to achie%e this. B* pointC
As briefly discussed in the pre%ious "uestion, the summary route will return to -L through the newly created tunnel in# terface. This is e4pected beha%ior because of the method in which it was originally ad%ertised. A simple /re#i:.list is re# "uired on -L to deny the summary and permit all other routes entering the tunnel interface. &f you ha%e configured this correctly, as shown in ,4ample *#2N, you ha%e scored 2 points.
2E%MPL2 1637 '5 !i#tribute6&i#t C$n/i"urati$n an. Veri/icati$n
;<# s%o& i/,3 route ri/ 3P67 ;outing !a%le - 14 entries /o es' / - /onnecte > 0 - 0ocal> S - Static> ; - ;3P> 1 1(P * - Per-user Static route 31 - 3S3S 01> 32 - 3S3S 02> 35 - 3S3S interarea> 3S - 3S3S summar" 2 - 2SP+ intra> 23 - 2SP+ inter> 2.1 - 2SP+ ext 1> 2.2 - 2SP+ ext 2 2N1 - 2SP+ NSS5 ext 1> 2N2 - 2SP+ NSS5 ext 2 D - .3(;P> .M - .3(;P external ; 2$$='',17 F12$,:G 6ia +.:$''=:74'2D$4> !unnel$ ; 2$$='/1<'/$'1$'',74 F12$,3G 6ia +.:$''213'=+++'+.:4'1..$> Serial$,$,1 ; 2$$='/1<'/$'11'',74 F12$,2G 6ia +.:$''213'=+++'+.:4'1..$> Serial$,$,1 ; 2$$='/1<'/$'12'',74 F12$,2G 6ia +.:$''213'=+++'+.:4'1..$> Serial$,$,1 ; 2$$='/1<'/$'13'',74 F12$,2G 6ia +.:$''213'=+++'+.:4'1..$> Serial$,$,1 2$$='/1<'/$'1<'',74 F12$,3G ; * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. 6ia +.:$''213'=+++'+.:4'1..$> ;<(config)# ;<(config)# ;<(config)# Serial$,$,1 7!!523
uggan
!30#
i/,3 /re#i:.list ")ECG.8FMM(+H se7 2 den* 2 i/,3 router ri/ CCIE
i/,3 /re#i:.list ")ECG.8FMM(+H se7 2- /ermit !!5 le 228 distri'ute.list /re#i:.list ")ECG.8FMM(+H in 4unnel
;<(config-router)#
;<(config-router)# do s%o& i/,3 route ri/ 3P67 ;outing !a%le - 13 entries /o es' / - /onnecte > 0 - 0ocal> S - Static> ; - ;3P> 1 1(P * - Per-user Static route 31 - 3S3S 01> 32 - 3S3S 02> 35 - 3S3S interarea> 3S - 3S3S summar" 2 - 2SP+ intra> 23 - 2SP+ inter> 2.1 - 2SP+ ext 1> 2.2 - 2SP+ ext 2 2N1 - 2SP+ NSS5 ext 1> 2N2 - 2SP+ NSS5 ext 2 D - .3(;P> .M - .3(;P external ; 2$$='/1<'/$'1$'',74 F12$,3G 6ia +.:$''213'=+++'+.:4'1..$> Serial$,$,1 ; 2$$='/1<'/$'11'',74 F12$,2G 6ia +.:$''213'=+++'+.:4'1..$> Serial$,$,1 ; 2$$='/1<'/$'12'',74 F12$,2G 6ia +.:$''213'=+++'+.:4'1..$> Serial$,$,1 ; 2$$='/1<'/$'13'',74 F12$,2G 6ia +.:$''213'=+++'+.:4'1..$> Serial$,$,1 ; 2$$='/1<'/$'1<'',74 F12$,3G 6ia +.:$''213'=+++'+.:4'1..$> Serial$,$,1
Secti$n 5> B$S ?@ P$int#A

E
>ou are re"uired to configure QoS on Switch* according to the !isco QoS baseline model. !reate a odular QoS configuration for all user ports B+ast ,thernet *#(3C that facilitates the following re"uirements B2 pointsCD *C All ports should trust the =S!$ %alues recei%ed from their connecting de%ices. (C $ackets recei%ed from the user ports with =S!$ %alues of 3/, 3N, 23, 2(, (3, (/, *N and *) should be remarked to =S!$ / B$H' !S*C if traffic flowing occurs abo%e L bps on a per port basis. This traffic could be a combination of any of the preceding =S!$ %alues with any source5destination combination. ,nsure a minimum burst %alue is configured abo%e the L bps.
&t is acknowledged within the industry that a user port rarely generates more than L bps of traffic on a standard +ast,thernet connection. &f traffic rates increase abo%e this threshold, it could be indicati%e of a =8S or 0orm attack. A
uggan
!3"#
method of mitigating an attack is to create a Sca%enger#!lass that simply remarks traffic =S!$ %alues when the thresh# old has been e4ceeded. This will not block traffic but will ensure that mission#critical traffic remains unaffected from an attack by trusting the =S!$ %alue for known traffic and re#marking unknown application traffic down to !S*. To answer the "uestion, you are re"uired to create a odular QoS policy that trusts the incoming =S!$ %alue recei%ed from the host within the policy rather than by configuring the trust %alue on a per#interface basis and by policing traffic at a rate of L bps. 0hen the minimum burst rate is e4ceeded, the =S!$ %alues will be remapped according to the /oli$ed. ds$/ map to Sca%enger#!lass !S* B=S!$/C. >ou should note that all =S!$ baseline %alues are being remapped with the e4ception of =S!$(N, which is generally reser%ed for mission#critical data. This approach enables traffic asso# ciated with this %alue to remain unchanged e%en when traffic rates e4ceed L bps@ this approach also assumes that the %irus does not itself re#mark traffic to this %alue to increase its chances of causing damage. The e4clusion of =S!$(N though is not rele%ant to the configuration and methodology you use to answer the "uestion. The "uestion re"uires you to configure a standard &$ A!: that permits any traffic. +or traffic matching this classification, the =S!$ %alue in the incoming packet is trusted. &f the matched traffic e4ceeds an a%erage traffic rate of L bps and a normal burst size of /))) bytes, its =S!$ is marked down according to the policed =S!$ map %alues and transmitted. &f you ha%e config# ured this correctly, as shown in ,4ample *#29, you ha%e scored 2 points.
2E%MPL2 1637 '5 !i#tribute6&i#t C$n/i"urati$n an. Veri/icati$n
SW1(config)# SW1(config)# mls 7os mls 7os ma/ /oli$ed.ds$/ 48 43 34 32 24 28 23 2 to 8
SW1(config)# a$$ess.list 2 /ermit an* SW1(config)# $lass.ma/ PE)ICE SW1(config-cmap)# mat$% a$$ess.grou/ 2 SW1(config-cmap)# e:it SW1(config)# /oli$*.ma/ +E.M(+G SW1(config-pmap)# $lass PE)ICE SW1(config-pmap-c)# trust ds$/ SW1(config-pmap-c)# /oli$e 8 SW1(config-pmap-c)# SW1(config-pmap)# SW1(config)# e:it e:it
e:$eed.a$tion /oli$ed.ds$/.transmit
inter#a$e range #astEt%ernet
52.24
ser,i$e./oli$* in/ut +E.M(+G
SW1# s%o& /oli$*.ma/ +E.M(+G
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. Polic" 4ap ;.-45;J /lass P203/. police <$$$$$$ :$$$ excee -action scp trust
uggan
!3'#
police - scp-transmit
Switch* will be connected to a new trusted domain in the future using interface gigabit )5*. A =S!$ %alue re# cei%ed locally on sw* of A+32 should be mapped to A+3( when destined for the new domain. B( pointsC
This re"uires a =S!$ mutation map to con%ert =S!$ %alues between en%ironments. &f you didn6t realize that A+32 is =S!$2/ and A+3( is =S!$2N, you would struggle to answer this "uestion, but a search of your documentation != should ha%e assisted you. +or the mutation map to function correctly, you need to e4plicitly trust =S!$ %alues recei%ed on the interface on which you are configuring the map. &f you ha%e configured this correctly, as shown in ,4ample *#2/, you ha%e scored ( points.
2E%MPL2 163@ S)itch1 !SCP6mutati$n Map C$n/i"urati$n
SW1(config)# SW1(config)# mls 7os ma/ ds$/.mutation (643.4E.(642 38 to 33 inter#a$e Gig 52 mls 7os trust ds$/ mls 7os ds$/.mutation (643.4E.(642
!onfigure !isco odular QoS as follows on -* for the following traffic types based on their associated $er Hop 'eha%ior into classes. &ncorporate these into an o%erall policy that should be applied to the T* interface S)5)5). Assume a $F! of line rate on the +rame -elay network, and allow each class the effecti%e bandwidth as detailed B( pointsC D
C&a## P59 %##i"ne. Spee.
-outing Fo&$ &nteracti%e Fideo ission !ritical =ata !all#Signaling Transactional =ata 1etwork#mgmt 'ulk =ata
!SN ,+ A+3* A+2* !S2 A+(* !S( Af**
3N Rbps (39 Rbps (39 Rbps (39 Rbps 3N Rbps (*N Rbps 3N Rbps 3N Rbps
uggan
!3+#
Sca%enger =efault
!S* )
*L Rbps 2/N Rbps
Two points are a%ailable here, so you know it6s either going to be comple4 or in%ol%e a great deal of configuration. This one is a bit of both, so there is a risk of configuration errors for those points to slip away. There is also some math in# %ol%ed because the /oli$*.ma/ re"uires a percentage %alue of bandwidth as opposed to actual speed, as you are using a T* interface you know that the ma4imum a%ailable bandwidth is *L33 Rbs and a line rate $F! is assumed, so the %alues re"uired are as followsD *Z [ *L Rbps, 2Z [ 3N Rbps, *3Z [ (*N Rbps, *NZ [ (39 Rbps, (LZ [ 2/N Rbps. A $lass.ma/ to match all %alues for the pro%ided classes is re"uired that is then associated with the /oli$*.ma/. The o%er# all policy is then applied to the outgoing interface Serial)5)5), and a nice little gotcha is that you must configure the in# terface with the command ma:.reser,ed.'and&idt% 2 @ otherwise, the full bandwidth is not made a%ailable for the policy. Msually you would assign %oice traffic into a real#time "ueue B::QC, but the "uestion doesn6t dictate this, so ef# fecti%ely all traffic types are being assigned with different proportions of !'0+Q. &f you ha%e configured this correctly, as shown in ,4ample *#2., you ha%e scored ( points.
2E%MPL2 1639 S)itch1 M$.u&ar B$S C$n/i"urati$n
;1# s% run $lass.ma/ B class-map matc&-all matc& ip scp ef class-map matc&-all matc& ip scp af11 class-map matc&-all matc& ip scp cs2 class-map matc&-all matc& ip scp af41 class-map matc&-all matc& ip scp cs7 class-map matc&-all matc& ip scp cs1 class-map matc&-all matc& ip scp af21 class-map matc&-all matc& ip scp af31
V23P 1*0J-D5!5 N.!-45N V3D.2 ;2*!3N( S/5V.N(.; !;5NS-D5!5 43SS32N-/;3!
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. class-map matc&-all /500-S3( matc& ip scp cs3 B en ;1# s% run /oli$*.ma/ B polic"-map Z2S class V23P %an 8i t& percent 17 class V3D.2 %an 8i t& percent 17 class 1*0J-D5!5 %an 8i t& percent 3 ran om- etect class !;5NS-D5!5 %an 8i t& percent 14 class N.!-45N %an 8i t& percent 3 class ;2*!3N( %an 8i t& percent 3 class S/5V.N(.; %an 8i t& percent 1 class 43SS32N-/;3! %an 8i t& percent 17 ran om- etect class /500-S3( %an 8i t& percent 3 class class- efault %an 8i t& percent 2< B en ;1# s% run int s 5 5 > 'egin ma:.reser,ed.'and&idt% 2 max-reser6e -%an 8i t& 1$$ ser6ice-polic" output Z2S en ;1# s%o& /oli$*.ma/ =E8 Polic" 4ap Z2S
uggan
!34#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. /lass 1an /lass 1an /lass 1an
uggan
!30#
V23P 8i t& 17 (H) 4ax !&res&ol 74 (pac#ets) V3D.2 8i t& 17 (H) 4ax !&res&ol 74 (pac#ets) 1*0J-D5!5 8i t& 3 (H) exponential 8eig&t class min-t&res&ol max-t&res&ol mar#-pro%a%ilit" ---------------------------------------------------------$ 1 2 3 4 < 7 = rs6p 1,1$ 1,1$ 1,1$ 1,1$ 1,1$ 1,1$ 1,1$ 1,1$ 1,1$
/lass 1an /lass 1an /lass 1an /lass 1an /lass 1an
!;5NS-D5!5 8i t& 14 (H) 4ax !&res&ol 74 (pac#ets) N.!-45N 8i t& 3 (H) 4ax !&res&ol 74 (pac#ets) ;2*!3N( 8i t& 3 (H) 4ax !&res&ol 74 (pac#ets) S/5V.N(.; 8i t& 1 (H) 4ax !&res&ol 74 (pac#ets) 43SS32N-/;3! 8i t& 17 (H) exponential 8eig&t class min-t&res&ol max-t&res&ol mar#-pro%a%ilit" ---------------------------------------------------------$ 1 2 3 4 < 1,1$ 1,1$ 1,1$ 1,1$ 1,1$ 1,1$
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. 7 = rs6p /lass 1an /lass 1an -
uggan 1,1$ 1,1$ 1,1$
!31#
/500-S3( 8i t& 3 (H) 4ax !&res&ol class- efault 8i t& 2< (H) exponential 8eig&t class min-t&res&ol
74 (pac#ets)
max-t&res&ol
mar#-pro%a%ilit"
---------------------------------------------------------$ 1 2 3 4 < 7 = rs6p 1,1$ 1,1$ 1,1$ 1,1$ 1,1$ 1,1$ 1,1$ 1,1$ 1,1$
!onfigure -( so that traffic can be monitored on the +rame -elay network with a %iew to a dynamic policy being generated in the future that trusts the =S!$ %alue of traffic identified on this media. B* pointC
This is a simple "uestion that re"uires the command auto dis$o,er* 7os trust be configured under the +rame -elay inter# face of -(. This command uses 1'A- to inspect the application traffic that flows through the router with a %iew of generating a QoS policy based on the traffic flow profile. The keyword trust in the command ensures that the =S!$ %alue of the traffic monitored on the network is trusted. &f you ha%e configured this correctly, you ha%e scored * point.

E
!onfigure -2 to identify and discard the following custom %irus. The %irus is characterized by the AS!&& charac# ters HastingsO'eer within the payload and utilizes M=$ ports **NN3 to **NNN. The &= of the %irus begins on the third character of the payload. The %irus originated on F:A1 23. B3 pointsC
uggan
!32#
This fictitious %irus re"uires the use of 1'A- with $=: to inspect a packet payload to identify the %irus based on the information supplied within the "uestion. As the %irus is located within the third AS!&& character, you need to inform the custom 1'A- list to ignore the first two characters, which ensures that it will begin to check the third packet. &f you ha%e configured this correctly, as shown in ,4ample *#3), you ha%e scored 2 points. >ou can use the s%o& /oli$*.ma/ command to %erify your configuration.
2E%MPL2 164+ '3 N9%' C$n/i"urati$n
;3(config)# i/ n'ar $ustom @astingsI"eer 2 as$ii @astingsI"eer ud/ range 22334 22333 ;3(config)# $lass.ma/ mat$%.all 9I+F8 ;3(config-cmap)# mat$% /roto$ol @astingsI"eer ;3(config-cmap)# /oli$*.ma/ ")ECG.9I+F8 ;3(config-pmap)# $lass 9I+F8 ;3(config-pmap-c)# dro/ ;3(config-pmap-c)# inter#a$e giga'it 5 ;3(config-if)# 8er,i$e./oli$* in/ut ")ECG.9I+F8
There is an infected host on F:A1 ()) of *L).*)).(.*)). ,nsure that only within '7$ AS*), traffic destined for this host is directed to null) of each local router. >ou may not use any A!:s to block traffic to this host specifi# cally but may use a static route pointing to null ) for traffic destined to *.(.).(.) 5(3 on routers within AS*). -( may ha%e an additional static route pointing to null). Mse a '7$ feature on -( to ensure traffic to this source is blocked. $re%ent unnecessary replies when traffic is passed to the null) interface for users residing on F:A1*)). B3 pointsC
This "uestion is representati%e of black#hole routing. This is an effecti%e method of discarding packets being sent to a known destination. This approach to discarding traffic is efficient because it enables the edge routers to route traffic rather than use A!:s, and it can be deployed dynamically by making use of the ne4t#hop field within '7$ updates. >ou are permitted to create a static route on -outers -*, -(, and -2 in AS*) for network *.(.).(.)5(3 to null) and one addi# tional route on -(. This route would need to be directing traffic to the infected host to null), to update -outers -* and -2. -( simply ad%ertises the host route for the infected host to AS*) and sets the ne4t#hop for this to *.(.).(.*. -outers -* and -2 then direct traffic to null) when traffic is destined to the infected host. To ensure the solution is only used in AS*), you need to set the community to no.e:/ort for the specific static route and tag the route with a %alue of *) to identify it. >ou must therefore send the community %alues to neighbor -2 on -(, but this should ha%e completed pre%i# ously for an earlier '7$ "uestion. Mse of the no i$m/ unrea$%a'le command on -*6s 7igabit,thernet interface pre%ents unnecessary replies when traffic is passed to the 1ull) interface. &f you ha%e configured this correctly, as shown in ,4# ample *#3*, you ha%e scored 2 points.
uggan
!33#
2E%MPL2 1641
;2(config)# ;2(config)# ;2(config)#
9=P 9&ac0 5$&e '$utin" C$n/i"urati$n an. Veri/icati$n

i/ route 292. .2.2 2--.2--.2--.2-- null i/ route 2- .2 router 'g/ 2 redistri'ute stati$ route.ma/ ")(CG@E)E route.ma/ ")(CG@E)E /ermit 2 mat$% tag 2 set i/ ne:t.%o/ 292. .2.2 set $ommunit* no.e:/ort e:it .2.2 2--.2--.2--.2-- Null 4ag 2
;2(config-route-map)# ;2(config-route-map)# ;2(config-route-map)# ;2(config-route-map)# ;2(config)#
i/ route 292. .2.2 2--.2--.2--.2-- null
;2(config)# do s%o& i/ 'g/ neig% 22 .2 .3.2 ad,ertised 1(P ta%le 6ersion is 7> local router 3D is 13$?1$$?2$$?1 Status co es' s suppresse > ampe > & &istor"> I 6ali > Y %est> i - internal> r ;31-failure> S Stale 2rigin co es' i - 3(P> e - .(P> W - incomplete Next 9op 4etric 0ocPrf Weig&t Pat& Net8or# IY 13$?1?1?$,24 $?$?$?$ $ 32=7: i IY 13$?1$$?2$$?$,24 $?$?$?$ $ 32=7: i IY 1<$?1$$?2?1$$,32 1-2?$?2?1 $ 32=7: i !otal num%er of prefixes 3 ;2# s%o& i/ route 2- .2 .2.2 ;outing entr" for 1<$?1$$?2?1$$,32 Jno8n 6ia LstaticL> istance 1> metric $ (connecte ) !ag 1$ ;e istri%uting 6ia %gp 1$ 5 6ertise %" %gp 1$ route-map 105/J920. ;outing Descriptor 1loc#s' I irectl" connecte > 6ia Null$ ;oute metric is $> traffic s&are count is 1 ;oute tag 1$ ;3(config)# i/ route 292. .2.2 2--.2--.2--.2-- null
;3(config)# do s%o& i/ 'g/ 1(P ta%le 6ersion is 14> local router 3D is 12$?1$$?3?1 Status co es' s suppresse > ampe > & &istor"> I 6ali > Y %est> i - internal> r ;31-failure> S Stale
uggan
!34#
2rigin co es' i - 3(P> e - .(P> W - incomplete Net8or# Next 9op 4etric 0ocPrf Weig&t Pat& IYi127?1?1?$,24 12$?1$$?1?1 $ 1$$ $ i IYi13$?1?1?$,24 12$?1$$?2?1 $ 1$$ $ i IYi13$?1$$?2$$?$,24 12$?1$$?2?1 $ 1$$ $ i I i1<$?1$$?2?1$$,32 1-2?$?2?1 $ 1$$ $ i
i/ route 292. .2.2 2--.2--.2--.2-- null inter#a$e Giga'it 52 no i$m/ unrea$%a'le
;1(config-if)#
;1(config-if)# do s%o& i/ 'g/ 1(P ta%le 6ersion is :> local router 3D is 127?1?1?1 Status co es' s suppresse > ampe > & &istor"> I 6ali > Y %est> i - internal> r ;31-failure> S Stale 2rigin co es' i - 3(P> e - .(P> W - incomplete Net8or# Next 9op 4etric 0ocPrf Weig&t Pat& IY 127?1?1?$,24 $?$?$?$ $ 32=7: i IYi13$?1?1?$,24 12$?1$$?2?1 $ 1$$ $ i IYi13$?1$$?2$$?$,24 12$?1$$?2?1 $ 1$$ $ i I i1<$?1$$?2?1$$,32 1-2?$?2?1 $ 1$$ $ i ;1# s%o& i/ route 2- .2 .2.2 ;outing entr" for 1<$?1$$?2?1$$,32 Jno8n 6ia L%gp 1$L> istance 2$$> metric $> t"pe internal 0ast up ate from 1-2?$?2?1 $$'$$'$2 ago ;outing Descriptor 1loc#s' I 1-2?$?2?1> from 12$?1$$?3?1> $$'$$'$2 ago ;oute metric is $> traffic s&are count is 1 5S 9ops $ ;1# s%o& i/ route 292. .2.2 ;outing entr" for 1-2?$?2?1,32 Jno8n 6ia LstaticL> istance 1> metric $ (connecte ) ;outing Descriptor 1loc#s' I irectl" connecte > 6ia Null$ ;oute metric is $> traffic s&are count is 1
&n a %iew of protecting the control plane on -outer -N, configure !o$$ so that &$ $ackets with a TT: of ) or * are dropped rather than processed with a resulting &! $ redirect sent to the source. B* pointC
uggan
!40#
!isco &8S Software sends all packets with a TT: of ) or * to the process le%el to be processed. The de%ice must then send an &! $ TT: e4pire message to the source. 'y filtering packets that ha%e a TT: of ) and *, you can reduce the load on the process le%el. The control plane policing simply blocks packets with a TT: %alue of ) and * as directed, but this will break your ,&7-$ and '7$ peering. So you must specifically permit these packets within your A!:@ otherwise, you would ha%e Aust lost %aluable points. &f you found yourself running short on time and couldn6t Austify fur# ther time to in%estigate how to maintain your routing peering, remember that this is a *#point "uestion, worth lea%ing and coming back to if possible. &f you ha%e configured this correctly, as shown in ,4ample *#3(, you ha%e scored * point.
2E%MPL2 1642 C$PP C$n/i"urati$n
;7(config)# i/ a$$ess.list e:tended 44) ;7(config-ext-nacl)# den* eigr/ an* an* ;7(config-ext-nacl)# den* t$/ an* an* e7 'g/ ;7(config-ext-nacl)# den* t$/ an* e7 'g/ an* ;7(config-ext-nacl)# /ermit i/ an* an* ttl e7 2 ;7(config-ext-nacl)# $lass.ma/ D+EP.44). 52 ;7(config-cmap)# mat$% a$$ess.grou/ name 44) ;7(config-cmap)# /oli$*.ma/ CoPP.44) ;7(config-pmap)# $lass D+EP.44). 52 ;7(config-pmap-c)# dro/ ;7(config-pmap-c)# $ontrol./lane ;7(config-cp)# ser,i$e./oli$* in/ut CoPP.44)

E
!onfigure -outers -*, -(, -2, and -3 for &$%3 ulticast. !onfigure -2 to send multicast ad%ertisements of its own time by use of 1T$ sourced from interface 7ig )5). !onfigure $& sparse mode on all re"uired interfaces. -2 should also be used to ad%ertise its own gigabit interface &$ address as an -$. -2 should also ad%ertise the &$ address you are using for the 1T$ ad%ertisements, which will be ((3.).*.*. =o not use the command nt/ ser,er in any configurations. -outers -*, -(, and -3 should all show a clock synchronized to that of -2. B3 pointsC
1T$ can be multicast on the reser%ed group &$ address of ((3.).*.* rather than the more familiar broadcast or unicast scenarios. The "uestion re"uires you to configure -2 to become the 1T$ master and announce the group address to the 1T$ clients. As you are not permitted to use the command nt/ ser,er you must configure the clients with the command nt/ multi$ast $lient. They will then ha%e the capability to Aoin the 1T$ group by use of $& . &t is good practice to TT:
uggan
!4"#
scope your multicast announcements so that they do not propagate past the domain you re"uire. &f you ha%en6t taken this into consideration in your solution, you would not be deducted points, but be aware of the facility in case you are met with a "uestion that specifies this. &f you ha%e configured this correctly, as shown in ,4ample *#32, you ha%e scored 3 points.
2E%MPL2 1643 NTP Mu&tica#t C$n/i"urati$n an. Veri/icati$n
;3(config)# ;3(config)# ;3(config)# i/ multi$ast.routing nt/ master inter#a$e Giga'itEt%ernet 5 i/ /im s/arse.mode nt/ multi$ast ttl 2 inter#a$e 8erial 5 5 i/ /im s/arse.mode i/ /im send.r/.announ$e Giga'itEt%ernet 5 s$o/e 2 grou/.list 4
;3(config-if)# ;3(config-if)# ;3(config-if)# ;3(config-if)# ;3(config-if)# ;3(config)# ;3(config)#
i/ /im send.r/.dis$o,er* Giga'itEt%ernet 5 s$o/e 2 a$$ess.list 4 /ermit 224. .2.2
;3# s%o& nt/ status /loc# is s"nc&roniNe > stratum :> reference is 12=?12=?=?1 nominal freA is 2<$?$$$$ 9N> actual freA is 2<$?$$$$ 9N> precision is 2II1: reference time is /-:+1.71?25.1-31$ (21'1='21?17= *!/ !ue +e% 2= 2$$=) cloc# offset is $?$$$$ msec> root ela" is $?$$ msec root ispersion is $?$2 msec> peer ispersion is $?$2 msec ;1(config)# i/ multi$ast.routing inter#a$e 8erial 5 5 i/ /im s/arse.mode nt/ multi$ast $lient
;1# s%o& nt/ status /loc# is s"nc&roniNe > stratum -> reference is 12$?1$$?34?3 nominal freA is 2<$?$$$$ 9N> actual freA is 2<$?$$$$ 9N> precision is 2II1: reference time is /-:+1.=-?-+12321D (21'1='4<?723 *!/ !ue +e% 2= 2$$=) cloc# offset is $?$1<= msec> root ela" is 3?:: msec root ispersion is $?$7 msec> peer ispersion is $?$2 msec ;1(config-if)# ;1# s%o& i/ igm/ grou/ 3(4P /onnecte (roup 4em%ers&ip * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. (roup 5 ress 224?$?1?1 224?$?1?3224?$?1?4$ ;2(config)# 3nterface Serial$,$,$ Serial$,$,$ Serial$,$,$ *ptime $$'4$'12 $$'$='21 $$'4$'13
uggan
!4'#
.xpires 0ast ;eporter $$'$2'<$ 12$?1$$?123?1 $$'$2'<1 12$?1$$?123?3 $$'$2'<2 12$?1$$?123?1
i/ multi$ast.routing inter#a$e 8erial 5 i/ /im s/arse.mode nt/ multi$ast $lient
+2< s%o& nt/ status Clo$0 is s*n$%roni1ed, stratum 9, re#eren$e is 22 .2 .34.3 nominal #re7 is 2- . @1, a$tual #re7 is 2- . @1, /re$ision is 2CC28 re#eren$e time is C9862E73.83"73E38 J22!27!39.-24 F4C 4ue 6e' 27 2 $lo$0 o##set is . 282 mse$, root dela* is 4.24 mse$ +2< s%o& i/ igm/ groun/ root dis/ersion is 2-87-. 3 mse$, /eer dis/ersion is 2-87-. 2 mse$ IGMP Conne$ted Grou/ Mem'ers%i/ Grou/ (ddress Inter#a$e F/time E:/ires )ast +e/orter 224. .2.2 8erial 5 !42! 8 ! 2!-9 22 .2 .223.2 22a4. .%2.4 a 8Merial o5 a e!42!d 9 ! 2!-9 22 .2 .223.2 224. .2.39 8erial 5 ! 8!22 ! 2!-7 22 .2 .223.3 +4J$on#ig?< i/ multi$ast.routing +4J$on#ig.i#?< inter#a$e Giga'itEt%ernet 5 +4J$on#ig.i#?< i/ /im s/arse.mode +4J$on#ig.i#?< nt/ multi$ast $lient ;4# s%o& nt/ status /loc# is s"nc&roniNe > stratum -> reference is 12$?1$$?34?3 nominal freA is 2<$?$$$$ 9N> actual freA is 2<$?$$$$ 9N> precision is 2II1: reference time is /-:+1.+1?21=D11+2 (21'1-'4<?17- *!/ !ue +e% 2= 2$$=) cloc# offset is -$?7-3= msec> root ela" is 1?3= msec root ispersion is =:==?$: msec> peer ispersion is =:=7?34 msec ;4# s%o& i/ igm/ grou/ 3(4P /onnecte (roup 4em%ers&ip (roup 5 ress 3nterface 224?$?1?1 (iga%it.t&ernet$,$
7?
*ptime $$'41'2-
.xpires $$'$2'42
0ast ;eporter 12$?1$$?34?4
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. 224?$?1?3224?$?1?4$ (iga%it.t&ernet$,$ (iga%it.t&ernet$,$ $$'$:'3< $$'41'$=
uggan 12$?1$$?34?3 12$?1$$?34?4
!4+#
$$'$2'42 $$'$2'42
-P Ser(ice# ?4 P$int#A
E
!onfigure the following commands on -outer -*D aaa new#model logging buffered logging *().*))....*
!onfigure a policy on -outer -* so that if a user tries to remo%e AAA ser%ices or disable logging %ia the !:& that a sys# log message of M1AMTH8-&U,=#!8 A1=#,1T,-,= is generated. The policy should ensure either command is not e4ecuted and should consist of a single#line command for the !:& pattern detection. The policy and !:& should run asynchronously. The policy should also generate an email from the router to a mail ser%er residing on &$ address *().*))....( Bto securityVlab#e4am.net from eemVlab#e4am.net, with the subAect WMser#&ssue,W with the message body consisting of details of who was logged on the time either of the commands were enteredC. B( pointsC This is an intricate ,mbedded ,%ents anager B,, C "uestion. >ou are re"uired to configure an ,, applet with a !:& pattern e%ent on a single line to match on either of the commands Bno aaa ::: and no logging :::C. This is achie%ed by a pattern of KAno Jaaa>logging?.CK. The following s*n$ no s0i/ *es parameters simply state that the policy and !:& should run asynchronously and that the command entered should not be e4ecuted as directed. 0hen the commands are matched %ia the !:& pattern, the policy re"uires the syslog message to be generated, a !:& command action to run Sshow users,T and a final action to send an email with the details of the pre%ious s%o& command Bwhich is achie%ed by the command KLI$liIresultKC. ,4ample *#33 details the re"uired configuration and resulting e4ecution of the ,, when the commands no aaa ne&.model and no logging 'u##ered are entered and not e4ecuted on the router. &f you ha%e config# ured this correctly, as shown in ,4ample *#33, you ha%e scored ( points.
2E%MPL2 1644 '1 22M C$n/i"urati$n an. Veri/icati$n Te#tin"
;1(config)# aaa ne&.model ;1(config)# logging 'u##ered ;1(config)# logging 22 .2 .99.2 ;1(config)# ;1(config)# e,ent manager a//let CCIE.=FE84IEN * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. ;1(config-applet)# ;1(config-applet)# ;1(config-applet)# ;1(config-applet)# KLI$liIresultK
uggan
!44#
e,ent $li /attern KAno Jaaa>logging?.CK s*n$ no s0i/ *es a$tion 2. s*slog msg KFN(F4@E+IBED.CEMM(ND.EN4E+EDK a$tion 2. $li $ommand Ks%o& userK a$tion 3. mail ser,er K22 .2 .99.2K to Kse$urit*Mla'.e:am.netK #rom KeemMla'.e:am.netK su'Ne$t KFser.IssueK 'od*
;1(config-applet)# no aaa ne&.model H95D.4-7-02(' //3.-Z*.S!32N' *N5*!92;3S.D-/2445ND-.N!.;.D H95D.4-3-+4PDDS4!PD/2NN./!' *na%le to connect to S4!P ser6er' 12$?1$$?--?2 H95D.4-3-+4PDD.;;2;' .rror executing applet //3.-Z*.S!32N statement 3?$ ;1(config)# no logging 'u##ered H95D.4-7-02(' //3.-Z*.S!32N' *N5*!92;3S.D-/2445ND-.N!.;.D H95D.4-3-+4PDDS4!PD/2NN./!' *na%le to connect to S4!P ser6er' 12$?1$$?--?2 H95D.4-3-+4PDD.;;2;' .rror executing applet //3.-Z*.S!32N statement 3?$ ;1(config)# do s%o& run > in$lude aaa ne&.model aaa ne8-mo el ;1(config)# do s%o& run > in$lude logging 'u##ered logging %uffere 4$-7 e%ugging
!isco 0AAS de%ices are to be installed on Switches * and ( in the future on F:A12)). !onfigure -outers -L and -N to pro%ide 0!!$%( redirection for clients residing on F:A12)) to ensure that all T!$ traffic other than telnet is redirected only to the 0A,s, which will reside on addresses *L).*)).2.L) and .L* within F:A12)). >ou are not re"uired to configure the switches for 0!!$ and can assume that incoming 0AAS traffic from the network will arri%e at interfaces 7i)5) on both -L and -N. Secure your 0!!$ with a password of !!&,. B( pointsC
0!!$ in this scenario could be configured on the routers or Switches * and (, but you are directed to configure the routers. 0!!$ ser%ice N( is used to redirect traffic sourced on F:A12)), which is applied to the F:A12)) interfaces of -L and -N. And 0!!$ ser%ice N* is used for the redirection of the incoming traffic, which is applied as directed to 7i)5) on both -L and -N. Telnet traffic is e4cluded Bgenerally, management traffic is not recommended to be optimizedC by creation of an e4tended A!:, which is applied to ser%ices N* and N( in a redirect#list. >ou need to remember to per# mit all other T!$ and not Aust &$ because the 0A, can optimize only T!$ sessions. The 0A, de%ices are included in a group#list for ser%ices N* and N(, and a password is applied as directed. BThe group#list will aid in load sharing and can stop a bogus 0!!$ de%ice from attempting to recei%e redirected traffic.C &f you ha%e configured this correctly, as shown in ,4ample *#3L, you ha%e scored ( points.
uggan
!40#
2E%MPL2 1645 '5 an. '7 FCCP C$n/i"urati$n

;<(config)# i/ &$$/ 32 /ass&ord CCIE ;<(config)# i/ &$$/ 32 /ass&ord CCIE ;<(config)# i/ a$$ess.list e:tended ;((8 ;<(config-ext-nacl)# remar0 ;((8 DENH 4E)NE4 ;<(config-ext-nacl)# den* t$/ an* an* e7 telnet ;<(config-ext-nacl)# den* t$/ an* e7 telnet an* ;<(config-ext-nacl)# /ermit t$/ an* an* ;<(config-ext-nacl)# e:it ;<(config)# i/ &$$/ 32 grou/.list 2 redire$t.list ;((8 ;<(config)# i/ &$$/ 32 grou/.list 2 redire$t.list ;((8 ;<(config)# a$$ess.list 2 /ermit 2- .2 .3.;<(config)# a$$ess.list 2 /ermit 2- .2 .3.-2 ;<(config)# inter#a$e Gi 52 ;<(config-if)# ;<(config-if)# i/ &$$/ 32 redire$t in i/ &$$/ 32 redire$t in ;<(config-if)# inter#a$e Gi 5
;7(config)# i/ a$$ess.list e:tended ;((8 ;7(config-ext-nacl)# remar0 ;((8 DENH 4E)NE4 ;7(config-ext-nacl)# den* t$/ an* an* e7 telnet ;7(config-ext-nacl)# den* t$/ an* e7 telnet an* ;7(config-ext-nacl)# /ermit t$/ an* an* ;7(config-ext-nacl)# e:it ;7(config)# i/ &$$/ 32 grou/.list 2 redire$t.list ;((8 ;7(config)# i/ &$$/ 32 grou/.list 2 redire$t.list ;((8 ;7(config)# a$$ess.list 2 /ermit 2- .2 .3.;7(config)# a$$ess.list 2 /ermit 2- .2 .3.-2 ;7(config)# inter#a$e Gi 52 ;7(config-if)# ;7(config-if)# ;7(config-if)# i/ &$$/ 32 redire$t in # inter#a$e Gi 5 i/ &$$/ 32 redire$t in
uggan
!41#
Lab F'%P6<P
So how did it go, did you run out of time, did you manage to finish but miss what was actually re"uired? &f you scored o%er /), then well done. &f you accomplished this within the time frame of / hours or less, you will be prepared for any scenario that you are likely to face during the L *5( hours of the !onfiguration section of the actual e4am. -emember that the troubleshooting section on the %3.) e4am is a separate section than the configuration with a different scenario, and you will ha%e ( hours to complete this. This lab was designed to ensure you troubleshoot your own work as you pro# gress through the "uestions. 0hat sets the !!&, e4am apart within the industry is the comple4ity of the "uestions to test you further than you thought possible. The e4am isn6t trying to trick you, but it will ensure that you ha%e the ability to think laterallyPan ability that will ensure you e4ceed in your networking career and one that sets !!&,s apart. Spend the time to go back o%er the "uestions and practice with the configurations using de'ug and s%o& commands to fully ab# sorb any new areas you might ha%e come across. =id you anticipate and factor into your configuration items such as the offset#list within -&$ng for the tunnel and ma4i# mum reser%ed bandwidth within QoS? &f you did, congratulations, because this would ha%e sa%ed you time and secured you points. &t also shows that you fully understand the protocols in%ol%ed and adapt at testing your configurations. How can you ensure that you ha%e the ability to spot any underlying issues related to a "uestion? 0ell it6s all mileage@ you6ll get out of your study what you put into it.
uggan
!42#
Practice Lab '

The !!&, e4am commences with ( hours of troubleshooting followed by L *5( hours of configuration and a final 2) minutes of additional "uestions. This lab has been timed to last for / hours of configuration and self#troubleshooting, so aim to complete the lab within this period. Then either score yourself at this point or continue until you feel you ha%e met all the obAecti%es. >ou now are going to be guided through the e"uipment re"uirements and pre#lab tasks in preparation for taking this practice lab. &f you don6t own si4 routers and four switches, consider using the e"uipment a%ailable and additional lab e4ercises and training facilities a%ailable within the !!&, -&S 2N) program. =etailed information on the 2N) program and !!&, -&S e4am can be found on the following M-:s, respecti%elyD httpsD55learningnetwork.cisco.com5community5learningOcenter5ciscoO2N)52N)#rs httpsD55learningnetwork.cisco.com5community5certifications5ccieOroutingOswitching
N3T2
The 2/(Ls used in this lab were loaded with $382-.ad,enter/rise09. m1.224.3.4.'in, and the 29(L was loaded with $372-.ad,enter/rise09. m1.224.3.4.'in.
28uipment Li#t
>ou will need the following hardware and software components to begin this practice lab.
E
Si4 routers loaded with !isco &8S Software -elease *(.3 Ad%anced ,nterprise image and the minimum interface configuration as documented in Table (#*
$ardware Re%uired &er Router
T%9L2 261 N3T2

The 2LL) in this lab was loaded with $3-- . i/ser,i$es09.m1.222. 2-.8EE.'in, and the 2LN)s with $3-3 . i/ser,i$es09.m1.222. 2-.8EE.'in. '$uter
-* -( -2 -3 -L -N
2/(L 29(L 2/(L 2/(L 2/(L 2/(L
* * * ( ( (
* * * P P P
uggan
!43#
N3T2
1otice in the initial con# figurations supplied that some interfaces will not ha%e &$ addresses pre# configured. This is be# cause you will either not be using that interface or you must configure it from default within the e4ercise. The initial con# figurations supplied should be used to precon# figure your routers and switch before the lab starts. &f your routers ha%e dif# ferent interface speeds than those used in this book, adAust the band# width statements on the rele%ant interfaces to keep all interface speeds in line. This will ensure that you do not get un# wanted beha%ior because of differing &7$ metrics.
8ne 2LL) switch with &8S *(.( &$ Ser%ices and 2 2LN) Switches with &8S *(.( &$ Ser%ices.
Settin" <p the Lab

Mse any combination of routers as long as you fulfill the re"uirements within the topology diagram, as shown in +igure (#*. Howe%er, it is recommended to use the same model of routers because this can make life easier if you load configu# rations directly from the supplied configurations into your own de%ices.
Lab T$p$&$"y
This practice :ab uses the topology as outlined in +igure (#*, which you will need to re#create with your own e"uipment or by using lab e"uipment on the !!&, -&S 2N) program.
;-=<'2 261
Lab " (o&o)ogy iagra*
uggan
!44#
S)itch -n#tructi$n#
!onfigure F:A1 assignments from the configurations supplied or from Table (#(.
T%9L2 262
VL%N
,L-. -ssign*ent
S)itch2 S)itch3 S)itch4
S)itch1
23 3N L2 N2 *)) ())
+a)52, +a)53, +a)5L +a)5N F:A1L2 P P P
P +a)53 +a)5L +a)5N +a)5* +a)5(
P P F:A1L2 F:A1N2 P P
P P P F:A1N2 P P
!onnect your switches with -;3L ,thernet cross o%er cables, as shown in +igure (#(.
uggan
!"00#
;-=<'2 262
Switch to Switch Connectivity

!onfigure one of the routers you are going to use in the lab as a +rame -elay switch, or ha%e a dedicated router purely for this task. This lab uses a dedicated router for the +rame -elay switch. A fully meshed en%ironment is configured be# tween all the +rame -elay routers. $ay attention in the lab as to which permanent %irtual circuits B$F!C are actually re# "uired. Reep the encapsulation and :ocal anagement &nterface B: &C settings to default for this e4ercise, but e4periment with the settings outside these labs because you could be re"uired to configure the +rame -elay switching within your real lab. &f you are using your own e"uipment, keep the =!, cables at the frame switch end for simplicity and pro%ide a clock rate to all links from this end. After configuration, the +rame -elay connecti%ity will represent the logical +rame -elay network, as shown in +igure (#2.
uggan
!"0"#
;-=<'2 263
>ou will find in the actual !!&, lab that the maAority of your &$ addresses will be preconfigured. +or this e4ercise you are re"uired to configure your &$ addresses, as shown in +igure (#3, or load the initial router configurations supplied. &f you are manually configuring your e"uipment, ensure you include the following :oopback addresses B-* and -2 use the same &$ address for :oopback (LLCD -* :o) *().*)).*.*5(3 :o(LL ()).()).()).())5(3 -( :o) *().*)).(.*5(3 -2 :o) *().*)).2.*5(3 :o(LL ()).()).()).())5(3 -3 :o) *().*)).3.*5(3 -L :o) *().*)).L.*5(3 -N :o) *().*)).N.*5(3 S0* :o) *().*)).9.*5(3 S0( :o) *().*))./.*5(3 S02 :o) *().*))...*5(3 S03 :o) *().*)).*).*5(3
uggan
!"0'#
;-=<'2 264
Pre6&ab Ta#0#
E E E
'uild the lab topology per +igure (#* and +igure (#(. !onfigure your +rame -elay switch router to pro%ide the necessary =ata :ink !ontrol &dentifiers B=:!&C per +igure (#2. !onfigure the &$ addresses on each router as shown in +igure (#3 and add the :oopback addresses. Alternati%ely, you can load the initial configuration files supplied if your router is compatible with those used to create this e4# ercise.
=enera& =ui.e&ine#
E E
-ead the whole lab before you start. =o not configure any static5default routes unless otherwise specified.
uggan
!"0+#
E E E E E E
Mse only the =:!&s pro%ided in the appropriate figures. ,nsure full &$ %isibility between routers for ping testing5telnet access to your de%ices. &f you run out of time, choose "uestions that you are confident you can answer, or choose "uestions with a higher point rating to ma4imize your potential score. 7et into a comfortable and "uiet en%ironment where you can focus for the ne4t / hours. Take a 2)#minute break midway through the e4ercise. Ha%e a%ailable a !isco =ocumentation !=#-8 M-:sD www.cisco.com5uni%ercd5home5home.htm httpD55www.cisco.com5en5MS5products5psN2L)5productsOinstallationOandOconfigurationOguidesOlist.html or access online the latest documentation from the following
N3T2
Access only these M-:s, not the whole !isco.com website because if you are permitted to use documentation during your !!&, lab e4am, it will be restricted. !on# sider opening se%eral windows with the pages you are likely to look at to sa%e time during your lab.
Practice Lab T)$

>ou will now be answering "uestions in relation to the network topology, as shown in +igure (#L.
uggan
!"04#
;-=<'2 265
Lab (o&o)ogy iagra*
Secti$n 1> L%N S)itchin" an. ;rame6'e&ay ?24 P$int#A

