CCIE R/S Lab Bootcamp Workbook

Authored By:

Khawar Butt
CCIE # 12353
(R/S, Security, SP, Voice)
CCIE R/S Lab Bootcamp Workbook

Netmetric Solutions
http://www.netmetric-solutions.com
Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com

1 of 230

Module 1 – Frame Relay

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com

2 of 230

Lab 1 – Hub-n-Spoke using Frame-relay map statements

R1

R4
Frame-Relay

R2

R3

IP addressing and DLCI information Chart
Routers
R1

IP address
S0/0: 192.1.234.1/24

Local DLCI
102 103 104 201 301 401

Connecting to:
R2 R3 R4 R1 R1 R1

R2 R3 R4

S0/0: 192.1.234.2 /24 S0/0: 192.1.234.3 /24 S0/0: 192.1.234.4 /24

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com

3 of 230

Task 1 Configure the frame-relay cloud in a hub and spoke topology using frame-relay map statements. The frame-relay switch is configured in a full mesh; these routers should NOT reply to inverse-arp inquiries.

R1 Int S0/0 Ip address 192.1.234.1 255.255.255.0 Encapsulation frame Frame-relay map ip 192.1.234.2 102 b Frame-relay map ip 192.1.234.3 103 b Frame-relay map ip 192.1.234.4 104 b No frame-relay inverse-arp No shut R3 Int s0/0 Ip address 192.1.234.3 255.255.255.0 Encapsulation frame Frame-relay map ip 192.1.234.1 301 b No frame-relay inverse-arp No shut Task 2

R2 Int S0/0 Ip address 192.1.234.2 255.255.255.0 Encapsulation frame Frame-relay map ip 192.1.234.1 201 b No frame-relay inverse-arp No shut

R4 Int s0/0 Ip address 192.1.234.4 255.255.255.0 Encapsulation frame Frame-relay map ip 192.1.234.1 401 b No frame-relay inverse-arp No shut

Ensure that every router can ping every address connected to the frame-relay cloud including their own. R1 Int S0/0 Frame-relay map ip 192.1.234.1 102 R2 Int S0/0 Frame-relay map ip 192.1.234.3 201 Frame-relay map ip 192.1.234.4 201 Frame-relay map ip 192.1.234.2 201 R4 Int S0/0 Frame-relay map ip 192.1.234.2 401 Frame-relay map ip 192.1.234.3 401 Frame-relay map ip 192.1.234.4 401

R3 Int S0/0 Frame-relay map ip 192.1.234.2 301 Frame-relay map ip 192.1.234.4 301 Frame-relay map ip 192.1.234.3 301

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com

4 of 230

Task 3 Erase the startup config and reload the routers before proceeding to the next lab.

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com

5 of 230

Lab 2 –Configuring Frame-relay point-to-point sub-interfaces

R1

R4
Frame-Relay

R2

R3

IP addressing and DLCI information Chart
Routers
R1

IP address
S0/0.12: 192.1.12.1/24 S0/0.13: 192.1.13.1/24 S0/0.14: 192.1.14.1/24 S0/0.21: 192.1.12.2/24 S0/0.31: 192.1.13.3 /24 S0/0.41: 192.1.14.4 /24

Local DLCI
102 103 104 201 301 401

Connecting to:
R2 R3 R4 R1 R1 R1

R2 R3 R4

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com

6 of 230

Task 1 Configure the frame-relay cloud in a hub and spoke topology; the routers should be configured in a point-to-point configuration. R1 Int S0/0 Encap frame-relay No shut Exit ! Int S0/0.12 point-to-point Ip address 192.1.12.1 255.255.255.0 Frame-relay interface-dlci 102 ! Int S0/0.13 point-to-point Ip address 192.1.13.1 255.255.255.0 Frame-relay interface-dlci 103 ! Int S0/0.14 point-to-point Ip address 192.1.14.1 255.255.255.0 Frame-relay interface-dlci 104 R3 Int S0/0 Encap frame-relay No shut Exit ! Int S0/0.31 point-to-point Ip address 192.1.13.3 255.255.255.0 Frame-relay interface-dlci 301 R2 Int S0/0 Encap frame-relay No shut Exit ! Int S0/0.21 point-to-point Ip address 192.1.12.2 255.255.255.0 Frame-relay interface-dlci 201

R4 Int S0/0 Encap frame-relay No shut Exit ! Int S0/0.41 point-to-point Ip address 192.1.14.4 255.255.255.0 Frame-relay interface-dlci 401

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com

7 of 230

Lab 3 – Point-to-point and Multipoint

R1

R4
Frame-Relay

R2

R3

Task 1 Configure the routers connected to the frame-relay cloud as follows: o R1 (The HUB) must be configured with two sub-interfaces, one of the two sub-interfaces must be configured to connect R1 to R4, this sub-interface should be configured in a point-to-point manner using the following IP addressing: R1 = 192.1.14.1 /24, and R4 = 192.1.14.4 /24. o The second sub-interface on R1 must be configured in a multipoint manner, and this sub-interface must be configured to connect R1 to routers R2 and R3 using the following IP addressing: R1 = 192.1.123.1 /24, R2 = 192.1.123.2 /24 and R3 = 192.1.123.3 /24 o Make sure that you are pretending that R1 is not a Cisco router when configuring the Encapsulation Framing.
Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com

8 of 230

1.123.1 301 ietf b No shut Frame-relay map ip 192.1.255.14.1 255.123. o Ensure that the routers can ping every IP address including their own within their IP address space.123. o R4 should be configured with a sub-interface in a point-to-point manner.2 102 b Frame-relay map ip 192.123.123.2 201 ietf No shut Exit R4 Int S0/0 Int S0/0 Encapsulation frame Encap frame Ip address 192.1.2 255.0 Frame-relay map ip 192. R1 Int S0/0 Encapsulation frame-relay ietf No frame-relay inverse No shut ! Int S0/0.14 point-to-point Ip address 192.41 point-to-point No frame-relay inverse Ip address 192.4 255. Copyrights Netmetric Solutions 2006-2010 Website: http://www.255.123. R3 and R4 the spokes.2 301 ietf ! Frame-relay map ip 192.1.255.3 103 b R3 R2 Int S0/0 Ip address 192.3 255.123.123.1 102 Frame-relay map ip 192.0 No shut Frame-relay interface 401 ietf Task 2 Ensure that R1 and R4 use CHAP authentication using Cisco as the password.1.o Routers R2.1.1.14.1. Email: khawarb@khawarb.255.1 255.123.255.123.netmetric-solutions.255.1 201 ietf b Frame-relay map ip 192.123.0 No frame-relay inverse Frame-relay map ip 192.255.com 9 of 230 . o The routers connecting to the frame-relay cloud should be configured in a hub and spoke.1.3 201 ietf Frame-relay map ip 192.3 301 ietf Inter S0/0.1. with R1 being the hub and R2.1.255.123. These routers must authenticate each other before they can communicate.0 Encapsulation frame No frame-relay inverse Frame-relay map ip 192.255.com.255.1. R3 should not be configured with a sub-interface and these routers should NOT rely on Inverse-arp.1.123 multipoint Ip address 192.1.0 Frame-relay interface-dlci 104 ! Int S0/0.