E E
!onfigure your switched network to use /)(.*w Spanning Tree. Switch * should be the root bridge for F:A1s 23,3N,L2,N2,*)) and ()), with Switch ( being the secondary root bridge for all listed F:A1s. B2 pointsC Switch 2 should use its interface directly connecting to Switch ( B+ast ,thernet )5(*C for traffic directed toward e%en#numbered F:A1s B23, 3N, *)), ())C and the interface directly connecting to Switch * B+ast ,thernet )5*.C for odd#numbered F:A1s BL2, N2C. B2 pointsC Switch 3 should use its interface directly connecting to Switch ( B+ast ,thernet)5*.C for traffic destined toward e%en#numbered F:A1s B23, 3N, *)), ())C and the interface directly connected to Switch * B+ast ,thernet )5(*C for odd#numbered F:A1s BL2, N2C. B2 pointsC ,nsure a cable fault between Switches * and ( could not result in one#way traffic between the two switches, re# sulting in spanning#tree issues. B( pointsC
uggan
!"00#
!onfigure Switch * and Switch ( to enable connecti%ity of two further switches in the future to be connected to ports +ast ,thernet )5*/ on each switch. The new switches should be able to tunnel their own configured F:A1s through a new F:A1 B2)C between Switch * and Switch (. There is no re"uirement to configure a root bridge or F:A1 load balancing for the new F:A1 between Switch * and Switch (. B3 pointsC
E
!onfigure your switched network to monitor the F:A1()) interface associated with -( BSwitch ( +ast,thernet )5*C, and send only traffic destined to -( on this switch port across your network to Switch 2 port +ast ,thernet )5*9Puse a new F:A1 B()C to assist in this configuration. There is no re"uirement to configure a root bridge or F:A1 load balancing for the new F:A1. B2 pointsC !onfigure the interface on Switch ( that connects to -L F:A1L2 B+ast ,thernet )5LC in such a way that if all the trunks on Switch ( connecting to Switch *, Switch 2, and Switch 3 should fail, this ,thernet port transitions into error#disable state. B2 pointsC !onfigure interfaces +ast ,thernet )5. and )5*) on Switch * so that e%en if they are configured to belong to the same F:A1 they will not be able to forward unicast, broadcast, or multicast traffic to one another. =o not use any form of A!: or configure the ports to belong to a $F:A1. B* pointC >our initial +rame#-elay configuration has been supplied for the -*#-(#-2 connecti%ity. !onfigure +rame -elay per +igure (#9 to ensure each de%ice is reachable o%er the +rame#-elay network. Mse only the indicated =:!&s, and ensure that a proprietary method of reducing the payload o%er the +rame#-elay network is enabled on a per# packet basis. B( pointsC
;-=<'2 267
/ra*e Re)ay Connec8 tivity
uggan
!"01#
Secti$n 2> -P(4 -=P Pr$t$c$&# ?2@ P$int#A

Secti$n 2 1> 2-='P
;-=<'2 267
EI6RP (o&o)ogy
E E
!onfigure ,&7-$ per +igure (#9 using an AS of *@ each ,&7-$ router should ha%e its :oopback ) interface con# figured and ad%ertised within ,&7-$. B( pointsC !onfigure -* to ad%ertise a summary route of *().*)).).)5*N outbound on its serial interface. -2 should see the original F:A1*)) and :oopback ) indi%idual routes in addition to the summary route. >ou may use only one summary route in your configuration. B2 pointsC ,nsure the length of time that ,&7-$ considers neighbors to be %alid without recei%ing a hello packet on the +rame#-elay network between -*, -(, and -2 is ()) seconds@ do not change the hello#inter%al parameter. B( pointsC
uggan
!"02#
!onfigure new :oopback interfaces on -* and -( using a :oopback interface ( with an identical &$ address of *L).*)*.*.*5(3 on both routers@ ad%ertise this network into ,&7-$ on each router. ,nsure that -2 prefers the route from -( by manipulating the delay associated with this route. =o not manually adAust the delay associated with the interface by use of the dela* command. >ou are only permitted to configure -( to influence the delay. B2 pointsC
Secti$n 2 2> 3SP;

;-=<'2 26@
5SP/ (o&o)ogy
!onfigure 8S$+ per +igure (#/ using a process &= of *. All 8S$+ configuration, where possible, should not be configured under the process &=. ,ach 8S$+ router should also ha%e its :oopback ) interface configured and ad# %ertised within 8S$+ as followsD B( pointsC -3 :oopback ) Q Area ) -L :oopback ) Q Area ) -N :oopback ) Q Area * Sw* :oopback ) Q Area (
uggan
!"03#
Sw( :oopback ) Q Area * Sw2 :oopback ) Q Area ( Sw3 :oopback ) Q Area

E
Area ) is partitioned between -3 and -LPensure your network can accommodate this issue. >ou are not permit# ted to form any area ) neighbor relationship directly between -3 and -L to Aoin area ). B3 pointsC
Secti$n 2 2> '-P(2

;-=<'2 269
RIPv' (o&o)ogy
E E
!onfigure -&$%( between -( and -2, configure a new :oopback interface on -( B:oopback 2C with an &$ ad# dress of *L).*)*.(.*5(3, and ad%ertise this and only this network to -2 from -(. B( pointsC -2 should not ad%ertise any connected interfaces into -&$%(@ do not filter routing ad%ertisements to achie%e this beha%ior. B( pointsC
uggan
!"04#

E
$erform a one#way redistribution of -&$%( into ,&7-$ on -2 using the following default metricD *L33 ()))) (LL * *L)). ,nsure that -* shows a ne4t hop for the -&$%( ad%ertised route of *L).*)*.(.)5(3 of -( and perform configuration only on -2 for this task. B2 pointsC $erform mutual redistribution of ,&7-$ and 8S$+ on -3 and -L. Mse a metric of L))) for redistributed routes into 8S$+ that should appear as e4ternal type ( routes and the following R %alues for 8S$+ routes redistributed into ,&7-$D *L33 ()))) (LL * *L)). B( pointsC -2 will ha%e e"ual cost e4ternal ,&7-$ routes to the redistributed 8S$+ subnet *().*)).N2.)5(3 BF:A1 N2C. !onfigure only -2 to ensure that -2 routes %ia a ne4t hop of -L B*().*)).23.LC for this destination subnet. &f this route fails, the route ad%ertised from -3 B*().*)).23.3C should be used dynamically. B2 pointsC

;-=<'2 261+
76P (o&o)ogy
uggan
!""0#
!onfigure '7$ peering per +igure (#. as followsD i'7$ -*#-2, -(#-2, -3#-N, -3#S0(. -L#Sw* -L#sw2. e'7$ -2#-3, -2#-L, Sw3#Sw2. -N#Sw3. Mse :oopback interfaces to peer on all routers with the e4ception of peering between -2#-3 and -2#-L. =o not use the command e'g/.multi%o/ within your configurations. B2 pointsC -outers -* and -( in AS*)) should be made to only passi%ely accept '7$ sessions. -2 should be configured to only acti%ely create '7$ sessions to -* and -( within AS*)). B2 pointsC !onfigure the following :oopback interfaces on -2 and Sw3@ ad%ertise these networks into '7$ using the
net&or0 commandD B( pointsC
E E
-2 Q :oopback interface L B*L(.*)).*)).*5(3C Sw3 Q :oopback interface L B*L(.()).2(.*5(3C Sw3 Q :oopback interface N B*L(.()).22.*5(3C Sw3 Q :oopback interface 9 B*L(.()).23.*5(3C Sw3 Q :oopback interface / B*L(.()).2L.*5(3C
E
!onfigure -2 to inform -3 that it does not want to recei%e routes ad%ertised from Sw3 for networks *L(.()).22.)5(3, *L(.()).23.)5(3, and *L(.()).2L.)5(3. Achie%e this in such a manner that -3 does not actually ad%ertise these routes toward -2. >ou may also configure -3. B3 pointsC !onfigure a route#map on -L that prepends its local AS ( an additional two times for network *L(.()).2(.)5(3 when ad%ertised to -2. The route#map may contain multiple permit statements but only one prepend is permitted per line. B2 pointsC
uggan
!"""#

;-=<'2 2611
IPv1 (o&o)ogy
!onfigure &$%N addresses on your network as followsD ())9D!*LD!)D*)DD*5N3 # -* 7i)5) ())9D!*LD!)D**DD*5N3 Q -* tunnel) ())9D!*LD!)D**DD25N3 Q -2 tunnel) ())9D!*LD!)D*(DD(5N3 # -( tunnel) ())9D!*LD!)D*(DD25N3 Q -2 tunnel* ())9D!*LD!)D*2DD(5N3 Q -( fe)5* ())9D!*LD!)D*3DD25N3 Q -2 7i)5)
uggan
!""'#
())9D!*LD!)D*3DD35N3 Q -3 7i)5) ())9D!*LD!)D*3DDL5N3 Q -L 7i)5) ())9D!*LD!)D*LDDL5N3 Q -3 7i)5* ())9D!*LD!)D*LDDN5N3 Q -N 7i)5)
Secti$n 4 1> 2-='P(7

E
!onfigure ,&7-$%N between -*, -(, and -2. ,&7-$%N should be enabled on the ,thernet interfaces of -* and -( and on all tunnel interfaces of -*, -(, and -2. 'uild your tunnels using i/,3i/ modePuse an AS number of N on all re"uired interfaces. B( pointsC
Secti$n 4 2> 3SP;(3

E E E
!onfigure 8S$+%2 per +igure (#**@ use an 8S$+%2 process of * on each router. B( pointsC
DEC DECC2E DD"(22" "" ""ED"
!onfigure Area * with &$sec authentication, use essage =igest L, a security policy inde4 of L)), and a key of " B( pointsC ,nsure the area router in Area * recei%es the following route@ you may configure -3 to achie%e thisD B( pointsC 8& ())9DD5*N H**)5(I %ia XX D X X X D 7igabit,thernet)5) XX DX XXD XXXDX XX XXXX,

E E
-edistribute ,&7-$%N into 8S$+%2 on -2. -edistributed ,&7-$%N routes should ha%e a metric of L))) associ# ated with them, regardless of which area they are seen in within the 8S$+%2 network. B( pointsC !onfigure -2 so that both -* and -( ha%e the following &$%N ,&7-$%N route in place. =o not redistribute 8S$+ into ,&7-$%N to achie%e this, and ensure all routers ha%e full %isibility. B( pointsC = ())9DD5*N H.)5XXXXXXXXXI %ia XXXXDDXXXXDXXXXDXXXXDXXXX, Tunnel)
uggan
!""+#
Secti$n 5> B$S ?7 P$int#A

E
( &$ Fideo !onferencing units are to be installed onto Switch ( ports +ast,thernet )5*L and )5*N on F:A1 ()). The de%ices use T!$ ports 2(2)Q2(2* and M=$ ports 2(2)Q2(2L, and this traffic is unmarked from the de%ices as it enters the switch. !onfigure Switch ( to assign a =S!$ %alue of A+3* to %ideo traffic from both of these de%ices. ,nsure that the switch ports assigned to the de%ices do not participate in the usual spanning#tree checks, cannot form trunk links, and cannot be configured as ,therchannels. B2 pointsC !onfigure -( to assign a strict priority "ueue with a 3) percent reser%ation of the 0A1 bandwidth for the Fideo !onferencing traffic in the pre%ious "uestion. a4imize the a%ailable bandwidth by ensuring the -T$ headers within the %ideo stream are compressed. The remainder of the bandwidth should be guaranteed for a default "ueue with 0-,= enabled. Assume the full line rate of *.L33 bps as the a%ailable 0A1 bandwidth, and en# sure the complete bandwidth is utilized by both "ueues. B2 pointsC

E
!onfigure -outers -*, -(, -2, and -3 for &$%3 multicast. ,ach router should use $& sparse dense mode. 'oth -* and -( should be configured to be candidate -$s specifically for the following multicast groupsD ((L.((L.).*, ((L.((L.).(, ((L.((L.).2, and ((L.((L.).3 by use of their :oopback ) interfaces. >ou should limit the boundary of your multicast network so it does propagate further into your network than -3. -2 should be configured as a mapping agent to announce the rendez%ous points for the multicast network with the same boundary constraints. B2 pointsC !onfigure -2 to ensure -3 has a candidate -$ as -* for groups ((L.((L.).* and ((L.((L.).( and -( for groups ((L.((L.).2 and ((L.((L.).2. B( pointsC !onfigure -* to monitor traffic forwarded through itself for traffic destined to the multicast group of ((L.((L.).*. &f no packet for this group is recei%ed within a single *)#second inter%al, ensure an S1 $ trap is sent to an S1 $ management station on *().*)).*)).*)) using a community string of Spublic.T B( pointsC
E E

E
Allow -outer -N to passi%ely watch the S>1 connections that flow to only F:A1N2 for ser%ers that might re# side on this subnet. To pre%ent a potential denial of ser%ice B=oSC attack from a flood of S>1 re"uests, the router should be configured to randomly drop S>1 packets from any source to this F:A1 that ha%e not been correctly established within () seconds. B( pointsC
uggan
!""4#
!onfigure an A!: on -* to allow T!$ sessions generated on this router and through its ,thernet interface and to block T!$ sessions from entering on its +rame#-elay interface that were not initiated on it or through it origi# nally. =o not use the established feature within standard A!:s to achie%e this, and apply A!:s only on the +rame#-elay interface. The A!: should timeout after *)) seconds of locally initiated T!$ inacti%ity@ it should also enable &! $ traffic inbound for testing purposes. B2 pointsC !onfigure -* so it can perform S!$. The router should belong to a domain of toughtest.co.uk@ use local authenti# cation with a username and password of cisco, a key size of 9N/ bits, and an SSH timeout of ( minutes and retry %alue of (. B( pointsC.
N3T2
This section should be used only if you re"uire clues to complete the "uestions. &n the actual !!&, lab, the proctor will not enter into any discussions regarding the "uestions or answers@ he or she will be present to ensure you do not ha%e problems with the lab en%ironment and to maintain the timing ele# ment of the e4am.
C%#0 the Pr$ct$rD Secti$n 1> L%N S)itchin" an. ;rame6'e&ay

QD =o you Aust want me to configure the root and secondary root bridges into /)(.*w spanning tree? AD >ou should ensure that your network runs a consistent %ersion of spanning tree. QD !an & change the root bridge assignments of odd# and e%en#numbered F:A1s to ensure different interfaces are used on Switch 2 and Switch 3? AD 1o, the root bridge assignment should remain as per the first "uestion. QD &f a copper ,thernet cable fails between Switch * and Switch (, surely & wouldn6t encounter spanning#tree issues because there would not be any loops present. Am & correct in thinking this? AD 1ot entirely, consider a partial failure rather than a complete breakage. QD The switches are connected with ,thernet copper cables@ wouldn6t a feature like M=:= be beneficial only if the connections are fiber? AD M=:= can operate o%er copper ,thernet in the same manner as +iber. QD 0ould you like me to configure a nati%e F:A1 of 2) on trunks to the two new switches? AD 1o, a nati%e F:A1 would not facilitate transportation of multiple F:A1s o%er the single F:A1 2) between Switch * and Switch (. QD Are you looking for a 7-, type tunnel between switches? AD 1o, use a :ayer ( switch tunneling feature.
uggan
!""0#
QD & assume you re"uire remote span configured for -( traffic. &s it okay to send both TX and -X traffic to Switch (? AD -ead the "uestion carefully because this information has been pro%ided. QD 0ould you like me to configure M=:= aggressi%e mode on Switch ( to transition the re"uired port to error#disable mode if a trunk failure occurs? AD 1o, you need to configure a feature that will place a nontrunk link into error#disable mode if all the trunks on Switch ( fail. QD !an & Aust shut down ports )5. and )5*) so that they can6t communicate? AD 1ice try@ look for a security feature to disable communication between these ports.
Secti$n 2> -P(4 -=P Pr$t$c$&#

Secti$n 2 1> 2-='P
QD &f & configure a summary#address on -*, this route o%errides the F:A1*)) and :oopback ) routes from -* as re# cei%ed on -2. &s this correct? AD >es, this is the e4pected beha%ior of summarization@ you need to enable a feature that enables the more specific routes to be recei%ed on -2. QD & think & can achie%e this with multiple summary routes but the "uestion restricts this. !an & use a new ,&7-$ proc# ess instead? AD 1o, use a feature that enables your specific routes to leak from the summary route. QD &s it acceptable to adAust the hold#time on the +rame#-elay interfaces to change the hello#inter%al? AD >es. QD !an & manipulate the delay associated to network *L).*)*.*.)5(3 because this ad%ertisement lea%es -( rather than by changing an interface delay on -(? AD >es.
Secti$n 2 2> 3SP;

QD & am e4periencing neighbor adAacency issues between -L and Switch *. &s this part of the "uestion?
uggan
!""1#
AD This is a byproduct of the "uestion if you use a 2LL) in your topology. $ractice your troubleshooting skills to de# termine what issues could be causing this beha%ior. QD &6%e checked my configs between -L and Switch * and they look good. Am & missing something from the initial configuration? AD 1o, if your configuration is correct, you should debug your adAacencies to pro%ide information on what could be causing an issue. QD &6%e found an AD >es. QD &s it acceptable to pro%ide tunnels between -3 and -L to Aoin area )? AD 1o, this solution would in%ol%e a neighbor relationship being formed between the routers in Area ). QD &6d normally use a %irtual link to e4tend Area ) into a transit area. !an & use this techni"ue to stretch Area ) be# tween -3 and -L? AD >ou can use %irtual links in your solution@ think about where the links need to be though, to ensure your topology operates correctly. TM issue while debugging. &s it okay to change an interface TM to fi4 this issue?
Secti$n 2 3> '-P(2

QD &6%e Aust checked the routing table of -2 to find the only -&$%( route recei%ed from -( is the route re"uired in the "uestion. !an & mo%e on or ha%e & missed something? AD -ead the "uestion again@ e%en if you ha%e only a single -&$%( route in your routing table, it doesn6t mean it is the only -&$%( route recei%ed by -2. QD & can see that & am of course still generating additional routes from -( toward -2. !an & Aust block these with a dis# tribute#list on -2? AD >es. QD !an & Aust use the passi%e#interface feature on the interfaces on -2 to make sure they are not ad%ertised to -(? AD 1o, this would stop -&$%( ad%ertisements from being sent out on these interfaces@ it wouldn6t stop the actual inter# face subnets from being ad%ertised to -(. QD !an & create an offset#list on -2 marking the attached networks on -2 as unreachable so that they are not ad%ertised to -(?
uggan
!""2#
AD 1o@ look for a simple solution that blocks routing ad%ertisements from lea%ing an interface. QD So &6m okay to use the passi%e#interface feature on the +rame#-elay interface to stop ad%ertising outbound but still recei%e the specific route from -( inbound? AD >es.

QD &6%e followed the redistribution instructions, but & don6t recei%e the -&$%( route on -* after redistribution. AD >ou will ha%e some underlying issues prior to recei%ing the route on -*@ use your troubleshooting skills to deter# mine the problem. QD &6%e noticed that due to the preconfigured :oopback interfaces on -* and -2 both of these routers ha%e the same ,&7-$ router#id. !an & manually change the router#id on one of the routers to see if this helps? AD >es. QD &6%e managed to get the -&$%( route redistributed from -2 into ,&7-$ on -*, but the ne4t hop is showing as -2. !an & policy#route on -* so that the ne4t hop for this route is directly %ia -(? AD 1o, you need to ha%e the routing table reflect the ne4t hop of this route %ia -( and not -2. QD !an & use the eigrp third#party ne4t#hop feature to lea%e the ne4t hop of the route unaltered from -(? AD >es. QD !an & modify the 8S$+ cost on the interface connecting -2 to the 8S$+ network to attempt to change the ne4t hop for the subnet *().*)).N2.)5(3? AD 1o, this would affect routes recei%ed on -2 from both -3 and -L e"ually because -3 and -L reside on the same subnet as -2. QD !an & use an offset#list or similar feature on -3 to penalize the route *().*)).N2.)5(3 as it ad%ertised to -2? AD 1o, you are permitted to configure only -2. QD &s it acceptable to use a route#map on -2 and match a route source to penalize the route to *().*)).N2.)5(3? AD >es.
uggan
!""3#
Secti$n 3> 9=P

QD &f & can6t use ebgp#multihop on my peering on -N, Switch 2, and Switch 3, will my peering fail because & am peer# ing from my :oopback interfaces? AD >es, it will@ you need to configure a feature that o%errides this beha%ior. QD !an & try to use 1AT to fi4 my peering? AD 1o, use a specific '7$ feature to disregard the TT: check. QD &6m e4periencing peering issues between -* and -2 and ha%e '7$ notifications displayed on the console. &s this e4pected beha%ior? AD >es, you had a similar issue within ,&7-$@ check your router#id. QD =o you want me to configure an A!: to limit '7$ connections to purely inbound or outbound on T!$ port *9.? AD 1o, an A!: would actually break the peering entirely. Mse a '7$ feature to force the peering to become direc# tional. QD !an & Aust configure a filter on -3 to stop ad%ertising specific routes to -2? AD 1o, you must dynamically inform -3 to not ad%ertise specific routes %ia -2. QD !an & use '7$ 8-+? AD >es.
Secti$n 4> -P(7

QD 0ould you like me to configure an additional &$%N subnet on -3 to recei%e the ())9DD5*N route? AD 1o, in%estigate an alternati%e method to create this route from the preconfigured subnets you already ha%e, ensuring that the route is recei%ed as illustrated in the "uestion. QD 0ould you like me to redistribute routes into 8S$+%2 as ,4ternal Type * or Type (? AD The "uestion pro%ides you with sufficient information to determine the redistribution type to use.
Secti$n 5> B$S

QD =o the F! units use M=$ $orts 2(2) and 2(2L or 2(2) through 2(2L?
uggan
!""4#
AD They use the range 2(2) through 2(2L. QD =o you want me to trust the ports assigned to the F! units? AD The F! de%ices are not marking the traffic, so there is a need to trust these ports. QD 0ould you like me to disable trunking, channeling, and spanning#tree checks on the ports assigned to the F! units? AD >es, but remember there is a single command that will disable all these features. QD &f & use the bandwidth percent command on -( in my 3)#percent guaranteed reser%ation, is this sufficient to answer the "uestion? AD 1o, the "uestion dictates that a priority "ueue be used. QD 0ould you like me to configure -T$ compression within a frame#relay map#class? AD 1o, you can achie%e all the re"uirements within the same QoS policy#map.
Secti$n 7> Mu&tica#t

QD &f & configure -* and -( for the same multicast groups, won<t -2 and -3 see both routers as -$s for the same groups? AD >es, you will address this beha%ior in the following "uestion. QD To ha%e -* and -( as candidate -$s for different groups, can & Aust configure group#lists on -2? AD &f you were permitted to configure -* and -(, group#lists would achie%e the desired results, but you are permitted to configure only -2. 7roup#lists can assist in your solution on -2, but you need to find a method of assigning these specifically to -* and -(. QD =o you want me to actually configure an &7 $ Aoin#group on -* for ((L.((L.).* for the S1 $ "uestion? AD 1o, this isn6t re"uired@ traffic destined to this group will be sent to -* regardless because it is the candidate -$ for this group.
Secti$n 7> Security

QD =o you want me to configure an A!: to block S>1 packets coming into F:A1N2? AD 1o, S>1 packets should still enter into F:A1N2. >ou need to configure a feature that monitors the S>1 packets and closes down any half#opened connections.
uggan
!"'0#
QD !an & use a refle4i%e A!: to drop S>1 packets that are not correctly established by the ser%ers? AD 1o, there is a specific T!$ feature used to protect ser%ers from a flood of S>1 packets that could cause a =oS at# tack. QD !an & Aust use a standard A!: on -* on the frame#relay interface to permit sessions outbound and deny e%erything else inbound? AD 1o, this would block return path traffic initiated by -*. QD !an & use a refle4i%e A!: to dynamically permit the return traffic with a time limit of *)) seconds? AD >es. QD & ha%e configured S!$ with the re"uired SSH parameters, but & am not confident of my configuration@ any sugges# tions? AD &f you ha%e time, try to copy the &8S image from flash on -* with -!$. &f you are prompted for a password and gain access to the file, you ha%e configured this feature correctly.
Practice Lab !ebrie/

The lab debrief section now analyzes each "uestion showing you what was re"uired and how to achie%e the desired re# sults. >ou should use this section to produce an o%erall score for the practice lab.
Secti$n 1> L%N S)itchin" an. ;rame6'e&ay ?24 P$int#A

E
!onfigure your switched network to use /)(.*w Spanning Tree. Switch * should be the root bridge for F:A1s 23,3N,L2,N2,*)), and ()), with Switch ( being the secondary root bridge for all listed F:A1s. B2 pointsC
/)(.*w is a rapid spanning tree@ the switches will be in the default mode of standard $FST and re"uire configuration to rapid#p%st mode. Switch * is re"uired to be the root bridge and Switch ( the secondary root bridge for F:A1s 23, 3N, L2, N2, *)), and ()). &f you ha%e configured this correctly, as shown in ,4ample (#*, you ha%e earned 2 points. ,4ample (#* also shows confirmation of the root bridge and which interfaces are used to reach the root bridge from the neighboring switches, F:A1 23 is used as an e4ample but each F:A1 would be identical in this configuration.
2E%MPL2 261 S)1, S)2, S)3 an. S)4 C$n/i"urati$n an. Veri/icati$n
s/anning.tree mode ra/id./,st s/anning.tree ,lan 34,43,-3,33,2 ,2 root /rimar*
uggan
!"'"#
SW2(config)# SW2(config)# SW3(config)# SW4(config)#
s/anning.tree mode ra/id./,st s/anning.tree ,lan 34,43,-3,33,2 s/anning.tree mode ra/id./,st s/anning.tree mode ra/id./,st ,2 root se$ondar*
SW1# s%o& s/anning.tree ,lan 34 > in$lude root !&is %ri ge is t&e root SW1# s%o& s/anning.tree ,lan 43 > in$lude root !&is %ri ge is t&e root SW1# s%o& s/anning.tree ,lan -3 > in$lude root !&is %ri ge is t&e root SW1# s%o& s/anning.tree ,lan 33 > in$lude root !&is %ri ge is t&e root SW1# s%o& s/anning.tree ,lan 2 > in$lude root !&is %ri ge is t&e root SW1# s%o& s/anning.tree ,lan 2 > in$lude root !&is %ri ge is t&e root SW2# s%o& s/anning.tree ,lan 34 > in$lude +oot 6;D +a$,23 ;oot +WD 112:?2< SW3# s%o& s/anning.tree ,lan 34 > in$lude +oot 6;D +a$,1;oot +WD 112:?21 SW4# s%o& s/anning.tree ,lan 34 > in$lude +oot 6;D ;oot +WD 112:?23 +a$,21
P2p
P2p
P2p
Switch 2 should use its interface directly connecting to Switch ( B+ast ,thernet )5(*C for traffic directed toward e%en#numbered F:A1s B23, 3N, *)), ())C and the interface directly connecting to Switch * B+ast ,thernet )5*.C for odd#numbered F:A1s BL2, N2C. B2 pointsC
This is a straightforward F:A1 load#balancing "uestion to ensure that trunk links are utilized efficiently and not logi# cally disabled by spanning tree. Switch 2 uses the interface directly connecting to Switch * B+ast ,thernet )5*.C for all
uggan
!"''#
F:A1s as the lowest root cost path by default. To adAust this beha%ior, this interface must effecti%ely be penalized for the e%en#numbered F:A1s to ensure a more attracti%e path is %ia Switch ( B+ast ,thernet )5(*C. &f you ha%e configured this correctly, as shown in ,4ample (#(, you ha%e scored 2 points.
2E%MPL2 262 S)3 VL%N L$a. 9a&ancin" C$n/i"urati$n an. Veri/icati$n
inter#a$e 6astEt%ernet 529 ,2 $ost 2 s/anning.tree ,lan 34,43,2 do s%o& s/anning.tree root ;oot 9ello 4ax +8 ;oot 3D /ost !ime 5ge Dl" ;oot Port -------------------- --------- ----- --- --- -----------32=7- $$13?:$7 ?-4$$ 12 2$ 1< +a$,12471$ $$13?:$7 ?-4$$ 3: 2 2$ 1< +a$,21 24722 $$13?:$7 ?-4$$ 3: 2 2$ 1< +a$,21 2472- $$13?:$7 ?-4$$ 12 2$ 1< +a$,12473- $$13?:$7 ?-4$$ 12 2$ 1< +a$,1247=7 $$13?:$7 ?-4$$ 3: 2 2$ 1< +a$,21 24==7 $$13?:$7 ?-4$$ 3: 2 2$ 1< +a$,21
SW3(config)#
Vlan ---------------V05N$$$1 V05N$$34 V05N$$47 V05N$$<3 V05N$$73 V05N$1$$ V05N$2$$
Switch 3 should use its interface directly connecting to Switch ( B+ast ,thernet)5*.C for traffic destined toward e%en#numbered F:A1s B23, 3N, *)), ())C and the interface directly connected to Switch * B+ast ,thernet )5(*C for odd#numbered F:A1s BL2, N2C. B2 pointsC
+ollowing from the pre%ious "uestion, to ensure a balanced access topology for F:A1 load balancing, Switch 3 uses the interface directly connecting to Switch * B+ast ,thernet )5(*C for all F:A1s as the lowest root cost path by default, ren# dering the second trunk connecting to Switch ( unused unless a failo%er condition occurs. As per the pre%ious "uestion, the directly connected interface to Switch * needs to be penalized for the e%en#numbered F:A1s. &f you ha%e config# ured this correctly, as shown in ,4ample (#2, you ha%e scored 2 points.
2E%MPL2 263 S)4 VL%N L$a. 9a&ancin" C$n/i"urati$n an. Veri/icati$n
inter#a$e 6astEt%ernet 522 ,2 $ost 2 s/anning.tree ,lan 34,43,2 do s%o& s/anning.tree root ;oot 9ello 4ax +8
SW4(config)#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. Vlan ---------------V05N$$$1 V05N$$34 V05N$$47 V05N$$<3 V05N$$73 V05N$1$$ V05N$2$$
uggan
!"'+#
;oot 3D /ost !ime 5ge Dl" ;oot Port -------------------- --------- ----- --- --- -----------32=7- $$13?:$7 ?-4$$ 12 2$ 1< +a$,21 2471$ $$13?:$7 ?-4$$ 3: 2 2$ 1< +a$,124722 $$13?:$7 ?-4$$ 3: 2 2$ 1< +a$,12472- $$13?:$7 ?-4$$ 12 2$ 1< +a$,21 2473- $$13?:$7 ?-4$$ 12 2$ 1< +a$,21 247=7 $$13?:$7 ?-4$$ 3: 2 2$ 1< +a$,124==7 $$13?:$7 ?-4$$ 3: 2 2$ 1< +a$,1-
,nsure that a cable fault between Switches * and ( could not result in one#way traffic between the two switches, resulting in spanning#tree issues.B( pointsC
M=:= detects unidirectional links on fiber#optic connections, in aggressi%e mode. M=:= also detects unidirectional links because of one#way traffic on twisted#pair links. 'y configuring the ports between Switch * and Switch ( into ag# gressi%e mode, the switches become M=:= neighbors, can detect one#way links, and shut down the link if this condition arises to mitigate spanning#tree issues. &f you ha%e configured this correctly, as shown in ,4ample (#3, you ha%e scored ( points.
2E%MPL2 264 S)1 an. S)2 <!L! C$n/i"urati$n an. Veri/icati$n
inter#a$e 6astEt%ernet 523 udld /ort aggressi,e 523
SW1(config)#
SW1(config-if)# SW2(config)#
inter#a$e 6astEt%ernet
SW2(config-if)#
udld /ort aggressi,e 523
SW1# s%o& udld 6astEt%ernet
3nterface +a$,23 --Port ena%le a ministrati6e configuration setting' .na%le , in aggressi6e mo e Port ena%le operational state' .na%le , in aggressi6e mo e /urrent %i irectional state' 1i irectional /urrent operational state' 5 6ertisement - Single neig&%or etecte 4essage inter6al' 1< !ime out inter6al' < .ntr" 1
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. --.xpiration time' 44 /ac&e De6ice in ex' 1 /urrent neig&%or state' 1i irectional De6ice 3D' /5!$-3<N2(Z Port 3D' +a$,23 Neig&%or ec&o 1 e6ice' /5!$-11M1=J Neig&%or ec&o 1 port' +a$,23 4essage inter6al' 1< !ime out inter6al' < /DP De6ice name' SW2
uggan
!"'4#
!onfigure Switch * and Switch ( to allow connecti%ity of two further switches in the future to be connected to ports +ast ,thernet )5*/ on each switch. The new switches should be able to tunnel their own configured F:A1s through a new F:A1 B2)C between Switch * and Switch (. There is no re"uirement to configure a root bridge or F:A1 load balancing for the new F:A1 between Switch * and Switch (. B3 pointsC
This is a ser%ice pro%ider re"uirement whereby customers tunnel their own F:A1s through the pro%iders network@ To mitigate any F:A1 o%erlaps from other customers, a uni"ue ser%ice pro%ider F:A1 is used to transport the customer F:A1s. ,4ample (#L shows F:A1 2) being used to transport F:A1s o%er a dot*"#tunnel. Mse the s%o& dot27.tunnel command to %erify your tunnel configuration on your switches. &f you ha%e configured this correctly, as shown in ,4# ample (#L, you ha%e scored 3 points.
2E%MPL2 265 S)1 an. S)2 B in B C$n/i"urati$n
,lan 3 e:it 528 inter#a$e 6astEt%ernet
SW1(config-6lan)# SW1(config-if)# SW1(config-if)# SW2(config)# SW2(config)#
s&it$%/ort a$$ess ,lan 3 s&it$%/ort mode dot27.tunnel
,lan 3 e:it 528 inter#a$e 6astEt%ernet
SW2(config-6lan)# SW2(config-if)# SW2(config-if)#
s&it$%/ort a$$ess ,lan 3 s&it$%/ort mode dot27.tunnel
uggan
!"'0#
!onfigure your switched network to monitor the F:A1()) interface associated with -( BSwitch ( +ast,thernet )5*C and send only traffic destined to -( on this switch port across your network to Switch 2 port +ast ,thernet )5*9Puse a new F:A1 B()C to assist in this configuration. There is no re"uirement to configure a root bridge or F:A1 load balancing for the new F:A1. B2 pointsC
This is a remote span "uestion@ the only comple4ity is based around the "uestion statement of where you actually need to monitorPStraffic destined to -(.T As such, this means you need to configure the span parameters to only send the traffic transmitted out of the switch port toward -(, which is configured by the 4D parameter. &f this optional parameter is not configured, both transmit and recei%e traffic is monitored. -emote span re"uires a F:A1 to propagate the span traffic between switches, which is why you need to configure F:A1 () on both Switches * and (. &f you ha%e config# ured this correctly, as shown in ,4ample (#N, you ha%e scored 2 points.
2E%MPL2 267 S)2 an. S)2 'em$te Span C$n/i"urati$n an. Veri/icati$n
,lan 2 remote.s/an e:it 52 t:
SW2(config)#
SW2(config-6lan)# SW2(config-6lan)# SW2(config)# SW2(config)#
monitor session 2 sour$e inter#a$e #astEt%ernet monitor session 2 destination remote ,lan 2
SW2(config)# do s%o& monitor session 2 Session 1 --------!"pe ' ;emote Source Session Source Ports ' !M 2nl" ' +a$,1 Dest ;SP5N V05N ' 2$ SW3(config)# SW3(config)# SW3(config)# ,lan 2 e:it monitor session 2 sour$e remote ,lan 2 monitor session 2 destination inter#a$e #ast 527
SW3(config-6lan)#
SW3(config)# do s%o& monitor session 2 Session 1 --------!"pe ' ;emote Destination Session Source ;SP5N V05N ' 2$ Destination Ports ' +a$,1=
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. .ncapsulation ' Nati6e 3ngress ' Disa%le
uggan
!"'1#
!onfigure the interface on Switch (, which connects to -L F:A1L2 B+ast ,thernet )5LC in such a way that if all the trunks on Switch ( connecting to Switch *, Switch 2, and Switch 3 should fail, this ,thernet port transitions into error#disable state. B2 pointsC
The "uestion re"uires link#state tracking to be configured. This feature pro%ides redundancy in the network when used with ser%er 1&! adapter teaming. &f a link is lost on the primary interface, connecti%ity is transparently switched to the secondary interface. $orts connected to ser%ers are configured as downstream ports, and ports connected to other switches are configured as upstream ports. &f the upstream trunk ports on Switch ( fail, link#state tracking automatically puts the downstream port connected to -L into error#disable state. ,4ample (#9 shows the associated configuration and testing by shutting down the trunk ports on Switch (, which connects to Switch *, Switch 2, and Switch 3, which forces +ast,thernet downstream port into error#disable state. &f you ha%e configured this correctly, as shown in ,4ample (#9, you ha%e scored 2 points.
2E%MPL2 267 S)2 Lin06State Trac0in" C$n/i"urati$n an. Veri/icati$n
lin0 state tra$0 2 inter#a$e #ast 5lin0 state grou/ 2 do&nstream inter#a$e 6astEt%ernet inter#a$e 6astEt%ernet inter#a$e 6astEt%ernet 529 522 523 lin0 state grou/ 2 u/stream lin0 state grou/ 2 u/stream lin0 state grou/ 2 u/stream
SW2(config-if)# SW2(config-if)# SW2(config-if)# SW2(config-if)# SW2(config-if)# SW2(config-if)# SW2(config-if)#
SW2# s%o& inter#a$e 6astEt%ernet 5- > in$lude $onne$ted +ast.t&ernet$,< is up> line protocol is up (connecte ) SW2(config-if)# SW2(config-if)# SW2(config-if)# SW2(config-if)# SW2(config-if)# SW2(config-if)# int #ast 529 s%ut int #ast 522 s%ut int #ast 523 s%ut
uggan
!"'2#
SW2# s%o& inter#a$e 6astEt%ernet 5- > in$lude err.disa'led +ast.t&ernet$,< is o8n> line protocol is o8n (err- isa%le )
!onfigure interfaces +ast ,thernet )5. and )5*) on Switch * so that e%en if they are configured to belong to the same F:A1 they cannot forward unicast, broadcast, or multicast traffic to one another. =o not use any form of A!: or configure the ports to belong to a $F:A1. B* pointC
>ou are re"uired to configure the interfaces with the command s&it$%/ort /rote$ted to ensure that no traffic is forwarded between these ports. Traffic is forwarded as normal between a protected and nonprotected port. &f you ha%e configured this correctly, you ha%e scored * point.
E
>our initial +rame#-elay configuration has been supplied for the -*#-(#-2 connecti%ity. !onfigure +rame# -elay as per +igure (#N to ensure each de%ice is reachable o%er the +rame#-elay network. Mse only the indicated =:!&s and ensure that a proprietary method of reducing the payload o%er the +rame#-elay network is enabled on a per packet basis. B( pointsC
The initial +rame#-elay configuration has been supplied for you@ all you need to add is additional maps on -* and -( spokes to enable them to communicate with each other by directing traffic to the hub router B-2C as the initial configura# tion uses no in%erse A-$. To reduce the payload, you are re"uired to enable payload#compression packet#by#packet within the map statements. &f you ha%e configured this correctly, as shown in ,4ample (#/, you ha%e scored ( points.
2E%MPL2 26@
;1(config)#
'1 an. '2 %..iti$na& ;rame6'e&ay C$n/i"urati$n an. Te#tin"

inter#a$e 8erial 5 5 #rame.rela* ma/ i/ 22 .2 .223.2 2 3 'road$ast /a*load.$om/ression /a$0et.'*./a$0et
;1(config-if)# ;2(config)#
inter#a$e 8erial 5 #rame.rela* ma/ i/ 22 .2 .223.2 2 3 'road$ast /a*load.$om/ression /a$0et.'*./a$0et
;2(config-if)# ;3(config)#
inter#a$e 8erial 5 .223.2 3 2 'road$ast /a*load.$om/ression /a$0et.'*./a$0et .223.2 3 2 'road$ast /a*load.$om/ression /a$0et.'*./a$0et #rame.rela* ma/ i/ 22 .2
;3(config-if?< #rame.rela* ma/ i/ 22 .2 ;3(config-if)#
;1# ping 12$?1$$?123?2 !"pe escape seAuence to a%ort? Sen ing <> 1$$-%"te 3/4P .c&os to 12$?1$$?123?2> timeout is 2 secon s' BBBBB Success rate is 1$$ percent (<,<)> roun -trip min,a6g,max C :,:,: ms * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
uggan
!"'3#
Secti$n 2> -P(4 -=P Pr$t$c$&# ?2@ P$int#A

Secti$n 2 1> 2-='P
E
!onfigure ,&7-$ per +igure (#9 using an AS of *. ,ach ,&7-$ router should ha%e its :oopback ) interface con# figured and ad%ertised within ,&7-$. B( pointsC
Mse %anilla ,&7-$ configuration in preparation for the following "uestions, the only comple4ity is spotting the split# horizon issue with -2 o%er the physical frame#relay network. 'y default, -2 will not ad%ertise the routes learned on its Serial interface from -* back out to -( and %ice %ersa because they all share the same interface. 'y disabling split# horizon for ,&7-$ on -2, the routes are permitted to propagate. &f you ha%e configured this correctly, as shown in ,4# ample (#., you ha%e scored ( points.
2E%MPL2 269
;1(config)#
2-='P C$n/i"urati$n an. Veri/icati$n