14.1.255.41 No ip address Inter virtual-template 1 Ip address 192.41 Frame-relay interface-dlci 401 ppp virtualtemplate 1 Copyrights Netmetric Solutions 2006-2010 Website: http://www.0 Ppp authentication chap Int S0/0.0 Ppp authentication chap Int S0/0. Email: khawarb@khawarb.14 Frame-relay interface-dlci 104 ppp virtualtemplate 1 R4 Username R1 password Cisco Inter S0/0.14.com 10 of 230 .com.14 No ip address Inter virtual-template 1 Ip address 192.netmetric-solutions.255.1 255.R1 Username R4 password Cisco Interface S0/0.4 255.1.255.255.

com 11 of 230 .com.netmetric-solutions. Email: khawarb@khawarb.Module 2 – Basic Switching Copyrights Netmetric Solutions 2006-2010 Website: http://www.

Use CCIE as the Domain name.1.15) R4 192.2 (.1.1) 192.0/24 VLAN 40 SW1 VLAN 40 (.34.0/24 VLAN 20 F0/0.1.1.2 (.3) 192.15) F 0/0 (.1 (.Lab 1 Basic 3550 Configuration R5 F 0/0 (. Authenticate the relationship using CCIERS as the password.2) R2 Task 1 Configure Switch1 as the VTP Server and the other Switch(s) as VTP Clients.15. Switch1 VTP domain CCIE VTP mode server VTP password CCIERS Switch2 VTP domain CCIE VTP mode client VTP password CCIERS Copyrights Netmetric Solutions 2006-2010 Website: http://www.13.4) VLAN 30 (.netmetric-solutions.0/24 VLAN 30 F 0/0 (.2.5) 192.1) R1 F 0/0.3) R3 F0/0.1 (.com.0/24 VLAN 10 F 0/0. Email: khawarb@khawarb.com 12 of 230 .

All Switches Interface range F0/XX – XX Switchport trunk encapsulation dot1q Switchport mode trunk Switchport nonegotiate Task 4 Assign Ports to the appropriate VLANs based on the Network Diagram. Email: khawarb@khawarb. Make sure the ports are either set to Trunk or Access statically.Switch3 VTP domain CCIE VTP mode client VTP password CCIERS Task 2 Switch4 VTP domain CCIE VTP mode client VTP password CCIERS Ensure that you can enhances network bandwidth use through the trunk ports by reducing the unnecessary traffic flooding of VLANs throughout the switches in your network. All Switches Vtp pruning Task 3 Ensure that the Trunk ports of your Rack are statically configured to trunk using an industry standard protocol. Configure these ports such that they will trunk even if the negotiation fails.netmetric-solutions.com. Also make sure to disable DTP on the trunk interfaces. Use the physical topology diagram for your rack to accomplish this.com 13 of 230 . SwitchX interface F0/XX Switchport mode access Switchport access vlan XX ! interface F0/XX Switchport trunk encapsulation dot1q Swithcport mode trunk Task 5 Copyrights Netmetric Solutions 2006-2010 Website: http://www.

the switch should reduce it's throughput for this port.com 14 of 230 . Email: khawarb@khawarb.com. Copyrights Netmetric Solutions 2006-2010 Website: http://www. Switch1 interface F0/2 flowcontrol receive on Task 6 Test by pinging directly connected interfaces on each router or Switch1.netmetric-solutions.Enable flow-control on SW1 interface fa0/2 and make sure that when the router connected to this port announce congestion.

com 15 of 230 . Email: khawarb@khawarb.Module 3 – RIP V2 Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com.

13. Use 15 for Switch1.X.0 Network 192.34.com 16 of 230 .0.0 Network 192.X/8 for the IP address of the loopback.1.0 Network 192.0.0. Lab Objective: Task 1 Configure Loopback 0 on all routers and Switch1. Use the format of X.0 Network 192.34.0. Disable Auto-summary.0 Network 192. Email: khawarb@khawarb. Task 2 Configure RIP V2 on all Devices to advertise all directly connected networks.1.com.0 Network 192.0 Network 192.0 R4 Router Rip Version 2 No auto-summary Network 4.15.0.1.1.34.0.netmetric-solutions. R1 Router Rip Version 2 No auto-summary Network 1.0.2.0.1.15.0 Network 192.0.2.0.1.1.1.X.0 Copyrights Netmetric Solutions 2006-2010 Website: http://www.0 Network 192.13.0 R5 Router Rip Version 2 No auto-summary Network 5.0.0 R3 Router Rip Version 2 No auto-summary Network 3.0 R2 Router Rip Version 2 No auto-summary Network 2.0 Switch1 IP Routing ! Router RIP Version 2 No auto-summary Network 15.0.1.Lab 1 – Basic RIP V2 Configuration Note: It builds on the topology created in the previous lab.

2 Ip rip authentication key-chain AUTH IP rip authentication mode MD5 Copyrights Netmetric Solutions 2006-2010 Website: http://www. Use ccie as the key-string with a key-id of 1.com 17 of 230 .2 Ip rip authentication key-chain AUTH IP rip authentication mode MD5 R2 Key chain AUTH Key 1 Key-string ccie ! Interface F 0/0 Ip rip authentication key-chain AUTH Ip rip authentication mode MD5 R4 Key chain AUTH Key 1 Key-string ccie ! Interface F 0/0 Ip rip authentication key-chain AUTH Ip rip authentication mode MD5 R5 Key chain AUTH Key 1 Key-string ccie ! Interface F 0/0 Ip rip authentication key-chain AUTH R3 Key chain AUTH Key 1 Key-string ccie ! Interface F 0/0.Lab 2 – RIP V2 Authentication (Builds on Lab1) Lab Objective: Task 1 Configure Clear Text authentication between R1 and R5.1 Ip rip authentication key-chain AUTH Task 2 Configure MD5 authentication for all links except the previously configured link between R1 and R5. R1 Key chain AUTH Key 1 Key-string ccie ! Interface F 0/0.1 Ip rip authentication key-chain AUTH IP rip authentication mode MD5 ! Interface F 0/0. R1 Interface F 0/0. Use the same key and key-string. Email: khawarb@khawarb.netmetric-solutions.com.

Switch 1 Key chain AUTH Key 1 Key-string ccie ! Interface VLAN 30 Ip rip authentication key-chain AUTH Ip rip authentication mode MD5 ! Interface VLAN 40 Ip rip authentication key-chain AUTH Ip rip authentication mode MD5 Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions. Email: khawarb@khawarb.com 18 of 230 .com.