router eigr/ 2 no auto.summar* net 22 .2 net 22 .2 net 22 .2 .2. .223. .2 . . . .2-. . .2-. . .2--
;1(config-router)# ;1(config-router)# ;1(config-router)# ;1(config-router)# ;2(config)#
router eigr/ 2 no auto.summar* net&or0 22 .2 net&or0 22 .2 net&or0 22 .2 .2. .223. .2 . . . .2-. . .2-. . .2--
;2(config-router)# ;2(config-router)# ;2(config-router)# ;2(config-router)# ;3(config-if)#
router eigr/ 2 no auto.summar* net&or0 22 .2 net&or0 22 .2 net&or0 22 .2 router eigr/ 2 no auto.summar* net&or0 22 .2 net&or0 22 .2 .4. . . .2-.34. . . .2-.3. .223. .34. . . .2-. . .2-. . .2--
;3(config-router)# ;3(config-router)# ;3(config-router)# ;3(config-router)# ;4(config-router)# ;4(config-router)# ;4(config-router)# ;4(config-router)#
uggan
!"'4#
;<(config)#
router eigr/ 2 no auto.summar* net&or0 22 .2 net&or0 22 .2 .-. .34. . . .2-. . .2--
;<(config-router)# ;<(config-router)# ;<(config-router)#
;1# s%o& i/ route eigr/ 12$?$?$?$,: is 6aria%l" su%nette > = su%nets> 1 mas# D 12$?1$$?4?$,24 F-$,23$$417G 6ia 12$?1$$?123?3> $$'14'<1> Serial$,$,$ D 12$?1$$?<?$,24 F-$,23$$417G 6ia 12$?1$$?123?3> $$'$1'32> Serial$,$,$ D 12$?1$$?3?$,24 F-$,22-=:<7G 6ia 12$?1$$?123?3> $$'42'12> Serial$,$,$ D 12$?1$$?34?$,24 F-$,21=2417G 6ia 12$?1$$?123?3> $$'41'<4> Serial$,$,$ ;3# s%o& i/ route eigr/ 12$?$?$?$,: is 6aria%l" su%nette > - su%nets> 1 mas# D 12$?1$$?4?$,24 F-$,1<717$G 6ia 12$?1$$?34?4> $$'1-'14> (iga%it.t&ernet$,$ D 12$?1$$?<?$,24 F-$,1<717$G 6ia 12$?1$$?34?<> $$'$<'<<> (iga%it.t&ernet$,$ D 12$?1$$?1?$,24 F-$,22-=:<7G 6ia 12$?1$$?123?1> $$'47'3<> Serial$,$,$ D 12$?1$$?2?$,24 F-$,22-=:<7G 6ia 12$?1$$?123?2> $$'47'3<> Serial$,$,$ D 12$?1$$?1$$?$,24 F-$,21=2417G 6ia 12$?1$$?123?1> $$'47'3<> Serial$,$,$ D 12$?1$$?2$$?$,24 F-$,21=2417G 6ia 12$?1$$?123?2> $$'47'3<> Serial$,$,$ ;2# s%o& i/ route eigr/ 12$?$?$?$,: is 6aria%l" su%nette > : su%nets> 1 mas# D 12$?1$$?4?$,24 F-$,23$$417G 6ia 12$?1$$?123?3> $$'1-'<<> Serial$,$ D 12$?1$$?<?$,24 F-$,23$$417G 6ia 12$?1$$?123?3> $$'$7'37> Serial$,$ D 12$?1$$?3?$,24 F-$,22-=:<7G 6ia 12$?1$$?123?3> $$'4='17> Serial$,$ D 12$?1$$?34?$,24 F-$,21=2417G 6ia 12$?1$$?123?3> $$'47'<:> Serial$,$ ;3(config)# inter#a$e 8erial 5 5 no i/ s/lit.%ori1on eigr/ 2
;3(config-if)#
;1# s%o& i/ route eigr/ 12$?$?$?$,: is 6aria%l" su%nette > 1$ su%nets> 1 mas# D 12$?1$$?4?$,24 F-$,23$$417G 6ia 12$?1$$?123?3> $$'14'<1> Serial$,$,$ D 12$?1$$?<?$,24 F-$,23$$417G 6ia 12$?1$$?123?3> $$'$1'32> Serial$,$,$ D 12$?1$$?2?$,24 F-$,2:$-:<7G 6ia 12$?1$$?123?3> $$'3:'32> Serial$,$,$
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. D D D ;1#
uggan
!"+0#
12$?1$$?3?$,24 F-$,22-=:<7G 6ia 12$?1$$?123?3> $$'42'12> Serial$,$,$ 12$?1$$?34?$,24 F-$,21=2417G 6ia 12$?1$$?123?3> $$'41'<4> Serial$,$,$ 12$?1$$?2$$?$,24 F-$,27:4417G 6ia 12$?1$$?123?3> $$'3:'32> Serial$,$,$
;2# s%o& i/ route eigr/ 12$?$?$?$,: is 6aria%l" su%nette > 1$ su%nets> 1 mas# D 12$?1$$?4?$,24 F-$,23$$417G 6ia 12$?1$$?123?3> $$'24'43> Serial$,$ D 12$?1$$?<?$,24 F-$,23$$417G 6ia 12$?1$$?123?3> $$'11'24> Serial$,$ D 12$?1$$?1?$,24 F-$,2:$-:<7G 6ia 12$?1$$?123?3> $$'4:'24> Serial$,$ D 12$?1$$?3?$,24 F-$,22-=:<7G 6ia 12$?1$$?123?3> $$'<2'$4> Serial$,$ D 12$?1$$?34?$,24 F-$,21=2417G 6ia 12$?1$$?123?3> $$'<1'47> Serial$,$ 12$?1$$?1$$?$,24 F-$,27:4417G 6ia 12$?1$$?123?3> $$'4:'24> Serial$,$ D
!onfigure -* to ad%ertise a summary route of *().*)).).)5*N outbound on its serial interface. -2 should see the original F:A1*)) and :oopback ) indi%idual routes in addition to the summary route. >ou can only use one summary route in your configuration. B2 pointsC
Summarization will by default block all longer prefi4es co%ered by the supernet configured on an interface@ as such, the F:A1 *)) and :oopback ) route from -* would not be seen by -2. Allowing specific routes to be ad%ertised with summary routes can be a %alid re"uirement. 8ne method used to achie%e this is by configuring multiple summary routes, but the "uestion does not permit this approach. To facilitate the specific routes with the summary, a leak#map should be configured to match the F:A1 *)) and :oopback ) interfaces on -*. The leak#map, which is configured per a normal route#map, is then applied to the standard summary route statement on -*. &f you ha%e configured this correctly, as shown in ,4ample (#*), you ha%e scored 2 points.
2E%MPL2 261+ '1 Lea0 Map C$n/i"urati$n an. Veri/icati$n
;1(config)# route.ma/ )E(G.9)(N.2 e:it .2 .2. . . 2--.2--. . lea0.ma/ )E(G.9)(N.2 .)EEP . .)EEP /ermit 2 ;1(config-route-map)# ;1(config-route-map)# ;1(config)# ;1(config)# ;1(config)# mat$% i/ address 2
a$$ess.list 2 /ermit 22 .2 a$$ess.list 2 /ermit 22 .2 inter#a$e 8erial 5 5
;1(config-if)#
i/ summar*.address eigr/ 2 22 .2
;3# s%o& i/ route eigr/ 12$?$?$?$,: is 6aria%l" su%nette > 1$ su%nets> 2 mas#s 12$?1$$?4?$,24 D * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
uggan
!"+"#
D D D D D D
F-$,1<717$G 6ia 12$?1$$?34?4> $$'1-'14> (iga%it.t&ernet$,$ 12$?1$$?<?$,24 F-$,1<717$G 6ia 12$?1$$?34?<> $$'$<'<<> (iga%it.t&ernet$,$ 12$?1$$?$?$,17 F-$,21=2417G 6ia 12$?1$$?123?1> $$'34'3-> Serial$,$,$ 12$?1$$?1?$,24 F-$,22-=:<7G 6ia 12$?1$$?123?1> $$'47'3<> Serial$,$,$ 12$?1$$?2?$,24 F-$,22-=:<7G 6ia 12$?1$$?123?2> $$'47'3<> Serial$,$,$ 12$?1$$?1$$?$,24 F-$,21=2417G 6ia 12$?1$$?123?1> $$'47'3<> Serial$,$,$ 12$?1$$?2$$?$,24 F-$,21=2417G 6ia 12$?1$$?123?2> $$'47'3<> Serial$,$,$
,nsure the length of time that ,&7-$ considers neighbors to be %alid without recei%ing a hello packet on the +rame#-elay network between -*, -(, and -2 is ()) seconds@ do not change the hello#inter%al parameter. B( pointsC
,&7-$ considers neighbors to be %alid up to three times the hello inter%al, the +rame#-elay network is considered a slow speed link, and hello packets will be sent e%ery N) seconds. Msually you could tune the hold time by manipulating the hello inter%als on an interface, but this "uestion ensures you can achie%e the desired result only by manually chang# ing the hold#time to ()) under the +rame#-elay interface of -outers -*, -(, and -2. ,4ample (#** shows the re"uired configuration and %erification of hold time by displaying the neighbors< statistics as seen by -2. &f you ha%e configured this correctly, as shown in ,4ample (#**, you ha%e scored ( points.
2E%MPL2 2611 2-='P 5$&. Timer C$n/i"urati$n an. Veri/icati$n
;1(config)# inter#a$e 8erial 5 5 i/ %old.time eigr/ 2 2 ;1(config-if)# ;1(config-if)
.nter configuration comman s> one per line? ;2(config)# inter#a$e 8erial 5 ;2(config-if)# i/ %old.time eigr/ 2 2 ;2(config-if) ;3(config)# inter#a$e 8erial 5 5 i/ %old.time eigr/ 2 2
.n
8it& /N!0,@?
;3(config-if)#
;3(config-if)# do s% i/ eigr/ neig%'ors 3P-.3(;P neig&%ors for process 1 9 5 ress 3nterface 3 2 12$?1$$?123?1 12$?1$$?123?2 Se$,$,$ Se$,$,$
9ol *ptime S;!! (sec) (ms) 1-: $$'$$'<= 3 1-- $$'$1'$$ 3
;!2
Z /nt 2$$ $ 2$$ $
SeA Num 2< 1:
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. 1 $ 12$?1$$?34?< 12$?1$$?34?4 (i$,$ (i$,$
uggan 1 3< 2$$ 21$ $ 21 $ 22
!"+'#
12 $$'23'32 12 $$'23'3<
!onfigure new :oopback interfaces on -* and -( using a :oopback interface ( with an identical &$ address of *L).*)*.*.*5(3 on both routers@ ad%ertise this network into ,&7-$ on each router. ,nsure that -2 prefers the route from -( by manipulating the delay associated with this route. =o not manually adAust the delay associated with the interface by use of the dela* command, and you are permitted to configure only -( to influence the delay. B2 pointsC
-2 will recei%e identical routes from both -* and -( for network *L).*)*.*.)5(3@ as such, both routes will be stored in the topology and routing table. -( could influence the metric calculated by -2 by manipulating the delay of the new :oopback interface or of the serial +rame#-elay interface connecting directly to -2, but this is not permitted. As con# figuration is re"uired solely on -(, the only method a%ailable is to create an offset#list, which enables you to match spe# cific routes and append further delay to them as they are ad%ertised on -( toward -2. &f the offset#list is not applied to the +rame#-elay interface, it would affect the whole process and not Aust ad%ertisements toward -2. ,4ample (#*( shows the configuration re"uired to ad%ertise the new routes and the routes as they are recei%ed on -2. &nitial delay is shown to be (L,)))\S. $ost configuration of the offset#list on -(, the delay is seen to increase to (L,))2\S for the route recei%ed from -(@ as such the route installed into the routing table of -2 is then the original ad%ertised from -* with the more appealing %alue of (L,)))\S. &f you ha%e configured this correctly, as shown in ,4ample (#*(, you ha%e scored 2 points.
2E%MPL2 2612 2-='P C$n/i"urati$n an. Veri/icati$n
;1(config)# inter#a$e )ooo'a$02 i/ address 2- .2 2.2.2 2--.2--.2--. router eigr/ 2 net 2- .2 2.2. . . .2-;1(config-if)# ;1(config-if)#
inter#a$e )oo/'a$02 i/ address 2- .2 2.2.2 2--.2--.2--. router eigr/ 2 net 2- .2 2.2. . . .2--
;2(config-router)#
;3# s%o& i/ route 2- .2 2.2. ;outing entr" for 1<$?1$1?1?$,24 Jno8n 6ia Leigrp 1L> istance -$> metric 22-=:<7> t"pe internal ;e istri%uting 6ia eigrp 1
uggan
!"++#
0ast up ate from 12$?1$$?123?2 on Serial$,$,$> $$'$2'<1 ago ;outing Descriptor 1loc#s' 12$?1$$?123?2> from 12$?1$$?123?2> $$'$2'<1 ago> 6ia Serial$,$,$ ;oute metric is 22-=:<7> traffic s&are count is 1 !otal ela" is 2<$$$ microsecon s> minimum %an 8i t& is 1<44 J%it ;elia%ilit" 2<<,2<<> minimum 4!* 1<$$ %"tes 0oa ing 1,2<<> 9ops 1 I 12$?1$$?123?1> from 12$?1$$?123?1> $$'$2'<1 ago> 6ia Serial$,$,$ ;oute metric is 22-=:<7> traffic s&are count is 1 !otal ela" is 2<$$$ microsecon s> minimum %an 8i t& is 1<44 J%it ;elia%ilit" 2<<,2<<> minimum 4!* 1<$$ %"tes 0oa ing 1,2<<> 9ops 1 ;3# s%o& i/ eigr/ to/olog* 2- .2 2.2. 2--.2--.2--. 3P-.3(;P (5S 1)' !opolog" entr" for 1<$?1$1?1?$,24 State is Passi6e> Zuer" origin flag is 1> 2 Successor(s)> +D is 22-=:<7 ;outing Descriptor 1loc#s' 12$?1$$?123?2 (Serial$,$,$)> from 12$?1$$?123?2> Sen flag is $x$ /omposite metric is (22-=:<7,12:2<7)> ;oute is 3nternal Vector metric' 4inimum %an 8i t& is 1<44 J%it !otal ela" is 2<$$$ microsecon s ;elia%ilit" is 2<<,2<< 0oa is 1,2<< 4inimum 4!* is 1<$$ 9op count is 1 12$?1$$?123?1 (Serial$,$,$)> from 12$?1$$?123?1> Sen flag is $x$ /omposite metric is (22-=:<7,12:2<7)> ;oute is 3nternal Vector metric' 4inimum %an 8i t& is 1<44 J%it !otal ela" is 2<$$$ microsecon s ;elia%ilit" is 2<<,2<< 0oa is 1,2<< 4inimum 4!* is 1<$$ 9op count is 1 ;2(config-router)# do s%o& inter#a$e 8erial 5 Serial$,$ is up> line protocol is up 9ar 8are is (!-7J Serial 3nternet a ress is 12$?1$$?123?2,24 * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. 4!* 1<$$ %"tes> 1W 1<44 J%it> D0O 2$$$$ usec> relia%ilit" 2<<,2<<> txloa 1,2<<> rxloa 1,2<< ;2(config)# ;2(config)# a$$ess.list 2 /ermit 2- .2 2.2. router eigr/ 2 o##set.list 2 out 2 8erial 5
uggan
!"+4#
;2(config-router)#
;3# s%o& i/ route 2- .2 2.2. ;outing entr" for 1<$?1$1?1?$,24 Jno8n 6ia Leigrp 1L> istance -$> metric 22-=:<7> t"pe internal ;e istri%uting 6ia eigrp 1 0ast up ate from 12$?1$$?123?1 on Serial$,$,$> $$'$$'1: ago ;outing Descriptor 1loc#s' I 12$?1$$?123?1> from 12$?1$$?123?1> $$'$$'1: ago> 6ia Serial$,$,$ ;oute metric is 22-=:<7> traffic s&are count is 1 !otal ela" is 2<$$$ microsecon s> minimum %an 8i t& is 1<44 J%it ;elia%ilit" 2<<,2<<> minimum 4!* 1<$$ %"tes 0oa ing 1,2<<> 9ops 1 ;3# s%o& i/ eigr/ to/olog* 2- .2 2.2. 2--.2--.2--. 3P-.3(;P (5S 1)' !opolog" entr" for 1<$?1$1?1?$,24 State is Passi6e> Zuer" origin flag is 1> 1 Successor(s)> +D is 22-=:<7 ;outing Descriptor 1loc#s' 12$?1$$?123?1 (Serial$,$,$)> from 12$?1$$?123?1> Sen flag is $x$ /omposite metric is (22-=:<7,12:2<7)> ;oute is 3nternal Vector metric' 4inimum %an 8i t& is 1<44 J%it !otal ela" is 2<$$$ microsecon s ;elia%ilit" is 2<<,2<< 0oa is 1,2<< 4inimum 4!* is 1<$$ 9op count is 1 12$?1$$?123?2 (Serial$,$,$)> from 12$?1$$?123?2> Sen flag is $x$ /omposite metric is (22-=-<7,12:3<7)> ;oute is 3nternal Vector metric' 4inimum %an 8i t& is 1<44 J%it !otal ela" is 2<$$3 microsecon s ;elia%ilit" is 2<<,2<< 0oa is 1,2<<
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. 4inimum 4!* is 1<$$ 9op count is 1
uggan
!"+0#
Secti$n 2 2> 3SP;

E
!onfigure 8S$+ per +igure (#/ using a process &= of *@ all 8S$+ configuration where possible should not be configured under the process &=. ,ach 8S$+ router should also ha%e its :oopback ) interface configured and ad# %ertised within 8S$+ as followsD B( pointsC -3 :oopback ) Q Area ) -L :oopback ) Q Area ) -N :oopback ) Q Area * Sw* :oopback ) Q Area ( Sw( :oopback ) Q Area * Sw2 :oopback ) Q Area ( Sw3 :oopback ) Q Area
As per :ab *, the "uestion directs you to configure 8S$+ directly under the interfaces of the routers@ the switches still re"uire configuration under the 8S$+ process running this %ersion of &8S. =id you notice that Area ) is partitioned? &f you ha%e configured this correctly, as shown in ,4ample (#*2, you ha%e scored ( points. !onsider using the s%o& i/ os/# inter#a$e command to %erify your configuration.
2E%MPL2 2613 -nitia& 3SP; C$n/i"urati$n
;4(config)# inter#a$e )oo/'a$0 i/ os/# 2 area e:it i/ os/# 2 area 2 ;4(config-if)# ;4(config-if)# ;4(config)# ;4(config-if)# ;<(config)#
inter#a$e Giga'itEt%ernet 52
inter#a$e )oo/'a$0 i/ os/# 2 area e:it
;<(config-if)# ;<(config-if)#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. ;<(config)# inter#a$e Giga'itEt%ernet 52 i/ os/# 2 area 2
uggan
!"+1#
;<(config-if)# ;7(config)#
inter#a$e )oo/'a$0 i/ os/# 2 area 2 inter#a$e Giga'itEt%ernet i/ os/# 2 area 2 inter#a$e Giga'itEt%ernet i/ os/# 2 area 3 52 5
;7(config-if)# ;7(config-if)# ;7(config-if)# ;7(config-if)# ;7(config-if)# SW1(config)# SW1(config)#
i/ routing router os/# 2 net&or0 22 .2 net&or0 22 .2 .7.2 . . . area 2 .-3.2 . . . area 2
SW1(config-router)# SW1(config-router)# SW2(config)#
i/ routing router os/# 2 net 22 .2 net 22 .2 .8.2 . . . area 2 .43.2 . . . area 2
SW2(config-if)#
SW2(config-router)# SW2(config-router)# SW3(config)# SW3(config)#
i/ routing router os/# 2 net&or0 22 .2 net&or0 22 .2 net&or0 22 .2 .-3.3 . . . area 2 .33.3 . . . area 3 .9.2 . . . area 2
SW3(config-router)# SW3(config-router)# SW3(config-router)# SW4(config)# SW4(config)#
i/ routing router os/# 2 net&or0 22 .2 net&or0 22 .2 .2 .2 . . . area 3 .33.4 . . . area 3
SW4(config-router)# SW4(config-router)#
&f you are using a 2LL) as one of your switches, you will e4perience neighbor relationship problems running 8S$+ to your routers or 2LN)s. This is because the default TM %alue is *L)3 on the 2LL) F:A1 interface and *L)) on the routers and 2LN)s. ,4ample (#*3 shows the adAacency issues with Switch * B2LL) in this scenarioC on -L@ by debugging 8S$+ adAacency it can be seen that Switch * has a larger default TM, which will ensure the neighbor adAacency is only e%er partial. The e4ample also shows the Switch 2 B2LN)C default TM %alue on the same F:A1 L2 and the TM modification re"uired on Switch *. 1o e4tra points if you needed to configure this workaround. &f you didn6t spot this,
uggan
!"+2#
you would lose points in this section because of not ha%ing full neighbor adAacencies on Switch *. This type of issue shows Aust how important it is to constantly %alidate your configurations rather than simply e4pecting e%erything to work.
2E%MPL2 2614 '56S)1 3SP; Nei"hb$r -##ue#
;<# s%o& i/ os/# neig%'or Neig&%or 3D 12$?1$$?=?1 t$,1 12$?1$$?-?1 t$,1 Pri 1 1 State Dea !ime .MS!5;!,D;2!9.; $$'$$'3< +*00,D; $$'$$'3: 5 ress 12$?1$$?<3?1 12$?1$$?<3?3 3nterface (iga%it.t&erne (iga%it.t&erne
;<# de'ug i/ os/# adNa$en$* I4a" : 2$'3:'41?$<-' 2SP+' N%r 12$?1$$?=?1 &as larger interface 4!* ;<# ;<# s%o& inter#a$e Giga'itEt%ernet 5 > 'egin M4F 4!* 1<$$ %"tes> 1W 1$$$$$ J%it> D0O 1$$ usec> SW1# s%o& inter#a$e ,lan -3 > 'egin M4F 4!* 1<$4 %"tes> 1W 1$$$$$$ J%it> D0O 1$ usec SW3# s%o& inter#a$e ,lan -3 > 'eg M4F 4!* 1<$$ %"tes> 1W 1$$$$$$ J%it> D0O 1$ usec> SW1(config-if)# SW1(config-if)# int ,lan -3 i/ mtu 2-
;<# s%o& i/ os/# neig%'or Neig&%or 3D 12$?1$$?=?1 12$?1$$?-?1 Pri 1 1 State +*00,D;2!9.; +*00,D; Dea !ime $$'$$'34 $$'$$'3= 5 ress 12$?1$$?<3?1 12$?1$$?<3?3 3nterface (iga%it.t&ernet$,1 (iga%it.t&ernet$,1
Area ) is partitioned between -3 and -LPensure your network can accommodate this issue. >ou are not permit# ted to form any Area ) neighbor relationship directly between -3 and -L to Aoin Area ). B3 pointsC
uggan
!"+3#
A fundamental rule of 8S$+ is not to design your network with a partitioned backbone Area ) or partition if of a failure condition occurs. A %irtual#link between -3 and -L would not work here because you would need to transit multiple 8S$+ areas. A tunnel between the two routers is also not permitted because this would form a direct neighbor relation# ship. >ou are re"uired to configure a %irtual#link between -L and Switch 2 to propagate Area 2 routes and similarly be# tween -3 and -N. 'y then creating an additional %irtual#link between -N and Switch 2, the two effecti%e hal%es of the network ha%e been Aoined at an Area ) le%el. -emember to configure all %irtual#links to the router &= of the remote router as opposed to the physical &$ address on the corresponding interface. ,4ample (#*L shows the re"uired configura# tion to create %irtual#links between -L#S02, -3#-N, and -N#S02. The resulting routing table %erification on Switch 3 shows all networks are being learned correctly post configuration. &f you ha%e configured this correctly, as shown in ,4# ample (#*L, you ha%e scored 3 points.
2E%MPL2 2615 3SP; Virtua&6Lin0 C$n/i"urati$n an. '$utin" Tab&e Veri/icati$n
;<(config)# router os/# 2 area 2 ,irtual.lin0 22 .2 router os/# 2 area 2 ,irtual.lin0 22 .2 .-.2 .9.2 ;<(config-router)# SW3(config-router)# SW3(config-router)# ;4(config)#
;4(config-router)# ;7(config-if)#
router os/# 2 area 2 ,irtual.lin0 22 .2 area 3 ,irtual.lin0 22 .2 .4.2 .9.2
;7(config-router)# ;7(config-router)# SW3(config-if)#
SW3(config-router)#
SW4# s% i/ route os/# 12$?$?$?$,: is 6aria%l" su%nette > 1$ su%nets> 2 mas#s 2 35 12$?1$$?-?1,32 F11$,2G 6ia 12$?1$$?73?3> $$'$$'<4> Vlan73 2 35 12$?1$$?:?1,32 F11$,3G 6ia 12$?1$$?73?7> $$'$$'<4> Vlan73 2 35 12$?1$$?<?1,32 F11$,3G 6ia 12$?1$$?73?3> $$'$$'<4> Vlan73 2 35 12$?1$$?4?1,32 F11$,3G 6ia 12$?1$$?73?7> $$'$$'<4> Vlan73 2 35 12$?1$$?=?1,32 F11$,3G 6ia 12$?1$$?73?3> $$'$$'<4> Vlan73 12$?1$$?7?1,32 F11$,2G 6ia 12$?1$$?73?7> $$'$$'<4> Vlan73 2 35
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. 2 35 2 35 12$?1$$?<3?$,24 12$?1$$?47?$,24 F11$,2G 6ia 12$?1$$?73?3> F11$,2G 6ia 12$?1$$?73?7>
uggan
!"+4#
$$'$$'<4> Vlan73 $$'$$'<<> Vlan73
Secti$n 2 2> '-P(2

E
!onfigure -&$%( between -( and -2, configure a new :oopback interface on -( B:oopback 2C with an &$ ad# dress of *L).*)*.(.*5(3, and ad%ertise this and only this network to -2 from -(. B( pointsC
Although -&$%( is capable of F:S , it is ne%ertheless based on a classful protocol that will by default ad%ertise all the connected interfaces of both -( and -2 when the classful network command is used to acti%ate the routing process. To restrict ad%ertisement to solely the new :oopback interface from -(, a basic distribute#list is re"uired. This should be applied either on the entire process or Aust on the +rame#-elay interface connecting to -2. &t should permit only the new :oopback subnet of *L).*)*.(.)5(3. &f you6re low on time, you may check the routing table of -2 to find that the only -&$%( route recei%ed is that of the new :oopback 2 interface on -(. This is because the F:A1 ()) and :oopback ) in# terfaces of -( already being learned %ia ,&7-$, which of course has a lower admin distance and will therefore not be listed as -&$%( routes within the routing table. ,4ample (#*N shows the basic -&$%( configuration on -( and -2 with debug of -&$%( updates on -( to illustrate which routes are being ad%ertised to -2. The re"uired distribute#list configu# ration is also shown. &f you ha%e configured this correctly, as shown in ,4ample (#*N, you ha%e scored ( points.
2E%MPL2 2617 '2 an. '3 '-P(2 C$n/i"urati$n an. Veri/icati$n
;2(config)# inter#a$e )oo/'a$03 i/ add 2- .2 2.2.2 2--.2--.2--. router ri/ ,ersion 2 no auto.summar* net&or0 2- .2 2. . net&or0 22 . . . ;2(config-if)# ;2(config-if)#
;2(config-router)# ;2(config-router)# ;2(config-router)# ;2(config-router)# ;3(config)#
router ri/ ,ersion 2 no auto.summar* net&or0 22 . . .
;3(config-router)# ;3(config-router)# ;3(config-router)#
;3(config-router)# do s%o& i/ route ri/ 1<$?1$1?$?$,24 is su%nette > 2 su%nets ; 1<$?1$1?2?$ F12$,1G 6ia 12$?1$$?123?2> ;2# s% i/ route ri/
$$'$$'$<> Serial$,$,$
uggan
!"40#
;2# de'ug i/ ri/ I4a" : $<'$$'22?14=' ?123?2) : $<'$$'22?14=' I4a" I4a" : $<'$$'22?14=' I4a" : $<'$$'22?14=' I4a" : $<'$$'22?14=' I4a" : $<'$$'22?14=' I4a" : $<'$$'22?14=' ;2(config)# router ri/
;3P' sen ing 62 up ate to 224?$?$?- 6ia Serial$,$ (12$?1$$ ;3P' %uil up ate entries 12$?1$$?2?$,24 6ia $?$?$?$> metric 1> tag $ 12$?1$$?123?$,24 6ia $?$?$?$> metric 1> tag $ 12$?1$$?2$$?$,24 6ia $?$?$?$> metric 1> tag $ 1<$?1$1?1?$,24 6ia $?$?$?$> metric 1> tag $ 1<$?1$1?2?$,24 6ia $?$?$?$> metric 1> tag $
;2(config-router)# ;2(config-router)# ;2(config)#
distri'ute.list 2 out 8erial 5 e:it
a$$ess.list 2 /ermit 2- .2 2.2.
;2(config)# e:it I4a" : $<'$2'4$?2=1' ;3P' sen ing 62 up ate to 224?$?$?- 6ia Serial$,$ (12$?1$$ ?123?2) I4a" : $<'$2'4$?2=1' ;3P' %uil up ate entries I4a" : $<'$2'4$?2=1' 1<$?1$1?2?$,24 6ia $?$?$?$> metric 1> tag $ ;2# ;3# s%o& i/ route ri/ 1<$?1$1?$?$,24 is su%nette > 2 su%nets 1<$?1$1?2?$ F12$,1G 6ia 12$?1$$?123?2> ;
$$'$$'$2> Serial$,$,$
-2 should not ad%ertise any connected interfaces into -&$%(. =o not filter routing ad%ertisements to achie%e this beha%ior. B( pointsC
'ecause you are not permitted to filter routes as per the pre%ious "uestion, you simply configure the +rame#-elay inter# faces to be passi%e on -2. This allows routing updates to be recei%ed inbound but stops routing ad%ertisements out# bound. ,4ample (#*9 shows the -&$%( routes ad%ertised originally from -2 being recei%ed by -( with the re"uired configuration for -2@ if you ha%e configured this correctly, you ha%e scored ( points.
2E%MPL2 2617 '3 '-P(2 C$n/i"urati$n an. Veri/icati$n
;2# de'ug i/ ri/ I4a" : $<'$<'1$?$31' I4a" : $<'$<'1$?$31' : $<'$<'1$?$31' I4a" ;3P' recei6e 62 up ate from 12$?1$$?123?3 12$?1$$?3?$,24 6ia $?$?$?$ in 1 &ops 12$?1$$?34?$,24 6ia $?$?$?$ in 1 &ops on Serial$,$
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. I4a" : $<'$<'1$?$31'
uggan
!"4"#
12$?1$$?123?$,24 6ia $?$?$?$ in 1 &ops
;3(config)#
;3(config-router)#
router ri/ /assi,e.inter#a$e 8erial 5 5

E
$erform a one#way redistribution of -&$%( into ,&7-$ on -2 using the following default metricD *L33 ()))) (LL * *L)). ,nsure that -* shows a ne4t hop for the -&$%( ad%ertised route of *L).*)*.(.)5(3 of -(. $erform configuration only on -2 for this task. B2 pointsC
A simple redistribution "uestion, on inspection you6d belie%e the only comple4ity would be that of modifying the ne4t hop attribute for -*, which would by default show as -2 for the -&$%( route ad%ertised by -(. &n fact, you would find that the -&$%( route would not be seen on -* post redistribution from -2. This is due to an inherent safety mechanism within ,&7-$ that will cause redistribution issues with routers that ha%e duplicate ,&7-$ router &=s. $re#lab configura# tion ensured that both -* and -( ha%e the same :oopback (LL &$ address, which will force the router &= to be identical. ,4ample (#*/ shows the redistribution configuration on -2. The -&$%( route of*L).*)*.(.)5(3 is recei%ed on -2 but is absent on -*. &nspection of the ,&7-$ topology table for the route on -2 shows that it is being ad%ertised into ,&7-$ and that the router &= of -2 is ()).()).()).())@ similarly, the router &= of -* is also ()).()).()).()). 'y changing the router &= of -2 to that of its :oopback ) interface B*().*)).2.*C, the route is then accepted by -*, but of course a ne4t hop is shown as -2, e%en though -( resides on the same &$ subnet as -* and -( and is the originating router. The ,&7-$ third#party ne4t#hop feature can be used to modify the ne4t#hop attribute with a router redistributing another routing protocol into ,&7-$ in a similar manner to that of '7$. &f you ha%e configured this correctly, as shown in ,4# ample (# */, you ha%e scored 2 points.
2E%MPL2 261@ '3 '-P(2 'e.i#tributi$n C$n/i"urati$n an. Veri/icati$n
;3(config)# router eigr/ 2 redistri'ute ri/ de#ault.metri$ 2-44 2 2-- 2 2;3(config-router)# ;3(config-router)#
;3# s%o& i/ route ri/ 1<$?1$1?$?$,24 is su%nette > 2 su%nets ; 1<$?1$1?2?$ F12$,1G 6ia 12$?1$$?123?2> $$'$$'$<> Serial$,$,$ ;1# s%o& i/ route 2- .2 2.2. H Su%net not in ta%le * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
uggan
!"4'#
;3# s%o& i/ eigr/ to/olog* 2- .2 2.2. 2--.2--.2--. 3P-.3(;P (5S 1)' !opolog" entr" for 1<$?1$1?2?$,24 State is Passi6e> Zuer" origin flag is 1> 1 Successor(s)> +D is 7===:<7 ;outing Descriptor 1loc#s' 12$?1$$?123?2> from ;e istri%ute > Sen flag is $x$ /omposite metric is (7===:<7,$)> ;oute is .xternal Vector metric' 4inimum %an 8i t& is 1<44 J%it !otal ela" is 2$$$$$ microsecon s ;elia%ilit" is 2<<,2<< 0oa is 1,2<< 4inimum 4!* is 1<$$ 9op count is $ .xternal ata' 2riginating router is 2$$?2$$?2$$?2$$ (t&is s"stem) 5S num%er of route is $ .xternal protocol is ;3P> external metric is 1 5 ministrator tag is $ ($x$$$$$$$$) ;3# s%o& i/ eigr/ to/olog* > in$lude ID 3P-.3(;P !opolog" !a%le for 5S(1),3D(2$$?2$$?2$$?2$$) ;3# ;1# s%o& i/ eigr/ to/olog* > in$lude ID ;1# 3P-.3(;P !opolog" !a%le for 5S(1),3D(2$$?2$$?2$$?2$$) ;3(config)# router eigr/ 2 eigr/ router.id 22 .2 .3.2
;3(config-router)#
;3# s%o& i/ eigr/ to/olog* > in$lude ID 3P-.3(;P !opolog" !a%le for 5S(1),3D(12$?1$$?3?1) ;3# s%o& i/ eigr/ to/olog* 2- .2 2.2. 2--.2--.2--. 3P-.3(;P (5S 1)' !opolog" entr" for 1<$?1$1?2?$,24 State is Passi6e> Zuer" origin flag is 1> 1 Successor(s)> ;outing Descriptor 1loc#s' 12$?1$$?123?2> from ;e istri%ute > Sen flag is $x$ /omposite metric is (7===:<7,$)> ;oute is .xternal
+D is 7===:<7
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. Vector metric' 4inimum %an 8i t& is 1<44 J%it !otal ela" is 2$$$$$ microsecon s ;elia%ilit" is 2<<,2<< 0oa is 1,2<< 4inimum 4!* is 1<$$ 9op count is $ .xternal ata' 2riginating router is 12$?1$$?3?1 (t&is s"stem) 5S num%er of route is $ .xternal protocol is ;3P> external metric is 1 5 ministrator tag is $ ($x$$$$$$$$)
uggan
!"4+#
;1# s%o& i/ route 2- .2 2.2. ;outing entr" for 1<$?1$1?2?$,24 Jno8n 6ia Leigrp 1L> istance 1=$> metric =2:-:<7> t"pe external ;e istri%uting 6ia eigrp 1 0ast up ate from 12$?1$$?123?3 on Serial$,$,$> $$'$3'$7 ago ;outing Descriptor 1loc#s' I 12$?1$$?123?3> from 12$?1$$?123?3> $$'$3'$7 ago> 6ia Serial$,$,$ ;oute metric is =2:-:<7> traffic s&are count is 1 !otal ela" is 22$$$$ microsecon s> minimum %an 8i t& is 1<44 J%it ;elia%ilit" 2<<,2<<> minimum 4!* 1<$$ %"tes 0oa ing 1,2<<> 9ops 1 ;3(config-if)# ;3(config-if)# inter#a$e 8erial 5 5 no i/ ne:t.%o/.sel# eigr/ 2
;1# s%o& i/ route 2- .2 2.2. ;outing entr" for 1<$?1$1?2?$,24 Jno8n 6ia Leigrp 1L> istance 1=$> metric =2:-:<7> t"pe external ;e istri%uting 6ia eigrp 1 0ast up ate from 12$?1$$?123?2 on Serial$,$,$> $$'$$'24 ago ;outing Descriptor 1loc#s' I 12$?1$$?123?2> from 12$?1$$?123?3> $$'$$'24 ago> 6ia Serial$,$,$ ;oute metric is =2:-:<7> traffic s&are count is 1 !otal ela" is 22$$$$ microsecon s> minimum %an 8i t& is 1<44 J%it ;elia%ilit" 2<<,2<<> minimum 4!* 1<$$ %"tes 0oa ing 1,2<<> 9ops 1 * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
uggan
!"44#
$erform mutual redistribution of ,&7-$ and 8S$+ on -3 and -L. Mse a metric of L))) for redistributed routes into 8S$+, which should appear as e4ternal Type ( routes and the following R %alues for 8S$+ rotes redistrib# uted into ,&7-$D *L33 ()))) (LL * *L)). B( pointsC
This is an unambiguous redistribution "uestion that sets the scene for the "uestion that follows. ,4ample (#*. shows the re"uired configuration on -3 and -L with %erification of e4ternal ,&7-$ recei%ed routes on -2. 'ecause the metrics are identical on -3 and -L, there are multiple routes with load sharing potential. &f you ha%e configured this correctly, you ha%e scored ( points.
2E%MPL2 2619 '4 an. '5 'e.i#tributi$n C$n/i"urati$n an. Veri/icati$n $n '3
;4(config-router)# ;4(config-router)# ;4(config-router)# ;4(config-router)# ;4(config-router)# ;4(config-router)# router os/# 2 redistri'ute eigr/ 2 su'nets de#ault.metri$ router eigr/ 2 redistri'ute os/# 2 de#ault.metri$ 2-44 2 2-- 2 2-
;<(config-router)# ;<(config-router)# ;<(config-router)# ;<(config-router)# ;<(config-router)# ;<(config-router)#
router os/# 2 redistri'ute eigr/ 2 su'nets de#ault.metri$ router eigr/ 2 redistri'ute os/# 2 de#ault.metri$ 2-44 2 2-- 2 2-
;3# s%o& i/ route eigr/ 1<$?1$1?$?$,24 is su%nette > 2 su%nets D 1<$?1$1?1?$ F-$,22-=:<7G 6ia 12$?1$$?123?1> $$'$<'$<> Serial$,$,$ 12$?$?$?$,: is 6aria%l" su%nette > 2$ su%nets> 3 mas#s D .M 12$?1$$?-?1,32 F1=$,7=:$417G 6ia 12$?1$$?34?<> $$'$$'22> (iga%it.t&ernet$,$ F1=$,7=:$417G 6ia 12$?1$$?34?4> $$'$$'22> (iga%it.t&ernet$,$ D .M 12$?1$$?:?1,32 F1=$,7=:$417G 6ia 12$?1$$?34?<> $$'$$'22> (iga%it.t&ernet$,$ F1=$,7=:$417G 6ia 12$?1$$?34?4> $$'$$'22> (iga%it.t&ernet$,$ D .M 12$?1$$?1$?1,32 F1=$,7=:$417G 6ia 12$?1$$?34?<> $$'$$'22> (iga%it.t&ernet$,$ F1=$,7=:$417G 6ia 12$?1$$?34?4> $$'$$'22> (iga%it.t&ernet$,$ * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. D .M D D D .M D .M
uggan
!"40#
D .M
D D D D .M
D .M
D .M
D D
12$?1$$?<?1,32 F1=$,7=:$417G 6ia 12$?1$$?34?4> $$'$1'<1> (iga%it.t&ernet$,$ 12$?1$$?4?$,24 F-$,1<717$G 6ia 12$?1$$?34?4> $$'$='1=> (iga%it.t&ernet$,$ 12$?1$$?<?$,24 F-$,1<717$G 6ia 12$?1$$?34?<> $$'$='1=> (iga%it.t&ernet$,$ 12$?1$$?4?1,32 F1=$,7=:$417G 6ia 12$?1$$?34?<> $$'$$'23> (iga%it.t&ernet$,$ 12$?1$$?=?1,32 F1=$,7=:$417G 6ia 12$?1$$?34?<> $$'$$'23> (iga%it.t&ernet$,$ F1=$,7=:$417G 6ia 12$?1$$?34?4> $$'$$'23> (iga%it.t&ernet$,$ 12$?1$$?7?1,32 F1=$,7=:$417G 6ia 12$?1$$?34?<> $$'$$'24> (iga%it.t&ernet$,$ F1=$,7=:$417G 6ia 12$?1$$?34?4> $$'$$'24> (iga%it.t&ernet$,$ 12$?1$$?$?$,17 F-$,21=2417G 6ia 12$?1$$?123?1> $$'$<'$=> Serial$,$,$ 12$?1$$?1?$,24 F-$,22-=:<7G 6ia 12$?1$$?123?1> $$'$<'$=> Serial$,$,$ 12$?1$$?2?$,24 F-$,22-=:<7G 6ia 12$?1$$?123?2> $$'$<'$=> Serial$,$,$ 12$?1$$?73?$,24 F1=$,7=:$417G 6ia 12$?1$$?34?<> $$'$$'24> (iga%it.t&ernet$,$ F1=$,7=:$417G 6ia 12$?1$$?34?4> $$'$$'24> (iga%it.t&ernet$,$ 12$?1$$?<3?$,24 F1=$,7=:$417G 6ia 12$?1$$?34?<> $$'$$'24> (iga%it.t&ernet$,$ F1=$,7=:$417G 6ia 12$?1$$?34?4> $$'$$'24> (iga%it.t&ernet$,$ 12$?1$$?47?$,24 F1=$,7=:$417G 6ia 12$?1$$?34?<> $$'$$'24> (iga%it.t&ernet$,$ F1=$,7=:$417G 6ia 12$?1$$?34?4> $$'$$'24> (iga%it.t&ernet$,$ 12$?1$$?1$$?$,24 F-$,21=2417G 6ia 12$?1$$?123?1> $$'$<'$=> Serial$,$,$ 12$?1$$?2$$?$,24 F-$,21=2417G 6ia 12$?1$$?123?2> $$'$<'$:> Serial$,$,$
-2 will ha%e e"ual cost e4ternal ,&7-$ routes to the redistributed 8S$+ subnet *().*)).N2.)5(3 BF:A1 N2C. !onfigure only -2 to ensure that -2 routes %ia a ne4t hop of -L B*().*)).23.LC for this destination subnet. &f this route fails, the route ad%ertised from -3 B*().*)).23.3C should be used dynamically. B2 pointsC
,4ample (#() shows both routes for *().*)).N2.)5(3 recei%ed on -2 from -3 and -L@ because all routers share a com# mon media, the interface connecting to -3 or -L cannot be modified on -2 because this would affect both routes. Simi# larly, an offset#list to manipulate delay would be of no use because you are permitted to configure only -2. >ou are therefore re"uired to penalize the route recei%ed from -3 only to ensure the -L#generated route is preferred on -2. 'y configuring a route#map on -2 to match only the route#source of -3, you can increase the metric for the re"uired route B*().*)).N2.)5(3C. This simply enables the original route recei%ed from -L to take precedence. ,4ample (#() shows the
uggan
!"41#
re"uired configuration and %erification that the route is preferred %ia the -L, the topology table shows that the -3 route is also present and that -3 is effecti%ely the feasible successor for this network on this router. &f the route from -L is withdrawn, the route from -L would enter the routing table automatically. >ou will need a second permit statement on the route#map Bpermit ()C to enable all other routes inbound to -2 to enter unaltered. ,4ample (#() also details the rout# ing tables of each de%ice to confirm redistribution from ,&7-$ into 8S$+ or %ice %ersa. &f you ha%e configured this cor# rectly, as shown in ,4ample (#(), you ha%e scored 2 points.
2E%MPL2 262+ '3 '-P(2 'e.i#tributi$n C$n/i"urati$n an. Veri/icati$n
;3# s%o& i/ route 22 .2 .33. ;outing entr" for 12$?1$$?73?$,24 Jno8n 6ia Leigrp 1L> istance 1=$> metric 7=:$417> t"pe external ;e istri%uting 6ia eigrp 1 0ast up ate from 12$?1$$?34?< on (iga%it.t&ernet$,$> $$'$1'<- ago ;outing Descriptor 1loc#s' 12$?1$$?34?<> from 12$?1$$?34?<> $$'$1'<- ago> 6ia (iga%it.t&ernet$,$ ;oute metric is 7=:$417> traffic s&are count is 1 !otal ela" is 2$$1$$ microsecon s> minimum %an 8i t& is 1<44 J%it ;elia%ilit" 2<<,2<<> minimum 4!* 1<$$ %"tes 0oa ing 1,2<<> 9ops 1 I 12$?1$$?34?4> from 12$?1$$?34?4> $$'$1'<- ago> 6ia (iga%it.t&ernet$,$ ;oute metric is 7=:$417> traffic s&are count is 1 !otal ela" is 2$$1$$ microsecon s> minimum %an 8i t& is 1<44 J%it ;elia%ilit" 2<<,2<<> minimum 4!* 1<$$ %"tes 0oa ing 1,2<<> 9ops 1 ;3(config)# ;3(config)# ;3(config)# a$$ess.list 2 /ermit 22 .2 a$$ess.list 2 /ermit 22 .2 router eigr/ 2 distri'ute.list route.ma/ PEN()I8E.9)(N33 in Giga'itEt%ernet 5 e:it mat$% i/ address 2 mat$% i/ route.sour$e 2 set metri$ Oroute.ma/ PEN()I8E.9)(N33 /ermit 2 .34.4 .33.
;3(config-router)# ;3(config-router)# ;3(config)#
route.ma/ PEN()I8E.9)(N33 /ermit 2
;3(config-route-map)# ;3(config-route-map)# ;3(config-route-map)# ;3(config-route-map)# ;3# s%o& i/ route 22 .2
.33.
uggan
!"42#
;outing entr" for 12$?1$$?73?$,24 Jno8n 6ia Leigrp 1L> istance 1=$> metric 7=:$417> t"pe external ;e istri%uting 6ia eigrp 1 0ast up ate from 12$?1$$?34?< on (iga%it.t&ernet$,$> $$'$$'21 ago ;outing Descriptor 1loc#s' I 12$?1$$?34?<> from 12$?1$$?34?<> $$'$$'21 ago> 6ia (iga%it.t&ernet$,$ ;oute metric is 7=:$417> traffic s&are count is 1 !otal ela" is 2$$1$$ microsecon s> minimum %an 8i t& is 1<44 J%it ;elia%ilit" 2<<,2<<> minimum 4!* 1<$$ %"tes 0oa ing 1,2<<> 9ops 1 ;3# s%o& i/ eigr/ to/olog* 22 .2 .33. 2--.2--.2--. 3P-.3(;P (5S 1)' !opolog" entr" for 12$?1$$?73?$,24 State is Passi6e> Zuer" origin flag is 1> 1 Successor(s)> +D is 7=:$417 ;outing Descriptor 1loc#s' 12$?1$$?34?< ((iga%it.t&ernet$,$)> from 12$?1$$?34?<> Sen flag is $x$ /omposite metric is (7=:$417,7===:<7)> ;oute is .xternal Vector metric' 4inimum %an 8i t& is 1<44 J%it !otal ela" is 2$$1$$ microsecon s ;elia%ilit" is 2<<,2<< 0oa is 1,2<< 4inimum 4!* is 1<$$ 9op count is 1 .xternal ata' 2riginating router is 12$?1$$?<?1 5S num%er of route is 1 .xternal protocol is 2SP+> external metric is 2 5 ministrator tag is $ ($x$$$$$$$$) 12$?1$$?34?4 ((iga%it.t&ernet$,$)> from 12$?1$$?34?4> Sen flag is $x$ /omposite metric is (12:$$$$$$,7===:<7)> ;oute is .xternal Vector metric' 4inimum %an 8i t& is 2$ J%it !otal ela" is $ microsecon s ;elia%ilit" is $,2<< 0oa is $,2<< 4inimum 4!* is $ 9op count is 1 .xternal ata' 2riginating router is 12$?1$$?4?1 * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
N3T2
The full &$ routing tables of each de%ice are pro# %ided within the accom# panying configurations to %erify your redistributed routes.
uggan
!"43#
5S num%er of route is 1 .xternal protocol is 2SP+> external metric is 2 5 ministrator tag is $ ($x$$$$$$$$)