1 255.255.1/24 Loopback 25: 201.1/24 R3 Interface loopback 21 Ip address 201.1 255.3.0 Task 2 R1 should only receive routes from the 201.255.2.1 255.1.X.6.4.4.1.255.1.0 Interface loopback 26 Ip address 201.6.1. Use the minimum number of lines possible to accomplish this task.0 Network 201.255.0 Network 201.0 Interface loopback 24 Ip address 201.255.3.255.1/24 Loopback 26: 201.1/24 Loopback 22: 201.1.255. Email: khawarb@khawarb.1 255.2.0 Network 201.1. No Copyrights Netmetric Solutions 2006-2010 Website: http://www.Lab 9 – IP RIP Triggered Lab 3 – Route Filtering (Builds on Lab 2) Lab Objective: Task 1 using Distribute Lists Configure the following Loopback Interfaces on R3 and advertise them under RIP: Loopback 21: 201.1.1 255.0 Network 201.1.1.1.255.1 255.com.1.1.0 range that have an even number in the 3rd Octet.1.5.1/24 Loopback 23: 201.0 Network 201.0 Interface loopback 25 Ip address 201.1/24 Loopback 24: 201.3.255.1.0 Interface loopback 22 Ip address 201.5.0 ! Router RIP Network 201.1.com 19 of 230 .4.netmetric-solutions.1.2.1.1.255.1.6.5.1.255.0 Interface loopback 23 Ip address 201.1.1.255.

R3 Access-list 2 deny 201.0 routes.0 0.1.255 Access-list 2 permit any ! Router RIP Distribute-list 2 out F0/0.X.com.netmetric-solutions.1 Copyrights Netmetric Solutions 2006-2010 Website: http://www.com 20 of 230 .1. Make sure R4 and Switch1 receive all 201.configuration should be done on R1.1.254. Email: khawarb@khawarb.0.

255.1 255.1.255.255.1 255.224 Interface loopback 25 Ip address 206.1.1.33/27 Loopback 25: 206.1/24 Loopback 22: 150.0 Network 107.1.1.1.0 Network 206.1.0 Interface loopback 23 Ip address 150.netmetric-solutions.1.0 Task 2 R1 should only receive prefixes with a prefix-length of 8 to 24 from R5.50.com.2.3.255.1.com 21 of 230 .1 255.0.1/16 R5 Interface loopback 21 Ip address 150.1/24 Loopback 24: 205.0 Interface loopback 24 Ip address 205.255.17/28 Loopback 26: 107.1 255. Email: khawarb@khawarb.255.0 ! Router Rip Network 150.1.50.1.1.50. Configure the Filtering on R1.255.240 Interface loopback 26 Ip address 107.50.Lab 4 – Route Filtering using Prefix-List (Builds on Lab 3) Lab Objective: Task 1 Configure the following Loopback Interfaces on R5 and advertise them under RIP: Loopback 21: 150.1.255.50.1 255.0.2.0.50.1. Copyrights Netmetric Solutions 2006-2010 Website: http://www.1.0 Network 205.1.0.33 255.50.3.255.1.255.0 Interface loopback 22 Ip address 150.1/24 Loopback 23: 150.1.255.

0.R1 ip prefix-list VALID-PREF seq 5 permit 0.com.0.1 Copyrights Netmetric Solutions 2006-2010 Website: http://www.0/0 ge 8 le 24 ! Router RIP distribute-list prefix VALID-PREF in F0/0.com 22 of 230 .netmetric-solutions. Email: khawarb@khawarb.

1.1.1.0 Interface loopback 42 Ip address 154.1 255.1.com 23 of 230 .1.1 255.12.255.9.0 Interface loopback 43 Ip address 154.1/24 Loopback 48: 154.1/24 Loopback 43: 154.1.1.1 255.14.0 Task 2 Copyrights Netmetric Solutions 2006-2010 Website: http://www.9.0 ! Router Rip Network 154.1.13.1.1/24 Loopback 44: 154.255.1/24 Switch1 Interface loopback 41 Ip address 154. Email: khawarb@khawarb.255.8.0 Interface loopback 46 Ip address 154.255.255.1/24 Loopback 42: 154.10.255.netmetric-solutions.11.0.1.1 255.255.255.255.8.255.1 255.11.255.1.255.255.1.255.1.14.0 Interface loopback 44 Ip address 154.10.Lab 5 – Route Summarization with RIP (Builds on Lab 4) Lab Objective: Task 1 Configure the following Loopback Interfaces on Switch1 and advertise them under RIP: Loopback 41: 154.1/24 Loopback 45: 154.com.1.1.1 255.1.0 Interface loopback 47 Ip address 154.1 255.15.12.255.1/24 Loopback 46: 154.1 255.13.1/24 Loopback 47: 154.255.15.0 Interface loopback 45 Ip address 154.0 Interface loopback 48 Ip address 154.1.

com 24 of 230 .com.0 255. Switch1 int VLAN 30 ip summary-address rip 154.1.255. Email: khawarb@khawarb.0 Copyrights Netmetric Solutions 2006-2010 Website: http://www.Ensure that all routers except R2 only get a summary route from Switch1 for the new Loopback interfaces that were created in Task 1.netmetric-solutions. R2 should get all the specific routes.8.248. Do not eable auto summary on Switch1.

com 25 of 230 .Module 4 – EIGRP Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions. Email: khawarb@khawarb.com.

255.0 IP Address 2.23.1 Subnet Mask 255.255.1 192.2.255.3 Subnet Mask 255.1.2 192.0.Lab 1 – Basic EIGRP Configuration R1 Loopback 0 E 0/0 E 0/0 R2 Loopback 0 S 0/0 S 0/0 Loopback 0 R4 E 0/0 E 0/0 R3 Loopback 0 Interface IP Address Configuration R1 Interface Loopback 0 E 0/0 R2 Interface Loopback 0 E 0/0 S 0/0 R3 Interface Loopback 0 S 0/0 E 0/0 IP Address 3.0.0.255.1.1.3.3.0 255.23.0 255.255.255.0 IP Address 1.com.1.34.2 192.2 Subnet Mask 255.3 192.12.255.0 Copyrights Netmetric Solutions 2006-2010 Website: http://www.1.0 255.12. Email: khawarb@khawarb.0.1.255.255.com 26 of 230 .255.1.0.3 192.netmetric-solutions.0.0 255.0 255.2.

0.4.255.1. Email: khawarb@khawarb.2 255.4 192.255.4 255.3.255.0 Interface E 0/0 Ip address 192.1.3 255.23.12.4 255.0 Interface E 0/0 Ip address 192.0 No shut R2 Interface Loopback 0 Ip address 2.2.255.1.23.255.4.1.4.2.0 Interface E 0/0 Ip address 192.23.0 R3 Interface Loopback 0 Ip address 3.1.255.0 No shut Interface S 0/0 Ip address 192.0.3.255.12.255.0.255.com 27 of 230 .3 255.4 Subnet Mask 255.3 255.34.1.1.4.R4 Interface Loopback 0 E 0/0 Lab Objective: Task 1 Configure the interfaces with the appropriate addresses.34.255.0 255.0.1.255.1 255.0. Copyrights Netmetric Solutions 2006-2010 Website: http://www.255.2 255.2 302 broad No shut Task 2 Configure EIGRP on all 4 routers in AS 12353.0 Encap frame-relay No frame-relay inverse-arp Frame-relay map ip 192.0 Interface E 0/0 Ip address 192.1. Configure the Serial interfaces between R2 and R3 using Frame Relay.0.3 203 broad No shut R4 Interface Loopback 0 Ip address 4. Disable Auto-summary.0 Encap frame-relay No frame-relay inverse-arp Frame-relay map ip 192.1.0.0.0.2 255.23. Configure the interface as a Regular Frame Relay interface. R1 Interface Loopback 0 Ip address 1. Configure the Frame Relay mapping manually.com.netmetric-solutions.1 255.255.255.1.0 No shut Interface S 0/0 Ip address 192.0 No shut IP Address 4.34.0.