E
!onfigure '7$ peering per +igure (#. as followsD i'7$ -*#-2, -(#-2, -3#-N, -3#S0(, -L#Sw*, -L#sw2, e'7$ -2#-3, -2#-L, Sw3#Sw2, -N#Sw3. Mse :oopback interfaces to peer on all routers with the e4ception of peering between -2#-3 and -2#-L. =o not use the command e'g/.multi%o/ within your configurations. B2 pointsC
The restrictions within the i'7$ peering re"uire you to configure -2, -3, and -L as route reflectors within their own AS. Auto summarization is disabled to ensure '7$ does not summarize routes, and synchronization is disabled because the &7$ will not be synchronized to '7$ within this lab. The "uestion doesn6t dictate that you must configure peer groups, but it is considered good practice when you ha%e more than one peer with a similar peering configuration. The "uestion does, howe%er, dictate that you must not use e'g/.multi%o/. This feature would of course be re"uired for the peering from AS3)) to AS2)) and AS3)) to AS()) because :oopback interfaces are used for the e4ternal peering, here unlike AS*)) to AS()) and AS2)), which peer from connected interfaces. 0ithout e'g/.multi%o/ the peering fails in and outbound from AS3)). The only way to fi4 this is to use a feature that disables connection %erification to establish an e'7$ peering session with a single#hop peer that uses a :oopback interface. Mse of the command neig%'or disa'le. $onne$ted.$%e$0 on -N, Sw2, and Sw3 for the re"uired peering allows the peering to be formed successfully. ,4ample (# (* shows the basic peering configuration for '7$, the e'7$ failure condition obser%ed on peering to and from AS3)), and the re"uired configuration to rectify the condition. &f you ha%e configured this correctly, you ha%e scored 2 points.
2E%MPL2 2621 9=P Peerin" C$n/i"urati$n an. Veri/icati$n
;1(config)# router 'g/ 2 no auto.summar* no s*n$%roni1ation neig%'or 22 .2 neig%'or 22 .2 .3.2 remote.as 2 .3.2 u/date.sour$e )oo/'a$0 ;1(config-router)# ;1(config-router)# ;1(config-router)# ;1(config-router)# ;2(config)#
router 'g/ 2 no auto.summar* no s*n$%roni1ation neig%'or 22 .2 neig%'or 22 .2 .3.2 remote.as 2 .3.2 u/date.sour$e )oo/'a$0
;2(config-router)# ;2(config-router)# ;2(config-router)# ;2(config-router)#
uggan
!"44#
;3(config)#
router 'g/ 2
;3(config-router)# no auto.summar* ;3(config-router)# no s*n$%roni1ation ;3(config-router)# neig%'or (82 /eer.grou/ ;3(config-router)# neig%'or (82 remote.as 2 ;3(config-router)# neig%'or (82 u/date.sour$e )oo/'a$0 ;3(config-router)# ;3(config-router)# ;3(config-router)# ;3(config-router)# ;3(config-router)# ;4(config)# neig%'or 22 .2 neig%'or 22 .2 neig%'or (82 neig%'or 22 .2 neig%'or 22 .2 .2.2 /eer.grou/ (82 .2.2 /eer.grou/ (82 route.re#le$tor.$lient .34.4 remote.as 2 .34.- remote.as 3
router 'g/ 2 router 'g/ 2
;4(config-router)#
;4(config-router)# no auto.summar* ;4(config-router)# no s*n$%roni1ation ;4(config-router)# neig%'or (82 /eer.grou/ ;4(config-router)# neig%'or (82 remote.as 2 ;4(config-router)# neig%'or (82 u/date.sour$e )oo/'a$0 ;4(config-router)# ;4(config-router)# ;4(config-router)# ;4(config-router)# ;<(config)# neig%'or (82 neig%'or 22 .2 neig%'or 22 .2 neig%'or 22 .2 route.re#le$tor.$lient .3.2 /eer.grou/ (82 .8.2 /eer.grou/ (82 .34.3 remote.as 2
router 'g/ 3
;<(config-router)# no auto.summar* ;<(config-router)# no s*n$%roni1ation ;<(config-router)# neig%'or (83 /eer.grou/ ;<(config-router)# neig%'or (83 remote.as 3 ;<(config-router)# neig%'or (83 u/date.sour$e )oo/'a$0 ;<(config-router)# ;<(config-router)# ;<(config-router)# ;<(config-router)# ;7(config)# neig%'or (83 neig%'or 22 .2 neig%'or 22 .2 neig%'or 22 .2 route.re#le$tor.$lient .7.2 /eer.grou/ (83 .9.2 /eer.grou/ (83 .34.3 remote.as 2
;7(config-router)#
router 'g/ 2 no auto.summar*
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. ;7(config-router)# ;7(config-router)# ;7(config-router)# ;7(config-router)# ;7(config-router)# SW1(config)# no s*n$%roni1ation neig%'or 22 .2 neig%'or 22 .2 neig%'or 22 .2 neig%'or 22 .2 .4.2 remote.as 2 .4.2 u/date.sour$e )oo/'a$0 .2 .2 remote.as 4 .2 .2 u/date.sour$e )oo/'a$0
uggan
!"00#
router 'g/ 3 no auto.summar* no s*n$%roni1ation neig%'or 22 .2 neig%'or 22 .2 .-.2 remote.as 3 .-.2 u/date.sour$e )oo/'a$0
SW1(config-router)# SW1(config-router)# SW1(config-router)# SW1(config-router)# SW2(config)#
router 'g/ 2 no auto.summar* no s*n$%roni1ation neig%'or 22 .2 neig%'or 22 .2 .4.2 remote.as 2 .4.2 u/date.sour$e )oo/'a$0
SW2(config-router)# SW2(config-router)# SW2(config-router)# SW2(config-router)# SW3(config)#
router 'g/ 3 no auto.summar* no s*n$%roni1ation neig%'or 22 .2 neig%'or 22 .2 neig%'or 22 .2 neig%'or 22 .2 .-.2 remote.as 3 .-.2 u/date.sour$e )oo/'a$0 .2 .2 remote.as 4 .2 .2 u/date.sour$e )oo/'a$0
SW3(config-router)# SW3(config-router)# SW3(config-router)# SW3(config-router)# SW3(config-router)# SW3(config-router)# SW4(config)#
router 'g/ 4 no auto.summar* no s*n$%roni1ation neig%'or 22 .2 neig%'or 22 .2 neig%'or 22 .2 neig%'or 22 .2 .3.2 remote.as 2 .3.2 u/date.sour$e )oo/'a$0 .9.2 remote.as 3 .9.2 u/date.sour$e )oo/'a$0
SW4(config-router)# SW4(config-router)# SW4(config-router)# SW4(config-router)# SW4(config-router)# SW4(config-router)#
SW4# s% i/ 'g/ neig% 22 .2 .3.2 > in$lude E:ternal .xternal 1(P neig&%or not irectl" connecte ? SW4# s%o& i/ 'g/ neig%'ors 22 .2 .9.2 > in$lude E:ternal .xternal 1(P neig&%or not irectl" connecte ? * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. SW4# SW4# s% i/ 'g/ neig%'ors 22 .2 .3.2 > in$lude a$ti,e No acti6e !/P connection SW4# s% i/ 'g/ neig%'ors 22 .2 .9.2 > in$lude a$ti,e No acti6e !/P connection SW4(config-router)# SW4(config-router)# neig%'or 22 .2 neig%'or 22 .2 .3.2 disa'le.$onne$ted.$%e$0 .9.2 disa'le.$onne$ted.$%e$0
uggan
!"0"#
;7(config-router)# neig%'or 22 .2 SW3(config-router)# neig%'or 22 .2
.2 .2 disa'le.$onne$ted.$%e$0 .2 .2 disa'le.$onne$ted.$%e$0
SW4# s%o& i/ 'g/ neig%'ors 22 .2 .3.2 > in$lude Esta'lis%ed 1(P state C .sta%lis&e > up for $$'$2'$1 SW4# s%o& i/ 'g/ neig%'ors 22 .2 .9.2 > in$lude Esta'lis%ed 1(P state C .sta%lis&e > up for $$'$2'$<
>ou will also find peering issues between -* and -2. ,4ample (#(( shows the routers are informing each other they ha%e an incorrect '7$ identifier. This is simply because both routers ha%e identical :oopback interface address of ()).()).()).()), which is used as the '7$ identifier. 'y changing the &= of one router the peering is established. &t doesn6t matter what you change the &= to, but it needs to be uni"ue@ as such, the :oopback ) interface would be a good choice. 1o e4tra points for this task because this is part of the original peering.
2E%MPL2 2622 '1 an. '3 Peerin" -##ue C$n/i"urati$n an. Veri/icati$n
;1# C 29!3 !23.287! P"GP.3.NE4I6IC(4IEN! sent to neig%'or 22 .2 i entifier 8rong) 4 %"tes /:/:/:/: .3.2 253 J"GP
;3# C 29!2-!3 . 43! P"GP.3.NE4I6IC(4IEN! re$ei,ed #rom neig%'or 22 .2 3 (1(P i entifier 8rong) 4 %"tes /:/:/:/: ;1# s%o& i/ 'g/ summar* > in$lude identi#ier 1(P router i entifier 2$$?2$$?2$$?2$$> local 5S num%er 1$$ ;3# s%o& i/ 'g/ summar* > in$lude identi#ier 1(P router i entifier 2$$?2$$?2$$?2$$> local 5S num%er 1$$
.2.2 25
uggan
!"0'#
;1(config-router)# 'g/ router.id 22 .2 .2.2 I1-'34'4<?47=' H1(P-<-5DK/95N(.' neig&%or 12$?1$$?3?1 *p
-outers -* and -( in AS*)) should be made to passi%ely accept only '7$ sessions. -2 should be configured to acti%ely create only '7$ sessions to -* and -( within AS*)). B2 pointsC
A '7$ speaker by default will attempt to open a session on T!$ port *9. with a configured peer, because such a normal peering arrangement will see two sessions being established to build a successful neighbor relationship. This beha%ior can be modified to effecti%ely allow sessions to be established only either inbound or outbound. The solution to the "uestion is achie%ed by configuring the neig%'or trans/ort $onne$tion.mode to passi%e Bonly inbound connections will be establishedC on -* and -( and acti%e Bonly outbound sessions will be establishedC on -2 .>ou must manually acti# %ate each neighbor on each router for the solution to work effecti%ely. &f you ha%e configured this correctly, as shown in ,4ample (#(2, you ha%e scored 2 points. !onsider using the s%o& i/ 'g/ summar* command to %erify your configura#
XA $:, (#(2 -*, -( and -2 !onnection#mode !onfiguration -*BconfigCY router bgp *)) -*Bconfig#routerCY neighbor *().*)).2.* transport connection#mode passi%e -*Bconfig#routerCY neighbor *().*)).2.* acti%ate -(BconfigCY router bgp *)) -(Bconfig#routerCY neighbor *().*)).2.* transport connection#mode passi%e -2Bconfi(gCY r2outer bgp *)) -(Bconfig#routerCY neighbor *().*)).2.* acti%ate -2Bconfig#routerCY neighbor AS*)) transport connection#mode acti%e -2Bconfig#routerCY neighbor *().*)).*.* acti%ate -2Bconfig#routerCY neighbor *().*)).(.* acti%ate E !onfigure the following :oopback interfaces on -2 and Sw3@ ad%ertise these networks into '7$ using the network commandD B( pointsC -2 Q :oopback interface L B*L(.*)).*)).*5(3C Sw3 Q :oopback interface L B*L(.()).2(.*5(3C Sw3 Q :oopback interface N B*L(.()).22.*5(3C * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
uggan
!"0+#
Sw3 Q :oopback interface 9 B*L(.()).23.*5(3C Sw3 Q :oopback interface / B*L(.()).2L.*5(3C A simple "uestion that creates '7$ routes for the following task. &f you ha%e configured this correctly, as shown in ,4# ample (#(3, you ha%e scored ( points.
2E%MPL2 2624 '3 an. S)4 Net)$r0 %.(erti#ement C$n/i"urati$n an. Veri/icati$n
;3(config)# inter#a$e )oo/'a$0i/ address 2-2.2 router 'g/ 2 net&or0 2-2.2 .2 . mas0 2--.2--.2--. .2 .2 2--.2--.2--. ;3(config-if)# ;3(config-if)#
;3(config-router)# SW4(config)#
inter#a$e )oo/'a$0i/ address 2-2.2 i/ address 2-2.2 i/ address 2-2.2 i/ address 2-2.2 router 'g/ 4 net&or0 2-2.2 net&or0 2-2.2 net&or0 2-2.2 net&or0 2-2.2 .32. mas0 2--.2--.2--. .33. mas0 2--.2--.2--. .34. mas0 2--.2--.2--. .3-. mas0 2--.2--.2--. .32.2 2--.2--.2--. .33.2 2--.2--.2--. .34.2 2--.2--.2--. .3-.2 2--.2--.2--. inter#a$e )oo/'a$03 inter#a$e )oo/'a$07 inter#a$e )oo/'a$08
SW4(config-if)# SW4(config-if)# SW4(config-if)# SW4(config-if)# SW4(config-if)# SW4(config-if)# SW4(config-if)# SW4(config-if)#
SW4(config-router)# SW4(config-router)# SW4(config-router)# SW4(config-router)#
;3# s%o& i/ 'g/ 1(P ta%le 6ersion is 1$> local router 3D is 2$$?2$$?2$$?2$$ Status co es' s suppresse > ampe > & &istor"> I 6ali > Y %est> i - internal> r ;31-failure> S Stale 2rigin co es' i - 3(P> e - .(P> W - incomplete Next 9op Net8or# IY 1<2?1$$?1$$?$,24 $?$?$?$ I 1<2?2$$?32?$,24 12$?1$$?34?4 IY 12$?1$$?34?< I 1<2?2$$?33?$,24 12$?1$$?34?4 4etric 0ocPrf Weig&t Pat& $ 32=7: i $ 2$$ 4$$ i $ 3$$ 4$$ i $ 2$$ 4$$ i
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. IY I 1<2?2$$?34?$,24 IY I 1<2?2$$?3<?$,24 IY 12$?1$$?34?< 12$?1$$?34?4 12$?1$$?34?< 12$?1$$?34?4 12$?1$$?34?<
uggan $ $ $ $ $ 3$$ 2$$ 3$$ 2$$ 3$$ 4$$ 4$$ 4$$ 4$$ 4$$ i i i i i
!"04#
!onfigure -2 to inform -3 that it does not want to recei%e routes ad%ertised from Sw3 for networks *L(.()).22.)5(3, *L(.()).23.)5(3 and *L(.()).2L.)5(3. Achie%e this in such a manner that -3 does not actually ad%ertise these routes toward -2. >ou may also configure -3. B3 pointsC
'7$ has a $refi4#'ased 8utbound -oute +iltering B8-+C mechanism that can send and recei%e capabilities to minimize '7$ updates sent between '7$ peers. Ad%ertisement of 8-+ capability indicates that a peer will accept a prefi4#list from a neighbor and apply the prefi4#list recei%ed from a neighbor locally to a%oid the unnecessary sending of routes that would be blocked by the recei%er anyway. -2 is therefore configured with a prefi4#list that blocks the re"uired routes generated from Sw3, which is sent %ia 8-+ to -3. -3 is configured to recei%e this prefi4#list %ia 8-+, and the routes are blocked outbound at -3. ,4ample (#(L shows the re"uired 8-+ and prefi4#list filtering with the resulting outbound ad%ertisement on -3. The '7$ table on -2 is also displayed showing the routes are no longer being recei%ed from -3 and solely from -L. &f you ha%e configured this correctly, as shown in ,4ample (#(L, you ha%e scored 3 points.
2E%MPL2 2625 9=P 3'; C$n/i"urati$n an. Veri/icati$n
;3(config)# router 'g/ 2 ;3(config-router)# neig%'or 22 .2 .34.4 $a/a'ilit* or# /re#i:.list send ;3(config-router)# neig%'or 22 .2 .34.4 /re#i:.list 6I)4E+ in ;3(config)# i/ /re#i:.list 6I)4E+ se7 - den* 2-2.2 .33. 524 ;3(config)# i/ /re#i:.list 6I)4E+ se7 2 den* 2-2.2 .34. 524 ;3(config)# ;3(config)# ;4(config)# i/ /re#i:.list 6I)4E+ se7 2- den* 2-2.2 .3-. 524 i/ /re#i:.list 6I)4E+ se7 2 /ermit . . . 5 le 32 router 'g/ 2 neig%'or 22 .2 e:it .34.3 $a/a'ilit* or# /re#i:.list re$ei,e
;4(config-router)# ;4(config-router)# ;4(config)# e:it
;4# s%o& i/ 'g/ neig%'ors 22 .2 .34.3 ad,ertised.routes 1(P ta%le 6ersion is 1=> local router 3D is 12$?1$$?4?1 Status co es' s suppresse > ampe > & &istor"> I 6ali > Y %est> i - internal> r ;31-failure> S Stale 2rigin co es' i - 3(P> e - .(P> W - incomplete * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
uggan
!"00#
Net8or# IYi1<2?2$$?32?$,24
Next 9op 12$?1$$?1$?1
4etric 0ocPrf Weig&t Pat& $ 1$$ $ 4$$ i
!otal num%er of prefixes 1 ;3# $lear i/ 'g/ C ;3# s%o& i/ 'g/ 1(P ta%le 6ersion is 7> local router 3D is 2$$?2$$?2$$?2$$ Status co es' s suppresse > ampe > & &istor"> I 6ali > Y %est> i - internal> r ;31-failure> S Stale 2rigin co es' i - 3(P> e - .(P> W - incomplete Next 9op Net8or# 1<2?1$$?1$$?$,24 $?$?$?$ 1<2?2$$?32?$,24 12$?1$$?34?4 12$?1$$?34?< 1<2?2$$?33?$,24 12$?1$$?34?< 1<2?2$$?34?$,24 12$?1$$?34?< 1<2?2$$?3<?$,24 12$?1$$?34?< 4etric 0ocPrf Weig&t Pat& $ 32=7: i $ 2$$ 4$$ $ 3$$ 4$$ $ 3$$ 4$$ $ 3$$ 4$$ $ 3$$ 4$$
IY IY I IY IY IY
i i i i i
!onfigure a route#map on -L that prepends it6s local AS ( an additional ( times for network *L(.()).2(.)5(3 when ad%ertised to -2. The route#map may contain multiple permit statements but only one prepend is permitted per line. B2 pointsC
A simple AS path prepend "uestion, or so it seems. 1ormally you would prepend the same AS number multiple times within the same permit statement, but the "uestion restricts this so you are forced to use multiple permit statements with the same AS prepend statement. ,4ample (#(N shows the route *L(.()).2(.)5(3 as recei%ed initially on -2 from -L with an AS path of 2))#3)). After configuration of the route#map to prepend the route on -L twice, the network is recei%ed on -2 with an AS path of 2))#2))#3)). This might look like the route has indeed been prepended twice, but the "uestion re"uests an SadditionalT two times@ in fact, the route has been prepended only once. The problem is that the route# map /ermit 2 statement on -2 has been e4ecuted, and the route#map will then not e%aluate any additional route map entries and simply drops out, so the permit () statement is ne%er actually e4ecuted. 'y configuring a $ontinue 2 statement within the /ermit 2 line, the router is forced to e%aluate the permit () line. -ather than dropping out of the route#map after successful e4ecution of the /ermit 2 statement, the final %erification within ,4ample (#(N shows the route recei%ed on -2 with successful prepend applied by -L. &f you ha%e configured this correctly, as shown in ,4ample (#(N, you ha%e scored 2 points.
uggan
!"01#
2E%MPL2 2627 '5 Prepen. C$n/i"urati$n an. Veri/icati$n

;3# s%o& i/ 'g/ 1(P ta%le 6ersion is 7> local router 3D is 2$$?2$$?2$$?2$$ Status co es' s suppresse > ampe > & &istor"> I 6ali > Y %est> i - internal> r ;31-failure> S Stale 2rigin co es' i - 3(P> e - .(P> W - incomplete Net8or# Next 9op 1<2?1$$?1$$?$,24 $?$?$?$ 1<2?2$$?32?$,24 12$?1$$?34?4 12$?1$$?34?< 1<2?2$$?33?$,24 12$?1$$?34?< 1<2?2$$?34?$,24 12$?1$$?34?< 1<2?2$$?3<?$,24 12$?1$$?34?< router 'g/ 3 neig%'or 22 .2 e:it .32. .34.3 route.ma/ P+EPEND out 4etric 0ocPrf Weig&t Pat& $ 32=7: i $ 2$$ 4$$ $ 3$$ 4$$ $ 3$$ 4$$ $ 3$$ 4$$ $ 3$$ 4$$
IY IY I IY IY IY
i i i i i
;<(config)#
;<(config-router)# ;<(config-router)# ;<(config)# ;<(config)#
a$$ess.list 2 /ermit 2-2.2
route.ma/ P+EPEND /ermit 2 mat$% i/ address 2 set as./at% /re/end 3 route.ma/ P+EPEND /ermit 2 mat$% i/ address 2 set as./at% /re/end 3 route.ma/ P+EPEND /ermit 3
;<(config-route-map)# ;<(config-route-map)# ;<(config-route-map)# ;<(config-route-map)# ;<(config-route-map)# ;<(config-route-map)#
;3# s%o& i/ 'g/ 1(P ta%le 6ersion is 7> local router 3D is 2$$?2$$?2$$?2$$ Status co es' s suppresse > ampe > & &istor"> I 6ali > Y %est> i - internal> r ;31-failure> S Stale 2rigin co es' i - 3(P> e - .(P> W - incomplete Net8or# Next 9op 1<2?1$$?1$$?$,24 $?$?$?$ 1<2?2$$?32?$,24 12$?1$$?34?4 12$?1$$?34?< 1<2?2$$?33?$,24 12$?1$$?34?< 1<2?2$$?34?$,24 12$?1$$?34?< 4etric 0ocPrf Weig&t Pat& $ 32=7: i $ 2$$ 4$$ i $ 3$$ 3$$ 4$$ i $ 3$$ 4$$ i $ 3$$ 4$$ i
IY IY I IY IY
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. IY 1<2?2$$?3<?$,24 ;<(config)# 12$?1$$?34?<
uggan $ 3$$ 4$$ i
!"02#
route.ma/ P+EPEND /ermit 2 $ontinue 2
;<(config-route-map)# ;3# $lear i/ 'g/ C
;3# s%o& i/ 'g/ 1(P ta%le 6ersion is 7> local router 3D is 2$$?2$$?2$$?2$$ Status co es' s suppresse > ampe > & &istor"> I 6ali > Y %est> i - internal> r ;31-failure> S Stale 2rigin co es' i - 3(P> e - .(P> W - incomplete Next 9op Net8or# 1<2?1$$?1$$?$,24 $?$?$?$ 1<2?2$$?32?$,24 12$?1$$?34?4 12$?1$$?34?< 1<2?2$$?33?$,24 12$?1$$?34?< 1<2?2$$?34?$,24 12$?1$$?34?< 1<2?2$$?3<?$,24 12$?1$$?34?< 4etric 0ocPrf Weig&t Pat& $ 32=7: i $ 2$$ 4$$ $ 3$$ 3$$ $ 3$$ 4$$ $ 3$$ 4$$ $ 3$$ 4$$
IY IY I IY IY IY
i 3$$ 4$$ i i i i

E
!onfigure &$%N addresses on your network as followsD ())9D!*LD!)D*)DD*5N3 # -* 7i)5) ())9D!*LD!)D**DD*5N3 Q -* tunnel) ())9D!*LD!)D**DD25N3 Q -2 tunnel) ())9D!*LD!)D*(DD(5N3 # -( tunnel) ())9D!*LD!)D*(DD25N3 Q -2 tunnel* ())9D!*LD!)D*2DD(5N3 Q -( fe)5* ())9D!*LD!)D*3DD25N3 Q -2 7i)5) ())9D!*LD!)D*3DD35N3 Q -3 7i)5)
uggan
!"03#
())9D!*LD!)D*3DDL5N3 Q -L 7i)5) ())9D!*LD!)D*LDDL5N3 Q -3 7i)5* ())9D!*LD!)D*LDDN5N3 Q -N 7i)5) The prere"uisite to the following "uestions is configuration of the &$%N addresses and tunnel interfaces. >ou should test your &$%N connecti%ity post configuration to ensure you are ready to progress to the routing "uestions. >ou will not re# "uire +rame#-elay maps to achie%e connecti%ity because tunneling is re"uired rather than &$%N directly configured un# der the serial interfaces on -*, -(, and -2. ,4ample (#(9 shows the initial &$%N configuration@ tunnel specifics are pro%ided in later "uestions, so Aust creating the tunnel interfaces and configuring an &$%N address is re"uired at this point. 1o points are on offer here for this task, unfortunately. !onsider using the s%o& i/,3 inter#a$es 'rie# command for a "uick check of your interface configuration.
2E%MPL2 2627 -P(7 -nitia& C$n/i"urati$n
;1(config)# ;1(config)# i/,3 uni$ast.routing inter#a$e Giga'itEt%ernet 52 i/,3 address 2 inter#a$e tunnel i/,3 address 2 7!C2-!C !22!!2534 7!C2-!C !2 !!2534
;1(config-if)# ;1(config-if)# ;1(config-if)# ;2(config)# ;2(config)#
i/,3 uni$ast.routing inter#a$e 6astEt%ernet i/,3 address 2 inter#a$e tunnel i/,3 address 2 7!C2-!C !22!!2534 52 7!C2-!C !23!!2534
i/,3 uni$ast.routing int Giga'itEt%ernet 5 i/,3 address 2 inter#a$e tunnel i/,3 address 2 i/,3 address 2 7!C2-!C !22!!3534 7!C2-!C !22!!3534 inter#a$e tunnel2 7!C2-!C !24!!3534
;3(config-if)# ;3(config-if)# ;3(config-if)# ;3(config-if)# ;3(config-if)# ;4(config)# ;4(config)#
i/,3 uni$ast.routing inter#a$e Giga'itEt%ernet 5
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. ;4(config-if)# ;4(config-if)# ;4(config-if)# ;<(config)# ;<(config)# i/,3 address 2 i/,3 address 2 7!C2-!C !24!!4534 7!C2-!C !2-!!4534
uggan
!"04#
inter#a$e Giga'itEt%ernet 52
i/,3 uni$ast.routing inter#a$e Giga'itEt%ernet 5 i/,3 address 2 7!C2-!C !24!!-534
;<(config-if)# ;7(config)# ;7(config)#
i/,3 uni$ast.routing inter#a$e Giga'itEt%ernet 5 i/,3 address 2 7!C2-!C !2-!!3534
;7(config-if)#
Secti$n 4 1> 2-='P(7

E
!onfigure ,&7-$%N between -*, -(, and -2. ,&7-$%N should be enabled on the ,thernet interfaces of -* and -( and on all tunnel interfaces of -*, -(, and -2. 'uild your tunnels using i/,3i/ modePuse an AS number of N on all re"uired interfaces. B( pointsC
This is a straightforward ,&7-$%N configuration that re"uires the AS number of N applied to the re"uired interfaces. The tunnel mode information is supplied within this "uestion of i/,3i/ for a manually configured &$%N tunnel. 8ne thing to remember with ,&7-$%N is that you need to start the process with a no s%ut command within the routing process. &f you ha%e configured this correctly, as shown in ,4ample (#(/, you ha%e scored ( points.
2E%MPL2 262@ 2-='P(7 C$n/i"urati$n an. Veri/icati$n
;1(config)# inter#a$e Giga'itEt%ernet 52 i/,3 eigr/ 3 inter#a$e 4unnel i/,3 eigr/ 3 tunnel sour$e 8erial 5 5 tunnel destination 22 .2 tunnel mode i/,3i/ i/,3 router eigr/ 3 no s%utdo&n 52 .223.3 ;1(config-if)# ;1(config-if)# ;1(config-if)# ;1(config-if)# ;1(config-if)# ;1(config-if)# ;1(config-if)#
inter#a$e 6astEt%ernet i/,3 eigr/ 3 inter#a$e 4unnel
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. ;2(config-if)# ;2(config-if)# ;2(config-if)# ;2(config-if)# ;2(config-if)# i/,3 eigr/ 3 tunnel sour$e 8erial 5 tunnel destination 22 .2 tunnel mode i/,3i/ i/,3 router eigr/ 3 no s%utdo&n .223.3
uggan
!"10#
inter#a$e 4unnel i/,3 eigr/ 3 tunnel sour$e 8erial 5 5 tunnel destination 22 .2 tunnel mode i/,3i/ inter#a$e 4unnel2 i/,3 eigr/ 3 tunnel sour$e 8erial 5 5 tunnel destination 22 .2 tunnel mode i/,3i/ i/,3 router eigr/ 3 no s%utdo&n .223.2 .223.2
;3(config-if)# ;3(config-if)# ;3(config-if)# ;3(config-if)# ;3(config-if)# ;3(config-if)# ;3(config-if)# ;3(config-if)# ;3(config-if)# ;3(config-if)#
;3(config-router)#
;1# s%o& i/,3 route eigr/ 3P67 ;outing !a%le - : entries /o es' / - /onnecte > 0 - 0ocal> S - Static> ; - ;3P> 1 1(P * - Per-user Static route> 4 - 43P67 31 - 3S3S 01> 32 - 3S3S 02> 35 - 3S3S interarea> 3S - 3S3S summar" 2 - 2SP+ intra> 23 - 2SP+ inter> 2.1 - 2SP+ ext 1> 2.2 - 2SP+ ext 2 2N1 - 2SP+ NSS5 ext 1> 2N2 - 2SP+ NSS5 ext 2 D - .3(;P> .M - .3(;P external D 2$$='/1<'/$'12'',74 F-$,31$$44417G 6ia +.:$''=:74'=1$3> !unnel$ D 2$$='/1<'/$'13'',74 F-$,31$$=$$17G 6ia +.:$''=:74'=1$3> !unnel$ ;2# s%o& i/,3 route eigr/ 3P67 ;outing !a%le - : entries /o es' / - /onnecte > 0 - 0ocal> S - Static> ; - ;3P> 1 1(P * - Per-user Static route> 4 - 43P67 31 - 3S3S 01> 32 - 3S3S 02> 35 - 3S3S interarea> 3S - 3S3S summar" 2 - 2SP+ intra> 23 - 2SP+ inter> 2.1 - 2SP+ ext 1> 2.2 - 2SP+ ext 2 * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. 2N1 - 2SP+ NSS5 ext 1> 2N2 - 2SP+ NSS5 ext 2 D - .3(;P> .M - .3(;P external 2$$='/1<'/$'1$'',74 F-$,31$$=$$17G 6ia +.:$''=:74'=/$3> !unnel$ 2$$='/1<'/$'11'',74 F-$,31$$44417G 6ia +.:$''=:74'=/$3> !unnel$
uggan
!"1"#
D D
;3# s%o& i/,3 route eigr/ 3P67 ;outing !a%le - - entries /o es' / - /onnecte > 0 - 0ocal> S - Static> ; - ;3P> 1 1(P * - Per-user Static route> 4 - 43P67 31 - 3S3S 01> 32 - 3S3S 02> 35 - 3S3S interarea> 3S - 3S3S summar" 2 - 2SP+ intra> 23 - 2SP+ inter> 2.1 - 2SP+ ext 1> 2.2 - 2SP+ ext 2 2N1 - 2SP+ NSS5 ext 1> 2N2 - 2SP+ NSS5 ext 2 D - .3(;P> .M - .3(;P external D 2$$='/1<'/$'1$'',74 F-$,2-=2=$$17G 6ia +.:$''=:74'=1$1> !unnel$ D 2$$='/1<'/$'13'',74 F-$,2-=2=$$17G 6ia +.:$''=:74'=/$2> !unnel1
Secti$n 4 2> 3SP;(3

E
!onfigure 8S$+%2 per +igure (#**@ use an 8S$+%2 process of * on each router. B( pointsC
Mse %anilla 8S$+%2 configuration between -2, -3, -L, and -N. &f you ha%e configured this correctly, as shown in ,4# ample (#(., you ha%e scored ( points.
2E%MPL2 2629 3SP;(3 C$n/i"urati$n an. Veri/icati$n
;3(config)# inter#a$e Giga'itEt%ernet 5 i/,3 os/# 2 area ;3(config-if)# ;4(config)#
inter#a$e Giga'itEt%ernet 5 i/,3 os/# 2 area inter#a$e Giga'itEt%ernet 52 i/,3 os/# 2 area 2
;<(config)# inter#a$e Giga'itEt%ernet 5 ;<(config-if)# i/,3 os/# 2 area
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. ;7(config)# inter#a$e Giga'itEt%ernet 5 i/,3 os/# 2 area 2
uggan
!"1'#
;7(config-if)#
;3# s%o& i/,3 route os/# 3P67 ;outing !a%le - 11 entries /o es' / - /onnecte > 0 - 0ocal> S - Static> ; - ;3P> 1 1(P * - Per-user Static route 31 - 3S3S 01> 32 - 3S3S 02> 35 - 3S3S interarea> 3S - 3S3S summar" 2 - 2SP+ intra> 23 - 2SP+ inter> 2.1 - 2SP+ ext 1> 2.2 - 2SP+ ext 2 2N1 - 2SP+ NSS5 ext 1> 2N2 - 2SP+ NSS5 ext 2 D - .3(;P> .M - .3(;P external 23 2$$='/1<'/$'1<'',74 F11$,2G 6ia +.:$''213'/3++'+.=1'.45$> (iga%it.t&ernet$,$ ;<# s%o& i/,3 route os/# 3P67 ;outing !a%le - < entries * - Per-user Static route /o es' / - /onnecte > 0 - 0ocal> S - Static> ; - ;3P> 1 - 1(P 31 - 3S3S 01> 32 - 3S3S 02> 35 - 3S3S interarea> 3S - 3S3S summar" 2 - 2SP+ intra> 23 - 2SP+ inter> 2.1 - 2SP+ ext 1> 2.2 - 2SP+ ext 2 2N1 - 2SP+ NSS5 ext 1> 2N2 - 2SP+ NSS5 ext 2 D - .3(;P> .M - .3(;P external 23 2$$='/1<'/$'1<'',74 F11$,2G 6ia +.:$''213'/3++'+.=1'.45$> (iga%it.t&ernet$,$
N3T2
The 8S$+%2 routing table of -3 is not shown in ,4ample (#(. because this router physically connects to each &$%N network and as such will not disco%er any 8S$+%2 dynamic routes at this point in time. E
;7# s%o& i/,3 route os/# 3P67 ;outing !a%le - < entries /o es' / - /onnecte > 0 - 0ocal> S - Static> ; - ;3P> 1 1(P * - Per-user Static route 31 - 3S3S 01> 32 - 3S3S 02> 35 - 3S3S interarea> 3S - 3S3S summar" 2 - 2SP+ intra> 23 - 2SP+ inter> 2.1 - 2SP+ ext 1> 2.2 - 2SP+ ext 2 2N1 - 2SP+ NSS5 ext 1> 2N2 - 2SP+ NSS5 ext 2 D - .3(;P> .M - .3(;P external 23 2$$='/1<'/$'14'',74 F11$,2G 6ia +.:$''213'/3++'+.=1'.451> (iga%it.t&ernet$,$
DEC DECC2E DD"(22" "" ""ED"
!onfigure Area * with &$sec authentication, use " . B( pointsC
essage =igest L, a Security $olicy &nde4 of L)), and a key of
uggan
!"1+#
Authentication is re"uired on -3 and -N because they both belong to Area *. The "uestion e4plicitly states the specific parameters re"uired, and you shouldn6t encounter any issues unless you incorrectly enter one of the keys. At 2( He4 characters long, this could easily be done while under a time constraint. &f you ha%e configured this correctly, as shown in ,4ample (#2), you ha%e scored ( points.
2E%MPL2 263+ %rea 1 %uthenticati$n C$n/i"urati$n
;4(config)# i/,3 router os/# 2 area 2 aut%enti$ation i/se$ s/i md- D./$D.//1.$DD15111$11$11.D1$$1$$ ;4(config-router)# ;7(config)#
;7(config-router)#
i/,3 router os/# 2 area 2 aut%enti$ation i/se$ s/i -
md- D./$D.//1.$DD15111$11$11.D1$$1$$
,nsure the area router in Area * recei%es the following route@ you may configure -3 to achie%e thisD B( pointsC 8& ())9DD5*N H**)5(I %ia XXXXDDXXXXDXXXXDXXXXDXXXX, 7igabit,thernet)5)
The only area router within Area * is -N. -3 is the area border router within this area. 8& within the routing table is an 8S$+ &nterarea route, so this route must be generated from another area. 'ecause Area ) is the only other area within the 8S$+%2 network, the route must be generated from this area as opposed to a redistributed route, which would show as an e4ternal route. A summary route generated on the area border -outer -3 of ())9DD5*N within area ) will pro%ide the re"uired route to be recei%ed on -N. &f you ha%e configured this correctly, as shown in ,4ample (#2*, you ha%e scored ( points.
2E%MPL2 2631 3SP;(3 C$n/i"urati$n an. Veri/icati$n

;4(config)# i/,3 router os/# 2 area range 2 7!!523 ;4(config-rtr)#
;7# s%o& i/,3 route os/# > in$lude EI 23 2$$='',17 F11$,2G 6ia +.:$''213'/3++'+.=1'.451> (iga%it.t&ernet$,$
uggan
!"14#

E
-edistribute ,&7-$%N into 8S$+%2 on -2. -edistributed ,&7-$%N routes should ha%e a metric of L))) associ# ated with them, regardless of which area they are seen in within the 8S$+%2 network. B( pointsC
A one#way redistribution of ,&7-$%N to 8S$+%2 is re"uired on -2. The default redistribution beha%ior ensures that e4# ternal routes are ad%ertised as e4ternal Type (, which ha%e a fi4ed cost associated with them regardless of which area or location of the 8S$+%2 network they are seen in. >ou simply re"uire the metric set to L))) on the 8S$+%2 process. >ou need to remember to ad%ertise connected routes also@ otherwise, the 8S$+%2 network will not see the directly connected tunnel interfaces on -2. &f you ha%e configured this correctly, as shown in ,4ample (#2(, you ha%e scored ( points.
2E%MPL2 2632 '3 -p(7 'e.i#tributi$n C$n/i"urati$n an. Veri/icati$n
;3(config)# i/,3 router os/# 2 redistri'ute eigr/ 3 in$lude.$onne$ted metri$ ;3(config-rtr)#
;4# s%o& i/,3 route os/# 3P67 ;outing !a%le - 11 entries /o es' / - /onnecte > 0 - 0ocal> S - Static> ; - ;3P> 1 1(P * - Per-user Static route 31 - 3S3S 01> 32 - 3S3S 02> 35 - 3S3S interarea> 3S - 3S3S summar" 2 - 2SP+ intra> 23 - 2SP+ inter> 2.1 - 2SP+ ext 1> 2.2 - 2SP+ ext 2 2N1 - 2SP+ NSS5 ext 1> 2N2 - 2SP+ NSS5 ext 2 D - .3(;P> .M - .3(;P external 2 2$$='',17 F11$,$G 6ia ''> Null$ 2.2 2$$='/1<'/$'1$'',74 F11$,<$$$G 6ia +.:$''214'75++'+.+/'=3-$> (iga%it.t&ernet$,$ 2.2 2$$='/1<'/$'11'',74 F11$,<$$$G 6ia +.:$''214'75++'+.+/'=3-$> (iga%it.t&ernet$,$ 2.2 2$$='/1<'/$'12'',74 F11$,<$$$G 6ia +.:$''214'75++'+.+/'=3-$> (iga%it.t&ernet$,$ 2.2 2$$='/1<'/$'13'',74 F11$,<$$$G 6ia +.:$''214'75++'+.+/'=3-$> (iga%it.t&ernet$,$
!onfigure -2 so that both -* and -( ha%e the following &$%N ,&7-$%N route in place@ do not redistribute 8S$+ into ,&7-$%N to achie%e this, and ensure all routers ha%e full %isibility. B( pointsC
uggan
!"10#
= ())9DD5*N H.)5XXXXXXXXXI %ia XXXXDDXXXXDXXXXDXXXXDXXXX, Tunnel) >ou should ha%e noticed in the pre%ious "uestion that mutual redistribution was not re"uired@ as such, the ,&7-$%N network would not ha%e reachability of the 8S$+%2 network. This "uestion ensures the -&$ng network sends traffic to -2 for the summarized network of ())9DD5*N. 'ecause you are not permitted to redistribute 8S$+%2 with a summary ad# dress, you need to configure ,&7-$%N summarization on the tunnel interfaces on -2 toward -* and -(@ this will pro# %ide the correct route and hop count as per the "uestion. ,4ample (#22 shows the re"uired configuration and %erification of the route, in addition to &! $ reachability to the remote 8S$+%2 Area * network on -N. This test clearly demonstrates full end#to#end reachability from ,&7-$%N to 8S$+%2. &f you ha%e configured this correctly, as shown in ,4ample (#22, you ha%e scored ( points.
2E%MPL2 2633 '3 -p(7 SummariGati$n C$n/i"urati$n an. Veri/icati$n
;3(config)# inter#a$e tunnel i/,3 summar*.address eigr/ 3 2 inter#a$e tunnel 2 i/,3 summar*.address eigr/ 3 2 7!!523 7!!523 ;3(config-if)# ;3(config-if)# ;3(config-if)#
;1# s%o& i/,3 route eigr/ 3P67 ;outing !a%le - 7 entries /o es' / - /onnecte > 0 - 0ocal> S - Static> ; - ;3P> 1 1(P * - Per-user Static route> 4 - 43P67 31 - 3S3S 01> 32 - 3S3S 02> 35 - 3S3S interarea> 3S - 3S3S summar" 2 - 2SP+ intra> 23 - 2SP+ inter> 2.1 - 2SP+ ext 1> 2.2 - 2SP+ ext 2 2N1 - 2SP+ NSS5 ext 1> 2N2 - 2SP+ NSS5 ext 2 D - .3(;P> .M - .3(;P external D 2$$='',17 F-$,31$$44417G 6ia +.:$''=:74'=1$3> !unnel$ ;1# /ing i/,3 2 7!C2-!C !2-!!3
!"pe escape seAuence to a%ort? Sen ing <> 1$$-%"te 3/4P .c&os to 2$$='/1<'/$'1<''7> timeout is 2 secon s' BBBBB Success rate is 1$$ percent (<,<)> roun -trip min,a6g,max C 4,=,: ms ;2# s%o& i/,3 route eigr/
uggan
!"11#
3P67 ;outing !a%le - 7 entries /o es' / - /onnecte > 0 - 0ocal> S - Static> ; - ;3P> 1 1(P * - Per-user Static route> 4 - 43P67 31 - 3S3S 01> 32 - 3S3S 02> 35 - 3S3S interarea> 3S - 3S3S summar" 2 - 2SP+ intra> 23 - 2SP+ inter> 2.1 - 2SP+ ext 1> 2.2 - 2SP+ ext 2 2N1 - 2SP+ NSS5 ext 1> 2N2 - 2SP+ NSS5 ext 2 D - .3(;P> .M - .3(;P external D 2$$='',17 F-$,31$$44417G 6ia +.:$''=:74'=/$3> !unnel$ ;2# /ing i/,3 2 7!C2-!C !2-!!3
!"pe escape seAuence to a%ort? Sen ing <> 1$$-%"te 3/4P .c&os to 2$$='/1<'/$'1<''7> timeout is 2 secon s' BBBBB Success rate is 1$$ percent (<,<)> roun -trip min,a6g,max C 4,=,: ms
Secti$n 5> B$S ?7 P$int#A

E
Two &$ %ideoconferencing units are to be installed onto Switch ( ports +ast,thernet )5*L and )5*N on F:A1 ()). The de%ices use T!$ $orts 2(2)Q2(2* and M=$ $orts 2(2)Q2(2L, and this traffic is unmarked from the de# %ices because it enters the switch. !onfigure Switch ( to assign a =S!$ %alue of A+3* to %ideo traffic from both of these de%ices. ,nsure that the switch ports assigned to the de%ices do not participate in the usual spanning#tree checks, cannot form trunk links, and cannot be configured as ,therchannels. B2 pointsC
This is a =S!$ coloring of application traffic "uestion. The T!$ and M=$ port information is pro%ided so access#lists matching these ports within a class#map are re"uired for identification of the %ideo traffic, and a policy#map colors the traffic to a =S!$ %alue of 3*. The o%erall QoS ser%ice#policy is applied to the %ideoconferencing ports of +ast,thernet )5*L and )5*N on Switch (. The ports are re"uired to be set to F:A1 ()) with spanning#tree checks disabled, and trunk# ing and channeling disabled using the command s&it$%/ort %ost. The ports can also be e4plicitly configured to disable each feature indi%idually but the s&it$%/ort %ost command does all this for you. &f you ha%e configured this correctly, as shown in ,4ample (#23, you ha%e scored 2 points. Mse the s%o& /oli$*.ma/ command to %erify your configuration.
2E%MPL2 2634 3SP;(3 C$n/i"urati$n
SW2(config)# inter#a$e range #astEt%ernet 52-.23 s&it$%/ort a$$ess ,lan 2 SW2(config-if-range)# s&it$%/ort %ost SW2(config-if-range)# * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. SW2(config-if-range)# e:it SW2(config)# mls 7os SW2(config)# $lass.ma/ 9IDEE SW2(config-cmap)# mat$% a$$ess.grou/ 2 SW2(config-cmap)# SW2(config)# SW2(config)# e:it /ermit t$/ an* an* range 323 3232 /ermit ud/ an* an* range 323 323a$$ess.list 2 a$$ess.list 2
uggan
!"12#
SW2(config)# /oli$*.ma/ 9IDEE.M(+G SW2(config-pmap)# $lass 9IDEE SW2(config-pmap-c)# set ds$/ (642 SW2(config-pmap-c)# e:it SW2(config)# SW2(config-if-range)# inter#a$e range #astEt%ernet 52-.23 ser,i$e./oli$* in/ut 9IDEE.M(+G
!onfigure -( to assign a strict priority "ueue with a 3)#percent reser%ation of the 0A1 bandwidth for the %ideo# conferencing traffic in the pre%ious "uestion. a4imize the a%ailable bandwidth by ensuring the -T$ headers within the %ideo stream are compressed. The remainder of the bandwidth should be guaranteed for a default "ueue with 0-,= enabled. Assume the full line rate of *.L33 bps as the a%ailable 0A1 bandwidth, and en# sure the complete bandwidth is utilized by both "ueues. B2 pointsC
+ollowing from the pre%ious "uestion, -( is re"uired to pro%ide QoS on the +rame#-elay link. A class#map matches the precolored %ideo traffic of =S!$ 3*@ a policy#map is then re"uired to call the class#map and assign a strict 3) percent priority "ueue with the command /riorit* /er$ent 4 . -T$ compression is configured within the policy#map for the %ideo traffic. The default "ueue has a guaranteed bandwidth reser%ation with the command 'and&idt% /er$ent 3 , and 0-,= is enabled within this "ueue. 'oth "ueues are can use the full bandwidth of the 0A1 link only if the command ma:. reser,ed.'and&idt% 2 is configured under the +rame#-elay interface. 8nly 9L percent of a%ailable bandwidth is used otherwise by default. &f you ha%e configured this correctly, as shown in ,4ample (#2L, you ha%e scored 2 points.
2E%MPL2 2635 '2 B$S C$n/i"urati$n an. Veri/icati$n
;2(config)# $lass.ma/ mat$%.all 9IDEE mat$% ds$/ a#42 /oli$*.ma/ 9IDEE.=E8 $lass 9IDEE /riorit* /er$ent 4 $om/ress %eader i/ rt/ $lass $lass.de#ault ;2(config-cmap)# ;2(config-cmap)# ;2(config-pmap)#
;2(config-pmap-c)# ;2(config-pmap-c)# ;2(config-pmap-c)#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. ;2(config-pmap-c)# 'and&idt% /er$ent 3
uggan
!"13#
;2(config-pmap-c)# random.dete$t ;2(config-pmap-c)# e:it ;2(config)# inter#a$e 8erial 5 ;2(config-if)# ma:.reser,ed.'and&idt% 2 ;2(config-if)# ser,i$e./oli$* out/ut 9IDEE.=E8