0.12.0 R2 Router EIGRP 12353 No auto-summary Network 2.com.1.0 Network 192.0 Network 192.0 Network 192.0 R3 Router EIGRP 12353 No auto-summary Network 3.1.0 Network 192.34.23.0 Copyrights Netmetric Solutions 2006-2010 Website: http://www.R1 Router EIGRP 12353 No auto-summary Network 1.1.1.0.23.12.netmetric-solutions.0. Email: khawarb@khawarb.0.com 28 of 230 .0 R4 Router EIGRP 12353 No auto-summary Network 4.0.34.0.0.1.0 Network 192.1.0.0 Network 192.

netmetric-solutions. Use ccie as the key-string with a key-id of 1. R1 Key chain AUTH Key 1 Key-string ccie ! Interface E 0/0 Ip authentication key-chain eigrp 12353 AUTH Ip authentication mode eigrp 12353 MD5 R2 Key chain AUTH Key 1 Key-string ccie ! Interface S 0/0 Ip authentication key-chain eigrp 12353 AUTH Ip authentication mode eigrp 12353 MD5 ! Interface E 0/0 Ip authentication key-chain eigrp 12353 AUTH Ip authentication mode eigrp 12353 MD5 R4 Key chain AUTH Key 1 Key-string ccie ! Interface E 0/0 Ip authentication key-chain eigrp 12353 AUTH Ip authentication mode eigrp 12353 MD5 R3 Key chain AUTH Key 1 Key-string ccie ! Interface S 0/0 Ip authentication key-chain eigrp 12353 AUTH Ip authentication mode eigrp 12353 MD5 ! Interface E 0/0 Ip authentication key-chain eigrp 123453 AUTH Ip authentication mode eigrp 12353 MD5 Copyrights Netmetric Solutions 2006-2010 Website: http://www.Lab 2 – EIGRP Authentication (Builds on Lab1) Lab Objective: Task 1 Configure MD5 authentication for all links. Email: khawarb@khawarb.com 29 of 230 .com.

R1 router eigrp 12353 metric maximum-hops 110 R3 router eigrp 12353 metric maximum-hops 110 Task 2 Change the administrative distance of all internal and external EIGRP networks to be 95. R2 Interface S 0/0 ip bandwidth-percent eigrp 12353 45 Interface E 0/0 ip bandwidth-percent eigrp 12353 45 Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions. you should use an EIGRP specific command to accomplish this task.com.Lab 9 – IP RIP Triggered Lab 3 – Advanced (Builds on Lab 2) Lab Objective: Task 1 EIGRP Configurations Configure all routers such that they advertise EIGRP routes with greater than 110 hops as unreachable. Email: khawarb@khawarb. R1 router eigrp 12353 distance eigrp 95 95 R3 router eigrp 12353 distance eigrp 95 95 Task 3 Ensure that R2 never uses more than 45% of the bandwidth for EIGRP updates.com R2 router eigrp 12353 metric maximum-hops 110 R4 router eigrp 12353 metric maximum-hops 110 R2 router eigrp 12353 distance eigrp 95 95 R4 router eigrp 12353 distance eigrp 95 95 30 of 230 .

before declaring the routes on R2 to be in SIA state to 10 minutes. Email: khawarb@khawarb.Task 4 The Serial link between R3 and R2 sometimes is experiencing congestion and most of the time R3 declares R2 in Stuck-In-Active. R3 Router eigrp 12353 Timers active-time 10 Copyrights Netmetric Solutions 2006-2010 Website: http://www.com 31 of 230 . Change the time that R3 will wait after sending a query to R2.com.netmetric-solutions.

1 255.6.1.0 Network 201.1.3.255.1.Lab 4 – Route Filtering using Distribute Lists (Builds on Lab 3) Lab Objective: Task 1 Configure the following Loopback Interfaces on R2 and advertise them in EIGRP: Loopback 21: 201.6.1. Make sure R3 and R4 receive all 201. Use the minimum number of lines possible to accomplish this task.1 255.0 Network 201.0 Interface loopback 24 Ip address 201.1.255.3.1.255.4.1 255.255.1.com.0 range that have an even number in the 3rd Octet.0 Network 201.2.255.1.1/24 Loopback 26: 201.255.1 255.4.1.X.1/24 R2 Interface loopback 21 Ip address 201.1 255.3. Email: khawarb@khawarb. No configuration should be done on R1.1/24 Loopback 25: 201.5.1.0 Network 201.1/24 Loopback 22: 201.1 255.1/24 Loopback 23: 201.0 Interface loopback 25 Ip address 201.1.0 Task 2 R1 should only receive routes from the 201.1/24 Loopback 24: 201.1.0 ! Router EIGRP 12353 Network 201.1.0 Network 201.255. Copyrights Netmetric Solutions 2006-2010 Website: http://www.6.255.netmetric-solutions.5.X.4.255.1.0 routes.1.1.255.255.255.1.2.1.1.0 Interface loopback 23 Ip address 201.0 Interface loopback 26 Ip address 201.1.com 32 of 230 .0 Interface loopback 22 Ip address 201.1.1.5.2.1.

0.1.netmetric-solutions.0 0. Email: khawarb@khawarb.254.com 33 of 230 .R2 Access-list 2 deny 201.1.255 Access-list 2 permit any ! Router EIGRP 12353 Distribute-list 2 out E 0/0 Copyrights Netmetric Solutions 2006-2010 Website: http://www.com.

0.1.50.1.0 Network 206.1/24 Loopback 22: 150.255.255.255.0 Interface loopback 24 Ip address 205.33/27 Loopback 25: 206.0.netmetric-solutions.1.1.0 Task 2 R4 should only receive prefixes with a prefix-length of 8 to 24 from R3.1.1.2.1 255.255.0.255.2.50.0.1.0 ! Router EIGRP 12353 Network 150.1 255.1 255. Email: khawarb@khawarb.255. R4 ip prefix-list VALID-PREF seq 5 permit 0.1.1/24 Loopback 24: 205.0 Interface loopback 22 Ip address 150.0 Network 205.1/24 Loopback 23: 150.1.255.255.1.1.224 Interface loopback 25 Ip address 206.50.0 Network 107.3.1.50.Lab 5 – Route Filtering using Prefix-List (Builds on Lab 4) Lab Objective: Task 1 Configure the following Loopback Interfaces on R3 and advertise them under EIGRP: Loopback 21: 150.17/28 Loopback 26: 107.1.0.com.50.255.1 255.1 255.50.0 Interface loopback 23 Ip address 150.0.1.3.240 Interface loopback 26 Ip address 107.255.1.33 255.com 34 of 230 .1.1.50.1.1/16 R3 Interface loopback 21 Ip address 150.0/0 ge 8 le 24 Copyrights Netmetric Solutions 2006-2010 Website: http://www.255.

com 35 of 230 .! Router EIGRP 12353 distribute-list prefix VALID-PREF in F0/0 Copyrights Netmetric Solutions 2006-2010 Website: http://www.com.netmetric-solutions. Email: khawarb@khawarb.