E
!onfigure -outers -*, -(, -2, and -3 for &$%3 multicast. ,ach router should use $& sparse dense mode. 'oth -* and -( should be configured to be !andidate -$s specifically for the following multicast groupsD ((L.((L.).*, ((L.((L.).(, ((L.((L.).2, and ((L.((L.).3 by use of their :oopback ) interfaces. >ou should limit the boundary of your multicast network so it does propagate further into your network than -3. -2 should be configured as a mapping agent to announce the rendez%ous points for the multicast network with the same boundary constraints. B2 pointsC
The "uestion dictates that -* and -( be rendez%ous points and ad%ertise the same groups to the multicast network. -2 is re"uired to announce the rendez%ous points, and -3 will by default elect -( as the -$ for each group because it has the higher :oopback address compared to -* for the same groups. TT: scoping is used within the configuration to limit the boundary of ad%ertisements on both the candidate -$s and the disco%ery agent up to -3. ,4ample (#2N shows the re# "uired configuration and -$ mappings as recei%ed on -3. &f you ha%e configured this correctly, as shown in ,4ample (#2N, you ha%e scored 2 points.
2E%MPL2 2637 '1, '2, '3 an. '4 Mu&tica#t C$n/i"urati$n an. Veri/icati$n
;1(config)# ;1(config)# i/ multi$ast.routing inter#a$e )oo/'a$0 i/ /im s/arse.dense.mode inter#a$e 8erial 5 5 i/ /im s/arse.dense.mode i/ /im send.r/.announ$e )oo/'a$0 s$o/e 3 grou/.list G+EFP8 /ermit 22-.22-. .2 /ermit 22-.22-. .2 /ermit 22-.22-. .3 /ermit 22-.22-. .4
;1(config-if)# ;1(config-if)# ;1(config-if)# ;1(config-if)# ;1(config)#
i/ a$$ess.list standard G+EFP8
;1(config-st -nacl)# ;1(config-st -nacl)# ;1(config-st -nacl)# ;1(config-st -nacl)#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. ;2(config)# ;2(config)# i/ multi$ast.routing inter#a$e )oo/'a$0 i/ /im s/arse.dense.mode inter#a$e 8erial 5 i/ /im s/arse.dense.mode
uggan
!"14#
;2(config-if)# ;2(config-if)# ;2(config-if)# ;2(config-if)# ;2(config)#
i/ /im send.r/.announ$e )oo/'a$0 s$o/e 3 grou/.list G+EFP8 /ermit 22-.22-. .2 /ermit 22-.22-. .2 /ermit 22-.22-. .3 /ermit 22-.22-. .4
i/ a$$ess.list standard G+EFP8
;2(config-st -nacl)# ;2(config-st -nacl)# ;2(config-st -nacl)# ;2(config-st -nacl)# ;3(config)# ;3(config)# ;3(config)#
i/ multi$ast.routing inter#a$e )oo/'a$0 i/ /im s/arse.dense.mode i/ /im s/arse.dense.mode inter#a$e 8erial 5 5 i/ /im s/arse.dense.mode e:it i/ multi$ast.routing inter#a$e Giga'itEt%ernet 5 i/ /im s/arse.dense.mode inter#a$e Giga'itEt%ernet 5
;3(config-if)# ;3(config-if)# ;3(config-if)# ;3(config-if)# ;3(config-if)# ;3(config)# ;4(config-if)# ;4(config-if)# ;4(config-if)#
i/ /im send.r/.dis$o,er* lo s$o/e 2
;4# s%o& i/ /im r/ ma//ing P34 (roup-to-;P 4appings (roup(s) 22<?22<?$?1,32 ;P 12$?1$$?2?1 (W)> 6261 3nfo source' 12$?1$$?34?3 (W)> *ptime' $$'$$'$3> expires' (roup(s) 22<?22<?$?2,32 ;P 12$?1$$?2?1 (W)> 6261 3nfo source' 12$?1$$?34?3 (W)> *ptime' $$'$$'$3> expires' (roup(s) 22<?22<?$?3,32 ;P 12$?1$$?2?1 (W)> 6261
electe 6ia 5uto-;P $$'$2'<2
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. 3nfo source' 12$?1$$?34?3 (W)> *ptime' $$'$$'$3> expires' (roup(s) 22<?22<?$?4,32 ;P 12$?1$$?2?1 (W)> 6261 3nfo source' 12$?1$$?34?3 (W)> *ptime' $$'$$'$3> expires' electe 6ia 5uto-;P $$'$2'<<
uggan
!"20#
electe 6ia 5uto-;P $$'$2'<<
!onfigure -2 to ensure that -3 has a candidate -$ as -* for groups ((L.((L.).* and ((L.((L.).( and -( for groups ((L.((L.).2 and ((L.((L.).3. B( pointsC
As detailed in the pre%ious e4ample, -( will by default become the candidate -$ as selected by the disco%ery agent B-2C because of ha%ing a higher :oopback &$ address as used in the $& announcements compared to -*. 'y configuring a group#list on the disco%ery agent, -$ announcements can be filtered. !onfiguring two filter lists with each candidate -$ associated to them allows the disco%ery agent to announce two different -$s. ,4ample (#29 shows the re"uired configu# ration, a debug of the auto#rp announcements on -2 to detail the filtering and the resulting -$ mappings on -3. &f you ha%e configured this correctly, as shown in ,4ample (#29, you ha%e scored ( points.
2E%MPL2 2637 '2 B$S C$n/i"urati$n an. Veri/icati$n
;3(config)# i/ /im r/.announ$e.#ilter r/.list +2 grou/.list +2.G+EFP8 ;3(config)# i/ /im r/.announ$e.#ilter r/.list +2 grou/.list +2.G+EFP8 ;3(config)# i/ a$$ess.list standard +2 ;3(config-st -nacl)# /ermit 22 .2 .2.2 ;3(config-st -nacl)# e:it ;3(config)# i/ a$$ess.list standard +2 .2.2 ;3(config-st -nacl)# /ermit 22 .2 ;3(config-st -nacl)# e:it ;3(config# i/ a$$ess.list standard +2.G+EFP8 ;3(config-st -nacl)# /ermit 22-.22-. .2 ;3(config-st -nacl)# /ermit 22-.22-. .2 ;3(config-st -nacl)# e:it ;3(config)# i/ a$$ess.list standard +2.G+EFP8 ;3(config-st -nacl)# /ermit 22-.22-. .3 ;3(config-st -nacl)# /ermit 22-.22-. .4 ;3# de'ug i/ /im auto.r/ P34 5uto-;P e%ugging is on ;P-announce> 5uto-;P($)' ;ecei6e 1:1
from
12$?1$$?1?1> ;PDcnt 1>
&t
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. 5uto-;P($)' 5uto-;P($)' 5uto-;P($)' 5uto-;P($)' 5uto-;P($)' 5uto-;P($)' 5uto-;P($)' 5uto-;P($)' 5uto-;P($)'
uggan
!"2"#
*p ate (22<?22<?$?1,32> ;P'12$?1$$?1?1)> P3462 61 *p ate (22<?22<?$?2,32> ;P'12$?1$$?1?1)> P3462 61 +iltere 22<?22<?$?3,32 for ;P 12$?1$$?1?1 +iltere 22<?22<?$?4,32 for ;P 12$?1$$?1?1 ;ecei6e ;P-announce> from 12$?1$$?1?1> ;PDcnt 1> &t 1:1 *p ate (22<?22<?$?1,32> ;P'12$?1$$?1?1)> P3462 61 *p ate (22<?22<?$?2,32> ;P'12$?1$$?1?1)> P3462 61 +iltere 22<?22<?$?3,32 for ;P 12$?1$$?1?1 +iltere 22<?22<?$?4,32 for ;P 12$?1$$?1?1
;4# s%o& i/ /im r/ ma//ing P34 (roup-to-;P 4appings (roup(s) 22<?22<?$?1,32 ;P 12$?1$$?1?1 (W)> 6261 3nfo source' 12$?1$$?34?3 (W)> *ptime' $$'$$'$:> expires' (roup(s) 22<?22<?$?2,32 ;P 12$?1$$?1?1 (W)> 6261 3nfo source' 12$?1$$?34?3 (W)> *ptime' $$'$$'$:> expires' (roup(s) 22<?22<?$?3,32 ;P 12$?1$$?2?1 (W)> 6261 3nfo source' 12$?1$$?34?3 (W)> *ptime' $$'$$'4=> expires' (roup(s) 22<?22<?$?4,32 ;P 12$?1$$?2?1 (W)> 6261 3nfo source' 12$?1$$?34?3 (W)> *ptime' $$'$$'4=> expires'
electe 6ia 5uto-;P $$'$2'12
electe 6ia 5uto-;P $$'$2'$-
!onfigure -* to monitor traffic forwarded through itself for traffic destined to the multicast group of ((L.((L.).*. &f no packet for this group is recei%ed within a single *)#second inter%al, ensure an S1 $ trap is sent to an S1 $ management station on *().*)).*)).*)) using a community string of Spublic.T B( pointsC
The &$ multicast heartbeat feature facilitates the monitoring of the deli%ery of &$ multicast packets and failure notifica# tion based on configurable parameters. 'y configuring -* to enable the heartbeat monitoring for the group ((L.(LL.).* with the subparameters of * and *), the router monitors a packet lost within * inter%al of *) seconds and will send an S1 $ trap to the S1 $ host *().*)).*)).*)), which is re"uired to be configured within the basic S1 $ trap configu# ration. ,4ample (#2/ details the re"uired multicast heartbeat configuration and %erification of the S1 $ trap by issue of
uggan
!"2'#
a ping to ((L.((L.).* from -2. ,%en though -* does not ha%e a %alid &7 $ Aoin#group for this group, traffic is still di# rected to it, and the heartbeat process is acti%ated. &f you ha%e configured this correctly, as shown in ,4ample (#2/, you ha%e scored ( points.
2E%MPL2 263@ '1 Mu&tica#t 5eartbeat C$n/i"urati$n
;1(config)# snm/.ser,er %ost 22 .2 .2 .2 tra/s /u'li$ ;1(config)# snm/.ser,er ena'le tra/s i/multi$ast ;1(config)# i/ multi$ast %eart'eat 22-.22-. .2 2 2 2 ;1# de'ug snm/ /a$0ets ;3# /ing 22-.22-. .2 ;1# 8NMP! =ueuing /a$0et to 22 .2 .2 .2 SN4P' V1 !rap> ent cisco.xperiment?2?3?1> a cisco3p4;oute9eart1eat.ntr"?2?22<?22<?$?1 C cisco3p4;oute9eart1eat.ntr"?3?22<?22<?$?1 C cisco3p4;oute9eart1eat.ntr"?4?22<?22<?$?1 C cisco3p4;oute9eart1eat.ntr"?<?22<?22<?$?1 C
r 12$?1$$?1$$?1> gentrap 7>spectrap 1 12$?1$$?123?3 1$ 1 $

E
Allow -outer -N to passi%ely watch the S>1 connections that flow to only F:A1N2 for ser%ers that might re# side on this subnet. To pre%ent a potential =oS attack from a flood of S>1 re"uests, the router should be configured to randomly drop S>1 packets from any source to this F:A1 that ha%e not been correctly estab# lished within () seconds. B( pointsC
The "uestion re"uires that the T!$ intercept feature be configured on -N. This protects T!$ ser%ers from T!$ S>1# flooding attacks with a wa%e of half#opened connections o%erwhelming the ser%ers !$M, the result of which can effec# ti%ely cause a =oS attack. The default beha%ior of the feature is to intercept the S>1 connections to a ser%er and effec# ti%ely pro4y the connection until it has been correctly established. 'ecause you are re"uested to passi%ely monitor the connection, you are re"uired to configure the feature into watch mode by use of the global i/ t$/ inter$e/t mode &at$% command. >ou are also re"uested to ensure that the feature is enabled only on F:A1 N2 from any source, so an access# list is re"uired to which the intercept features restricts its monitoring. The default beha%ior of the feature is to drop S>1 connections based on the oldest first, but the "uestion dictated that random connections must be dropped. This is achie%ed with the global command i/ t$/ inter$e/t dro/.mode random. To ensure the ()#second limit is met as opposed
uggan
!"2+#
to the default 2) second, adAustment of the timers is re"uired with the global command i/ t$/ inter$e/t &at$%.timeout 2 . &f you ha%e configured this correctly, as shown in ,4ample (#2., you ha%e scored ( points. Mse of the s%o& t$/ inter$e/t $onne$tions command would be useful to %erify your configuration.
2E%MPL2 2639 '7 TCP -ntercept C$n/i"urati$n
;7(config)# ;7(config)# ;7(config)# ;7(config)# ;7(config)# i/ t$/ inter$e/t list 2 a$$ess.list 2 /ermit t$/ an* 22 .2 .33. . . .2-i/ t$/ inter$e/t mode &at$% i/ t$/ inter$e/t dro/.mode random i/ t$/ inter$e/t &at$%.timeout 2
!onfigure an A!: on -* to allow T!$ sessions generated on this router and through its ,thernet interface and to block T!$ sessions from entering on its +rame#-elay interface that were not initiated on it or through it origi# nally. =o not use the established feature within standard A!:s to achie%e this, and only apply A!:s on the +rame#-elay interface. The A!: should timeout after *)) seconds of locally initiated T!$ inacti%ity@ it should also enable &! $ traffic inbound for testing purposes.B2 pointsC
The "uestion re"uires that a refle4i%e A!: be configured on -*. This enables T!$ traffic for sessions originating from within the network but denies T!$ traffic for sessions originating from outside the network. The refle4i%e A!: contains only temporary entries, which are automatically created when a new T!$ session is initiated. The entries are simply re# mo%ed 2)) seconds after the session ends by default. Howe%er, the "uestion re"uires this to be modified to *)) seconds. To facilitate the refle4i%e A!:, you must configure a standard A!: inbound on the +rame#-elay interface, which per# mits the re"uired traffic inbound to -* and only returns traffic matching the refle4i%e A!:. -e"uired traffic is of course ,&7-$, $& , &$%N tunneling, and as directed &! $ for testing. &t6s a cruel "uestion because if you forget to permit any of the re"uired traffic inbound, you6ll lose points from a pre%ious section that you might ha%e otherwise achie%ed full marks in. &f you didn6t know what protocol &$%N uses, you can simply use the log option on your inbound A!: on a fi# nal deny statement. This would show you that the tunneling from -2 inbound to -* uses &$ protocol 3*, which must be included in your inbound A!:. ,4ample (#3) shows the re"uired configuration and %erification of the refle4i%e A!:. 'ecause traffic is only e%aluated by the A!: as it passes through the router, Switch * has been configured to belong to F:A1*)) to telnet through -* to -2 in the e4ample. 0hen initiated by Switch *, the telnet session passes through the A!: 6I)4E+.EF4 on -* and cre# ates an entry in the refle4i%e A!: DHN(MIC.4CP. -eal#time details can be seen by issuing the s%o& a$$ess.lists com# mand on -*. The refle4i%e A!: permits return traffic to the telnet session inbound on the +rame#-elay interface for the
uggan
!"24#
configured inacti%ity inter%al of *)) seconds. &f you ha%e configured this correctly, as shown in ,4ample (#3), you ha%e scored 3 points.
2E%MPL2 264+ '1 'e/&e1i(e %CL C$n/i"urati$n an. Veri/icati$n
;1(config-if)# i/ a$$ess.list e:tended 6I)4E+.IN ;1(config-ext-nacl)# /ermit i$m/ an* an* ;1(config-ext-nacl)# /ermit eigr/ an* an* ;1(config-ext-nacl)# /ermit /im an* an* ;1(config-ext-nacl)# /ermit t$/ %ost 22 .2 .3.2 %ost 22 .2 ;1(config-ext-nacl)# /ermit 42 %ost 22 .2 .223.3 %ost 22 .2
.2.2 e7 'g/ .223.2
;1(config-ext-nacl)# e,aluate DHN(MIC.4CP ;1(configext-nacl)# i/ a$$ess.list e:tended 6I)4E+.EF4 ;1(config-extnacl)# /ermit t$/ an* an* re#le$t DHN(MIC.4CP ;1(config-extnacl)# e:it ;1(config)# i/ re#le:i,e.list timeout 2 ;1(config)# inter#a$e 8erial 5 5 i/ a$$ess.grou/ 6I)4E+.IN in i/ a$$ess.grou/ 6I)4E+.EF4 out ;1(config-if)# ;1(config-if)# SW1(config)#
inter#a$e ,lan 2 i/ add 22 .2 e:it .3.2 2--.2--.2--.2-- 22 .2 .2 .2 .2 .2 2--.2--.2--.
SW1(config-if)# SW1(config-if)# SW1(config)# SW1(config)# SW1# tra$e 22 .2 e:it
i/ route 22 .2 .3.2
!"pe escape seAuence to a%ort? !racing t&e route to 12$?1$$?3?1 1 12$?1$$?1$$?1 $ msec 4 msec $ msec 2 12$?1$$?1$$?1 B5 I B5 SW1# telnet 22 .2 .3.2 !r"ing 12$?1$$?3?1 ??? 2pen
*ser 5ccess Verification Pass8or ' * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. ;3Yena'le Pass8or ' ;3#
uggan
!"20#
N3T2
The -efle4i%e A!: is %alid only for traffic flowing through the router@ as such, you might e4perience con# necti%ity issues if you initiate a telnet session from -* without manipu# lating the telnet source option. This beha%ior has no bearing on points scored and should be considered a by#product of the solution. &f you face a similar "uestion in the actual e4am and tel# net connecti%ity was re# "uired from the router you are configuring, you would specifically be instructed to ensure the correct operation of tel# net on that router. E
;1# s%o& a$$ess.lists Stan ar 3P access list 1 1$ permit 12$?1$$?1?$ (3 matc&es) 2$ permit 12$?1$$?1$$?$ (3 matc&es) Stan ar 3P access list (;2*PS 1$ permit 22<?22<?$?1 2$ permit 22<?22<?$?2 3$ permit 22<?22<?$?3 4$ permit 22<?22<?$?4 ;eflexi6e 3P access list DON543/-!/P permit tcp &ost 12$?1$$?3?1 eA telnet &ost 12$?1$$?1$$?1$$ eA 11$34 (34 mat c&es) (time left -$) .xten e 3P access list +30!.;-3N < permit icmp an" an" (1<$ matc&es) 1$ permit eigrp an" an" (1=1$ matc&es) 2$ permit pim an" an" (-2 matc&es) 2< permit tcp &ost 12$?1$$?3?1 &ost 12$?1$$?1?1 eA %gp (127 matc&es) 3$ e6aluate DON543/-!/P .xten e 3P access list +30!.;-2*! 1$ permit tcp an" an" reflect DON543/-!/P (1: matc&es)
!onfigure -* so it is capable of performing S!$. The router should belong to a domain of toughtest.co.uk@ use local authentication with a username and password of cisco, a key size of 9N/ bits, and an SSH timeout of ( min# utes and retry %alue of (. B( pointsC.
S!$ is Secure !opy $rotocol@ it6s similar to remote copy but re"uires SSH to be running on the router for security pur# poses. &t6s a tough "uestion because this is the kind of feature for which you will need to check the documentation. >ou will need to realize aspects of SSH are considered prere"uisites to enable S!$. ,%en if you hadn6t configured SSH or S!$ pre%iously, you should realize that you would need to configure a domain &=, local authentication with a username and password, a key of some form, and some SSH timeout and retry %alues based on the directions. 'e careful on the %alues because the timeout is entered in seconds and not minutes. >our username and password combination re"uires a pri%ilege le%el of *L set for S!$. &f you ha%e configured this correctly, as shown in ,4ample (#3*, you ha%e scored ( points.
uggan
!"21#
2E%MPL2 2641 '1 'CP C$n/i"urati$n

;1(config)# i/ domain.name toug%test.$o.u0 ;1(config)# $r*/to 0e* generate rsa modulus 738 !&e name for t&e #e"s 8ill %e' ;1?toug&test?co?u# H !&e #e" mo ulus siNe is =7: %its H (enerating =7: %it ;S5 #e"s> #e"s 8ill %e non-exporta%le???F2JG ;1(config)# aaa ne&.model
;1(config)# aaa aut%enti$ation login de#ault lo$al ;1(config)# aaa aut%ori1ation e:e$ de#ault lo$al ;1(config)# username $is$o /ri,ilege 2- /ass&ord $is$o ;1(config)# i/ ss% time.out 22 ;1(config)# i/ ss% aut%enti$ation.retries 2 ;1(config)# i/ s$/ ser,er ena'le ;1(config)# $$'<='2-?343' HSS9-<-.N510.D' SS9 1?-- &as %een ena%le
Lab F'%P6<P
So how did it go? =id you run out of time? =id you manage to finish but miss what was actually re"uired? &f you scored more than /), well done. &f you accomplished this within the time frame of / hours or less, you will be prepared for any scenario that you are likely to face during the L *5( hours of the !onfiguration section of the actual e4am. -emember that the Troubleshooting section on the %3.) e4am is a separate section to the configuration with a different scenario, and you will ha%e ( hours to complete this. This lab was designed to ensure you troubleshoot your own work as you progress through the "uestions. =id you manage to configure items such as ,&7-$ third#party ne4t hop and the continue statement within your '7$ prepending? &tems such as these might seem inconse"uential, but they can make or break your lab.
uggan
!"22#
Practice Lab +9(he ,P. Lab

The !!&, e4am commences with ( hours of troubleshooting followed by L *5( hours of configuration and a final 2) minutes of additional "uestions. This lab has been timed to last for / hours of configuration and self#troubleshooting, so aim to complete the lab within this period. Then either score yourself at this point or continue until you feel you ha%e met all the obAecti%es. >ou now are going to be guided through the e"uipment re"uirements and pre#lab tasks in preparation for taking this practice lab. &f you don6t own si4 routers and four switches, consider using the e"uipment a%ailable and additional lab e4ercises and training facilities that can be found within the !!&, -&S 2N) program. =etailed information on the 2N) program and !!&, -&S e4am can be found on the following M-:s, respecti%elyD httpsD55learningnetwork.cisco.com5community5learningOcenter5ciscoO2N)52N)#rs httpsD55learningnetwork.cisco.com5community5certifications5ccieOroutingOswitching
N3T2
The 2/(Ls used in this lab were loaded with c2/(L#ad%enterprisek.# mz.*(3#N.T.bin, and the 29(L was loaded with c29(L#ad%enterprisek.# mz.*(3#N.T.bin.
28uipment Li#t
>ou need the following hardware and software components to begin this practice labD
E
Si4 routers loaded with !isco &8S Software -elease *(.3 Ad%anced ,nterprise image and the minimum interface configuration, as documented in Table 2#*
T%9L2 361 $ardware Re%uired &er Router

'$uter
N3T2
The 2LL) in this lab was loaded with c2LL)# ipser%icesk.#mz.*((# (L.S,,.bin, and the 2LN)s with c2LN)# ipser%icesk.#mz.*((# (L.S,,.bin.
-* -( -2 -3 -L -N
2/(L 29(L 2/(L 2/(L 2/(L 2/(L
* P P * * (
* ( ( * * P
uggan
!"23#
N3T2
1otice in the initial con# figurations supplied that some interfaces do not ha%e &$ addresses pre# configured. This is be# cause either you do not use that interface or you need to configure this interface from default within the e4ercise. The initial configurations supplied should be used to preconfigure your routers and switches be# fore the lab starts. &f your routers ha%e dif# ferent interface speeds than those used within this book, adAust the bandwidth statements on the rele%ant interfaces to keep all interface speeds in line. This ensures that you do not get unwanted beha%ior because of dif# fering &nterior 7ateway $rotocol B&7$C metrics.
8ne 2LL) switch with !isco &8S Software -elease *(.( &$ Ser%ices and three 2LN) switches with !isco &8S Software -elease *(.( &$ Ser%ices.
Settin" <p the Lab

>ou can use any combination of routers as long as you fulfill the re"uirements within the topology diagram, as shown in +igure 2#*. Howe%er, it is recommended that you use the same model of routers because this makes life easier if you load configurations directly from those supplied into your own de%ices.
Lab T$p$&$"y
This practice lab uses the topology as outlined in +igure 2#*, which you must re#create with your own e"uipment.
;-=<'2 361
Lab T$p$&$"y !ia"ram
uggan
!"24#
S)itch -n#tructi$n#
!onfigure F:A1 assignments from the configurations supplied on the !=#-8
T%9L2 362 ,L-. -ssign*ent
VL%N S)itch1 S)itch2 S)itch3 S)itch4
or from Table 2#(.
3L ()) 3)) Trunk Trunk
+a)53, +a)5L, +a)5N +a)5*. P +a)5* +a)5()
P P +a)5*. +a)5N +a)5()
P P P P +a)5()
P P P P +a)5()
!onnect your switches with -;3L ,thernet !ross 8%er cables, as shown in +igure 2#(.
;-=<'2 362
Switch8to8Switch Con8 nectivity

!onfigure one of the routers you are going to use in the lab as a +rame -elay switch, or ha%e a dedicated router purely for this task. This lab uses a dedicated router for the +rame -elay switch. A fully meshed en%ironment is configured be# tween all the +rame -elay routers. $ay attention in the lab as to which permanent %irtual circuits B$F!C are actually re# "uired. Reep the encapsulation and :ocal anagement &nterface B: &C settings to default for this e4ercise, but e4periment with the settings outside these labs because you could be re"uired to configure the +rame -elay switching within your actual lab. &f you are using your own e"uipment, keep the data circuit#terminating e"uipment B=!,C cables at the frame switch end for simplicity and pro%ide a clock rate to all links from this end.
uggan
!"30#
After configuration, the +rame -elay connecti%ity represents the logical +rame -elay network, as shown in +igure 2#2.
;-=<'2 363
&n the actual !!&, lab, you find that the maAority of your &$ addresses are preconfigured. +or this e4ercise you are re# "uired to configure your &$ addresses as shown in +igure 2#3 or to load the initial router configurations supplied. &f you are manually configuring your e"uipment, be sure you include the following loopback addressesD -* :o) *().*)).*.*52( -( :o) *().*)).(.*52( -2 :o) *().*)).2.*52( -3 :o) *().*)).3.*52( -L :o) *().*)).L.*52( -N :o) *().*)).N.*52( S0* :o) *).*.*.*5(3 :o* *).*.(.*5(3 :o( *).*.2.*5(3 S0( :o) *).(.(.*5(3
uggan
!"3"#
:o* *).(.2.*5(3 :o( *).(.3.*5(3 S02 :o) *).22.22.*5(3 :o* *).22.23.*5(3 :o( *).22.2L.*5(3 S03 :o) *).33.33.*5(3 :o* *).33.3L.*5(3 :o( *).33.3N.*5(3
;-=<'2 364
Pre6Lab Ta#0#
E E
'uild the lab topology per +igure 2#* and +igure 2#(. !onfigure your +rame -elay switch router to pro%ide the necessary data#link connection identifiers B=:!&C per +igure 2#2.
uggan
!"3'#
!onfigure the &$ addresses on each router as shown in +igure 2#3 and add the loopback addresses. Alternati%ely, you can load the initial configuration files supplied if your router is compatible with those used to create this e4# ercise.
=enera& =ui.e&ine#
E E E E E E E
-ead the whole lab before you start. =o not configure any static5default routes unless otherwise specified. Mse only the =:!&s pro%ided in the appropriate figures. ,nsure full &$ %isibility between routers for ping testing5Telnet access to your de%ices. &f you are running out of time, choose "uestions that you are confident you can answer. +ailing this, choose "ues# tions with a higher point rating to ma4imize your potential score. 7et into a comfortable and "uiet en%ironment where you can focus for the ne4t / hours. Take a 2)#minute break midway through the e4ercise. Ha%e a%ailable a !isco =ocumentation !=#-8 , or access online the latest documentation from the following M-:sD www.cisco.com5uni%ercd5home5home.htm. www.cisco.com5en5MS5products5psN2L)5productsOinstallationOandOconfigurationOguidesOlist.html
N3T2
Access only these M-:s, not the whole !isco.com website because if you are permitted to use documentation during your !!&, lab e4am, it will be restricted. !on# sider opening se%eral windows with the pages you are likely to look at to sa%e time during your lab.
uggan
!"3+#
Practice Lab Three

;-=<'2 365
Lab (o&o)ogy iagra*
>ou will now be answering "uestions in relation to the network topology as shown in +igure 2#L.
uggan
!"34#
Secti$n 1> L%N S)itchin" an. ;rame 'e&ay ?7 P$int#A

;-=<'2 367
Switch (o&o)ogy iagra*
!onfigure your switched network per +igure 2#N. >our switched network is physically nonlooped and therefore does not re"uire any ST$ root bridge configuration. !onfigure S0* +a)5*. to belong to F:A1()) and S0( +a)5*. to belong to F:A13)). !onfigure &nterface +a)5* on S0* to become a trunk port toward -* and +a)5N on S0( to become a trunk port toward -N@ ports should use /)(.*Q encapsulation. -estrict the F:A1s permis# sible to use the trunk on Switch * +a)5* to F:A1*), L), and ()) and F:A1(), *)) and 3)) on Switch ( +a)5N. &nterface +a)5() of each switch has been preconfigured to be a trunk port. >ou should also configure -* and -N to terminate the F:A1s on each router. !onnecti%ity between switches will be pro%ided %ia -* and -N later in the lab. B2 pointsC S02 interface +a)5*. and S03 interface +a)5*. are re"uired to communicate with each other on the same &$ subnet of *.*.*.)5(3@ configure these interfaces with &$ addresses *.*.*.*5(3 and *.*.*.(5(3, respecti%ely. The in# terfaces should be configured to communicate as if connected directly as a point#to#point link. !ctual IP end#to# end connecti"ity will be achie"ed in a later section.# B* pointsC
uggan
!"30#
;-=<'2 367
/ra*e8Re)ay Connectivity iagra*
>our initial +rame#-elay configuration has been supplied for the -*#-(#-2, -2#-3, and -(#-L connecti%ity. !onfigure +rame#-elay per +igure 2#9 to ensure each de%ice is reachable o%er the +rame#-elay network. 8nly use the indicated =:!&s. B( pointsC
uggan
!"31#
Secti$n 2> MPLS an. 3SP; ?19 P$int#A

;-=<'2 36@
/ra*e8Re)ay Connectivity iagra*
!onfigure 8S$+ on your routers per +igure 2#/ to enable your network to transport $:S and $#'7$. All re# "uired interfaces Bincluding :oopback )C should be configured to belong to Area ). ,nsure all 8S$+ configura# tion is entered under the interfaces. B2 pointsC !onfigure $:S on all routers within the 8S$+ domain@ use :=$, ensuring that T=$ can be used on unused in# terfaces without specifically configuring these interfaces for T=$. -outers -* and -N will become your $, routers, whereas -(, -2, -3, and -L will become $ routers. B3 pointsC
uggan
!"32#
;-=<'2 369
,R/ (o&o)ogy
>ou will be configuring two F$1s o%er your $:S networks per +igure 2#. between $, routers of ':M, and -,=. At this point, assign the following interfaces on each $, router into separate routing instances within the routersD $, -* interface 7i)5) F:A1*) connection into F$1 ':M, $, -* interface 7i)5) F:A1L) connection into F$1 -,= $, -N interface 7i)5* F:A1() connection into F$1 ':M, $, -N interface 7i)5* F:A1*)) connection into F$1 -,= !onfigure F$1 ':M, to use an -= of *)) and F$1 -,= to use an -= of ()) for both importing and e4porting routes into your '7$ network, which will be configured later with an AS of ASNL))*. B3 pointsC
uggan
!"33#
!reate a network between $, -outer -* and !, de%ice Sw* using a F:A1*) interface on Sw* that can be trunked toward -*@ this network will reside in the ':M, F$1. Mse a subnet of *).*).*).)52) with .*52) assigned to the $, and .(52) assigned to the !,. B( pointsC !reate a network between $, -outer -N and !, de%ice Sw( using a F:A1() interface on Sw( that can be trunked toward -N@ this network will reside in the ':M, F$1. Mse a subnet of *).*).().)52) with .*52) assigned to the $, and .(52) assigned to the !,. B( pointsC !reate a network between $, -outer -* and !, de%ice Sw2 using a F:A1L) interface on Sw2 that can be trunked toward -*@ this network will reside in the -,= F$1. Mse a subnet of *2).L).L).)52) with .*52) assigned to the $, and .(52) assigned to the !,. B( pointC !reate a network between $, -outer -N and !, de%ice Sw3 using a F:A1*)) interface on Sw3 that can be trunked toward -N@ this network will reside in the -,= F$1. Mse a subnet of *2).*)).*)).)52) with .*52) as# signed to the $, and .(52) assigned to the !,. B( pointsC
uggan
!"34#

;-=<'2 361+
76P (o&o)ogy
!onfigure $#'7$ between your $, routers, per +igure 2#*), to enable your network to transport the F$1%3 addresses of your configured F$1s B':M, and -,=C. Mse loopback interfaces for peering between your $, routers. >ou will configure the actual F$1 routing in later "uestions. B3 pointsC
uggan
!"40#
Secti$n 4> 2-='P an. MP69=P ?9 P$int#A

;-=<'2 3611
EI6RP (o&o)ogy
!onfigure ,&7-$ per +igure 2#** between your $, -outer -N and !, Switch Sw(. Mse an ,&7-$ process number of * on -N and a process number of *) on Sw(. Mse F:A1() for ,&7-$ connecti%ity between -N and Sw(. Ad%ertise all preconfigured :oopback networks on Sw( to -N for the ':M, F$1. B2 pointsC !onfigure ,&7-$ per +igure 2#** between your $, -outer -* and !, Switch Sw*. Mse an ,&7-$ process number of * on -* and a process number of *) on Sw*. Mse F:A1*) for ,&7-$ connecti%ity between -* and Sw*. Ad%ertise all preconfigured :oopback networks on Sw* to -* for the ':M, F$1. B2 pointsC !onfigure your $, -outers -* and -N to transport ,&7-$ routes from your !, de%ices between the ':M, F$1 using $#'7$. ,&7-$ networks residing on Sw* should be seen as internal ,&7-$ routes on Sw( and %ice %ersa. ,nsure all ,&7-$ routes ha%e a ,= of L) assigned to them within $#'7$. Mse a default#metric of *)))) *)) (LL * *L)) for '7$ routes when redistributed into ,&7-$. B2 pointsC
uggan
!"4"#
Secti$n 5> 3SP; an. MP69=P ?9 P$int#A

;-=<'2 3612
5SP/ (o&o)ogy
!onfigure 8S$+ per +igure 2#*( for your F-+ -,= with a process number of 2 on $, -outer -* and Sw2 using F:A1L) for connecti%ity. Mse a process &= of ( on $, -outer -N and !, de%ice Sw3 using F:A1*)) for con# necti%ity. >ou should permit only internal 8S$+ routes to be ad%ertised across your F$1 and ensure the redistri# bution of '7$ routes into 8S$+ are assigned as Type * ,4ternal routes with no manually adAusted cost associated to them. &t is acceptable for these routes to come through as 52( routes because of default 8S$+ beha%# ior of :oopback interfaces. B2 pointsC >ou will notice that your 8S$+ &A B&ntra AreaC routes between !, de%ices Sw2 and Sw3 appear as Type * ,4# ternal routes@ configure your 8S$+ network appropriately to ensure the routes are displayed correctly as &A routes. >ou are not permitted to adAust the 8S$+ redistribution into '7$ as directed in the pre%ious "uestion. aintain the 8S$+ process &=s are pre%iously directed@ you are permitted to configure only -outer -*. BN pointsC
uggan
!"4'#
Secti$n 7> MPLS ?7 P$int#A

E
:eak network *).*.*.)5(3 from Sw* F-+ ':M, on $, -* into the F-+ -,= on $,*@ similarly, leak *).33.33.)5(3 from F-+ -,= into F-+ ':M, on -N. 'oth Switch * and Switch 3 should recei%e the following routesD S0*Y show ip route G include *).33.33.) = ,X S0*Y S03Y show ip route G include *).*.*.) 8 ,* S03Y Ferify your configuration by pinging from F-+ -,= Sw3 *).33.33.* to F-+ ':M, Sw* *).*.*.* sw*. BL pointsC *).*.*.)5(3 H**)5XXI %ia *2).*)).*)).*, ))D)2D)3, Flan*)) *).33.33.)5(3 H*9)5XXXXXXI %ia *).*).*).*, ))D))D(9, Flan*)
!onfigure your $, -outers -* and -N to ensure that the
$:S $ routers are not listed as intermediate hops when
t ace e s perf d y d s. p a r rout i orme on our !, e%ice B( ointsC
Secti$n 7> VPLS Simu&ati$n ?1+ P$int#A

E
Switches 2 and 3 will ha%e been configured to belong to the subnet of *.*.*.)5(3 within a pre%ious "uestion. !re# ate an Xconnect attachment circuit on your $, -outers -* and -N for your !, de%ices BSw2 +e )5*. *.*.*.*5(3 and Sw3 +e )5*. *.*.*.(5(3C to communicate using a secure :ayer ( tunneling solution Buse %ersion 2C across your :ayer 2 network. >ou should use e4isting loopback interfaces on your $, routers for peering o%er your $:S network. Mse a class template that configures a cookie size of / and a password of cisco, which will be used by a pseudowire class that Xconnects your re"uired interfaces on your $, -outers -* and -N. 'e aware that the Sw2 resides in F:A1()), and Sw3 resides in F:A13)) in respecti%e $, router subinterfaces. B*) pointsC
Secti$n @> Mu&tica#t ?1+ P$int#A

E
!onfigure your $:S network for multicast support of the -,= F-+ using $& sparse mode. $, -outers -* and -N should be configured to tunnel multicast traffic using an =T address of (2(.).).** from !, de%ice Switch 2 F:A1L) to !, de%ice Sw3 F:A1*)) o%er the -,= F-+. Switch 3 should be configured to reply to
uggan
!"4+#
an &! $ ping on its F:A1*)) interface directed to ((N.(.(.( from Switch 2 F:A1L). &t can be assumed that the mF-+ bandwidth re"uirement is low@ configure =T appropriately. ,nsure that $, -outer -N6s associated F:A1*)) &$ address is used as the rendez%ous point for the -,= F-+ multicast traffic. B*) pointsC

E
!onfigure the following &$%N address on the $, -outers -* and -N, and implement &$%N o%er $:S between the N$, routers to ad%ertise the prefi4es between N$,s. ,nsure your loopback &$%N addresses are used to source any locally generated &$%N traffic. BN pointsC -* :o) ()*)D!*LD!)D*DD*5N3 -* 7i)5).*) ()*)D!*LD!)D**DD*5N3 -N :o) ()*)D!*LD!)DNDD*5N3 -N 7i*5).() ()*)D!*LD!)DN(DD*5N3
Secti$n 1+> B$S ?13 P$int#A

E
!reate the following QoS profile on your $, -outer -* for traffic egressing to your !, de%ice connected to the ':M, F-+@ use an appropriate method of prioritizing =S!$ traffic so that A+2* packets are statistically dropped more fre"uently than A+2( during congestion, and reduce the effects of T!$ global synchronization within your &SS&81#!-&T&!A: and solely reduce the effect of T!$ global synchronization within the =,+AM:T classD B9 pointsC
!SCP Va&ue H $/ 9an.)i.th %##i"ne.
C&a##
F8&!, &SS&81#!-&T&!A: =,+AM:T

E
,+, !SL !SN, A+2*, A+2(, !S2 Any
2L 3) (L
!reate the following QoS profile on your $, -outer -* for traffic ingressing from your !, de%ice connected to the ':M, F-+ into the $:S network@ the total aggregate speed from the !, to $, should be restricted to * bpsD
C-' ?bp#A
C&a##
F8&!,
2L),)))
uggan
!"44#
&SS&81#!-&T&!A: =,+AM:T
E
3)),))) (L),)))
Traffic in the F8&!, class within the detailed !&- should ha%e the $:S ,X$ set to L and abo%e discarded. Traffic in the &SS&81#!-&T&!A: class within the detailed !&- should ha%e the $:S ,X$ set to 2 and abo%e set to 9. Traffic in the =,+AM:T class within the detailed !&- should ha%e the $:S ,X$ set to ) and abo%e set to 3. BN pointsC

E
!reate three new loopback &$ addresses of loopback* on -3, -L, and -NPuse &$ addresses of 3.3.3.35(3, L.L.L.L5(3, and N.N.N.N5(3, respecti%ely. Mse ,&7-$ to ad%ertise the loopback networks between routers o%er a common 7-, tunnel network of *)).*)).*)).X5(3 BX[router numberC sourced from each router<s common ,thernet interface using &$sec to encrypt all traffic between the loopback networks using a preshared isakmp key of !!&,. Mse an &$sec transform#set of esp#des esp#mdL#hmac on each router. -N is to be a hub router with -3 and -L being effecti%ely spoke routers in your solution. >ou are not permitted to enable ,&7-$ on your ,thernet interfaces between routers. Spoke routers must communicate with each other directly using dynamic &$sec con# nections with the aid of 1H-$ at the hub, whereas hub#to#spoke &$sec connections should be permanent. The hub router should pro%ide all necessary direct ne4t#hop information to the spoke routers when they are re"uired to communicate between themsel%es. 1H-$ should be authenticated with a password of S,!-,T. Mse an TM of *3*N for your secure traffic, an 1H-$ timeout of *)) seconds for spoke replies, and a delay of (mS on the tunnel network. Test your solution by e4tended pings sourced from the configured loopback interfaces. B*) pointsC The network manager of your network cannot Austify a full security implementation but wants to implement a so# lution that pro%ides a password prompt from -* only when the keyboard entry * is entered on the console port Bas opposed to the normal !-5,nter keyC. !onfigure -* appropriately. 2 points
N3T2
This section should be used only if you re"uire clues to complete the "uestions. &n the actual !!&, lab, the proctor will not enter into any discussions about the "uestions or answers@ he or she will be present to ensure you do not ha%e problems with the lab en%ironment and to maintain the timing ele# ment of the e4am.
Practice Lab 3> C%#0 the Pr$ct$rD Secti$n 1> L%N S)itchin" an. ;rame 'e&ay
QD =o you want me to configure :ayer ( between Switch 2 and Switch 3 so that they can communicate on the subnet *.*.*.)5(3?
uggan
!"40#
AD 1o, simply configure the switches as directed in the "uestion and :ayer ( connecti%ity will be pro%isioned later within the lab when your core network is configured. QD 0ith my +rame -elay & can only reach my spoke routers from the Hub. &s this acceptable? AD 1o, the "uestion states that each de%ice must be reachable o%er the frame#relay network@ this includes spoke#to# spoke communication.
Secti$n 2> MPLS an. 3SP;

QD =o you re"uire 8S$+ for any interfaces on -* and -N that connect to the switches? AD 1o, Aust configure 8S$+ per the figure@ this is re"uired to ad%ertise your loopback addresses for QD =oes it matter what 8S$+ $rocess &= & use on my routers? AD 1o, the "uestion doesn6t direct you to use a specific process &=, so you can use an &= of your choice. QD =o you want the 8S$+ from the core routers e4tended into the -,= F-+ & created so & run end#to#end 8S$+ be# tween !, Switch* and !, switch(? AD 1o, you will ultimately achie%e this connecti%ity through an through your core de%ices. $:S F$1 and not by simply e4tending 8S$+ $:S.
QD =o you want me to configure my -,= F-+ with a route descriptor of *)) and ()) for the ':M, F-+? AD >ou ha%e been pro%ided with additional information in the "uestion that enables you to facilitate use of e4tended communities. QD So Aust add in the $#'7$ AS number to the -=? AD A combination of the two will achie%e the desired results. QD & can6t ping to my F:A1*) interface on Switch* from -*. =o & need to perform any further configuration to make this work? AD 1o, Aust remember that -* is now a $, router with multiple F-+ routing tables. >ou need to ensure you source your ping correctly@ otherwise, -* would use its default routing table Bwhich is used for the $:S connecti%ityC. $#'7$
Secti$n 3> 9=P

QD =o you want me to configure a full mesh of '7$ between all routers?
uggan
!"41#
AD 1o,
$#'7$ is simply re"uired between the $, routers. $:S works and ensure that the route targets are propagated to successfully configure
QD =o you need me to configure the $,s to send community %alues to each other? AD >ou need to remember how your F$1s.
QD & usually configure ne4t#hop self on my '7$ configurations. &s this acceptable here? AD >ou ha%en6t been instructed not to use this command at this point e%en though this is an i'7$ configuration.
Secti$n 4> 2-='P an. MP69=P

QD ,&7-$ re"uires the same AS number on neighbor routers to peer successfully. &f & use a different number on -N and Switch(, they cannot peer correctly. AD !orrect. :ook for a method of making the AS number the same within your F-+ specific configuration on -N.
Secti$n 5> 3SP; an. MP69=P

QD =o you want me to configure 8S$+, $:S, and '7$ initially within the 8S$+ section? $:S and '7$ within later "ues# AD 1o, Aust initially as directed 8S$+@ this will enable your network to transport tions.
QD !hanging the process &= on 8S$+ peers wouldn6t affect any adAacency. 0hy would & need to do this? AD >ou are correct, but you ha%e been directed to do so in the "uestion. &t will become e%ident why you ha%e been asked to do this in a later "uestion. QD 0hy would & want to ad%ertise the 8S$+ routes as ,4ternal type#* routes within '7$@ surely the routes should ap# pear as standard interarea routes through the F$1? AD !orrect, this "uestion is a little misleading. The routes will come out as Type#* ,4ternal routes on your !, de%ices, and it would appear that you ha%e modified this beha%ior with your redistribution configuration. This beha%ior should become apparent why in the following "uestion. QD & think if & change the redistribution of 8S$+ into '7$, & can make the 8S$+ routes appear as &ntra#area routes. =o & score any points if & change the redistribution? AD 1o, by all means try to change the redistribution, though@ it might help you understand the issue.
uggan
!"42#
QD & changed the redistribution and the routes remain identical. This must ha%e something to do with the different 8S$+ process &= & had to configure@ & can6t adAust this, so & am stuck. AD >ou had a similar issue with ,&7-$ AS numbers@ Aust in%estigate what is possible within your F-+ configuration. QD &f & change the domain &= on -*, is that acceptable? AD +ind an appropriate %alue and try it out.
Secti$n 7> MPLS

QD & can manage to leak routes between F-+s but my route comes out as a host route. !an & modify my :oopback in# terface with the 8S$+ net&or0 command on Switch3, so it is ad%ertised with the correct mask? AD >es
Secti$n 7> VPLS Simu&ati$n

QD =o you want me to create a pseudowire with AD 1o, you might ha%e found this "uestion in the which solution you should use. QD &s this $:S encapsulation to connect Switch2 and Switch3 at :ayer (? $:S section if that were wanted@ the clue is in the "uestion as to
$:S#specific, or could & do this o%er a standard :ayer 2 network?
AD >ou could achie%e the same result o%er a standard :ayer 2 network@ Aust e4ercise caution where you configure your parameters to achie%e the correct results in the appropriate F-+. QD Xconnect is usually associated with :(T$. !an & use this technology for my solution? AD >es. QD & ha%e my :(T$%2 tunnel up end#to#end, yet & cannot ping between switches. & suspect a spanning#tree type issue if the "uestion states F:A1 differences when & need to pro%ide :ayer ( adAacency. Am & at liberty to manipulate span# ning tree? AD >es.
uggan
!"43#
Secti$n @> Mu&tica#t

QD =o you want me to enable $& o%er my $ routers or Aust $, routers? AD The "uestion states S $:S network.T To pro%ide end#to#end multicast support, you might find that configuring $& end#to#end is re"uired. QD =o you want $& on my $:S router loopback interfaces? $:S network. AD >ou might find it is re"uired at certain points within your
QD & ha%e a ulticast =istribution Tree tunnel between $, routers, but & don6t understand what the low bandwidth re# "uirement is. AD =T has differing re"uirements for high and low bandwidth sources@ you might or might not re"uire a =ata =T. QD To get Switch 3 to reply to a ping to ((N.(.(.(, can & Aust configure an &7 $ Aoin group appropriately on its F:A1*)) interface? AD >ou can.
Secti$n 9> -P(7

QD =o you want me to run &$%N down to my !, switches and redistribute anything o%er AD >our switches are currently not capable of running &$%N. QD Should & Aust ad%ertise my &$%N prefi4es with the '7$ network command? AD >es, because there is no redistribution to be configured. $:S?
Secti$n 1+> B$S

QD =o you want the first QoS policy outbound on the ':M, F-+ interface on $, -outer -*? AD >es. QD To prioritize =S!$ traffic, do you want me to configure some priority "ueuing within a class for A+2( flows? AD 1o, use a common techni"ue whereby traffic is dropped randomly as "ueues fill. A+2* packets should be dropped more fre"uently than A+2(, though. QD Are you looking for -andom ,arly =etect?
uggan
!"44#
AD >ou6re almost there@ this wouldn6t offer the inherent drop preference, though. QD The second QoS policy limits traffic to * bs, yet the first will be line rate at * 7bp. &s this correct? AD >es, & appreciate that this isn6t the real world@ it Aust pro%ides you with two different configuration e4ercises. QD =o & use the same packet marking classes in each "uestion? AD >es. QD &s this =iffSer% whereby you want me to modify the topmost bits in the ,X$ field? AD >es. QD =o you want the policy applied to the !, facing F-+ ':M, interface as an input ser%ice policy? AD >es, this would then modify the traffic as it flows into the $:S network.
Secti$n 11> Security

QD =on6t & need an A!: to mark all traffic that should be encrypted? AD 1o, your solution will not re"uire an A!:, and all traffic flowing from the new subnets you created should auto# matically be encrypted. QD The clues in the "uestion suggest this is a = F$1 "uestion. & ha%e configured my solution correctly, yet & don6t get spoke routes on the spoke routers. &s this acceptable? AD 1o, you need full network %isibility from all de%ices and not Aust the hub. QD This sounds like a split#horizon issue@ can & disable this beha%ior? AD >es. QD & still show a ne4t hop of the hub between spoke networks, is this okay? AD 1o@ the "uestion specifically states that spoke routers must be able to communicate with each other directly. QD !an & modify the ne4t hop from the hub? AD >es. QD =o you want me to get -* to somehow translate a !- into a * to then pro%ide a password prompt? AD 1o, Aust make the router pro%ide a prompt when it recei%es an AS!&& *, rather than a !- on the line con ) port.
uggan
!'00#
Practice Lab 3 !ebrie/

The lab debrief section now analyzes each "uestion showing you what was re"uired and how to achie%e the desired re# sults. >ou should use this section to produce an o%erall score for $ractice :ab 2.
Secti$n 1> L%N S)itchin" an. ;rame 'e&ay ?7 P$int#A

E
!onfigure your switched network per +igure 2#N. >our switched network is physically nonlooped and therefore does not re"uire any ST$ root bridge configuration. !onfigure S0* +a)5*. to belong to F:A1()) and S0( +a)5*. to belong to F:A13)). !onfigure &nterface +a)5* on S0* to become a trunk port toward -* and +a)5N on S0( to become a trunk port toward -N@ ports should use /)(.*Q encapsulation. -estrict the F:A1s permissible to use the trunk on Switch * +a)5* to F:A1*), L), and ()) and F:A1(), *)), and 3)) on Switch ( +a)5N. &nterface +a)5() of each switch has been preconfigured to be a trunk port. >ou should also configure -* and -N to terminate the F:A1s on each router. !onnecti%ity between switches will be pro%ided %ia -* and -N later in the lab. B2 pointsC
This is a simple "uestion, but you are re"uired to complete multiple configuration items to gain your points. The con# figuration enables connecti%ity between switches when the $:S section has been completed later in the lab. To begin, $orts +a)5*. of Switch * and Switch ( should be assigned the correct F:A1. BThe actual F:A1s would ha%e been cre# ated pre%iously in the initial configuration.C 1e4t, the trunking is configured as directed with allowed F:A1s of *), L), and ()) for Switch * and (), *)), and 3)) for Switch (. -* and -N are configured with the corresponding F:A1 num# bers as subinterfaces to terminate the trunk connections from switch* and switch( using an identical reference for the dot*" encapsulation. &f you ha%e configured this correctly as shown in ,4ample 2#*, you ha%e scored 2 points.
2E%MPL2 361 S)1, S)2, '1, an. '7 C$n/i"urati$n N3T2
-* and -N use the F:A1 number for the encapsulation and the sub interface number. >our sub interface number does not need to match the F:A1 number, but it is considered good prac# tice to do so.
S8itc&1# s%o& run inter#a$e 6astEt%ernet B interface +ast.t&ernet$,1s8itc&port access 6lan 2$$ s8itc&port mo e access 529
S8itc&1# s%o& run inter#a$e 6astEt%ernet 52 B interface +ast.t&ernet$,1 s8itc&port trun# encapsulation ot1A s8itc&port trun# allo8e 6lan 1$><$>2$$ * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. s8itc&port mo e trun#
uggan
!'0"#
S8itc&2# s%o& run inter#a$e 6astEt%ernet 529 B interface +ast.t&ernet$,1s8itc&port access 6lan 4$$ s8itc&port mo e access S8itc&2# s%o& run inter#a$e 6astEt%ernet 53 B interface +ast.t&ernet$,7 s8itc&port trun# encapsulation ot1A s8itc&port trun# allo8e 6lan 2$>1$$>4$$ s8itc&port mo e trun# ;1# s%o& run > 'egin inter#a$e Giga'itEt%ernet 5 B interface (iga%it.t&ernet$,$ no ip a ress B interface (iga%it.t&ernet$,$?1$ encapsulation ot1Z 1$ B interface (iga%it.t&ernet$,$?<$ encapsulation ot1Z <$ B interface (iga%it.t&ernet$,$?2$$ encapsulation ot1Z 2$$
;7# s%o& run > 'egin inter#a$e Giga'itEt%ernet 52 B interface (iga%it.t&ernet$,1 no ip a ress B interface (iga%it.t&ernet$,1?2$ encapsulation ot1Z 2$ B interface (iga%it.t&ernet$,$?1$$ ot1Z 1$$ encapsulation * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. B interface (iga%it.t&ernet$,1?4$$ ot1Z 4$$ encapsulation
uggan
!'0'#
S02 interface +a)5*. and S03 interface +a)5*. are re"uired to communicate with each other on the same &$ subnet of *.*.*.)5(3. !onfigure these interfaces with &$ addresses *.*.*.*5(3 and *.*.*.(5(3, respecti%ely. The in# terfaces should be configured to communicate as if connected directly as a point#to#point link. !ctual IP end#to# end connecti"ity will be achie"ed in a later section.# B* pointsC
A straightforward configuration task to change the operation of the ports to nonswitchport :ayer 2 mode where an &$ address can be configured, end#to#end connecti%ity is achie%ed through the &$ network at a later stage. &f you ha%e con# figured this correctly, as shown in ,4ample 2#(, you ha%e scored * point.
2E%MPL2 362 S)3 an. S)4 C$n/i"urati$n
S8itc&3# s%o& run inter#a$e 6astEt%ernet 529 Q inter#a$e 6astEt%ernet 529 no s8itc&port ip a ress 1?1?1?1 2<<?2<<?2<<?$
S8itc&4# s&o8 run interface +ast.t&ernet$,1 interface +ast.t&ernet$,1no s8itc&port ip a ress 1?1?1?2 2<<?2<<?2<<?$
>our initial +rame#-elay configuration has been supplied for the -*#-(#-2, -2#-3, and -(#-L connecti%ity. !onfigure +rame#-elay, per +igure 2#9, to ensure each de%ice is reachable o%er the +rame#-elay network. 8nly use the indicated =:!&s. B( pointsC
The initial +rame#-elay configuration has been supplied for you@ all you need to do is create additional maps on -* and -( spoke routers to enable them to communicate with each other by directing traffic toward the Hub -outer -2 Bbecause the initial configuration uses no in%erse arpC. &f you ha%e configured this correctly, as shown in ,4ample 2#2, you ha%e scored ( points.
2E%MPL2 363
;1(config)#
'1 an. '2 %..iti$na& ;rame6'e&ay C$n/i"urati$n an. Veri/icati$n

inter#a$e 8erial 5 5 #rame.rela* ma/ i/ 22 .2 .223.2 2 3 'road$ast
;1(config-if)#
uggan
!'0+#
;2(config)#
inter#a$e 8erial 5 #rame.rela* ma/ i/ 22 .2 .223.2 2 3 'road$ast
;2(config-if)# ;1# /ing 22 .2
.223.2
!"pe escape seAuence to a%ort? Sen ing <> 1$$-%"te 3/4P .c&os to 12$?1$$?123?2> timeout is 2 secon s' BBBBB Success rate is 1$$ percent (<,<)> roun -trip min,a6g,max C :,:,: ms
Secti$n 2> MPLS an. 3SP; ?19 P$int#A

E
!onfigure 8S$+ on your routers, per +igure 2#/, to enable your network to transport $:S and $#'7$. All re"uired interfaces Bincluding :oopback )C should be configured to belong to Area ). ,nsure all 8S$+ configura# tion is entered under the interfaces. B2 pointsC
8S$+ is used as the &7$ in which to ad%ertise the router loopback addresses, which will of course be used for the $:S connecti%ity. The "uestion directs you to configure 8S$+ directly under the interfaces of the routers. ,4ample 2#3 shows the :oopback interfaces of each router from -*6s perspecti%e ad%ertised as host routes as re"uired for $:S. &f you ha%e configured this correctly, as shown in ,4ample 2#3, you ha%e scored 2 points. !onsider using the s%o& i/ os/# inter#a$e command to %erify your configuration.
2E%MPL2 364 3SP; C$n/i"urati$n an. Veri/icati$n
int lo i/ os/# 2 area int s 5 5 i/ os/# 2 area int lo i/ os/# 2 area int s 5 i/ os/# 2 area int s 52 i/ os/# 2 area int lo
;1(config-if)# ;1(config-if)# ;1(config-if)# ;1(config-if)# ;2(config-if)# ;2(config-if)# ;2(config-if)# ;2(config-if)# ;2(config-if)# ;2(config-if)# ;3(config-if)#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. ;3(config-if)# ;3(config-if)# ;3(config-if)# ;3(config-if)# ;3(config-if)# ;4(config-if)# ;4(config-if)# ;4(config-if)# ;4(config-if)# ;4(config-if)# ;4(config-if)# ;<(config-if)# ;<(config-if)# ;<(config-if)# ;<(config-if)# ;<(config-if)# ;<(config-if)# ;7(config-if)# ;7(config-if)# ;7(config-if)# ;7(config-if)# i/ os/# 2 area int s 5 5 i/ os/# 2 area int s 5 52 i/ os/# 2 area int lo i/ os/# 2 area int gi 5 i/ os/# 2 area int s 5 52 i/ os/# 2 area int lo i/ os/# 2 area int gi 5 i/ os/# 2 area int s 5 52 i/ os/# 2 area int lo i/ os/# 2 area int gi 5 i/ os/# 2 area
uggan
!'04#
;1# s%o& i/ route os/# 12$?$?$?$,: is 6aria%l" su%nette > 12 su%nets> 2 mas#s 2 12$?1$$?2<?$,24 F11$,12:G 6ia 12$?1$$?123?2> $$'34'1:> Serial$,$,$ 2 12$?1$$?<?1,32 F11$,12-G 6ia 12$?1$$?123?2> $$'34'1:> Serial$,$,$ 2 12$?1$$?4?1,32 F11$,12-G 6ia 12$?1$$?123?3> $$'34'1:> Serial$,$,$ 2 12$?1$$?7?1,32 F11$,13$G 6ia 12$?1$$?123?3> $$'34'1:> Serial$,$,$ F11$,13$G 6ia 12$?1$$?123?2> $$'34'1:> Serial$,$,$ 12$?1$$?3?1,32 F11$,7<G 6ia 12$?1$$?123?3> $$'34'1:> Serial$,$,$ 2 2 12$?1$$?2?1,32 F11$,7<G 6ia 12$?1$$?123?2> $$'34'1:> Serial$,$,$ 2 12$?1$$?4<?$,24 F11$,12-G 6ia 12$?1$$?123?3> $$'34'1:> Serial$,$,$ F11$,12-G 6ia 12$?1$$?123?2> $$'34'1:> Serial$,$,$ 12$?1$$?34?$,24 F11$,12:G 6ia 12$?1$$?123?3> $$'34'1:> Serial$,$,$ 2
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. 2 2 12$?1$$?123?3,32 12$?1$$?123?2,32 F11$,74G 6ia 12$?1$$?123?3> F11$,74G 6ia 12$?1$$?123?2>
uggan $$'34'1:> Serial$,$,$ $$'34'1:> Serial$,$,$
!'00#
!onfigure $:S on all routers within the 8S$+ domain@ use :=$ ensuring that T=$ can be used on unused in# terfaces without specifically configuring these interfaces for T=$. -outers -* and -N will become your $, routers, whereas -(, -2, -3, and -L will become $ routers. B3 pointsC
!onfiguration is re"uired on each router for them to become :S-s B:abel Switch -outersC. The :S-s must ha%e :oop# back interfaces with an address mask of 2( bits, and these interfaces must be reachable within the global &$ routing table Bwhich the pre%ious "uestion achie%edC. -* and -N are the $, B$ro%ider ,dgeC routers, which will be used to connect to switches in later "uestions simulating !, B!ustomer ,dgeC de%ices. -(, -2, -3, and -L become the $ B$ro%iderC routers, which will be used to switch labeled packets between the $, routers. The "uestion tells you to use :=$ B:abel =istribution $rotocolC but facilitate the future use of T=$ BTag =istribution $rotocolC without further configuration on unused interfaces. This is achie%ed by configuring T=$ globally and :=$ under each interface used for $:S within this lab. BThe default global and interface configuration is :=$C. The $, routers re"uire only $:S configured on their serial interfaces toward the $ routers. &f you ha%e configured this correctly, as shown in ,4ample 2#L, you ha%e scored 3 points.
2E%MPL2 365
MPLS C$n/i"urati$n
m/ls la'el /roto$ol td/ inter#a$e 8erial 5 5 m/ls la'el /roto$ol ld/ m/ls i/
;1(config-if)# ;1(config-if)# ;2(config)# ;2(config)#
m/ls la'el /roto$ol td/ inter#a$e 8erial 5 m/ls la'el /roto$ol ld/ m/ls i/ m/ls la'el /roto$ol ld/ m/ls i/
;2(config-if)# ;2(config-if)# ;2(config-if)# ;2(config-if)# ;3(config)# ;3(config)#
m/ls la'el /roto$ol td/ inter#a$e 8erial 5 5 m/ls la'el /roto$ol ld/ m/ls i/ inter#a$e 8erial 5 52
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. ;3(config-if)# ;3(config-if)# ;4(config)# ;4(config)# m/ls la'el /roto$ol ld/ m/ls i/
uggan
!'01#
m/ls la'el /roto$ol td/ inter#a$e Giga'itEt%ernet 5 m/ls la'el /roto$ol ld/ m/ls i/ inter#a$e 8erial 5 52 m/ls la'el /roto$ol ld/ m/ls i/
;4(config-if)# ;4(config-if)# ;4(config-if)# ;4(config-if)# ;4(config-if)# ;<(config)# ;<(config)#
m/ls la'el /roto$ol td/ inter#a$e Giga'itEt%ernet 5 m/ls la'el /roto$ol ld/ m/ls i/ inter#a$e 8erial 5 52 m/ls la'el /roto$ol ld/ m/ls i/
;<(config-if)# ;<(config-if)# ;<(config-if)# ;<(config-if)# ;<(config-if)# ;7(config)# ;7(config)#
m/ls la'el /roto$ol td/ inter#a$e Giga'itEt%ernet 5 m/ls la'el /roto$ol ld/ m/ls i/
,4ample 2#N shows %erification of the configuration with the :=$ peering between each router. 1otice that the loop# back addresses are used for :=$ peer identification.
2E%MPL2 367 MPLS C$n/i"urati$n Veri/icati$n
;1# s%o& m/ls ld/ neig%'or Peer 0DP 3 ent' 12$?1$$?2?1'$U 0ocal 0DP 3 ent 12$?1$$?1?1'$ !/P connection' 12$?1$$?2?1?4$41: - 12$?1$$?1?1?747 State' 2perU 4sgs sent,rc6 ' 7-,=1U Do8nstream *p time' $$'4='2$ 0DP isco6er" sources' Serial$,$,$> Src 3P a r' 12$?1$$?123?2 5 resses %oun to peer 0DP 3 ent' 12$?1$$?123?2 12$?1$$?2<?2 12$?1$$?2?1 Peer 0DP 3 ent' 12$?1$$?3?1'$U 0ocal 0DP 3 ent 12$?1$$?1?1'$ * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
uggan
!'02#
!/P connection' 12$?1$$?3?1?<137- - 12$?1$$?1?1?747 State' 2perU 4sgs sent,rc6 ' 7:,7:U Do8nstream *p time' $$'4='1: 0DP isco6er" sources' Serial$,$,$> Src 3P a r' 12$?1$$?123?3 5 resses %oun to peer 0DP 3 ent' 12$?1$$?123?3 12$?1$$?3?1 12$?1$$?34?3 ;2# s%o& m/ls ld/ neig%'or Peer 0DP 3 ent' 12$?1$$?3?1'$U 0ocal 0DP 3 ent 12$?1$$?2?1'$ !/P connection' 12$?1$$?3?1?17--1 - 12$?1$$?2?1?747 State' 2perU 4sgs sent,rc6 ' =1,7:U Do8nstream *p time' $$'47'33 0DP isco6er" sources' Serial$,$> Src 3P a r' 12$?1$$?123?3 Serial$,1> Src 3P a r' 12$?1$$?34?3 5 resses %oun to peer 0DP 3 ent' 12$?1$$?123?3 12$?1$$?3?1 12$?1$$?34?3 Peer 0DP 3 ent' 12$?1$$?<?1'$U 0ocal 0DP 3 ent 12$?1$$?2?1'$ !/P connection' 12$?1$$?<?1?13:27 - 12$?1$$?2?1?747 State' 2perU 4sgs sent,rc6 ' =3,=7U Do8nstream *p time' $$'47'24 0DP isco6er" sources' Serial$,1> Src 3P a r' 12$?1$$?2<?< 5 resses %oun to peer 0DP 3 ent' 12$?1$$?2<?< 12$?1$$?<?1 <?<?<?< 12$?1$$?4<?< 1$$?1$$?1$$?< Peer 0DP 3 ent' 12$?1$$?1?1'$U 0ocal 0DP 3 ent 12$?1$$?2?1'$ !/P connection' 12$?1$$?1?1?747 - 12$?1$$?2?1?4$41: State' 2perU 4sgs sent,rc6 ' 7-,7:U Do8nstream *p time' $$'47'$= 0DP isco6er" sources' Serial$,$> Src 3P a r' 12$?1$$?123?1 5 resses %oun to peer 0DP 3 ent' 12$?1$$?123?1 12$?1$$?1?1 Peer 0DP 3 ent' 12$?1$$?4?1'$U 0ocal 0DP 3 ent 12$?1$$?2?1'$ !/P connection' 12$?1$$?4?1?4=4$1 - 12$?1$$?2?1?747 State' 2perU 4sgs sent,rc6 ' <4,<=U Do8nstream *p time' $$'32'2: 0DP isco6er" sources' * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. Serial$,1> Src 3P a r' 12$?1$$?34?4 resses %oun to peer 0DP 3 ent' 12$?1$$?4?1 4?4?4?4 12$?1$$?4<?4 12$?1$$?34?4
uggan
!'03#
1$$?1$$?1$$?4
;3# s%o& m/ls ld/ neig%'or Peer 0DP 3 ent' 12$?1$$?2?1'$U 0ocal 0DP 3 ent 12$?1$$?3?1'$ !/P connection' 12$?1$$?2?1?747 - 12$?1$$?3?1?17--1 State' 2perU 4sgs sent,rc6 ' 7-,=2U Do8nstream *p time' $$'4='11 0DP isco6er" sources' Serial$,$,$> Src 3P a r' 12$?1$$?123?2 Serial$,$,1> Src 3P a r' 12$?1$$?2<?2 5 resses %oun to peer 0DP 3 ent' 12$?1$$?123?2 12$?1$$?2<?2 12$?1$$?2?1 Peer 0DP 3 ent' 12$?1$$?1?1'$U 0ocal 0DP 3 ent 12$?1$$?3?1'$ !/P connection' 12$?1$$?1?1?747 - 12$?1$$?3?1?<137State' 2perU 4sgs sent,rc6 ' 7=,7=U Do8nstream *p time' $$'47'43 0DP isco6er" sources' Serial$,$,$> Src 3P a r' 12$?1$$?123?1 5 resses %oun to peer 0DP 3 ent' 12$?1$$?123?1 12$?1$$?1?1 Peer 0DP 3 ent' 12$?1$$?<?1'$U 0ocal 0DP 3 ent 12$?1$$?3?1'$ !/P connection' 12$?1$$?<?1?<31$= - 12$?1$$?3?1?747 State' 2perU 4sgs sent,rc6 ' 7=,=4U Do8nstream *p time' $$'4<'22 0DP isco6er" sources' Serial$,$,1> Src 3P a r' 12$?1$$?2<?< 5 resses %oun to peer 0DP 3 ent' 12$?1$$?2<?< 12$?1$$?<?1 <?<?<?< 12$?1$$?4<?< 1$$?1$$?1$$?< Peer 0DP 3 ent' 12$?1$$?4?1'$U 0ocal 0DP 3 ent 12$?1$$?3?1'$ !/P connection' 12$?1$$?4?1?1<-4$ - 12$?1$$?3?1?747 State' 2perU 4sgs sent,rc6 ' <2,<7U Do8nstream *p time' $$'33'$7 0DP isco6er" sources' Serial$,$,1> Src 3P a r' 12$?1$$?34?4 5 resses %oun to peer 0DP 3 ent' 4?4?4?4 12$?1$$?4<?4 1$$?1$$?1$$?4 12$?1$$?4?1 * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. 12$?1$$?34?4
uggan
!'04#
;4# s%o& m/ls ld/ neig%'or Peer 0DP 3 ent' 12$?1$$?7?1'$U 0ocal 0DP 3 ent 12$?1$$?4?1'$ !/P connection' 12$?1$$?7?1?<<234 - 12$?1$$?4?1?747 State' 2perU 4sgs sent,rc6 ' =4,=7U Do8nstream *p time' $$'43'<2 0DP isco6er" sources' (iga%it.t&ernet$,$> Src 3P a r' 12$?1$$?4<?7 5 resses %oun to peer 0DP 3 ent' 12$?1$$?7?1 7?7?7?7 1$$?1$$?1$$?7 12$?1$$?4<?7 Peer 0DP 3 ent' 12$?1$$?<?1'$U 0ocal 0DP 3 ent 12$?1$$?4?1'$ !/P connection' 12$?1$$?<?1?<=7:- - 12$?1$$?4?1?747 State' 2perU 4sgs sent,rc6 ' =2,=4U Do8nstream *p time' $$'43'4: 0DP isco6er" sources' (iga%it.t&ernet$,$> Src 3P a r' 12$?1$$?4<?< Serial$,$,1> Src 3P a r' 12$?1$$?2<?< 5 resses %oun to peer 0DP 3 ent' 12$?1$$?2<?< 12$?1$$?<?1 <?<?<?< 12$?1$$?4<?< 1$$?1$$?1$$?< Peer 0DP 3 ent' 12$?1$$?2?1'$U 0ocal 0DP 3 ent 12$?1$$?4?1'$ !/P connection' 12$?1$$?2?1?747 - 12$?1$$?4?1?4=4$1 State' 2perU 4sgs sent,rc6 ' <<,<2U Do8nstream *p time' $$'3$'<2 0DP isco6er" sources' Serial$,$,1> Src 3P a r' 12$?1$$?2<?2 5 resses %oun to peer 0DP 3 ent' 12$?1$$?123?2 12$?1$$?2<?2 12$?1$$?2?1 Peer 0DP 3 ent' 12$?1$$?3?1'$U 0ocal 0DP 3 ent 12$?1$$?4?1'$ !/P connection' 12$?1$$?3?1?747 - 12$?1$$?4?1?1<-4$ State' 2perU 4sgs sent,rc6 ' <4,<$U Do8nstream *p time' $$'3$'<2 0DP isco6er" sources' Serial$,$,1> Src 3P a r' 12$?1$$?34?3 5 resses %oun to peer 0DP 3 ent' 12$?1$$?123?3 12$?1$$?3?1 12$?1$$?34?3 ;<# s%o& m/ls ld/ neig%'or Peer 0DP 3 ent' 12$?1$$?2?1'$U 0ocal 0DP 3 ent 12$?1$$?<?1'$ * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
uggan
!'"0#
!/P connection' 12$?1$$?2?1?747 - 12$?1$$?<?1?13:27 State' 2perU 4sgs sent,rc6 ' :$,==U Do8nstream *p time' $$'4-'<< 0DP isco6er" sources' Serial$,$,1> Src 3P a r' 12$?1$$?2<?2 5 resses %oun to peer 0DP 3 ent' 12$?1$$?123?2 12$?1$$?2<?2 12$?1$$?2?1 Peer 0DP 3 ent' 12$?1$$?7?1'$U 0ocal 0DP 3 ent 12$?1$$?<?1'$ !/P connection' 12$?1$$?7?1?1:4=2 - 12$?1$$?<?1?747 State' 2perU 4sgs sent,rc6 ' :1,:1U Do8nstream *p time' $$'4:'<: 0DP isco6er" sources' (iga%it.t&ernet$,$> Src 3P a r' 12$?1$$?4<?7 5 resses %oun to peer 0DP 3 ent' 12$?1$$?7?1 7?7?7?7 1$$?1$$?1$$?7 12$?1$$?4<?7 Peer 0DP 3 ent' 12$?1$$?4?1'$U 0ocal 0DP 3 ent 12$?1$$?<?1'$ !/P connection' 12$?1$$?4?1?747 - 12$?1$$?<?1?<=7:State' 2perU 4sgs sent,rc6 ' :$,=:U Do8nstream *p time' $$'4:'<4 0DP isco6er" sources' (iga%it.t&ernet$,$> Src 3P a r' 12$?1$$?4<?4 Serial$,$,1> Src 3P a r' 12$?1$$?34?4 5 resses %oun to peer 0DP 3 ent' 12$?1$$?4?1 4?4?4?4 12$?1$$?4<?4 1$$?1$$?1$$?4 12$?1$$?34?4 Peer 0DP 3 ent' 12$?1$$?3?1'$U 0ocal 0DP 3 ent 12$?1$$?<?1'$ !/P connection' 12$?1$$?3?1?747 - 12$?1$$?<?1?<31$= State' 2perU 4sgs sent,rc6 ' ==,=$U Do8nstream *p time' $$'4:'1= 0DP isco6er" sources' Serial$,$,1> Src 3P a r' 12$?1$$?34?3 5 resses %oun to peer 0DP 3 ent' 12$?1$$?123?3 12$?1$$?3?1 12$?1$$?34?3 ;7# s%o& m/ls ld/ neig%'or Peer 0DP 3 ent' 12$?1$$?<?1'$U 0ocal 0DP 3 ent 12$?1$$?7?1'$ !/P connection' 12$?1$$?<?1?747 - 12$?1$$?7?1?1:4=2 State' 2perU 4sgs sent,rc6 ' :2,:2U Do8nstream *p time' $$'4-'31 0DP isco6er" sources' * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
uggan
!'""#
(iga%it.t&ernet$,$> Src 3P a r' 12$?1$$?4<?< resses %oun to peer 0DP 3 ent' 12$?1$$?2<?< 12$?1$$?<?1 <?<?<?< 12$?1$$?4<?< 1$$?1$$?1$$?< Peer 0DP 3 ent' 12$?1$$?4?1'$U 0ocal 0DP 3 ent 12$?1$$?7?1'$ !/P connection' 12$?1$$?4?1?747 - 12$?1$$?7?1?<<234 State' 2perU 4sgs sent,rc6 ' :2,:$U Do8nstream *p time' $$'4-'31 0DP isco6er" sources' (iga%it.t&ernet$,$> Src 3P a r' 12$?1$$?4<?4 5 resses %oun to peer 0DP 3 ent' 12$?1$$?4?1 4?4?4?4 12$?1$$?4<?4 1$$?1$$?1$$?4 12$?1$$?34?4 5
>ou will be configuring two F$1s o%er your $:S networks per +igure 2#. between $, routers of ':M, and -,=. At this point, assign the following interfaces on each $, router into separate routing instances within the routersD $, -* interface 7i)5) F:A1*) connection into F$1 ':M, $, -* interface 7i)5) F:A1L) connection into F$1 -,= $, -N interface 7i)5* F:A1() connection into F$1 ':M, $, -N interface 7i)5* F:A1*)) connection into F$1 -,= !onfigure F$1 ':M, to use an -= of *)) and F$1 -,= to use an -= of ()) for both importing and e4porting routes into your '7$ network, which will be configured later with an AS of ASNL))*. B3 pointsC
>ou are re"uired to create %irtual routing forwarding BF-+C instances on the $, routers and assign the subinterfaces on each $, router into these. This will ultimately pro%ide end#to#end %irtual pri%ate networking BF$1C connecti%ity o%er the $:S network for your !, de%ices to communicate. >ou are directed to use a route descriptor B-=C of *)) for the ':M, F-+ and ()) for the -,= F-+ and must combine this with the '7$ autonomous system BASC number of NL))* to import and e4port route target e4tended communities for the specified F-+s. The actual '7$ configuration will be configured later in the lab. &f you ha%e configured this correctly, as shown in ,4ample 2#9, you ha%e scored 3 points.
2E%MPL2 367
;1(config)#
V'; C$n/i"urati$n
i/ ,r# ")FE rd 3- 2!2 route.target e:/ort 32!2
;1(config-6rf)# ;1(config-6rf)#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. ;1(config-6rf)# route.target im/ort 32!2
uggan
!'"'#
;1(config-6rf)#Q ;1(config6rf)# i/ ,r# +ED ;1(config6rf)# rd 3- 2!2 ;1(config-6rf)# route.target e:/ort 3;1(config-6rf)# ;1(config-6rf)# ;1(config)# route.target im/ort 3e:it
2!2 2!2
inter#a$e Giga'itEt%ernet 5 .2 i/ ,r# #or&arding ")FE inter#a$e Giga'itEt%ernet 5 .i/ ,r# #or&arding +ED
;1(config-su%if)# ;1(config-su%if)# ;1(config-su%if)# +3J$on#ig?< i/ ,r# ")FE +3J$on#ig.,r#?< rd 3-
2!2 2!2 2!2
+3J$on#ig.,r#?< route.target e:/ort 3+3J$on#ig.,r#?< route.target im/ort 3-
+3J$on#ig.,r#?< i/ ,r# +ED +3J$on#ig.,r#?< rd 32!2 2!2 2!2
+3J$on#ig.,r#?< route.target e:/ort 3+3J$on#ig.,r#?< route.target im/ort 3+3J$on#ig.,r#?< e:it
+3J$on#ig?< inter#a$e Giga'itEt%ernet 52.2 +3J$on#ig.su'i#?< i/ ,r# #or&arding ")FE +3J$on#ig?< inter#a$e Giga'itEt%ernet 52.2 i/ ,r# #or&arding +ED
!reate a network between $, -outer -* and !, de%ice Sw* using a F:A1*) interface on Sw* that can be trunked toward -*. This network will reside in the ':M, F$1. Mse a subnet of *).*).*).)52) with .*52) as# signed to the $, and .(52) assigned to the !,. B( pointsC
This is a simple configuration task to assign &$ connecti%ity between the $, and !, de%ices for future routing between the de%ices and remote F$1 connecti%ity %ia -N. The new F:A1*) must be created on Sw*, and this F:A1 should ha%e already been permitted to flow through to -* as an allowed F:A1. The subinterface of 7igabit)5).*) on -* has been assigned to the ':M, F-+ during the pre%ious "uestion, so connecti%ity between Sw* and -* should now be possible Bwhen &$ addresses are assignedC. 0hen testing, remember that -* must use the appropriate F-+ to confirm
uggan
!'"+#
connecti%ity because a normal ping would be sourced from the global routing table and will fail. &f you ha%e configured this correctly, as shown in ,4ample 2#/, you ha%e scored ( points.
2E%MPL2 36@
;1(config)#
9L<2 V'; -P %..re##in" an. L$ca& C$nnecti(ity Te#tin"

inter#a$e Giga'itEt%ernet 5 .2 i/ add 2 .2 .2 .2 2--.2--.2--.2-2 ,lan 2 e:it no s%utdo&n i/ add 2 .2 .2 .2 2--.2--.2--.2-2 inter#a$e ,lan 2
;1(config-su%if)# S8itc&1(config)# S8itc&1(config)#
S8itc&1(config-6lan)# S8itc&1(config-if)# S8itc&1(config-if)#
;1# /ing ,r# ")FE 2 .2 .2 .2 !"pe escape seAuence to a%ort? Sen ing <> 1$$-%"te 3/4P .c&os to 1$?1$?1$?2> timeout is 2 secon s' ??BBB Success rate is 7$ percent (3,<)> roun -trip min,a6g,max C 1,1,1 ms
!reate a network between $, router -N and !, de%ice Sw( using a F:A1() interface on Sw( that can be trunked toward -N. This network will reside in the ':M, F$1. Mse a subnet of *).*).().)52) with .*52) as# signed to the $, and .(52) assigned to the !,. B( pointsC
This is a simple configuration task as per the pre%ious "uestion to assign connecti%ity between the $, and !, de%ices for future routing between the de%ices and remote F$1 connecti%ity %ia -*. The new F:A1() must be created on Sw(, and this F:A1 already should ha%e been permitted to flow through to -N as an allowed F:A1. The subinterface of 7i# gabit)5*.() on -N has been assigned to the ':M, F-+ during a pre%ious "uestion, so connecti%ity between Sw( and -N should now be possible. 0hen testing, remember that -N must use the appropriate F-+ to confirm connecti%ity. &f you ha%e configured this correctly, as shown in ,4ample 2#., you ha%e scored ( points.
2E%MPL2 369
;7(config)#
9L<2 V'; -P %..re##in" an. L$ca& C$nnecti(ity Te#tin"

inter#a$e Giga'itEt%ernet 52.2 i/ add 2 .2 .2 .2 2--.2--.2--.2-2 ,lan 2 e:it
;7(config-su%if)# S8itc&2(config)#
S8itc&2(config-6lan)#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. S8itc&2(config)# inter#a$e ,lan 2 no s%utdo&n i/ add 2 .2 .2 .2 2--.2--.2--.2-2
uggan
!'"4#
S8itc&2(config-if)# S8itc&2(config-if)#
;7# /ing vrf BLUE 2 .2 .2 .2 !"pe escape seAuence to a%ort? Sen ing <> 1$$-%"te 3/4P .c&os to 1$?1$?2$?2> timeout is 2 secon s' ??BBB Success rate is 7$ percent (3,<)> roun -trip min,a6g,max C 1,1,1 ms
!reate a network between $, -outer -* and !, de%ice Sw2 using a F:A1L) interface on Sw2 that can be trunked toward -*@ this network will reside in the -,= F$1. Mse a subnet of *2).L).L).)52) with .*52) assigned to the $, and .(52) assigned to the !,. B( pointC
Here<s another simple configuration to assign connecti%ity between the $, and !, de%ices for future routing between the de%ices and remote F$1 connecti%ity %ia -N. The new F:A1L) must be created on Sw2, and this F:A1 should ha%e already been permitted to flow through Sw* to -* as an allowed F:A1. The subinterface of 7igabit)5).L) on -* has been assigned to the -,= F-+ during a pre%ious "uestion, so connecti%ity between Sw2 and -* should now be pos# sible. 0hen testing, remember that -* must use the appropriate F-+ to confirm connecti%ity. &f you ha%e configured this correctly, as shown in ,4ample 2#*), you ha%e scored ( points.
2E%MPL2 361+ '2! V'; -P %..re##in" an. L$ca& C$nnecti(ity Te#tin"
;1(config)# inter#a$e Giga'itEt%ernet 5 .;1(config-su%if)# i/ add 23 .- .- .2 2--.2--.2--.2-2 S8itc&3(config)# ,lan S8itc&3(config-6lan)# e:it S8itc&3(config)# inter#a$e ,lan S8itc&3(config-if)# no s%utdo&n S8itc&3(config-if)# i/ add 23 .- .- .2 2--.2--.2--.2-2
;1# /ing ,r# +ED 23 .- .- .2
!"pe escape seAuence to a%ort? Sen ing <> 1$$-%"te 3/4P .c&os to 13$?<$?<$?2> timeout is 2 secon s' * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
uggan
!'"0#
??BBB Success rate is 7$ percent (3,<)> roun -trip min,a6g,max C 1,1,1 ms
!reate a network between $, -outer -N and !, de%ice Sw3 using a F:A1*)) interface on Sw3 that can be trunked toward -N@ this network will reside in the -,= F$1. Mse a subnet of *2).*)).*)).)52) with .*52) as# signed to the $, and .(52) assigned to the !,. B( pointsC
This is the final configuration task to assign connecti%ity between the $, and !, de%ices for future routing between the de%ices and remote F$1 connecti%ity %ia -*. The new F:A1*)) must be created on Sw3, and this F:A1 should ha%e already been permitted to flow through Sw2 to -N as an allowed F:A1. The subinterface of 7igabit)5*.*)) on -N has been assigned to the -,= F-+ during a pre%ious "uestion, so connecti%ity between Sw3 and -N should now be possi# ble. 0hen testing, remember that -N must use the appropriate F-+ to confirm connecti%ity. &f you ha%e configured this correctly, as shown in ,4ample 2#**, you ha%e scored ( points.
2E%MPL2 3611 '2! V'; -P %..re##in" an. L$ca& C$nnecti(ity Te#tin"
;7(config)# inter#a$e Giga'itEt%ernet 52.2 i/ add 23 .2 ,lan 2 e:it no s%utdo&n i/ add 23 .2 .2 .2 .2 inter#a$e ,lan 2 .2 2--.2--.2--.2-2 .2 .2 2--.2--.2--.2-2 ;7(config-su%if)# S8itc&4(config)# S8itc&4(config)#
S8itc&4(config-6lan)# S8itc&4(config-if)# S8itc&4(config-if)# ;7# /ing vrf RED 23 .2
!"pe escape seAuence to a%ort? Sen ing <> 1$$-%"te 3/4P .c&os to 13$?1$$?1$$?2> timeout is 2 secon s' ??BBB Success rate is 7$ percent (3,<)> roun -trip min,a6g,max C 1,1,1 ms

E
!onfigure $#'7$ between your $, routers, per +igure 2#*), to enable your network to transport the F$1%3 addresses of your configured F$1s B':M, and -,=C. Mse loopback interfaces for peering between your $, routers. >ou will configure the actual F$1 routing in later "uestions. B3 pointsC
uggan
!'"1#
$:S re"uires the use of ultiprotocol '7$ B $#'7$C between the $, routers to e4change F$1%3 addresses in addi# tion to &$%3 addresses. The F$1s will be mapped into the configuration later, so this "uestion is a straightforward peer# ing and F$1%3 setup task. The configuration re"uires you to peer from your loopback interfaces, which are ad%ertised %ia your $ routers within 8S$+ and that e4tended communities are used between $, routers to ad%ertise your F$1%3 addresses successfully. >ou should be aware that -oute Targets B-TC are implemented by the use of the '7$ e4tended community BN3 bitsC and as such the send.$ommunit* 'ot% %alue must be configured within $#'7$. The ne:t.%o/.sel# command is optional and strictly re"uired only when you ha%e an e'7$ configuration to preser%e the ne4t#hop informa# tion to peers@ you won<t lose any points if you added this or left it out. The actual F$1 portion of $#'7$ will be con# figured later within the &$%3 address family for F-+#specific ad%ertisements. This is a simple $#'7$ network with only two $, routers@ additional $, routers would re"uire a full mesh of i'7$ peering or configuration of route# reflectors to aid scalability. &f you ha%e configured this correctly, as shown in ,4ample 2#*(, you ha%e scored 3 points.
2E%MPL2 3612 MP69=P C$n/i"urati$n
;1(config)# router 'g/ 32 ;1(config-router)# ;1(config-router)# ;1(config-router)# ;1(config-router)# ;1(config-router)# no s*n$%roni1ation no auto.summar* neig%'or 22 .2 neig%'or 22 .2 .3.2 remote.as 32 .3.2 u/date.sour$e )oo/'a$0
address.#amil* ,/n,4
;1(config-router-af)# neig%'or 22 .2 .3.2 a$ti,ate ;1(configrouter-af)# neig%'or 22 .2 .3.2 ne:t.%o/.sel# ;1(config-routeraf)# neig%'or 22 .2 .3.2 send.$ommunit* 'ot% ;7(config)# router 'g/ 32
;7(config-router)# ;7(config-router)# ;7(config-router)# ;7(config-router)# ;7(config-router)#
no s*n$ no auto.summar* neig%'or 22 .2 neig%'or 22 .2 .2.2 remote.as 32 .2.2 u/date.sour$e )oo/'a$0
address.#amil* ,/n,4 neig%'or 22 .2 neig%'or 22 .2 neig%'or 22 .2 .2.2 a$ti,ate .2.2 ne:t.%o/.sel# .2.2 send.$ommunit* 'ot%
;7(config-router-af)# ;7(config-router-af)# ;7(config-router-af)#
uggan
!'"2#
Secti$n 4> 2-='P an. MP69=P ?9 P$int#A

E
!onfigure ,&7-$ per +igure 2#** between your $, -outer -N and !, Switch Sw(. Mse an ,&7-$ process number of * on -N and a process number of *) on Sw(. Mse F:A1() for ,&7-$ connecti%ity between -N and Sw(. Ad%ertise all preconfigured :oopback networks on Sw( to -N for the ':M, F$1. B2 pointsC
Mntil now the "uestions ha%e merely dealt with setting up the infrastructure for $:S connecti%ity. 1ow you are re# "uested to ad%ertise routes from your !, Switch Sw( to $, -outer -N, which will ultimately be ad%ertised throughout the ':M, F$1 to the remote $, -outer -* and !, Switch Sw*. The "uestions become harder from this point. >ou6ll realize that to peer successfully with ,&7-$ you would need to be operating within the same autonomous system BASC number, yet the "uestion enforces you to run differing AS numbers. $, routers would normally connect to multiple cus# tomers, so it is unreasonable to e4pect that each ,&7-$ domain should run the same AS number. As such, there is a fi4, which is a manual AS mapping under the F$1#specific configuration Baddress.#amil* i/,4 ,r# ")FEC where the AS number is stipulated. &t is also within this section that the networks are enabled for ,&7-$ to operate o%er. ,4ample 2# *2 details the ,&7-$ configuration and resulting neighbor relationship and route propagation between -N and Sw(. &f you ha%e configured this correctly, as shown in ,4ample 2#*2, you ha%e scored 2 points.
N3T2
The &$ addressing for F:A1() on Sw( and associated subinterfaces on -N has pre%iously been configured. The ':M, F-+ has also been associated to the -N subinterface pre%iously.
2E%MPL2 3613
'7 an. S)itch2 2-='P C$n/i"urati$n an. Veri/icati$n
;7(config)# router eigr/ 2 ;7(config-router)# address.#amil* i/,4 vrf BLUE ;7(config-router-af)# ;7(config-router-af)# ;7(config-router-af)# S8itc&2(config)# S8itc&2(config)# autonomous.s*stem 2 no auto.summar* net&or0 2 .2 .2 . . . .3
i/ routing router eigr/ 2 no auto.summar* net&or0 2 .2 .2 . net&or0 2 .2.2. net&or0 2 .2.3. net&or0 2 .2.4. . . .3 . . .2-. . .2-. . .2--
S8itc&2(config-router)# S8itc&2(config-router)# S8itc&2(config-router)# S8itc&2(config-router)# S8itc&2(config-router)#
;7# s%o& i/ eigr/ vrf BLUE neig%'ors 3P-.3(;P neig&%ors for process 1$ 5 ress 3nterface 9
9ol
*ptime
S;!!
;!2
SeA
uggan /nt Num $ 1
!'"3#
$ 1$?1$?2$?2 (i$,1?2$ ;7# ;7# s%o& i/ route vrf BLUE eigr/ 1$?$?$?$,: is 6aria%l" su%nette > D 1$?2?2?$,24 F-$,1<717$G 6ia 1$?1$?2$?2> D 1$?2?3?$,24 F-$,1<717$G 6ia 1$?1$?2$?2> D 1$?2?4?$,24 F-$,1<717$G 6ia 1$?1$?2$?2>
(sec) (ms) 11 $$'$4'1: 1
2$$
4 su%nets> 2 mas#s $$'$4'37> (iga%it.t&ernet$,1?2$ $$'$4'37> (iga%it.t&ernet$,1?2$ $$'$4'37> (iga%it.t&ernet$,1?2$
N3T2
The &$ addressing for F:A1*) on Sw* and associated subinterfaces on -* has pre%iously been configured. The ':M, F-+ has also been associated to the -* subinterface pre%iously.
!onfigure ,&7-$ per +igure 2#** between your $, -outer -* and !, Switch Sw*. Mse an ,&7-$ process number of * on -* and a process number of *) on Sw*. Mse F:A1*) for ,&7-$ connecti%ity between -* and Sw*. Ad%ertise all preconfigured :oopback networks on Sw* to -* for the ':M, F$1. B2 pointsC
$er the pre%ious "uestion, you are re"uested to ad%ertise routes from your !, Switch Sw* to $, -outer -*, which will ultimately be ad%ertised throughout the ':M, F$1 to the remote $, -outer -N and !, Switch Sw(. 8nce again you are re"uired to manually configure the ,&7-$ AS number within the address#family %rf section of the $,. ,4ample 2#*3 details the ,&7-$ configuration and resulting neighbor relationship and route propagation between -* and Sw*. &f you ha%e configured this correctly, as shown in ,4ample 2#*3, you ha%e scored 2 points.
2E%MPL2 3614 '1 an. S)itch1 2-='P C$n/i"urati$n an. Veri/icati$n
;1(config)# router eigr/ 2 ;1(config-router)# address.#amil* i/,4 vrf BLUE ;1(config-router-af)# ;1(config-router-af)# ;1(config-router-af)# ;1(config-6rf)# ;1(config-su%if)# ;1(config-su%if)# S8itc&1(config)# S8itc&1(config)# autonomous.s*stem 2 no auto.summar* net&or0 2 .2 .2 . . . .3
int gi 5 .2 i/ ,r# #or&arding ")FE i/ add 2 .2 .2 .2 2--.2--.2--.2-2 i/ routing router eigr/ 2 no auto.summar* net&or0 2 .2 .2 . net&or0 2 .2.2. net&or0 2 .2.2. . . .3 . . .2-. . .2--
S8itc&1(config-router)# S8itc&1(config-router)# S8itc&1(config-router)# S8itc&1(config-router)#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. S8itc&1(config-router)# net&or0 2 .2.3. . . .2--
uggan
!'"4#
;1# s%o& i/ eigr/ ,r# ")FE neig%'ors 3P-.3(;P neig&%ors for process 1$ 9 5 ress 3nterface $ 1$?1$?1$?2 ;1# (i$,$?1$
9ol *ptime S;!! (sec) (ms) 13 $$'$$'24 1
;!2
Z SeA /nt Num 2$$ $ 1
;1# s%o& i/ eigr/ ,r# ")FE neig%'ors 3P-.3(;P neig&%ors for process 1$ 9 5 ress 3nterface $ 1$?1$?1$?2 (i$,$?1$
9ol *ptime S;!! (sec) (ms) 13 $$'$$'24 1 4 su%nets> 2 mas#s
;!2
Z SeA /nt Num 2$$ $ 1
;1# s%o& i/ route ,r# ")FE eigr/ 1$?$?$?$,: is 6aria%l" su%nette > D 1$?1?3?$,24 F-$,1<3:<7G 6ia 1$?1$?1$?2> D 1$?1?2?$,24 F-$,1<3:<7G 6ia 1$?1$?1$?2> D 1$?1?1?$,24 F-$,1<3:<7G 6ia 1$?1$?1$?2>
$$'$1'1:> (iga%it.t&ernet$,$?1$ $$'$1'1:> (iga%it.t&ernet$,$?1$ $$'$1'1:> (iga%it.t&ernet$,$?1$
!onfigure your $, -outers -* and -N to transport ,&7-$ routes from your !, de%ices between the ':M, F$1 using $#'7$. ,&7-$ networks residing on Sw* should be seen as internal ,&7-$ routes on Sw( and %ice %ersa. ,nsure all ,&7-$ routes ha%e a ,= of L) assigned to them within $#'7$. Mse a default#metric of *)))) *)) (LL * *L)) for '7$ routes when redistributed into ,&7-$. B2 pointsC
The full end#to#end F$1 routing is achie%ed at this point by redistributing ,&7-$ into the appropriate address#family for the F-+. The "uestion dictates the metrics you should use. &n reality, the metrics are not re"uired because the e4# tended community %alues of $#'7$ pre%iously configured will effecti%ely transport the internal metrics of ,&7-$ and ensure the routes are shown as internal ,&7-$ routes at the remote location, e%en though they ha%e been redistributed %ia another routing protocol. The "uestion is Aust looking for accuracy and gi%ing you the opportunity to %iew routes with the metrics and later without if you choose to. ,4ample 2#*L details the configuration re"uired on the $, routers and resulting routes on the !, de%ices Sw* and Sw(. &f you ha%e configured this correctly, as shown in ,4ample 2#*L, you ha%e scored 2 points.
uggan
!''0#
2E%MPL2 3615 P2 an. C2 MP69=P 'e.i#tributi$n C$n/i"urati$n an. Veri/icati$n