1/24 Loopback 48: 194.11.8.0 Interface loopback 45 Ip address 194.netmetric-solutions.255.1/24 Loopback 43: 194.1.1/24 R3 Interface loopback 41 Ip address 194.255.1.1 255.255.255.0 Network 194.255.1.0 ! Router EIGRP 12353 Network 194.255.10.Lab 6 – Route Summarization with EIGRP (Builds on Lab 5) Lab Objective: Task 1 Configure the following Loopback Interfaces on R3 and advertise them under EIGRP: Loopback 41: 194.255.1 255.1.0 Network 194.9.0 Interface loopback 43 Ip address 194.1.14.1 255.14.1.13.12.150 Copyrights Netmetric Solutions 2006-2010 Website: http://www.255.1.1/24 Loopback 47: 194.11.1 255.0 Network 194.1.1. Email: khawarb@khawarb.255.1.0 Network 194.com.0 Interface loopback 42 Ip address 194.255.12.1.13.1.1.255.255.15.13.9.255.1.1.1/24 Loopback 46: 194.110 Network 194.1/24 Loopback 42: 194.10.0 Network 194.1.255.8.1 255.1 255.1 255.1.255.1.0 Interface loopback 46 Ip address 194.1/24 Loopback 44: 194.0 Interface loopback 48 Ip address 194.0 Interface loopback 44 Ip address 194.1.1.14.1 255.0 Network 194.1/24 Loopback 45: 194.1.8.9.1.255.1.1.com 36 of 230 .10.15.0 Interface loopback 47 Ip address 194.12.

com 37 of 230 . R3 should NOT enable auto summary.0 255.248.1.0 ! int S0/0 ip summary-address eigrp 12353 194.255.netmetric-solutions.0 Copyrights Netmetric Solutions 2006-2010 Website: http://www.0 255.com.Task 2 Ensure that all routers only get a summary route from R3 for the new Loopback interfaces that were created in Task 1.1.255.248.8. Email: khawarb@khawarb. R3 int E0/0 ip summary-address eigrp 12353 194.8.

Lab 7 – EIGRP Stub (Builds on Lab 6) Task 1 Create a new Loopback interface on R1. Assign it an IP Address of 10. R1 Interface Loopback 10 Ip address 10.com. Email: khawarb@khawarb.1.com 38 of 230 .255.1.netmetric-solutions.0 ! Route-map REDCON permit 10 Match interface Loopback10 ! Router EIGRP 12353 No auto-summary Network 192.12.1. Advertise it in EIGRP 12353 without using the “network” command.1.1.1/24.255. Task 2 Make sure R2 does not send any query packets to R1.0 Eigrp stub connected Redistribute connected route-map REDCON Copyrights Netmetric Solutions 2006-2010 Website: http://www.1 255.

netmetric-solutions.Module 5 – OSPF Copyrights Netmetric Solutions 2006-2010 Website: http://www. Email: khawarb@khawarb.com.com 39 of 230 .

3 Subnet Mask 255.1 Subnet Mask 255.0.Lab 1 – Basic OSPF Configuration on BMA R1 Loopback 0 E 0/0 E 0/0 R2 Loopback 0 Loopback 0 Loopback 0 E 0/0 R3 E 0/0 R4 Interface IP Address Configuration R1 Interface Loopback 0 E 0/0 R2 Interface Loopback 0 E 0/0 R3 Interface Loopback 0 E 0/0 R4 Interface Loopback 0 E 0/0 IP Address 4.0.0.com 40 of 230 .0.0 IP Address 1.3.0.4 100.0.0 Copyrights Netmetric Solutions 2006-2010 Website: http://www.4.0.0.4.1 100.1.com.0.0.3 100.0.0.0.0.0 255.0.0.0 255.0.2.0 IP Address 2.1.0.2 Subnet Mask 255.2.0.0 255.0.3.0 IP Address 3.0.2 100.0 255.0. Email: khawarb@khawarb.4 Subnet Mask 255.netmetric-solutions.0.0.

Copyrights Netmetric Solutions 2006-2010 Website: http://www.255.255 area 0 Network 100.255.0 0.0.11.0 0.0 0.0.0.22 R3 – 33.255.0.0 0.255.44 R1 Router OSPF 1 Router-id 11.255 area 0 Network 100.33.0.22.255 area 0 Network 100.0.com 41 of 230 .44.255.11.0 0.11.0 0.0.33 R4 – 44.255.0. Advertise all networks on all routers.22.0.33.0.255 area 0 R4 Router OSPF 1 Router-id 44.33.0 0.255.255 area 0 Task 2 Configure the routers such that R1 becomes the DR and R2 as the BDR on the 100 Network.11 Network 1.0.22.255.255.44.22 Network 2.255.0.11.0.44.0. R1 Interface E 0/0 Ip ospf priority 100 R2 Interface E 0/0 Ip ospf priority 50 R2 Router OSPF 1 Router-id 22.255.44.com.33 Network 3.0.255.255 area 0 Note: Shut the Switch interface that connect to the routers using the Interface Range command and bring them back up to reset the DR/BDR setup.11 R2 – 22. Hard Code the Router-id based on the following: R1 – 11.33.Lab Objective: Configure the Interface IP addresses based on the above table Task 1 Configure OSPF on a Broadcast Multi-Access(BMA) Ethernet network in Area 0.255 area 0 R3 Router OSPF 1 Router-id 33.255.netmetric-solutions. Email: khawarb@khawarb.255.255.0.255.44 Network 4.22.255 area 0 Network 100.0 0.

3 255. Email: khawarb@khawarb.1.2.2.0.2.0.2 255.0.0 R3 Interface Loopback 0 Ip address 3.4.1.4 255.2.4.1 255.0 Copyrights Netmetric Solutions 2006-2010 Website: http://www.4.0.0 R4 Interface Loopback 0 Ip address 4.netmetric-solutions.1/8 R2 – Loopback 0 – 2.Lab 2 – OSPF and Frame Relay R1 R4 Frame-Relay R2 R3 Task 1 Configure the following loopback on all the routers: R1 – Loopback 0 – 1.0.4.0.3.0 R2 Interface Loopback 0 Ip address 2.3/8 R4 – Loopback 0 – 4.4/8 R1 Interface Loopback 0 Ip address 1.2/8 R3 – Loopback 0 – 3.0.3.com 42 of 230 .1.0.3.1.com.3.

0 Encap frame-relay No frame-relay inverse-arp Frame-relay map ip 192.2 301 Frame-relay map ip 192.123.1.255. Do not use the Frame-relay map command on R1 for this task.1 201 broad Frame-relay map ip 192.1 255. R2 and R3 using Frame Relay.1.1.0 Frame-relay map ip 192.123.0 Frame-relay interface-dlci 104 R4 Interface S0/0 Ip address 192. R1 Interface S 0/0 Encap frame-relay No frame-relay inverse-ARP No shut Interface S0/0. All routers should be able to ping each other and their own local frame-relay interfaces.1.123.123.1 255.1.1.14.2 255.1 301 broad Frame-relay map ip 192.3 255.0 Encap frame-relay No frame-relay inverse-arp Frame-relay map ip 192.com.1.14.255.255.4 point-to-point Ip address 192.123.0/24 as the network for this link.1. Email: khawarb@khawarb.netmetric-solutions.123. R1 Interface S0/0.123.com 43 of 230 .255.14. Do not create any subinterfaces on R4.123.1. Use 192.255.4 255.255.123.0 Encap frame-relay No frame-relay inverse-arp Frame-relay map ip 192.1.0/24 as the network for this link.1.123.2 201 Frame-relay map ip 192.255.3 301 No shut Copyrights Netmetric Solutions 2006-2010 Website: http://www.1.23 multipoint Ip address 192.255.123.3 201 No shut R3 Interface S0/0 Ip address 192.Task 2 Configure the link between R1 and R4 using Frame Relay.1.1 401 broad No shut Task 3 Configure the link between R1.3 103 broad R2 Interface S0/0 Ip address 192.1.1.1.14.255.1 102 Frame-relay map ip 192. This link should be a multipoint link Do not create any sub-interfaces on R2 and R3. Do not rely on Inverse ARP for Frame Relay mappings.2 102 broad Frame-relay map ip 192. Use 192.1.123.123. Do not rely on Inverse ARP for Frame Relay mappings.255. Keep in mind that R1 will also be connected to R2 and R3 over a Multipoint interface.

255.255.0 0.1.123.0 0.1 Network 1.com.14.255.com 44 of 230 .0 0.4.255.0.0.2.255.1.1.0.255 area 0 Network 192. Do not use the Neighbor command for this task.255. R3 and R4.2 Network 2.0 0.0.255 area 0 Copyrights Netmetric Solutions 2006-2010 Website: http://www.255 area 0 R3 Interface S0/0 Ip ospf network point-to-multipoint ! Interface Loopback 0 Ip ospf network point-to-point ! Router OSPF 1 Router-id 3.0.3.0.2.255 area 0 R4 Interface S0/0 Ip ospf network point-to-point ! Interface Loopback 0 Ip ospf network point-to-point ! Router OSPF 1 Router-id 4.3 Network 3.netmetric-solutions.0 0.1.0.255 area 0 Network 192.23 Ip ospf network point-to-multipoint ! Interface Loopback 0 Ip ospf network point-to-point ! Router OSPF 1 Router-id 1. All loopback networks should be visible in all routing tables.123.4 Network 4. They should be using a /8 mask.0.0.255.0 0.0.0 0.1.0.0 0.0 0. Hard-code the router ID based on the Loopback 0 addresses.255.0. R1 Interface S0/0.123.14.0.255 area 0 R2 Interface S0/0 Ip ospf network point-to-multipoint ! Interface Loopback 0 Ip ospf network point-to-point ! Router OSPF 1 Router-id 2. Do not use the OSPF network type broadcast on any of the Frame Relay links.255 area 0 Network 192.0.4.1.255 area 0 Network 192.0.0.255 area 0 Network 192.1.0.3. R2.Task 4 Configure OSPF in Area 0 as the routing protocol between R1. Email: khawarb@khawarb.0.

0 IP Address 192.255.3.255.1.0.3 Subnet Mask 255.Lab 3 – Virtual Link R1 Lo 0 E 0/0 192.com 45 of 230 .3 3.0 255.0/24 VLAN 3 E 0/0 S 0/0 Lo 0 R3 R5 R1 Interface Loopback 0 E 0/0 R2 Interface E 0/0 S 0/0 Loopback 0 R3 Interface S 0/0 E 0/0 Loopback 0 IP Address 192.0 255.0/24 Lo 0 VLAN 5 192.12.255.12.1.3.0 255.1.1.netmetric-solutions.com.255.5.255.1 192.0 IP Address 1.0.1.1.1.1.0.2.255.0.255.3.2.234.0 255.0 Copyrights Netmetric Solutions 2006-2010 Website: http://www.1.255.3.1.0/24 Switch 1 192.0/24 E 0/0 R2 Lo 0 S 0/0 R4 192.0.255.2 Subnet Mask 255.1 Subnet Mask 255.234. Email: khawarb@khawarb.2 2.255.1. 0.3 192.2 192.12.234.0 255.

255.0.0.255.4 255.2 255.1.1 255.0 255.1.0 no shutdown ! Copyrights Netmetric Solutions 2006-2010 Website: http://www.2 402 broadcast 46 of 230 IP Address 55.234.33 192.255.255.2 255.0.0 255.1.255.0.5 Subnet Mask 255.0.0.3.255.4.netmetric-solutions.255.1.55.0 encapsulation frame-relay frame-relay map ip 192.255.234.0.4 255.234.0 encapsulation frame-relay frame-relay map ip 192.0 IP Address 5.255.R4 Interface Loopback 0 S 0/0 R5 Interface Loopback 0 E 0/0 Switch 1 Interface Loopback 0 VLAN 3 VLAN 5 Interface Configuration R1 interface Loopback0 ip address 1.4 204 broadcast no frame-relay inverse-arp no shutdown R4 interface Loopback0 ip address 4.0.1. Email: khawarb@khawarb.0 ! interface Serial0/0 ip address 192.0.255.5.1.1.0.2.0 255.3 255.55.2 255.55 Subnet Mask 255.3 203 broadcast frame-relay map ip 192.1.3 255.0.3.255.255.0 ! interface Ethernet0/0 ip address 192.255.3.55 192.1 255.234.255.0 ! interface Ethernet0/0 ip address 192.234.4 192.4.0 R3 interface Loopback0 ip address 3.12.5.0 IP Address 4.0.1.0.1.1.5.0 no shut down ! interface Serial0/0 ip address 192.255.5 192.com.2.4.12.255.234.5.0 ! interface Ethernet0/0 ip address 192.com .3.4.4 Subnet Mask 255.255.1.0 no shutdown R2 interface Loopback0 ip address 2.0 255.1.0.255.1.