;1(config)# router eigr/ 2 address.#amil* i/,4 ,r# ")FE redistri'ute 'g/ 3router 'g/ 32 2 metri$ 2 2 2-- 2 2;1(config-router)#
;1(config-router-af)# ;1(config-router-af)# ;1(config-router)# ;1(config-router-af)# ;7(config)# router eigr/ 2
address.#amil* i/,4 ,r# ")FE redistri'ute eigr/ 2 metri$ -
;7(config-router)#
address.#amil* i/,4 ,r# ")FE redistri'ute 'g/ 3router 'g/ 32 2 metri$ 2 2 2-- 2 2-
;7(config-router-af)# ;7(config-router-af)# ;7(config-router)# ;7(config-router-af)#
address.#amil* i/,4 ,r# ")FE redistri'ute eigr/ 2 metri$ -
SW1# s%o& i/ route eigr/ D 1$?2?2?$,24 F-$,1<7417G 6ia 1$?1$?1$?1> D 1$?2?3?$,24 F-$,1<7417G 6ia 1$?1$?1$?1> D 1$?2?4?$,24 F-$,1<7417G 6ia 1$?1$?1$?1> D 1$?1$?2$?$,3$ F-$,2:417G 6ia 1$?1$?1$?1> SW2# s%o& i/ route eigr/ D 1$?1?3?$,24 F-$,1<4112G 6ia 1$?1$?2$?1> D 1$?1?2?$,24 F-$,1<4112G 6ia 1$?1$?2$?1> D 1$?1?1?$,24 F-$,1<4112G 6ia 1$?1$?2$?1> 1$?1$?1$?$,3$ F-$,27112G 6ia 1$?1$?2$?1> D
$$'32'$<> Vlan1$ $$'32'$<> Vlan1$ $$'32'$<> Vlan1$ $$'32'$<> Vlan1$
$$'33'$=> Vlan2$ $$'33'$=> Vlan2$ $$'33'$=> Vlan2$ $$'33'$=> Vlan2$
,4ample 2#*N details the '7$ routes recei%ed on the $, routers with the assigned ,= %alue of L)@ it also details the $:S forwarding table for the ':M, F-+. 1otice the i'7$ routes on the $, routers from the remote $, router with the ,= of L)@ these are the routes that are propagated to ,&7-$ !, de%ices. &f you ha%e configured this correctly, as shown in ,4ample 2#*N, you ha%e scored 2 points.
2E%MPL2 3617 P2 MP69=P an. MPLS Veri/icati$n
;7# s%o& i/ 'g/ ,/n,4 ,r# ")FE 1(P ta%le 6ersion is 1=> local router 3D is 12$?1$$?7?1 Status co es' s suppresse > ampe > & &istor"> I 6ali > Y %est> i - internal> r ;31-failure> S Stale * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. 2rigin co es' i - 3(P> e - .(P> W - incomplete Net8or# Next 9op 4etric 0ocPrf ;oute Distinguis&er' 7<$$1'1$$ ( efault for 6rf 10*.) IYi1$?1?1?$,24 12$?1$$?1?1 <$ 1$$ IYi1$?1?2?$,24 12$?1$$?1?1 <$ 1$$ IYi1$?1?3?$,24 12$?1$$?1?1 <$ 1$$ IY 1$?2?2?$,24 1$?1$?2$?2 <$ IY 1$?2?3?$,24 1$?1$?2$?2 <$ IY 1$?2?4?$,24 1$?1$?2$?2 <$ IYi1$?1$?1$?$,3$ 12$?1$$?1?1 $ 1$$ IY 1$?1$?2$?$,3$ $?$?$?$ $
uggan
!''"#
Weig&t Pat& $ W $ W $ W 32=7: W 32=7: W 32=7: W $ W 32=7: W
;1# s%o& i/ 'g/ ,/n,4 ,r# ")FE 1(P ta%le 6ersion is 1=> local router 3D is 12$?1$$?1?1 Status co es' s suppresse > ampe > & &istor"> I 6ali > Y %est> i - internal> r ;31-failure> S Stale 2rigin co es' i - 3(P> e - .(P> W - incomplete Net8or# Next 9op 4etric 0ocPrf Weig&t Pat& ;oute Distinguis&er' 7<$$1'1$$ ( efault for 6rf 10*.) IY 1$?1?1?$,24 1$?1$?1$?2 <$ 32=7: W IY 1$?1?2?$,24 1$?1$?1$?2 <$ 32=7: W IY 1$?1?3?$,24 1$?1$?1$?2 <$ 32=7: W IYi1$?2?2?$,24 12$?1$$?7?1 <$ 1$$ $ W IYi1$?2?3?$,24 12$?1$$?7?1 <$ 1$$ $ W IYi1$?2?4?$,24 12$?1$$?7?1 <$ 1$$ $ W IY 1$?1$?1$?$,3$ $?$?$?$ $ 32=7: W IYi1$?1$?2$?$,3$ 12$?1$$?7?1 $ 1$$ $ W
;1# s%o& m/ls #or&arding.ta'le ,r# ")FE 0ocal 2utgoing Prefix tag tag or V/ or !unnel 3 27 *ntagge 1$?1?3?$,24FVG 2= *ntagge 1$?1?2?$,24FVG 2: 5ggregate 1$?1$?1$?$,3$FVG 2*ntagge 1$?1?1?$,24FVG ;7# s%o& m/ls #or&arding.ta'le ,r# ")FE
1"tes tag s8itc&e $ $ $ $
2utgoing Next 9op interface (i$,$?1$ 1$?1$?1$?2 (i$,$?1$ 1$?1$?1$?2 (i$,$?1$ 1$?1$?1$?2
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. 0ocal tag 27 2= 2: 22utgoing tag or V/ *ntagge *ntagge *ntagge 5ggregate Prefix or !unnel 3 1$?2?2?$,24FVG 1$?2?3?$,24FVG 1$?2?4?$,24FVG 1$?1$?2$?$,3$FVG 1"tes tag s8itc&e $ $ $ $
uggan
!'''#
2utgoing Next 9op interface (i$,1?2$ 1$?1$?2$?2 (i$,1?2$ 1$?1$?2$?2 (i$,1?2$ 1$?1$?2$?2
Secti$n 5> 3SP; an. MP69=P ?9 P$int#A

E
!onfigure 8S$+ per +igure 2#*( for your F-+ -,= with a process number of 2 on $, -outer -* and Sw2 using F:A1L) for connecti%ity. Mse a process &= of ( on $, -outer -N and !, de%ice Sw3 using F:A1*)) for con# necti%ity. >ou should permit only internal 8S$+ routes to be ad%ertised across your F$1 and ensure the redistri# bution of '7$ routes into 8S$+ are assigned as Type * e4ternal routes with no manually adAusted cost associated to them. &t is acceptable for these routes to come through as 52( routes because of default 8S$+ beha%ior of :oopback interfaces. B2 pointsC
N3T2
The &$ addressing for F:A1L) on Sw2 and associated subinterface on -* and F:A1*)) on Sw3 and associated sub# interface on -N has pre# %iously been configured. The -,= F-+ has also been associated to the -* and -N subinterfaces pre%iously.
>ou are re"uested to configure 8S$+ o%er your $:S network between !, de%ices Sw2 and Sw3 %ia your $, -outers -* and -N. +igure 2#*( indicates that all loopback interfaces are to be included in 8S$+ on both !, de%ices. >ou should be aware that 8S$+ will ad%ertise these as host routes, but the "uestion states that this is acceptable beha%ior. Similarly to the ,&7-$ "uestion, you are re"uested to manipulate the redistribution of the &7$ into '7$, but in reality the routes would appear to ha%e not been redistributed through another routing protocol by default. This direction is ac# tually a red herring for the ne4t "uestion when the routes at the !, de%ices appear as e4ternal routes when they should in fact be internal routes. >ou are re"uested to permit only internal 8S$+ routes to be redistributed into '7$, which is a simple mat$% internal parameter on the redistribution configuration. >ou should, of course, remember that the $:S network is seen as an 8S$+ super backbone, and as such you had no configuration for Area ) to enable Area * to com# municate with Area ( o%er $:S. ,4ample 2#*9 details the re"uired configuration and %erification. &f you ha%e config# ured this correctly, as shown in ,4ample 2#*9, you ha%e scored 2 points.
2E%MPL2 3617
V'; '2! 3SP; C$n/i"urati$n an. Veri/icati$n

i/ routing router os/# 3 net&or0 23 .- .- . net&or0 2 .33.33. net&or0 2 .33.34. net&or0 2 .33.3-. . . .3 area . . .2-- area 2 . . .2-- area 2 . . .2-- area 2
SW3(config-router)# SW3(config-router)# SW3(config-router)# SW3(config-router)#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. SW4(config)# SW4(config)# i/ routing router os/# 2 net&or0 23 .2 .2 . . . .3 area net&or0 2 .44.44. net&or0 2 .44.4-. net&or0 2 .44.43. . . .2-- area 2 . . .2-- area 2 . . .2-- area 2
uggan
!''+#
SW4(config-router)# SW4(config-router)# SW4(config-router)# SW4(config-router)# ;1(config)#
router os/# 3 ,r# +ED net&or0 23 .- .- . redistri'ute 'g/ 3router 'g/ 32 . . .3 area 2 su'nets metri$.t*/e 2
address.#amil* i/,4 ,r# +ED redistri'ute os/# 3 mat$% internal
;1(config-router-af)# ;7(config)#
router os/# 2 ,r# +ED net 23 .2 .2 . 2 . . .3 area 2 su'nets metri$.t*/e 2 redistri'ute 'g/ 3router 'g/ 3-
;7(config-router-af)#
address.#amil* i/,4 ,r# +ED redistri'ute os/# 2 mat$% internal
;1# s%o& i/ route ,r# RED os/# ;outing !a%le' ;.D 1$?$?$?$,32 is su%nette > 1$?33?34?1 F11$,2G 6ia 1$?33?3<?1 F11$,2G 6ia 1$?33?33?1 F11$,2G 6ia 7 su%nets 13$?<$?<$?2> $$'$4'4:> (iga%it.t&ernet$,$?<$ 13$?<$?<$?2> $$'$4'4:> (iga%it.t&ernet$,$?<$ 13$?<$?<$?2> $$'$4'4:> (iga%it.t&ernet$,$?<$
2 35 2 35 2 35
;7# s%o& i/ route ,r# RED os/# ;outing !a%le' ;.D 1$?$?$?$,32 is su%nette > 1$?44?47?1 F11$,2G 6ia 1$?44?4<?1 F11$,2G 6ia 1$?44?44?1 F11$,2G 6ia 7 su%nets 13$?1$$?1$$?2> 13$?1$$?1$$?2> 13$?1$$?1$$?2>
2 35 2 35 2 35
$$'$2'32> (iga%it.t&ernet$,1?1$$ $$'$2'32> (iga%it.t&ernet$,1?1$$ $$'$2'32> (iga%it.t&ernet$,1?1$$
uggan
!''4#
SW3# s%o& i/ route os/# 13$?1$$?$?$,3$ is su%nette > 1 su%nets 2 .1 13$?1$$?1$$?$ F11$,2G 6ia 13$?<$?<$?1> $$'$7'$:> Vlan<$ 1$?$?$?$,: is 6aria%l" su%nette > 7 su%nets> 2 mas#s 2 .1 1$?44?47?1,32 F11$,3G 6ia 13$?<$?<$?1> $$'$2'<4> Vlan<$ 2 .1 1$?44?4<?1,32 F11$,3G 6ia 13$?<$?<$?1> $$'$2'<4> Vlan<$ 2 .1 1$?44?44?1,32 F11$,3G 6ia 13$?<$?<$?1> $$'$2'<<> Vlan<$ SW4# s%o& i/ route os/# 13$?<$?$?$,3$ is su%nette > 1 su%nets 2 .1 13$?<$?<$?$ F11$,2G 6ia 13$?1$$?1$$?1> $$'$3'3=> Vlan1$$ 1$?$?$?$,: is 6aria%l" su%nette > 7 su%nets> 2 mas#s 2 .1 1$?33?34?1,32 F11$,3G 6ia 13$?1$$?1$$?1> $$'$3'3=> Vlan1$$ 2 .1 1$?33?3<?1,32 F11$,3G 6ia 13$?1$$?1$$?1> $$'$3'3=> Vlan1$$ 1$?33?33?1,32 F11$,3G 6ia 13$?1$$?1$$?1> $$'$3'3=> Vlan1$$ 2 .1
>ou will notice that your 8S$+ &A Bintra#areaC routes between !, de%ices Sw2 and Sw3 appear as Type * ,4ter# nal routes@ configure your 8S$+ network appropriately to ensure the routes are displayed correctly as &A routes. >ou are not permitted to adAust the 8S$+ redistribution into '7$ as directed in the pre%ious "uestion. aintain the 8S$+ process &=s as pre%iously directed, and you are permitted to configure only -outer -*. BN pointsC
This is a tricky "uestion and one that will really eat into your timePthe kind of "uestion that if the answer doesn6t Aump out at you and the points don6t look appealing enough, it6s one to park and come back to. >ou can lea%e "uestions like this confidently because you ha%e your routes in place and following "uestions don6t build from this one. As stated pre# %iously, the redistribution into Type * is actually somewhat misleading. 0hen you look at the routes in ,4ample 2#*/ for the $, routers, you will see that they are actually &A routes at this point, so it is only when these routes are ad%ertised to the !, de%ices that the Type * ,4ternal route change occurs.
2E%MPL2 361@ V'; '2! 3SP; '$ute#
;1# s%o& i/ route ,r# RED os/# ;outing !a%le' ;.D 1$?$?$?$,32 is su%nette > 1$?33?34?1 F11$,2G 6ia 1$?33?3<?1 F11$,2G 6ia 1$?33?33?1 F11$,2G 6ia 7 su%nets 13$?<$?<$?2> $$'$4'4:> (iga%it.t&ernet$,$?<$ 13$?<$?<$?2> $$'$4'4:> (iga%it.t&ernet$,$?<$ 13$?<$?<$?2> $$'$4'4:> (iga%it.t&ernet$,$?<$
2 35 2 35 2 35
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. ;7# s%o& i/ route ,r# RED os/#
uggan
!''0#
;outing !a%le' ;.D 1$?$?$?$,32 is su%nette > 1$?44?47?1 F11$,2G 6ia 1$?44?4<?1 F11$,2G 6ia 1$?44?44?1 F11$,2G 6ia 7 su%nets 13$?1$$?1$$?2> 13$?1$$?1$$?2> 13$?1$$?1$$?2>
2 35 2 35 2 35
$$'$2'32> (iga%it.t&ernet$,1?1$$ $$'$2'32> (iga%it.t&ernet$,1?1$$ $$'$2'32> (iga%it.t&ernet$,1?1$$
SW3# s%o& i/ route os/# 13$?1$$?$?$,3$ is su%nette > 1 su%nets 2 .1 13$?1$$?1$$?$ F11$,2G 6ia 13$?<$?<$?1> $$'$7'$:> Vlan<$ 1$?$?$?$,: is 6aria%l" su%nette > 7 su%nets> 2 mas#s 2 .1 1$?44?47?1,32 F11$,3G 6ia 13$?<$?<$?1> $$'$2'<4> Vlan<$ 2 .1 1$?44?4<?1,32 F11$,3G 6ia 13$?<$?<$?1> $$'$2'<4> Vlan<$ 2 .1 1$?44?44?1,32 F11$,3G 6ia 13$?<$?<$?1> $$'$2'<<> Vlan<$ SW4# s%o& i/ route os/# 13$?<$?$?$,3$ is su%nette > 1 su%nets 2 .1 13$?<$?<$?$ F11$,2G 6ia 13$?1$$?1$$?1> $$'$3'3=> Vlan1$$ 1$?$?$?$,: is 6aria%l" su%nette > 7 su%nets> 2 mas#s 2 .1 1$?33?34?1,32 F11$,3G 6ia 13$?1$$?1$$?1> $$'$3'3=> Vlan1$$ 2 .1 1$?33?3<?1,32 F11$,3G 6ia 13$?1$$?1$$?1> $$'$3'3=> Vlan1$$ 1$?33?33?1,32 F11$,3G 6ia 13$?1$$?1$$?1> $$'$3'3=> Vlan1$$ 2 .1
The clue is actually in the "uestion S aintain the 8S$+ process &=s as pre%iously directed.T Statements like this should make you think, W8kay. so if & did change the process &=, it would most likely work@ why would that do it and how else can & achie%e that?W 8S$+ has a domain &=@ by default. this is the same as the process &=. &f the process &=s are different on $, routers that form the F$1, the :SA is changed to a type L and the routes become e4ternal. >ou might not ha%e known that, but it6s the kind of thing that you gain through research and rack time. 'ecause you are not permitted to change the process &=, you are only left with the option of changing the domain &=. ,4ample 2#*. details the domain &= information on your $, routers, the configuration re"uired to change the domain &= on one of your $,<s -outer -*, and the resulting &A routes recei%ed on your !, de%ices. &f you ha%e configured this correctly, as shown in ,4ample 2#*., you ha%e scored N points.
uggan
!''1#
2E%MPL2 3619 !$main -! C$n/i"urati$n an. 3SP; '$ute Veri/icati$n

;1# s%o& i/ os/# 3 > in$lude Domain Domain 3D t"pe $x$$$<> 6alue $?$?$?3 ;7# s%o& i/ os/# 2 > in$lude Domain Domain 3D t"pe $x$$$<> 6alue $?$?$?2 ;1(config)# router os/# 3 ,r# +ED ;1(config-router)# domain.id 0.0.0.2 SW3# s%o& i/ route os/# 13$?1$$?$?$,3$ is su%nette > 1 su%nets 2 35 13$?1$$?1$$?$ F11$,2G 6ia 13$?<$?<$?1> $$'$$'$-> Vlan<$ 1$?$?$?$,: is 6aria%l" su%nette > 7 su%nets> 2 mas#s 2 35 1$?44?47?1,32 F11$,3G 6ia 13$?<$?<$?1> $$'$$'$-> Vlan<$ 2 35 1$?44?4<?1,32 F11$,3G 6ia 13$?<$?<$?1> $$'$$'$-> Vlan<$ 2 35 1$?44?44?1,32 F11$,3G 6ia 13$?<$?<$?1> $$'$$'$-> Vlan<$ SW3#
SW4# s%o& i/ route os/# 13$?<$?$?$,3$ is su%nette > 1 su%nets 2 35 13$?<$?<$?$ F11$,2G 6ia 13$?1$$?1$$?1> $$'$$'$=> Vlan1$$ 1$?$?$?$,: is 6aria%l" su%nette > 7 su%nets> 2 mas#s 2 35 1$?33?34?1,32 F11$,3G 6ia 13$?1$$?1$$?1> $$'$$'$=> Vlan1$$ 2 35 1$?33?3<?1,32 F11$,3G 6ia 13$?1$$?1$$?1> $$'$$'$=> Vlan1$$ 1$?33?33?1,32 F11$,3G 6ia 13$?1$$?1$$?1> $$'$$'$=> Vlan1$$ 2 35
Secti$n 7> MPLS ?7 P$int#A

E
:eak network *).*.*.)5(3 from Sw* F-+ ':M, on $, -* into the F-+ -,= on $,*@ similarly, leak *).33.33.)5(3 from F-+ -,= into F-+ ':M, on -N. 'oth Switch * and Switch 3 should recei%e the following routesD S0*Y s%o& i/ route > in$lude 2 .44.44. = ,X S0*Y
*).33.33.)5(3 H*9)5XXXXXXI %ia *).*).*).*, ))D))D(9, Flan*)
uggan
!''2#
S03Y s%o& i/ route > in$lude 2 .2.2. 8 ,* S03Y Ferify your configuration by pinging from F-+ -,= Sw3 *).33.33.* to F-+ ':M, Sw* *).*.*.* sw*. BL pointsC This is a straightforward F-+ ,4port "uestion with a slight twist for the attenti%e in that the 8S$+ route *).33.33.)5(3 originates from a :oopback interface on Switch3, so 8S$+ must be manipulated to treat this interface as a point#to#point network to ad%ertise the 5(3 mask. The route#leaking is achie%ed by creation of e4port maps on the $, -outers -* and -N, permitting the re"uired routes from each F-+ to the e4isting ':M, and -,= F-+ ad%ertisements by adding them to the appropriate -oute Target B-TC within $#'7$ by use of the set e:t$ommunit* rt DDDDD!DDD additi,e com# mand. ,4ample 2#() details the re"uired configuration on $, -outers -*, -N, and !, de%ice Sw3@ the resulting %erifi# cation of the route ad%ertisements and testing are also shown. &f you ha%e configured this correctly, as shown in ,4ample 2#(), you ha%e scored L points.
2E%MPL2 362+ Se&ecti(e V'; 21p$rt C$n/i"urati$n an. Veri/icati$n
S84(config)# inter#a$e )oo/'a$0 i/ os/# net&or0 /oint.to./oint S84(config-if)# ;1(config)#
*).*.*.)5(3 H**)5XXI %ia *2).*)).*)).*, ))D)2D)3, Flan*))
i/ ,r# ")FE e:/ort ma/ 8;2 a$$ess.list 2 /ermit 2 .2.2. e:it mat$% i/ address 2 set e:t$ommunit* rt 32!2 additi,e . . .2--
;1(config-6rf)# ;1(config-6rf)# ;1(config-6rf)# ;1(config)#
route.ma/ 8;2 /ermit 2
;1(config-route-map)# ;1(config-route-map)# ;7(config)# i/ ,r# +ED
;7(config-6rf)# ;7(config-6rf)# ;7(config-6rf)# ;7(config)#
e:/ort ma/ 8;4 a$$ess.list 2 /ermit 2 .44.44. e:it mat$% i/ address 2 set e:t$ommunit* rt 3. . .2--
route.ma/ 8;4 /ermit 2 2!2 additi,e
;7(config-route-map)# ;7(config-route-map)#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. B ;1 is no8 sen ing 1$?1?1?$ into V;+ ;.D an
uggan
!''3#
;7 1$?44?44?$ into V;+ 10*.
;1# s%o& i/ 'g/ ,/n,4 ,r# +ED 1(P ta%le 6ersion is 33> local router 3D is 12$?1$$?1?1 Status co es' s suppresse > ampe > & &istor"> I 6ali > Y %est> i - internal> r ;31-failure> S Stale 2rigin co es' i - 3(P> e - .(P> W - incomplete Net8or# Next 9op 4etric 0ocPrf Weig&t Pat& ;oute Distinguis&er' 7<$$1'2$$ ( efault for 6rf ;.D) IY 1$?33?33?1,32 13$?<$?<$?2 2 32=7: W IY 1$?33?34?1,32 13$?<$?<$?2 2 32=7: W IY 1$?33?3<?1,32 13$?<$?<$?2 2 32=7: W IYi1$?44?44?1,32 12$?1$$?7?1 2 1$$ $ W IYi1$?44?4<?1,32 12$?1$$?7?1 2 1$$ $ W IYi1$?44?47?1,32 12$?1$$?7?1 2 1$$ $ W IY 13$?<$?<$?$,3$ $?$?$?$ $ 32=7: W IYi13$?1$$?1$$?$,3$ 12$?1$$?7?1 $ 1$$ $ W B No sign of t&e 1$?1?1?$ route> clear t&e 1(P session to #ic# start t&e export map ;1# $lear i/ 'g/ C ;1# s%o& i/ 'g/ ,/n,4 ,r# +ED 1(P ta%le 6ersion is 34> local router 3D is 12$?1$$?1?1 Status co es' s suppresse > ampe > & &istor"> I 6ali > Y %est> i - internal> r ;31-failure> S Stale 2rigin co es' i - 3(P> e - .(P> W - incomplete Net8or# Next 9op 4etric 0ocPrf Weig&t Pat& ;oute Distinguis&er' 7<$$1'2$$ ( efault for 6rf ;.D) IY 1$?1?1?$,24 1$?1$?1$?2 <$ 32=7: W IY 1$?33?33?1,32 13$?<$?<$?2 2 32=7: W IY 1$?33?34?1,32 13$?<$?<$?2 2 32=7: W IY 1$?33?3<?1,32 13$?<$?<$?2 2 32=7: W IYi1$?44?44?1,32 12$?1$$?7?1 2 1$$ $ W IYi1$?44?4<?1,32 12$?1$$?7?1 2 1$$ $ W IYi1$?44?47?1,32 12$?1$$?7?1 2 1$$ $ W IY 13$?<$?<$?$,3$ $?$?$?$ $ 32=7: W $ 1$$ $ W IYi13$?1$$?1$$?$,3$ 12$?1$$?7?1
uggan
!''4#
;7# s%o& i/ 'g/ ,/n,4 ,r# ")FE 1(P ta%le 6ersion is 3<> local router 3D is 12$?1$$?7?1 Status co es' s suppresse > ampe > & &istor"> I 6ali > Y %est> i - internal> r ;31-failure> S Stale 2rigin co es' i - 3(P> e - .(P> W - incomplete Net8or# Next 9op 4etric 0ocPrf Weig&t Pat& ;oute Distinguis&er' 7<$$1'1$$ ( efault for 6rf 10*.) IYi1$?1?1?$,24 12$?1$$?1?1 <$ 1$$ $ W IYi1$?1?2?$,24 12$?1$$?1?1 <$ 1$$ $ W IYi1$?1?3?$,24 12$?1$$?1?1 <$ 1$$ $ W IY 1$?2?2?$,24 1$?1$?2$?2 <$ 32=7: W IY 1$?2?3?$,24 1$?1$?2$?2 <$ 32=7: W IY 1$?2?4?$,24 1$?1$?2$?2 <$ 32=7: W IYi1$?1$?1$?$,3$ 12$?1$$?1?1 $ 1$$ $ W IY 1$?1$?2$?$,3$ $?$?$?$ $ 32=7: W IY 1$?44?44?1,32 13$?1$$?1$$?2 2 32=7: W B Notice t&e 1$?44?44?$ route is actuall" liste as a &ost route> c&ange t&e 0oop%ac# interface on S84 to a point-to-point for 2SP+ to a 6ertise it correctl" SW4(config)# inter#a$e lo i/ os/# net&or0 /oint.to./oint
SW4(config-if)#
;7# s%o& i/ 'g/ ,/n,4 ,r# ")FE > in$lude 2 .44.44. IY 1$?44?44?$,24 13$?1$$?1$$?2
32=7: W
S8itc&1# s%o& i/ route > in$lude 2 .44.44. D .M 1$?44?44?$,24 F1=$,2:1:<7G 6ia 1$?1$?1$?1> $$'$$'<1> Vlan1$ S8itc&1# SW4# s%o& i/ route > in$lude 2 .2.2. 2 .1 1$?1?1?$,24 F11$,<1G 6ia 13$?1$$?1$$?1> $$'$2'4<> Vlan1$$ B No8 test 8it& an exten e ping to ensure t&e 0oop%ac# interface is use as t&e source
SW1# /ing Protocol FipG' !arget 3P a ress' 1$?44?44?1 ;epeat count F<G' * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
uggan
!'+0#
Datagram siNe F1$$G' !imeout in secon s F2G' .xten e comman s FnG' " Source a ress or interface' 1$?1?1?1 !"pe of ser6ice F$G' Set D+ %it in 3P &ea erW FnoG' Vali ate repl" ataW FnoG' Data pattern F$x51/DG' 0oose> Strict> ;ecor > !imestamp> Ver%oseFnoneG' S8eep range of siNes FnG' !"pe escape seAuence to a%ort? Sen ing <> 1$$-%"te 3/4P .c&os to 1$?44?44?1> timeout is 2 secon s' Pac#et sent 8it& a source a ress of 1$?1?1?1 BBBBB Success rate is 1$$ percent (<,<)> roun -trip min,a6g,max C :,-,12 ms ;1# s%o& m/ls #or&arding.ta'le ,r# ")FE 0ocal 2utgoing Prefix tag tag or V/ or !unnel 3 34 *ntagge 1$?1?3?$,24FVG 3< *ntagge 1$?1?2?$,24FVG 37 5ggregate 1$?1$?1$?$,3$FVG 3= *ntagge 1$?1?1?$,24FVG ;1# s%o& m/ls #or&arding.ta'le ,r# +ED 0ocal 2utgoing Prefix tag tag or V/ or !unnel 3 3: 5ggregate 13$?<$?<$?$,3$FVG 3*ntagge 1$?33?34?1,32FVG 4$ *ntagge 1$?33?3<?1,32FVG 41 *ntagge 1$?33?33?1,32FVG B Note t&e ;outes are not lea#e ;7# s%o& m/ls #or&arding.ta'le ,r# ")FE 0ocal 2utgoing Prefix tag tag or V/ or !unnel 3 34 *ntagge 1$?2?2?$,24FVG 3< *ntagge 1$?2?3?$,24FVG 37 *ntagge 1$?2?4?$,24FVG
1"tes tag s8itc&e $ $ $ <-$
2utgoing Next 9op interface (i$,$?1$ 1$?1$?1$?2 (i$,$?1$ 1$?1$?1$?2 (i$,$?1$ 1$?1$?1$?2
1"tes tag s8itc&e $ $ $ $
2utgoing interface (i$,$?<$ (i$,$?<$ (i$,$?<$
Next 9op
13$?<$?<$?2 13$?<$?<$?2 13$?<$?<$?2
8it&in t&e 4P0S for8ar ing-ta%le
1"tes tag s8itc&e $ $ $
2utgoing Next 9op interface (i$,1?2$ 1$?1$?2$?2 (i$,1?2$ 1$?1$?2$?2 (i$,1?2$ 1$?1$?2$?2
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. 3= 5ggregate 1$?1$?2$?$,3$FVG $
uggan
!'+"#
;7# s%o& m/ls #or&arding.ta'le ,r# +ED 0ocal 2utgoing Prefix 1"tes tag 2utgoing Next 9op tag tag or V/ or !unnel 3 s8itc&e interface 3: 5ggregate 13$?1$$?1$$?$,3$FVG $ 3*ntagge 1$?44?47?1,32FVG $ (i$,1?1$$ 13$?1$$?1$$?2 4$ *ntagge 1$?44?4<?1,32FVG $ (i$,1?1$$ 13$?1$$?1$$?2 42 *ntagge 1$?44?44?$,24FVG 1<34 (i$,1?1$$ 13$?1$$?1$$?2 B Note t&e ;outes are not lea#e 8it&in t&e 4P0S for8ar ing-ta%le
!onfigure your $, -outers -* and -N to ensure that the trace route is performed on your !, de%ices. B( pointsC
$:S $ routers are not listed as intermediate hops when a
'y default, the $:S network will be shown when a traceroute is performed. This can be changed, so only $, routers are shown as ne4t hops with the no m/ls i/ /ro/ogate.ttl global command within your $, routers. ,4ample 2#(* shows the default beha%ior and modified beha%ior after configuration from a trace route command issued on !, de%ice S0*. &f you ha%e configured this correctly, as shown in ,4ample 2#(*, you ha%e scored ( points.
2E%MPL2 3621 MPLS Tracer$ute C$n/i"urati$n an. Te#tin"
SW1# tra$eroute 2 .2.2.2 !"pe escape seAuence to a%ort? !racing t&e route to 1$?2?2?1 1 2 3 4 < 1$?1$?1$?1 $ msec $ msec $ msec 12$?1$$?123?2 12 msec 12 msec 17 msec 12$?1$$?2<?< : msec 12 msec : msec 1$?1$?2$?1 : msec : msec : msec 1$?1$?2$?2 : msec I 4 msec
;1(config)# no m/ls i/ /ro/agate.ttl ;7(config)# no m/ls i/ /ro/agate.ttl SW1# tra$eroute 2 .2.2.2 !"pe escape seAuence to a%ort? * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. !racing t&e route to 1$?2?2?1 1 1$?1$?1$?1 4 msec $ msec $ msec 2 1$?1$?2$?1 12 msec : msec 12 msec 3 1$?1$?2$?2 4 msec I 4 msec
uggan
!'+'#
Secti$n 7> VPLS Simu&ati$n ?1+ P$int#A

E
Switches 2 and 3 will ha%e been configured to belong to the subnet of *.*.*.)5(3 in a pre%ious "uestion. !reate an Xconnect attachment circuit on your $, -outers -* and -N for your !, de%ices BSw2 +e )5*. *.*.*.*5(3 and Sw3 +e )5*. *.*.*.(5(3C to communicate using a secure :ayer ( tunneling solution Buse %ersion 2C across your :ayer 2 network. >ou should use e4isting :oopback interfaces on your $, routers for peering o%er your $:S network. Mse a class template that configures a cookie size of / and a password of cisco, which will be used by a pseudowire class which Xconnects your re"uired interfaces on your $, -outers -* and -N. 'e aware that the Sw2 resides in F:A1()) and Sw3 resides in F:A13)) in respecti%e $, router subinterfaces. B*) pointsC
This "uestion simulates F$:S and re"uires that :(T$%2 B:ayer ( Tunneling $rotocol %2C is configured between your $, routers connecting the two subinterfaces that connect to Sw2 and Sw3 interfaces %ia Sw* and Sw3 BF:A1()) and F:A13)), respecti%elyC. >ou might ha%e considered using a F$:S#type solution, but the "uestion dictates a secure :ayer ( tunneling solution and also pro%ides you with an Xconnect clue and a %ersion number. As such, it can only be :(T$%2. Sw2 and Sw3 will use a pseudowire to communicate o%er the &$ network and logically will connect in the same :ayer ( domain. The $, routers ha%e as directed a l2t/.$lass named S,!M-,. This configures the password to cisco and cookie size to /@ this class calls the pseudowire class P;.C)(88, which configures the encapsulation to l2t/,3 in secure mode and sets the :oopback interfaces of the $, routers to be used for peering. The :$onne$t subinterface command binds the local $, interface to the remote $, :oopback with a %c#id B%irtual channel &=C, which in the e4am# ple matches the subinterface number of the specific $, router. B>ou could ha%e used any &= here.C &t should be noted that !isco ,4press +orwarding B!,+C must be enabled for the :(T$%2 feature to function correctly. ,4ample 2#(( de# tails the re"uired $, configuration on -outers -* and -(.
2E%MPL2 3622 P2 L2TP(3 C$n/i"urati$n
;1(config)# l2t/.$lass 8ECF+E /ass&ord $is$o $oo0ie si1e 8 /seudo&ire.$lass P;.C)(88 en$a/sulation l2t/,3 /roto$ol l2t/,3 8ECF+E ;1(config-l2tp-class)# ;1(config-l2tp-class)# ;1(config-l2tp-class)# ;1(config-p8-class)# ;1(config-p8-class)#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. ;1(config-p8-class)# ;1(config-p8-class)# ;1(config-su%if)# ;7(config)# i/ lo$al inter#a$e )oo/'a$0 inter#a$e Giga'itEt%ernet 5 .2 .3.2 2 /&.$lass P;.C)(88
uggan
!'++#
:$onne$t 22 .2
l2t/.$lass 8ECF+E /ass&ord $is$o $oo0ie si1e 8 /seudo&ire.$lass P;.C)(88 en$a/sulation l2t/,3 /roto$ol l2t/,3 8ECF+E i/ lo$al inter#a$e )oo/'a$0
;7(config-l2tp-class)# ;7(config-l2tp-class)# ;7(config-l2tp-class)# ;7(config-p8-class)# ;7(config-p8-class)# ;7(config-p8-class)#
;7(config-p8-class)# inter#a$e Giga'itEt%ernet 52.4 ;7(config-su%if)# :$onne$t 22 .2 .2.2 2 /&.$lass P;.C)(88
,4ample 2#(2 shows the successful :(T$%2 session established between $, -* to $, -N, yet the ping test from Sw2 to *.*.*.( fails. As the session is up, you can safely assume that there is a connecti%ity type issue between either Sw2 and $, -* or Sw3 and $, -N, or possibly between both connections. The "uestion does bring your attention to the fact that both !, de%ices reside in different F:A1s, so this should gi%e you a starting point in your in%estigation. 0hen logging is enabled on Sw* and Sw( Bthese !, de%ices bring Sw2 and Sw3 +ast,thernet )5*. interfaces into F:A1()) and F:A13)), respecti%elyC, you can see spanning#tree inconsistencies e4ist between F:A1()) being SbridgedT to F:A13)) %ia your :(T$%2 solution. !loser inspection re%eals that spanning tree has actually blocked ports on Sw* and Sw( from $, -outers -* and -N, respecti%ely, e%en though you ha%e pre%iously allowed the local F:A1 ()) and 3)) through the trunk on $, -outers -* and -N, respecti%ely. The problem is actually resol%ed by enabling '$=M filtering on Sw* with the s/anning.tree '/du#ilter ena'le command on the trunk interface toward the $, -outer -*. ,nabling '$=M filtering on an interface is e"ui%alent to disabling the spanning tree on an interface@ it is possible to create bridg# ing loops if this command is not correctly used. &f you ha%e configured this correctly, per ,4amples 2#(( and 2#(2, you ha%e scored *) points.
2E%MPL2 3623 P2 an. C2 L2TP(3 Veri/icati$n Te#tin" an. C$n/i"urati$n
;1# s%o& l2t session 02!P Session 3nformation !otal tunnels 1 sessions 1 0oc3D ;em3D ;emote Name <1447 371-$ ;7 State ;emote 5 est ress Sessions 02!P /lass, VPDN (roup 12$?1$$?7?1 $ 1 Port
S./*;.
uggan
!'+4#
0oc3D <1$$3
;em3D -71-
!un3D <1447
*sername> 3ntf,
State 0ast /&g *niA 3D Vci > /ircuit 2$$> (i$,$?2$$'2$$ est $$'24'4$ 1
;7# s%o& l2t session 02!P !unnel an Session 3nformation !otal tunnels 1 sessions 1 State ;emote 5 est !un3D 371-$ *sername> 3ntf, ress Sessions 02!P /lass, VPDN (roup 12$?1$$?1?1 $ 1 0ast /&g *niA 3D /ircuit $$'2<'27 1 Port
0oc3D ;em3D ;emote Name 371-$ <1447 0oc3D -71;1
S./*;.
;em3D <1$$3
State Vci > 2$$> (i$,1?4$$'4$$ est
SW3# /ing 2.2.2.2 !"pe escape seAuence to a%ort? Sen ing <> 1$$-%"te 3/4P .c&os to 1?1?1?2> timeout is 2 secon s' ????? B4a#e sure "ou are logging on "our /. SW1(config)# logging $onsole e6ices
SW1# $3'22'1-' HSP5N!;..-2-;./VDPV3DD.;;' ;ecei6e 1PD* 8it& inconsistent peer 6lan i 4$$ on +ast.t&ernet$,1 V05N2$$? $3'22'1-' HSP5N!;..-2-102/JDPV3DD02/50' 1loc#ing +ast.t&ernet$,1 on V05N$2$$? 3nconsistent local 6lan? SW1# s%o& s/anning.tree 'lo$0ed/orts 1loc#e 3nterfaces 0ist Name -------------------- -----------------------------------V05N$2$$ +a$,1 Num%er of %loc#e ports (segments) in t&e s"stem ' 1
uggan
!'+0#
SW2#$3'22'21' HSP5N!;..-2-;./VDPV3DD.;;' ;ecei6e 1PD* 8it& inconsistent peer 6lan i 2$$ on +ast.t&ernet$,7 V05N4$$? $3'22'21' HSP5N!;..-2-102/JDPV3DDP..;' 1loc#ing +ast.t&ernet$,7 on V05N$2$$? 3nconsistent peer 6lan? SW2# s%o& s/anning.tree 'lo$0ed/orts Name -------------------V05N$2$$ V05N$4$$ Num%er of %loc#e SW3# /ing 2.2.2.2 !"pe escape seAuence to a%ort? Sen ing <> 1$$-%"te 3/4P .c&os to 1?1?1?2> timeout is 2 secon s' ????? Success rate is $ percent ($,<) SW1# s%o& s/anning.tree 'lo$0ed/orts 1loc#e 3nterfaces 0ist Name -------------------- -----------------------------------V05N$2$$ +a$,1 Num%er of %loc#e SW1(config)# ports (segments) in t&e s"stem ' 1 1loc#e 3nterfaces 0ist -----------------------------------+a$,7 +a$,7
ports (segments) in t&e s"stem ' 2
int #ast 52
SW1(config-if)# s/anning.tree '/du#ilter ena'le SW1(config-if)#$3'33'<=' HSP5N!;..-2-*N102/JD/2NS3S!DP2;!' *n%loc#ing +ast.t&ernet$,1 on V05N$2$$? Port consistenc" restore ? SW3# /ing 2.2.2.2 !"pe escape seAuence to a%ort? Sen ing <> 1$$-%"te 3/4P .c&os to 1?1?1?2> timeout is 2 secon s' ?BBBB Success rate is :$ percent (4,<)> roun -trip min,a6g,max C :,12,1= ms
uggan
!'+1#
Secti$n @> Mu&tica#t ?1+ P$int#A

E
!onfigure your $:S network for multicast support of the -,= F-+ using $& sparse mode. $, -outers -* and -N should be configured to tunnel multicast traffic using an =T address of (2(.).).** from !, de%ice Switch 2 F:A1L) to !, de%ice Sw3 F:A1*)) o%er the -,= F-+. Switch 3 should be configured to reply to an &! $ ping on its F:A1*)) interface directed to ((N.(.(.( from Switch 2 F:A1L). &t can be assumed that the mF-+ bandwidth re"uirement is low@ configure =T appropriately. ,nsure that $, -outer -N6s associated F:A1*)) &$ address is used as the rendez%ous point B-$Cfor the -,= F-+ multicast traffic. B*) pointsC
ulticast support for $:S F$1s is pro%ided by configuring multicast routing within the core network. As directed, $& sparse mode is re"uired in your solution and should be enabled on all $ router $:S interfaces and $ facing $, router $:S interfaces. $& sparse mode is also configured on the !, interfaces on F:A1L) and F:A1*)) on Switches 2 and 3, respecti%ely, and corresponding $, terminating interfaces on the $, -outers -* and -N. $& sparse mode is finally configured on the loopback interfaces of the $, -outers -* and -N as ulticast =istribution Tree B =TC will tunnel between these interfaces. =on6t forget that multicast routing is enabled on the !, switches with the command i/ multi$ast.routing distri'uted and on the routers with i/ multi$ast.routing. The mdt de#ault grou/.address is configured to (2(.).).** on $, -outers -* and -N within the -,= F-+. Source Specific ulticast BSS C is enabled on all $:S routers with the command i/ /im ssm de#ault to allow transport of multicast information between all $ and $, routers. The "uestion states that the mF-+ B ulticast F-+C bandwidth re"uirement is low, which simply means that a =ata =T is not re"uired in this solution. BThese are used for high#bandwidth sources and limit the traffic recei%ed to the routers< part of the multicast tree.C >ou should also realize that a =ata =T is not re"uired because there was no men# tion of threshold %alues or access#lists within the "uestion, which are re"uired for =ata =T configurations. The address of *2).*)).*)).* B-N F-+ -,=C is used as the -$ for the mF-+, and this is configured on both !, BSwitch2 and Switch3C de%ices and both $, routers B-* and -NC within the -,= F-+. !, de%ice Switch 3 is finally configured with i/ igm/ Noin.grou/ 223.2.2.2 under its F:A1 *)) interface for it to reply to a multicast ping from !, de%ice Switch 2 o%er the $:S F$1. The "uestion is comprehensi%e in the amount of items that re"uire configuration, and it would be an easy mistake to miss tasks such as enabling $& on the $, :oopback interfaces, where you might not immediately assume it is re"uired. As with all "uestions, testing is key. ,4ample 2#(3 details the re"uired configuration for the solution.
uggan
!'+2#
2E%MPL2 3624
Mu&tica#t C$n/i"urati$n
B 3nitial 4ulticast Setup for t&e 4P0S /ore ;outers ;1(config)# i/ multi$ast.routing inter#a$e )oo/'a$0 i/ /im s/arse.mode inter#a$e 8erial 5 5 i/ /im s/arse.mode
;1(config-6rf)# ;1(config-if)# ;1(config-if)# ;1(config-if)# ;2(config)# ;2(config)#
i/ multi$ast.routing inter#a$e s 5 i/ /im s/arse.mode inter#a$e s 52 i/ /im s/arse.mode
i/ multi$ast.routing inter#a$e s 5 5 i/ /im s/arse.mode inter#a$e s 5 52 i/ /im s/arse.mode
i/ multi$ast.routing inter#a$e gig 5 i/ /im s/arse.mode inter#a$e s 5 52 i/ /im s/arse.mode
;4(config-if)# ;4(config-if)# ;4(config-if)# ;<(config)# ;<(config)#
i/ multi$ast.routing inter#a$e gig 5 i/ /im s/arse.mode inter#a$e s 5 52 i/ /im s/arse.mode
;<(config-if)# ;<(config-if)# ;<(config-if)# ;7(config)# ;7(config)#
i/ multi$ast.routing inter#a$e )oo/'a$0
;7(config-if)# i/ /im s/arse.mode ;7(config)# inter#a$e Giga'itEt%ernet 5
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. ;7(config-if)# i/ /im s/arse.mode 4D! /onfiguration
uggan
!'+3#
B P. Specific mV;+ an ;1(config)# ;1(config)#
i/ multi$ast.routing ,r# +ED i/ ,r# +ED mdt de#ault 232. . .22 inter#a$e Giga'itEt%ernet 5 .i/ /im s/arse.mode e:it .2 .2
;1(config-su%if)# ;1(config-su%if)# ;1(config)# ;1(config)# ;7(config)#
i/ /im ,r# +ED r/.address 23 .2 i/ /im ssm de#ault i/ ,r# +ED mdt de#ault 232. . .22
inter#a$e Giga'itEt%ernet 52.2 i/ /im s/arse.mode e:it .2 .2
;7(config-su%if)# ;7(config-su%if)# ;7(config)# ;7(config)#
i/ /im ,r# +ED r/.address 23 .2 i/ /im ssm de#ault
B /. Specific /onfiguration SW3(config)# SW3(config)# i/ multi$ast.routing distri'uted int ,lan i/ /im s/arse.mode e:it .2 .2
i/ /im r/.address 23 .2
i/ multi$ast.routing distri'uted inter#a$e ,lan 2 i/ /im s/arse.mode i/ igm/ Noin.grou/ 223.2.2.2 .2 .2
SW4(config-if)# e:it SW4(config)# i/ /im r/.address 23 .2
uggan
!'+4#
,4ample 2#(L details the testing for the solution@ the =T tunnel is detailed and shown as an interface used for $& ad# Aacency between the $, routers. &f you ha%e configured your solution per ,4ample 2#(L and can successfully ping be# tween Switch 2 and Switch 3, you ha%e scored *) points.
2E%MPL2 3625 Mu&tica#t Te#tin"
;7# s%o& i/ /im ,r# +ED neig% P34 Neig&%or !a%le 4o e' 1 - 1i ir /apa%le> D; - Designate ;outer> N - Default D; Priorit"> S - State ;efres& /apa%le 3nterface *ptime,.xpires Ver D; Neig&%or 5 ress Prio,4o e 13$?1$$?1$$?2 (iga%it.t&ernet$,1?1$$ $$'$2'$:,$$'$1'34 62 1 , D; S 12$?1$$?1?1 !unnel1 $$'$$'$<,$$'$1'3- 62 1 , S ;1# /ing ,r# +ED 223.2.2.2 !"pe escape seAuence to a%ort? Sen ing 1> 1$$-%"te 3/4P .c&os to 227?2?2?2> timeout is 2 secon s' ;epl" to reAuest $ from 13$?1$$?1$$?2> 12 ms SW3# /ing 223.2.2.2 !"pe escape seAuence to a%ort? Sen ing 1> 1$$-%"te 3/4P .c&os to 227?2?2?2> timeout is 2 secon s' ;epl" to reAuest $ from 13$?1$$?1$$?2> - ms SW3# s%o& i/ /im r/ (roup' 227?2?2?2> ;P' 13$?1$$?1$$?1> 62> uptime $$'$$'3=> expires ne6er (roup' 224?$?1?4$> ;P' 13$?1$$?1$$?1> 62> uptime $1'$1'24> expires ne6er ;1# s%o& i/ /im mdt 'g/ Peer (;oute Distinguis&er ) 3P64) 4D! group 232?$?$?11 2'7<$$1'2$$'12$?1$$?7?1 ;7# s%o& i/ /im mdt 'g/ Peer (;oute Distinguis&er
Next 9op 12$?1$$?7?1
) 3P64)
Next 9op
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. 4D! group 232?$?$?11 2'7<$$1'2$$'12$?1$$?1?1
uggan
!'40#
12$?1$$?1?1