1.255 area 10 interface S 0/0 Copyrights Netmetric Solutions 2006-2010 Website: http://www.0.5. SW VLAN 3.255 area 0 network 192.255.0 ! interface Ethernet0/0 ip address 192. R2 Loopback 0 Area 10 – R2 S 0/0.255.255.2.255.0.0.0 no shutdown frame-relay map ip 192. R3 Loopback 0.255.234.5.0 0.255 area 0 network 192.4 302 no frame-relay inverse-arp no shutdown R5 interface Loopback0 ip address 5.1.3.1.3.0.0 ! interface Vlan3 ip address 192.1.interface Serial0/0 ip address 192. SW VLAN 5.12.234.0 0.255.0.1.5 255.1.0 0.255. R5 E 0/0. R1 router ospf 1 network 1. R4 S 0/0.3 network 2.55. R5 Loopback 0 Configure a Virtual Link between the appropriate devices.255.255 area 0 R2 router ospf 1 router-id 2.netmetric-solutions.1.55 255.0.0 0.0 encapsulation frame-relay frame-relay map ip 192.com.12. R3 S 0/0.0.2 area 10 virtual-link 3.3 255.2 302 broadcast frame-relay map ip 192. R2 E 0/0.com 47 of 230 .255. R1 E 0/0.0.1.0.255.0 no shutdown ! interface Vlan5 ip address 192.55.0.33 255. SW Loopback 0.255 area 0 network 192.55 255.234.0. R4 Loopback 0 Area 100 – R3 E 0/0. Advertise the networks in the following areas: Area 0 – R1 Loopback 0.5. Email: khawarb@khawarb.255.0.0 no shutdown Lab Objective: Task 1 Run OSPF as your Routing Protocol on all Routers and the Switch.5 255.1.3.1.255.0.234.0 0.2.3 402 no frame-relay inverse-arp no shutdown Switch interface Loopback0 ip address 55.234.5.0.

5.1.0.1.3.0.0.0. Email: khawarb@khawarb.255 area 100 ip ospf network point-to-mulitpoint R4 router ospf 1 network 4.0.0.1.0 0.0 0.0 0.5.0.3 area 10 virtual-link 2.255 area 100 Copyrights Netmetric Solutions 2006-2010 Website: http://www.255 area 100 network 192.0 0.0.1.0 0.0.3.255.0.0.0 0.3.0.255.255.0.255 area 10 ! interface S 0/0 ip ospf network point-to-mulitpoint Switch router ospf 1 network 55.255.com.234.255.255 area 10 ! interface S 0/0 ip ospf network point-to-mulitpoint R5 router ospf 1 network 5.netmetric-solutions.0.3.255 area 100 network 192.0.0 0.0.2.234.0 0.255 area 10 network 192.255 area 10 network 192.2.0.255 area 100 network 192.0.0 0.255.0.com 48 of 230 .1.255 area 100 network 192.0 0.255.1.255.0.R3 router ospf 1 router-id 3.2 network 3.

3 message-digest-key 1 md5 ccie R3 interface Ethernet0/0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 ccie ! interface Serial0/0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 ccie ! router ospf 1 area 10 virtual-link 2.netmetric-solutions.2 message-digest-key 1 md5 ccie Copyrights Netmetric Solutions 2006-2010 Website: http://www.com 49 of 230 .2 authentication message-digest area 10 virtual-link 2.2. R1 interface Ethernet0/0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 ccie R2 interface Ethernet0/0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 ccie ! interface Serial0/0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 ccie ! router ospf 1 area 10 virtual-link 3.3.Lab 4 – OSPF Authentication (Builds on Lab 3) Lab Objective: Task 1 All routers and the switch should Authenticate Routing updates using the most secure authentication method.2.3. Use Key 1 with a key-string of ccie.3 authentication message-digest area 10 virtual-link 3.com. The Virtual Link should also be authenticated. Do not use wide authentication.3.2. Email: khawarb@khawarb.2.3.

R4 interface Serial0/0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 ccie Switch interface Vlan3 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 ccie ! interface Vlan5 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 ccie R5 interface Ethernet0/0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 ccie Copyrights Netmetric Solutions 2006-2010 Website: http://www. Email: khawarb@khawarb.com 50 of 230 .netmetric-solutions.com.

1.0.255.0 255.1.com 51 of 230 .0 255.2 Subnet Mask 255.Lab 5 – Multi-Area Configurations with Filtering R1 Lo 0 E 0/0 192.2.0. Email: khawarb@khawarb.12.0 255.255.255.255.1.12.1.255.234.0/24 VLAN 3 E 0/0 S 0/0 Lo 0 R3 R5 R1 Interface Loopback 0 E 0/0 R2 Interface E 0/0 S 0/0 Loopback 0 R3 Interface S 0/0 E 0/0 IP Address 192.0 Copyrights Netmetric Solutions 2006-2010 Website: http://www.1.1.com.1 192.1.255.0/24 Lo 0 VLAN 5 192.255.0 255.0.234.0/24 E 0/0 R2 Lo 0 S 0/0 R4 192.255.2.234.0 IP Address 1. 0.3.1.3 Subnet Mask 255.1.1 Subnet Mask 255.2 2.1.255.12.255.2 192.netmetric-solutions.1.5.0 IP Address 192.3 192.3.0/24 Switch 1 192.

0.5.0 R2 interface Loopback0 ip address 2.5.255.2 255.0 encapsulation frame-relay frame-relay map ip 192.1.55 Subnet Mask 255.0 255.33 192.1.0 no shutdown R3 interface Loopback0 ip address 3.0.0 no shut down ! interface Serial0/0 ip address 192.1.234.1 255.255.1.2 255.234.55 192.5.255.255.3.3.55.0.1.0 IP Address 55.0 IP Address 4.1.4 204 broadcast no frame-relay inverse-arp no shutdown R4 interface Loopback0 ip address 4.0 ! interface Ethernet0/0 ip address 192.3.1.255.255.4.3 255.0 IP Address 5.55.1.4 255.234.0.255.4.255.com.2 255.234.0.12.1 255.255.0.255.3.4 Subnet Mask 255.0 255.255.3.1.0.0.Loopback 0 R4 Interface Loopback 0 S 0/0 R5 Interface Loopback 0 E 0/0 Switch 1 Interface Loopback 0 VLAN 3 VLAN 5 Interface Configuration R1 3.4 192.5 Subnet Mask 255.0 255.2.0.5 192.0 ! interface Ethernet0/0 Copyrights Netmetric Solutions 2006-2010 Website: http://www.com 52 of 230 .0.0.0.255.3 203 broadcast frame-relay map ip 192.5.3 255.0 ! interface Serial0/0 interface Loopback0 ip address 1. Email: khawarb@khawarb.0.1.0.0 ! interface Ethernet0/0 ip address 192.4.2.0.netmetric-solutions.1.0.255.4.12.0 255.255.

ip address 192.1.3.3 255.255.255.0 no shutdown ! interface Serial0/0 ip address 192.1.234.3 255.255.255.0 encapsulation frame-relay frame-relay map ip 192.1.234.2 302 broadcast frame-relay map ip 192.1.234.4 302 no frame-relay inverse-arp no shutdown R5 interface Loopback0 ip address 5.5.5.5 255.0.0.0 ! interface Ethernet0/0 ip address 192.1.5.5 255.255.255.0 no shutdown

ip address 192.1.234.4 255.255.255.0 encapsulation frame-relay frame-relay map ip 192.1.234.2 402 broadcast frame-relay map ip 192.1.234.3 402 no frame-relay inverse-arp no shutdown