E
!onfigure the following &$%N address on the $, -outers -* and -N, and implement &$%N o%er $:S between the N$, routers to ad%ertise the prefi4es between N$,s. ,nsure your :oopback &$%N addresses are used to source any locally generated &$%N traffic. BN pointsC -* :o) ()*)D!*LD!)D*DD*5N3 -* 7i)5).*) ()*)D!*LD!)D**DD*5N3 -N :o) ()*)D!*LD!)DNDD*5N3 -N 7i*5).() ()*)D!*LD!)DN(DD*5N3
A relati%ely straightforward &$%N "uestion, there is no &$%N redistribution or comple4 issues to deal with. The "uestion directs you to configure &$%N onto your F-+ ':M, interfaces of the $, routers. >ou would usually e4tend this &$%N domain into your !, de%ices, but the switches in this lab cannot run &$%N. &$%N o%er $:S backbones enables isolated &$%N domains to communicate with each other o%er an $:S &$%3 core network. To ensure the :oopback &$%N ad# dresses of the $, routers are used to source locally generated &$%N traffic, the $, routers are configured with m/ls i/,3 sour$e.inter#a$e )oo/'a$0 . $#'7$ is used to ad%ertise the &$%N prefi4es between $, routers, and the configuration is %irtually identical to that of &$%3. Aggregate label binding and ad%ertisement is enabled for &$%N prefi4es using the neig%'or send.la'el command. !onnected &$FN routes are redistributed using '7$ with the net&or0 command under the &$%N address.#amil*, and &$%N routing and &$%N cef must be enabled on your $, routers. &f you ha%e configured your routers correctly, per ,4ample 2#(N, you ha%e scored N points.
2E%MPL2 3627 P2 -P(7 C$n/i"urati$n an. Veri/icati$n
;1(config)# ;1(config)# ;1(config)# i/,3 uni$ast.routing i/,3 $e# m/ls i/,3 sour$e.inter#a$e )oo/'a$0
;1(config)# inter#a$e loo/'a$0 ;1(config-if)# i/,3 add 2 2 !C2-!C !2!!2534 ;1(config-if)# inter#a$e Giga'itEt%ernet 5 .2 i/,3 address 2 2 !C2-!C !22!!2534 ;1(config-su%if)#
;1(config-su%if)# router 'g/ 3- 2 ;1(config-router)# no 'g/ de#ault i/,4.uni$ast * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. ;1(config-router)# address.#amil* i/,3
uggan
!'4"#
;1(config-router-af)# neig%'or 22 .2 .3.2 a$ti,ate ;1(config-router-af)# neig%'or 22 .2 .3.2 send.la'el ;1(config-router-af)# net&or0 2 2 !C2-!C !22!! 534 ;1(config-router-af)# net&or0 2 2 !C2-!C !2!!534 ;1(config-router-af)# ;7(config)# ;7(config)# ;7(config)# ;7(config)# e:it.address.#amil*
i/,3 uni$ast.routing i/,3 $e# m/ls i/,3 sour$e.inter#a$e )oo/'a$0 inter#a$e loo/'a$0 i/,3 add 2 2 !C2-!C !3!!2534 inter#a$e Giga'itEt%ernet25 .2 i/,3 address 2 2 !C2-!C !32!!2534 router 'g/ 32 no 'g/ de#ault i/,4.uni$ast address.#amil* i/,3
;7(config-su%if)# ;7(config-su%if)# ;7(config-router)# ;7(config-router)#
;7(config-router-af)# neig%'or 22 .2 .2.2 a$ti,ate ;7(config-router-af)# neig%'or 22 .2 .2.2 send.la'el ;7(config-router-af)# net&or0 2 2 !C2-!C !32!!534 ;7(config-router-af)# net&or0 2 2 !C2-!C !3!!534 ;7(config-router-af)# e:it.address.#amil*
;1# s%o& i/ 'g/ i/,3 uni$ast 1(P ta%le 6ersion is <> local router 3D is 12$?1$$?1?1 Status co es' s suppresse > ampe > & &istor"> I 6ali > Y %est> i - internal> r ;31-failure> S Stale 2rigin co es' i - 3(P> e - .(P> W - incomplete Net8or# Next 9op IY 2$1$'/1<'/$'1'',74 '' IYi2$1$'/1<'/$'7'',74 ''++++'12$?1$$?7?1 IY 2$1$'/1<'/$'11'',74 '' IYi2$1$'/1<'/$'72'',74 ''++++'12$?1$$?7?1 4etric 0ocPrf Weig&t Pat& $ 32=7: i
$ $
1$$
$ i 32=7: i
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. $ 1$$
uggan $ i
!'4'#
;7# s%o& i/ 'g/ i/,3 uni$ast 1(P ta%le 6ersion is <> local router 3D is 12$?1$$?7?1 Status co es' s suppresse > ampe > & &istor"> I 6ali > Y %est> i - internal> r ;31-failure> S Stale 2rigin co es' i - 3(P> e - .(P> W - incomplete Net8or# Next 9op IYi2$1$'/1<'/$'1'',74 ''++++'12$?1$$?1?1 IY 2$1$'/1<'/$'7'',74 '' IYi2$1$'/1<'/$'11'',74 ''++++'12$?1$$?1?1 IY 2$1$'/1<'/$'72'',74 '' ;1# /ing i/,32 2 !C2-!C !32!!2 $ $ 1$$ $ i 32=7: i 4etric 0ocPrf Weig&t Pat&
$ $
1$$
$ i 32=7: i
!"pe escape seAuence to a%ort? Sen ing <> 1$$-%"te 3/4P .c&os to 2$1$'/1<'/$'72''1> BBBBB ;1# /ing i/,3 !!C !3!!2
Success rate is 1$$ percent (<,<)> roun -trip min,a6g,max C :,:,12 ms
!"pe escape seAuence to a%ort? Sen ing <> 1$$-%"te 3/4P .c&os to 2$1$'/1<'/$'7''1> timeout is 2 secon s' BBBBB Success rate is 1$$ percent (<,<)> roun -trip min,a6g,max C :,:,12 ms ;7# /ing i/,3 2 2 !C2-!C !22!!2 !"pe escape seAuence to a%ort? Sen ing <> 1$$-%"te 3/4P .c&os to 2$1$'/1<'/$'11''1> timeout is 2 secon s' BBBBB Success rate is 1$$ percent (<,<)> roun -trip min,a6g,max C :,:,12 ms ;7# /ing i/,3 2 2 !C2-!C !2!!2 * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
uggan
!'4+#
!"pe escape seAuence to a%ort? Sen ing <> 1$$-%"te 3/4P .c&os to 2$1$'/1<'/$'1''1> timeout is 2 secon s' BBBBB Success rate is 1$$ percent (<,<)> roun -trip min,a6g,max C :,-,12 ms ;1# s%o& i/,3 route 3P67 ;outing !a%le - : entries /o es' / - /onnecte > 0 - 0ocal> S - Static> ; - ;3P> 1 1(P * - Per-user Static route 31 - 3S3S 01> 32 - 3S3S 02> 35 - 3S3S interarea> 3S - 3S3S summar" 2 - 2SP+ intra> 23 - 2SP+ inter> 2.1 - 2SP+ ext 1> 2.2 - 2SP+ ext 2 2N1 - 2SP+ NSS5 ext 1> 2N2 - 2SP+ NSS5 ext 2 D - .3(;P> .M - .3(;P external / 2$1$'/1<'/$'1'',74 F$,$G 6ia ''> 0oop%ac#$ 0 2$1$'/1<'/$'1''1,12: F$,$G 6ia ''> 0oop%ac#$ 1 2$1$'/1<'/$'7'',74 F2$$,$G 6ia ''++++'12$?1$$?7?1> 3P67-mpls / 2$1$'/1<'/$'11'',74 F$,$G 6ia ''> (iga%it.t&ernet$,$?1$ 0 2$1$'/1<'/$'11''1,12: F$,$G 6ia ''> (iga%it.t&ernet$,$?1$ 1 2$1$'/1<'/$'72'',74 F2$$,$G 6ia ''++++'12$?1$$?7?1> 3P67-mpls 0 +.:$'',1$ F$,$G 6ia ''> Null$ 0 ++$$'',: F$,$G 6ia ''> Null$ ;7# s%o& i/,3 route 3P67 ;outing !a%le - : entries /o es' / - /onnecte > 0 - 0ocal> S - Static> ; - ;3P> 1 1(P * - Per-user Static route 31 - 3S3S 01> 32 - 3S3S 02> 35 - 3S3S interarea> 3S - 3S3S summar" 2 - 2SP+ intra> 23 - 2SP+ inter> 2.1 - 2SP+ ext 1> 2.2 - 2SP+ ext 2 2N1 - 2SP+ NSS5 ext 1> 2N2 - 2SP+ NSS5 ext 2 D - .3(;P> .M - .3(;P external 2$1$'/1<'/$'1'',74 F2$$,$G 1 * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. 6ia ''++++'12$?1$$?1?1> 3P67-mpls 2$1$'/1<'/$'7'',74 F$,$G 6ia ''> 0oop%ac#$ 2$1$'/1<'/$'7''1,12: F$,$G 6ia ''> 0oop%ac#$ 2$1$'/1<'/$'11'',74 F2$$,$G 6ia ''++++'12$?1$$?1?1> 3P67-mpls 2$1$'/1<'/$'72'',74 F$,$G 6ia ''> (iga%it.t&ernet$,1?1$ 2$1$'/1<'/$'72''1,12: F$,$G 6ia ''> (iga%it.t&ernet$,1?2$ +.:$'',1$ F$,$G 6ia ''> Null$ ++$$'',: F$,$G 6ia ''> Null$
uggan
!'44#
/ 0 1 / 0 0 0
Secti$n 1+> B$S ?13 P$int#A

E
!reate the following QoS profile on your $, -outer -* for traffic egressing to your !, de%ice connected to the ':M, F-+. Mse an appropriate method of prioritizing =S!$ traffic so that A+2* packets are statistically dropped more fre"uently than A+2( during congestion and reduce the effects of T!$ global synchronization within your &SS&81#!-&T&!A: and solely reduce the effect of T!$ global synchronization within the =,+AM:T classD B9 pointsC
!SCP Va&ue H $/ 9an.)i.th %##i"ne.
C&a##
F8&!, &SS&81#!-&T&!A: =,+AM:T
,+, !SL !SN, A+2*, A+2(, !S2 Any
2L 3) (L
This is a 2 !lass $,#to#!, QoS "uestion that re"uires assigning traffic to "ueues based on =S!$ %alues into the listed classes and assignment of bandwidth on a per#class basis. =S!$ prioritization is achie%ed in the &SS&81#!-&T&!A: class by enabling 0-,= with the random.dete$t ds$/.'ased command, whereby lower#priority =S!$ traffic will be dropped more aggressi%ely than higher priority under congestion, thus reducing the effect of global synchronization. A similar non#=S!$Qbased effect is achie%ed within the =,+AM:T class by use of the random.dete$t command. The pol# icy#map is applied outbound on the $, interface connecting to the ':M, F-+ !, de%ice. ,4ample 2#(9 details the re# "uired configuration on $, -outer -*. &f you ha%e configured this correctly, you ha%e scored 9 points.
uggan
!'40#
2E%MPL2 3627
P2 t$ C2 B$S C$n/i"urati$n
;1(config)# $lass.ma/ mat$%.an* 9EICE ;1(config-cmap)# mat$% i/ ds$/ e# ;1(config-cmap)# mat$% i/ ds$/ $s;1(config-cmap)# $lass.ma/ mat$%.an* MI88IEN.C+I4IC() ;1(config-cmap)# ;1(config-cmap)# ;1(config-cmap)# ;1(config-cmap)# mat$% i/ ds$/ $s3 mat$% i/ ds$/ a#32 mat$% i/ ds$/ a#32 mat$% i/ ds$/ $s3
;1(config-cmap)# /oli$*.ma/ PE.CE ;1(config-pmap)# $lass 9EICE ;1(config-pmap-c)# /riorit* /er$ent 3;1(config-pmap-c)# $lass MI88IEN.C+I4IC() ;1(config-pmap-c)# 'and&idt% /er$ent 4 ;1(config-pmap-c)# random.dete$t ds$/.'ased ;1(config-pmap-c)# $lass $lass.de#ault ;1(config-pmap-c)# 'and&idt% /er$ent 2;1(config-pmap-c)# random.dete$t ;1(config-pmap-c)# e:it ;1(config-pmap)# e:it ;1(config)# inter#a$e Giga'itEt%ernet 5 .2 ;1(config-su%if)# ser,i$e./oli$* out/ut CE.PE
!reate the following QoS profile on your $, -outer -* for traffic ingressing from your !, de%ice connected to the ':M, F-+ into the $:S network. The total aggregate speed from the !, to $, should be restricted to * bpsD
C-' ?bp#A
C&a##
F8&!, &SS&81#!-&T&!A: =,+AM:T
2L),))) 3)),))) (L),)))
Traffic in the F8&!, class within the detailed !&- should ha%e the $:S ,X$ set to L and abo%e discarded. Traffic in the &SS&81#!-&T&!A: class within the detailed !&- should ha%e the $:S ,X$ set to 2 and abo%e set to 9. Traffic in the =,+AM:T class within the detailed !&- should ha%e the $:S ,X$ set to ) and abo%e set to 3. BN pointsC
uggan
!'41#
This is a =iffSer% Tunneling "uestion which re"uires that the classes you ha%e configured in the pre%ious "uestion be policed to an aggregate of * bps and ha%e their $:S ,X$ %alues adAusted. The policy#map is applied to the input in# terface of the $, router, which connects to the ':M, F-+ !, de%ice and affects the traffic as it flows through the $:S network. ,4ample 2#(/ details the re"uired configuration on $, -outer -*. &f you ha%e configured this correctly, you ha%e scored N points.
2E%MPL2 362@ C2 t$ P2 B$S C$n/i"urati$n
;1(config)# /oli$*.ma/ CE.PE.8@(PE ;1(config-pmap)# $lass 9EICE ;1(config-pmap-c)# /oli$e $ir 3;1(config-pmap-c-police)# $on#orm.a$tion set.m/ls.e:/.to/most.transmit ;1(config-pmap-c-police)# e:$eed.a$tion dro/ ;1(config-pmap-c-police)# $lass MI88IEN.C+I4IC() ;1(config-pmap-c)# /oli$e $ir 4 ;1(config-pmap-c-police)# $on#orm.a$tion set.m/ls.e:/.to/most.transmit 3 ;1(config-pmap-c-police)# ;1(config-pmap-c-police)# ;1(config-pmap-c)# ;1(config-pmap-c-police)# ;1(config-pmap-c-police)# e:$eed.a$tion set.m/ls.e:/.to/most.transmit 7 $lass $lass.de#ault $on#orm.a$tion set.m/ls.e:/.to/most.transmit e:$eed.a$tion set.m/ls.e:/.to/most.transmit 4
/oli$e $ir 2-
;1(config-pmap-c-police)# inter#a$e Giga'itEt%ernet 5 .2 ;1(config-su%if)# ser,i$e./oli$* in/ut CE.PE.8@(PE

E
!reate three new :oopback &$ addresses of loopback* on -3, -L, and -NPuse &$ addresses of 3.3.3.35(3, L.L.L.L5(3, and N.N.N.N5(3, respecti%ely. Mse ,&7-$ to ad%ertise the loopback networks between routers o%er a common 7-, tunnel network of *)).*)).*)).X 5 (3 BX [ router numberC sourced from each router<s common ,thernet interface using &$sec to encrypt all traffic between the loopback networks using a preshared isakmp key of !!&,. Mse an &$sec transform#set of esp#des esp#mdL#hmac on each router. -N needs to be a hub router, with -3 and -L effecti%ely being spoke routers in your solution. >ou are not permitted to enable ,&7-$ on your ,thernet interfaces between routers. Spoke routers must be able to communicate with each other directly using dynamic &$sec connections with the aid of 1H-$ at the hub, whereas hub#to#spoke &$sec connections should be permanent. The hub router should pro%ide all necessary direct ne4t#hop information to the spoke routers when they are re"uired to communicate between themsel%es. 1H-$ should be authenticated with a password of
uggan
!'42#
S,!-,T. Mse an TM of *3*N for your secure traffic, an 1H-$ timeout of *)) seconds for spoke replies, and a delay of (mS on the tunnel network. Test your solution by e4tended pings sourced from the configured :oopback interfaces. B*) pointsC This is a classic =ynamic ultipoint F$1 B= F$1C "uestion in which a hub#and#spoke design is used with 1e4t Hop -esolution $rotocol B1H-$C for the spoke routers to communicate with each other. >ou ha%e numerous tasks to per# form, so this could be the kind of "uestion that is best sa%ed until later and tackled if you ha%e time. The "uestion dic# tates that you configure a tunnel network *)).*)).*)).)5(3 in which to ad%ertise each router<s new :oopback network o%er 7-, and ,&7-$ sourced from the common ,thernet interfaces, which is uncomplicated@ the comple4ity begins when you enable &$sec and 1H-$. The $r*/to isa0m/ /oli$* command configures the preshared key to CCIE and sets the transform#set with the re"uired parameters of es/.des es/.md-.%ma$, which are applied to the tunnel interface by the use of the tunnel /rote$tion i/se$ /ro#ile IP8EC command. The TM is fi4ed at *3*N as directed within the "uestion on the tunnel interfaces to allow for o%erhead of the F$1 connection. A delay of ())) is configured on each tunnel interface as directed in the "uestion, which is (mS, so be aware of the unit %alues, which are micro seconds. The tunnel source of each router is the common ,thernet network *().*)).3L. 'ecause the spoke routers will terminate their connection to the hub on the same interface, the tunnel mode must be set to tunnel mode gre multi/oint. 1H-$ is enabled on the tunnel interface of each router with an identical network &= to match the broadcast domain for all three routers, and the authentication password is set to S,!-,T as directed within the "uestion. The command i/ n%r/ ma/ multi$ast d*nami$ permits the registration of the multicast address for ,&7-$ during boot up or initiation of spoke#to#hub sessions. The i/ n%r/ %oldtime 2 command sets the 1H-$ time for a spoke to keep the 1H-$ reply to *)) seconds and is configured on the hub#and#spoke routers. The re"uired configuration for the :oopback and tunnel interfaces and the = F$1 is detailed in ,4ample 2#(..
2E%MPL2 3629 !MVPN C$n/i"urati$n
;4(config)# inter#a$e loo/'a$02 ;4(config-if)# ;4(config-if)# i/ add 4.4.4.4 2--.2--.2--. router eigr/ 2 no auto.summar* net&or0 2 .2 .2 . . . .2-net&or0 4.4.4. . . .2--
;4(config-router)# ;4(config-router)# ;4(config-router)#
;<(config)# inter#a$e loo/'a$02 ;<(config-if)# ;<(config-if)# i/ address -.-.-.- 2--.2--.2--. router eigr/ 2
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. ;<(config-router)# ;<(config-router)# ;<(config-router)# ;7(config)# no auto.summar* net&or0 2 .2 .2 . . . .2-net&or0 -.-.-. . . .2--
uggan
!'43#
inter#a$e loo/'a$02 i/ address 3.3.3.3 2--.2--.2--. router eigr/ 2 no auto.summar* net&or0 2 .2 .2 . . . .2-net&or0 3.3.3. . . .2--
;7(config-router)# ;7(config-router)# ;7(config-router)# ;7(config)#
$r*/to isa0m/ /oli$* 2 aut%enti$ation /re.s%are $r*/to isa0m/ 0e* CCIE address . . . $r*/to i/se$ trans#orm.set DM9PN es/.des es/.md-.%ma$
;7(config-isa#mp)# ;7(config-isa#mp)# ;7(config-isa#mp)#
;7(cfg-cr"pto-trans)# $r*/to i/se$ /ro#ile IP8EC ;7(ipsec-profile)# set trans#orm.set DM9PN ;7(ipsec-profile)# inter#a$e 4unnel ;7(config-if)# i/ address 2 .2 .2 .3 2--.2--.2--. ;7(config-if)# i/ mtu 2423 ;7(config-if)# i/ n%r/ aut%enti$ation 8EC+E4 ;7(config-if)# i/ n%r/ ma/ multi$ast d*nami$ ;7(config-if)# i/ n%r/ net&or0.id 2 ;7(config-if)# i/ n%r/ %oldtime 2 ;7(config-if)# ;7(config-if)# ;7(config-if)# ;7(config-if)# ;7(config-if)# ;4(config)# dela* 2 tunnel sour$e gig 5 tunnel mode gre multi/oint tunnel 0e* 2 tunnel /rote$tion i/se$ /ro#ile IP8EC
;4(config-isa#mp)# ;4(config-isa#mp)# ;4(config-isa#mp)#
;4(cfg-cr"pto-trans)# $r*/to i/se$ /ro#ile IP8EC ;4(ipsec-profile)# set trans#orm.set DM9PN ;4(ipsec-profile)# inter#a$e 4unnel ;4(config-if)# i/ address 2 .2 .2 .4 2--.2--.2--. * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J. ;4(config-if)# ;4(config-if)# ;4(config-if)# ;4(config-if)# ;4(config-if)# ;4(config-if)# ;4(config-if)# ;4(config-if)# ;4(config-if)# ;4(config-if)# ;4(config-if)# ;4(config-if)# ;<(config)# i/ mtu 2423 i/ n%r/ aut%enti$ation 8EC+E4 i/ n%r/ ma/ 2 .2 .2 .3 22 .2 .4-.3 i/ n%r/ ma/ multi$ast 22 .2 i/ n%r/ net&or0.id 2 i/ n%r/ %oldtime 2 i/ n%r/ n%s 2 dela* 2 tunnel sour$e gig 5 tunnel mode gre multi/oint tunnel 0e* 2 tunnel /rote$tion i/se$ /ro#ile IP8EC .2 .2 .3 .4-.3
uggan
!'44#
;<(config-isa#mp)# ;<(config-isa#mp)# ;<(config-isa#mp)#
;<(cfg-cr"pto-trans)# $r*/to i/se$ /ro#ile IP8EC ;<(ipsec-profile)# set trans#orm.set DM9PN ;<(ipsec-profile)# inter#a$e 4unnel ;<(config-if)# i/ address 2 .2 .2 .- 2--.2--.2--. ;<(config-if)# ;<(config-if)# ;<(config-if)# ;<(config-if)# ;<(config-if)# ;<(config-if)# ;<(config-if)# ;<(config-if)# ;<(config-if)# ;<(config-if)# ;<(config-if)# ;<(config-if)# i/ mtu 2423 i/ n%r/ aut%enti$ation 8EC+E4 i/ n%r/ ma/ 2 .2 .2 .3 22 .2 .4-.3 i/ n%r/ ma/ multi$ast 22 .2 i/ n%r/ net&or0.id 2 i/ n%r/ %oldtime 2 i/ n%r/ n%s 2 dela* 2 tunnel sour$e gig 5 tunnel mode gre multi/oint tunnel 0e* 2 tunnel protection ipsec profile 3PS./ .2 .2 .3 .4-.3
,4ample 2#2) details the ,&7-$ routes recei%ed on all routers. As can be seen, the hub router shows both spoke net# works, yet each spoke router disco%ers only the hub network@ this is a classic split#horizon issue. The hub -outer -N must be configured to disable the split#horizon beha%ior to ensure the spoke routers recei%e each other<s routes. How#
uggan
!'00#
e%er, the "uestion dictates that spoke routers should be able to communicate Sdirectly.T As shown in ,4ample 2#2), the ne4t hop for spoke networks show as the hub router *)).*)).*)).N for each spoke network. The command no i/ ne:t. %o/.sel# eigr/ 2 on the hub -outer -N ensures that the spoke routers are used as ne4t hops when spoke#to#spoke commu# nication is re"uired, and this will enable the dynamic &$sec peering between spokes as directed in the "uestion.
2E%MPL2 363+ !MVPN Sp$0e6t$6Sp$0e '$utin"
;4# s%o& i/ route eigr/ 7?$?$?$,24 is su%nette > 1 su%nets D 7?7?7?$ F-$,2:<$:4417G 6ia 1$$?1$$?1$$?7> ;<# s%o& i/ route eigr/ 7?$?$?$,24 is su%nette > 1 su%nets D 7?7?7?$ F-$,2:<$:4417G 6ia 1$$?1$$?1$$?7> ;7# s%o& i/ route eigr/ 4?$?$?$,24 is su%nette > 1 su%nets D 4?4?4?$ F-$,2:<$:4417G 6ia 1$$?1$$?1$$?4> <?$?$?$,24 is su%nette > 1 su%nets D <?<?<?$ F-$,2:<$:4417G 6ia 1$$?1$$?1$$?<> B;7 &as %ot& spo#e routes "et eac& spo#e (;4 an &ori- Non issue? ;7(config)# inter#a$e tunnel no i/ s/lit.%ori1on eigr/ 2
$$'$2'42> !unnel$
$$'$$'<$> !unnel$
$$'$3'$7> !unnel$ $$'$1'$2> !unnel$ ;<) onl" &a6e t&e &u% net8or# route> Ba classic split
;7(config-if)#
;4# s%o& i/ route eigr/ <?$?$?$,24 is su%nette > 1 su%nets D <?<?<?$ F-$,2:<<-7417G 6ia 1$$?1$$?1$$?7> 7?$?$?$,24 is su%nette > 1 su%nets D 7?7?7?$ F-$,2:<$:4417G 6ia 1$$?1$$?1$$?7>
$$'$$'22> !unnel$ $$'$4'14> !unnel$
;<# s%o& i/ route eigr/ 4?$?$?$,24 is su%nette > 1 su%nets D 4?4?4?$ F-$,2:<<-7417G 6ia 1$$?1$$?1$$?7> $$'$$'33> !unnel$ 7?$?$?$,24 is su%nette > 1 su%nets D 7?7?7?$ F-$,2:<$:4417G 6ia 1$$?1$$?1$$?7> $$'$2'2$> !unnel$ ;<#
uggan
!'0"#
B !&e next-&op for spo#e to spo#e routes s&o8s as t&e &u% router (1$$?1$$?1$$?7) "et Bt&e Auestion states traffic must flo8 irectl" %et8een spo#es so t&e next-&op must %e Bmo ifie ;7(config)# inter#a$e tunnel no i/ ne:t.%o/.sel# eigr/ 2
;7(config-if)#
;4# s%o& i/ route eigr/ <?$?$?$,24 is su%nette > 1 su%nets D <?<?<?$ F-$,2:<<-7417G 6ia 1$$?1$$?1$$?<> $$'$$'2:> !unnel$ 7?$?$?$,24 is su%nette > 1 su%nets D 7?7?7?$ F-$,2:<$:4417G 6ia 1$$?1$$?1$$?7> $$'$$'2-> !unnel$ ;<# s%o& i/ route eigr/ 4?$?$?$,24 is su%nette > 1 su%nets D 4?4?4?$ F-$,2:<<-7417G 6ia 1$$?1$$?1$$?4> $$'$$'3-> !unnel$ 7?$?$?$,24 is su%nette > 1 su%nets 7?7?7?$ F-$,2:<$:4417G 6ia 1$$?1$$?1$$?7> $$'$$'3-> !unnel$ D
,4ample 2#2* shows the isakmp &$sec connection on spoke -outer -L to the hub. To bring up a dynamic isakmp &$sec connection to the other spoke -outer -3, an e4tended ping is re"uired from :oopback interface to :oopback interface. This "uestion was e4tremely comple4 and is the reason why it was weighted so hea%ily. >ou had multiple items to con# figure within the standard = F$1 solution, such as split#horizon. &t should make you realize the importance of reading the "uestion a number of times and taking the time to test your configurations to ensure you ha%e successfully answered the "uestion. &f you ha%e configured your routers correctly, as detailed in ,4amples 2#(. and 2#2), congratulations, and you ha%e earned a hefty *) points.
2E%MPL2 3631 !MVPN Sp$0e6t$6Sp$0e Te#tin"
;<# s%o& $r*/to ma/ /r"pto 4ap L!unnel$-&ea -$L 7<<37 ipsec-isa#mp Profile name' 3PS./ Securit" association lifetime' 47$:$$$ #ilo%"tes,37$$ P+S (O,N)' N !ransform setsC[ D4VPN> T
secon s
uggan
!'0'#
/r"pto 4ap L!unnel$-&ea -$L 7<<3= ipsec-isa#mp 4ap is a P;2+30. 3NS!5N/.? Peer C 12$?1$$?4<?7 3P access list .xten e access-list permit gre &ost 12$?1$$?4<?< &ost 12$?1$$?4<?7 /urrent peer' 12$?1$$?4<?7 Securit" association lifetime' 47$:$$$ #ilo%"tes,37$$ secon s P+S (O,N)' N !ransform setsC[ D4VPN> T 3nterfaces using cr"pto map !unnel$-&ea -$' !unnel$ ;<# s%o& $r*/to isa0m/ sa 3P64 /r"pto 3S5J4P S5 12$?1$$?4<?7 st 12$?1$$?4<?< src Z4D3D0. state 4$$1 $ 5/!3V. conn-i slot status
3P67 /r"pto 3S5J4P S5 B;< spo#e router onl" &as a connection to t&e 9u% router? 5n exten e ping source from t&e loop%ac# interface of one spo#e to anot&er is reAuire to %ring up t&e "namic spo#e to spo#e connection?
;<#/ing Protocol FipG' !arget 3P a ress' 4.4.4.4 ;epeat count F<G' Datagram siNe F1$$G' !imeout in secon s F2G' .xten e comman s FnG' * Source a ress or interface' -.-.-.!"pe of ser6ice F$G' Set D+ %it in 3P &ea erW FnoG' Vali ate repl" ataW FnoG' Data pattern F$x51/DG' 0oose> Strict> ;ecor > !imestamp> Ver%oseFnoneG' S8eep range of siNes FnG' !"pe escape seAuence to a%ort? * 2+1+ Ci#c$ Sy#tem#, -nc %&& ri"ht# re#er(e. Thi# pub&icati$n i# pr$tecte. by c$pyri"ht P&ea#e #ee pa"e 259 /$r m$re .etai&#
uggan
!'0+#
Sen ing <> 1$$-%"te 3/4P .c&os to 4?4?4?4> timeout is 2 secon s' Pac#et sent 8it& a source a ress of <?<?<?< BBBBB Success rate is 1$$ percent (<,<)> roun -trip min,a6g,max C 1,2,4 ms ;<# s%o& $r*/to isa0m/ sa 3P64 /r"pto 3S5J4P S5 st src 12$?1$$?4<?< 12$?1$$?4<?4 12$?1$$?4<?7 12$?1$$?4<?< 3P67 /r"pto 3S5J4P S5 ;<# s%o& $r*/to isa0m/ sa 3P64 /r"pto 3S5J4P S5 st src 12$?1$$?4<?< 12$?1$$?4<?4 12$?1$$?4<?7 12$?1$$?4<?< 3P67 /r"pto 3S5J4P S5
state Z4D3D0. Z4D3D0.
conn-i slot status 4$$2 $ 5/!3V. 4$$1 $ 5/!3V.
state Z4D3D0. Z4D3D0.
conn-i slot status 4$$2 $ 5/!3V. 4$$1 $ 5/!3V.
The network manager of your network cannot Austify a full security implementation but wants to implement a so# lution that pro%ides only a password prompt from -* when the keyboard entry * is entered on the console port Bas opposed to the normal !-5,nter keyC. !onfigure -* appropriately. B2 pointsC
This "uestion makes use of the a$ti,ation.$%ara$ter command on the console port. This is a nasty "uestion because the !:& entry re"uires an AS!&& entry@ you6d need to search to disco%er that AS!&& numeric figures B) to .C are prefi4ed by the binary %alue of ))**, so a %alue of * B)))*C would be ))**)))*@ as such the decimal con%ersion is 2( ] *N ] * [ 3.. A good "uestion to use the B?C on the !:& for clues and your documentation != or search facility in the lab if you were not aware of this feature. &f you ha%e configured this correctly per ,4ample 2#2(, you ha%e scored 2 points.
2E%MPL2 3632 '1 C$n#$&e %cti(ati$n6Character C$n/i"urati$n
;1(config)# line con 0 ecimal eAui6alent ;1(config-line)# a$ti,ation.$%ara$ter R /95; or \$-12=Y 5cti6ation c&aracter or its ;1(config-line)# a$ti,ation.$%ara$ter 49
uggan
!'04#
Lab 3 Frap6<p
So how did it go? =id you run out of time? =id you manage to finish but miss what was actually re"uired? &f you scored more than /), well done. &f you accomplished this within the time frame of / hours or less, you will be prepared for any scenario that you are likely to face during the L *5( hours of the !onfiguration section of the actual e4am. -emember that the Troubleshooting section on the %3.) e4am is a separate section to the configuration with a different scenario, and you will ha%e ( hours to complete this. This lab was designed to ensure you troubleshoot your own work as you progress through the "uestions. =id you manage to configure items such as disabling split horizon for = F$1 and the area &= for 8S$+? This atten# tion to detail and complete understanding of the protocols will ultimately earn you your number.
uggan
!'00#
Cha&ter 4 Su**ary
%re 4$u 'ea.yI
This became a well#known !isco. slogan that identified the &nternet re%olution. 'y the end of these practice e4ams, you should ha%e a good idea of whether you are ready. =id you feel confident working through the "uestions, or was it a complete shock to the system? Are you more used to being spoon#fed solitary scenarios than actually ha%ing to analyze "uestions and piece together parts of a comple4 network Aigsaw? :ife is full of challenges. =uring your education and career, the !!&, !ertification is as tough as it gets. The e4am is designed to test your technical skills, your understanding and analysis of comple4 topologies, and your capacity to build and troubleshoot a network with &$ routing protocols and features. >ou need to achie%e a minimum score of /) percent to pass.
;urther 'ea.in"
The following !isco $ress titles are on topics appearing on the !!&, e4am blueprint. These books are not re"uired study resources, but they can be used to build knowledge in certain areas. CCIE Routing and Switching E$a% Certification &uide, +ourth ,dition CCIE Routing and Switching E$a% 'uick Reference, Second ,dition CCIE Routing and Switching Troubleshooting Practice Labs Routing TCP(IP, )olu%e I, *(e Routing TCP(IP, )olu%e II Troubleshooting IP Routing Protocols Inside Cisco I+S Software !rchitecture
uggan
!'01#
Cisco L!, Switching Cisco +SP- Co%%and and Configuration .andbook Cisco /&P01 Co%%and and Configuration .andbook Cisco Router Configuration .andbook, Second ,dition Cisco L!, Switching Configuration .andbook, Second ,dition 2e"eloping IP 3ulticast ,etworks, )olu%e I Internet Routing !rchitectures, Second ,dition 3PLS and )P, !rchitectures 3PLS and )P, !rchitectures, )olu%e II Cisco Catalyst 'oS End0to0End 'oS ,etwork 2esign 2eploying IP"4 ,etworks ,etwork Security Technologies and Solutions
5e&p an. %.(ice

E E
:ook at httpD55www.cisco.com5web5learning5le25ccie5rs5labOe4am.htm l for the latest information regarding the !!&, !ertification, which includes suggested training and reading. Reep your schedule fle4ible during your rack time. &nclude time for breaks and rela4ationPyou will often find that fi%e minutes away from the keyboard can help you consider possible solutions. ost important, do not forget the people you care for and make time for them, too. 'uild your study plan based on a balance between theory and practice. >ou need to understand the concepts through the theory@ then consolidate this during your rack time.
uggan
!'02#
'egin with simple topics in isolation@ then work up to comple4 lab scenarios. Spend as much time repeating your configurations as possible to impro%e your speed and ability to perform basic configurations with your eyes shut. This will sa%e you time for where you need it during the e4am. ,4plore the !isco != documentation or the M-: httpD55www.cisco.com5uni%ercd5home5home.htm . This will be your research lifeline during the e4am where you can find information, concepts, and samples regarding all tech# nologies in%ol%ed in the e4am. Start to plan for your e4am at least si4 months before the lab date. &f you find these practice labs ha%e highlighted weak areas, do not be afraid to postpone your lab date.
E E
5$) Can - Sche.u&e My CC-2 Lab 21amI

7o to httpD55www.cisco.com5web5learning5le25ccie5rs5labOe4am.html, and you can find all the information on how to schedule your e4am including locations, start times, and more. >ou must ha%e a !!8 user &=, your !!&, written e4am date, and score to be able to %iew your profile and schedule your e4am.
The !ay 9e/$reJ

&f you are tra%eling to take your e4am, try to arri%e the day before to familiarize yourself with the area. Take a tour to the lab location, so you won6t be late on the day@ the last thing you need is to arri%e flustered. The day before is a day to be rela4ed and not to attempt any last#minute studying. Ha%e a light dinner and try to ha%e a good night6s sleep. ost important, sa%e the beer until after the e4am@ pass or fail you will feel like one or two for sure. The !!&, e4am might be the reason why Stella Artois is so popular in 'russels^
The !ay $/ the 21am

8n the day of the e4am, you should plan to arri%e at least *L minutes before the e4am begins for registration. The proc# tor will walk you to the lab and gi%e you a briefing before the e4am starts, telling you about the lab en%ironment, on which rack or station you will be working, and the general guidelines for the day. The proctor will not discuss solutions or possible solutions for a gi%en "uestion with you. The proctor will be a%ailable to help you understand the wording or meaning of the "uestions, make sure the backbone routers are working properly, and the hardware and software on your rack are working perfectly so your e4am runs smoothly. Ask the proctor for any
uggan
!'03#
assistance or %erification@ the worst he or she can say is, SSorry, e%erything looks okay from my side@ please check your configuration.T -ead the entire e4am before you start to get the bigger picture, ensuring you fully understand each "ues# tion and its re"uirements. 'egin by performing easier tasks, lea%ing the most difficult for later. Take some small breaks during the morning and the afternoon to refresh yourself and relie%e the stress.
Pa## $r ;ai&, Fhat Ne1tI

&f you pass, you certainly ha%e something to celebrate@ you ha%e Aust Aoined a %ery elite club that will in no doubt en# hance your career. >ou ha%e achie%ed the highest le%el of certification in the networking world and should aim to con# tinue your thirst for knowledge that sets you apart from your peers, but take a break before starting your ne4t !!&, track^ &f you failed, don6t worry and don6t take it personally@ most people fail the first time around. >ou will ha%e to put it down to e4perience and get back on the keyboard as soon as you can to work out what went wrong. >ou will more than likely be successful the ne4t time and will ultimately become a better engineer for your e4tra rack time. & hope these practice e4ams and tips are helpful and guide you to take your e4am with success.
uggan
!'04#
CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab#

Martin J !u""an
!opyright_ ()*) $earson ,ducation, &nc. $ublished byD !isco $ress /)) ,ast .Nth Street &ndianapolis, &1 3N(3) MSA All rights reser%ed. 1o part of this book may be reproduced or transmit# ted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrie%al system, without written permission from the publisher, e4cept for the inclusion of brief "uotations in a re%iew. $rinted in the Mnited States of America +irst $rinting ay ()*) &S'1#*)D *#L/9*3#(*2#. &S'1#*2D .9/#*#L/9#(*2#)
Tra.emar0 %c0n$)&e."ment#
All terms mentioned in this book that are known to be trademarks or ser%ice marks ha%e been appropriately capitalized. !isco $ress or !isco Systems, &nc. cannot attest to the accuracy of this information. Mse of a term in this book should not be regarded as affecting the %alidity of any trademark or ser%ice mark.
;ee.bac0 -n/$rmati$n
At !isco $ress, our goal is to create in#depth technical books of the highest "uality and %alue. ,ach book is crafted with care and precision, undergoing rigorous de%elopment that in%ol%es the uni"ue e4pertise of members from the professional technical community. -eaders6 feedback is a natural continuation of this process. &f you ha%e any comments regarding how we could impro%e the "uality of this book, or otherwise alter it to better suit your needs, you can contact us through email at feedbackVciscopress.com. $lease make sure to include the book title and &S'1 in your message. 0e greatly appreciate your assistance.
C$rp$rate an. =$(ernment Sa&e#

!isco $ress offers e4cellent discounts on this book when ordered in "uantity for bulk purchases or specialsales. +or more information, please contactD M.S. !orporate and 7o%ernment Sales *#/))#2/(#23*. corpsalesVpearsontechgroup.com +or sales outside of the M.S. please contactD &nternational Sales internationalVpearsoned.com
Farnin" an. !i#c&aimer

This book is designed to pro%ide information about the !!&, -outing and Switching %ersion 3.) lab e4am. ,%ery effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. The information is pro%ided on an Sas isT basis. The authors, !isco $ress, and !isco Systems, &nc. shall ha%e neither liability nor responsi# bility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the discs or programs that may accompany it. The opinions e4pressed in this book belong to the author and are not necessarily those of !isco Systems, &nc.

2 CCIE Routing and Switching Practice Labs

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

2 CCIE Routing and Switching Practice Labs

Uploaded by

Copyright:

Available Formats

Table of Contents

"ractice #ab 2...................................................................................................................... 1%&

"ractice #ab 3'The (") #ab............................................................................................... 1*&

Chapter !. +ummary........................................................................................................... 2,3

CCIE Routing and Switching v4.0 Configuration Practice Labs

%b$ut the %uth$r

%b$ut the Technica& 'e(ie)er

C$mman. Synta1 C$n(enti$n#

Sc$rin" P$int Sy#tem

%##e##in" 4$ur Stren"th#

Ci#c$ 37+ Pr$"ram

28uipment Li#t an. -3S 'e8uirement#

This page intentionally left blank

CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J.

Practice Lab "

2/(L 29(L 2/(L 2/(L 2/(L 2/(L

CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J.

Settin" <p the Lab

CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J.

23 3L 3N *)) ()) 2))

+a)52, +a)53 +a)5L +a)5N P P &5+ F:A12))

CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J.

;rame 'e&ay -n#tructi$n#

CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J.

-2 :o) *().*)).2.*5(3 -3 :o) *().*)).3.*5(3 -L :o) *().*)).L.*5(3

S0( :o) *().*))./.*5(3 S02 :o) *().*))...*5(3 S03 :o) *().*)).*).*5(3

CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J.

Practice Lab 3ne

CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J.

Secti$n 1> L%N S)itchin" an. ;rame 'e&ay ?2@ P$int#A

CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J.

CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J.

CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J.

Secti$n 2> -P(4 -=P Pr$t$c$&# ?22 P$int#A

CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J.

Secti$n 2 2> 2-='P

CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J.

Secti$n 2 3> 'e.i#tributi$n

CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J.

Secti$n 3> 9=P ?14 P$int#A

CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J.

Secti$n 4> -P(7 ?14 P$int#A

CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J.

Secti$n 4 1> '-Pn"

Secti$n 4 2> 3SP;(3

Secti$n 4 3> 'e.i#tributi$n

CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J.

Secti$n 5> B$S ?@ P$int#A

!SN ,+ A+3* A+2* !S2 A+(* !S( Af** !S* )

CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J.

Secti$n 7> Security ?7 P$int#A

Secti$n 7> Mu&tica#t ?4 P$int#A

CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J.

C%#0 the Pr$ct$rD

Secti$n 1> L%N S)itchin" an. ;rame 'e&ay

CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J.

QD !an & configure a

A! address type access#list to block all multicast at :ayer (?

CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J.

Secti$n 2> -P(4 -=P Pr$t$c$&#

CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J.

Secti$n 2 2> 2-='P

CC-2 '$utin" an. S)itchin" (4 + C$n/i"urati$n Practice Lab# by Martin J.

Secti$n 2 3> 'e.i#tributi$n

-2 :o) ().)).2.5(3 -3 :o) ().)).3.5(3 -L :o) ().)).L.*5(3

S0( :o) ().))./.5(3 S02 :o) ().))...5(3 S03 :o) ().)).).5(3