Switch interface Loopback0 ip address 55.55.55.55 255.0.0.0 ! interface Vlan3 ip address 192.1.3.33 255.255.255.0 no shutdown ! interface Vlan5 ip address 192.1.5.55 255.255.255.0 no shutdown

Task 1 Run OSPF as your Routing Protocol on all Routers and the Switch. Configure the Frame Relay links as Point-to-multipoint network types. Advertise the networks in the following areas: Area 0 – R2 S 0/0, R3 S 0/0, R3 Loopback 0, R4 S 0/0, R4 Loopback 0 Area 10 – R1 Loopback 0, R1 E 0/0, R2 E 0/0, R2 Loopback 0 Area 100 – R3 E 0/0, SW VLAN 3, SW Loopback 0 R1 router ospf 1 router-id 1.1.1.1 network 1.0.0.0 0.255.255.255 area 10 network 192.1.12.0 0.0.0.255 area 10 R2 router ospf 1 router-id 2.2.2.2 network 2.0.0.0 0.255.255.255 area 10 network 192.1.12.0 0.0.0.255 area 10 network 192.1.234.0 0.0.0.255 area 0 ! interface S 0/0 ip ospf network point-to-mulitpoint R4 router ospf 1

R3 router ospf 1

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com

53 of 230

router-id 3.3.3.3 network 3.0.0.0 0.255.255.255 area 100 network 192.1.3.0 0.0.0.255 area 100 network 192.1.234.0 0.0.0.255 area 0 ! interface S 0/0 ip ospf network point-to-mulitpoint Switch router ospf 1 network 55.0.0.0 0.255.255.255 area 100 network 192.1.3.0 0.0.0.255 area 100 Task 2

network 4.0.0.0 0.255.255.255 area 0 network 192.1.234.0 0.0.0.255 area 0 ! interface S 0/0 ip ospf network point-to-mulitpoint

Run RIP as a Routing Protocol between R5 and the Switch. Advertise the Loopback on R5 in RIP. Mutually Redistribute RIP and OSPF on the Switch. R5 router rip network 5.0.0.0 network 192.1.5.0 Switch router rip network 192.1.5.0 redistribute ospf 1 metric 1 ! router ospf 1 redistribute rip subnets

Task 3 Create the following Loopbacks on R2: Loopback 21 – 12.1.1.1/24 Loopback 22 – 12.1.2.1/24 Advertise these newly created loopbacks in OSPF using the network command. Make sure they appear in the routing table using a /24 mask. Filter these routes going into Area 10. The configuration needs to be done on R2. R2 interface Loopback21 ip address 12.1.1.1 255.255.255.0 ip ospf network point-to-point ! interface Loopback21 ip address 12.1.2.1 255.255.255.0
Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com

54 of 230

ip ospf network point-to-point ! Ip prefix-list A10-IN deny 12.1.1.0/24 Ip prefix-list A10-IN deny 12.1.2.0/24 Ip prefix-list A10-IN permit 0.0.0.0/0 le 32 ! Router OSPF 1 Network 12.1.1.0 0.0.0.255 area 0 Network 12.1.2.0 0.0.0.255 area 0 Area 10 filter-list prefix A10-IN in Task 4 Create the following Loopbacks on R4: Loopback 41 – 44.1.1.1/24 Loopback 42 – 44.1.2.1/24 Loopback 43 – 44.1.3.1/24 Loopback 44 – 44.1.4.1/24 Advertise these newly created loopbacks in OSPF without using the network command. R4 interface Loopback41 ip address 44.1.1.1 255.255.255.0 ! interface Loopback42 ip address 44.1.2.1 255.255.255.0 ! interface Loopback43 ip address 44.1.3.1 255.255.255.0 ! interface Loopback44 ip address 44.1.4.1 255.255.255.0 ! access-list 1 permit 44.1.1.0 0.0.0.255 access-list 1 permit 44.1.2.0 0.0.0.255 access-list 1 permit 44.1.3.0 0.0.0.255 access-list 1 permit 44.1.4.0 0.0.0.255 ! route-map redcon permit 10 match ip address 1 ! router ospf 1
Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com

55 of 230

redistribute connected subnets route-map redcon Task 5 Area 10 should not receive any Inter Area or External Routes. The devices in Area 10 should have full connectivity to the rest of the network. Do not use any filtering mechanism. R1 router ospf 1 area 10 stub Task 6 Area 100 should not receive any Inter Area or External Routes from the Backbone. It should have full connectivity to all routes. It Should maintain connectivity to routes learned via RIP and propagate these routes to other Areas. Switch router ospf 1 area 100 nssa R3 router ospf 1 area 100 nssa no-summary R2 router ospf 1 area 10 stub no-summary

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com

56 of 230

0 ip ospf network point-to-point ! interface Loopback 204 ip address 201.0 ip ospf network point-to-point ! Router OSPF 1 Network 201.255.1/24 Advertise these newly created loopbacks in OSPF using the network command.1.1.0.0.com.0.5.0 0.6.1 255.netmetric-solutions.4.0 ip ospf network point-to-point ! interface Loopback 202 ip address 201.1.1.1/24 Loopback 203 – 201.255.1.7.255 area 10 Network 201.4.4.0 0.com R2 Router OSPF 1 Area 10 range 201.0 0.1.0.1.1 255.255 area 10 Task 2 Create the following Loopbacks on R4: Loopback 205 – 202.1/24 Copyrights Netmetric Solutions 2006-2010 Website: http://www.255 area 10 Network 201.255.6.0.5.0 0.5.255. R1 interface Loopback 201 ip address 201.255.0.1 255.255.252.1.255.7.1 255.1/24 Loopback 202 – 201.255 area 10 Network 201.1.1.255.4.0.255. These routes should be seen as a single summarized route outside of area 10.0 255.7.4.0.0 ip ospf network point-to-point ! interface Loopback 203 ip address 201.6. Email: khawarb@khawarb.Lab 6 – Summarization Inter-Area and External Routes (Builds on Lab 5) Task 1 Create the following Loopbacks on R1: Loopback 201 – 201.1.1. Make sure they appear in the routing table using a /24 mask.0 57 of 230 .1.1.1/24 Loopback 204 – 201.

4.1.6.0 ip ospf network point-to-point ! interface Loopback 207 ip address 202.255.0 ip ospf network point-to-point ! interface Loopback 206 ip address 202.1 255.1/24 Loopback 207 – 202.1. R4 interface Loopback 205 ip address 202.1.255.1/24 Loopback 208 – 202.1.0.5.255.0.255 access-list 5 permit 202.Loopback 206 – 202.7.netmetric-solutions.1 255.1.6.6.0.255.1/24 Advertise these newly created loopbacks in OSPF without using the network command.0 ip ospf network point-to-point ! interface Loopback 208 ip address 202.4.0 Copyrights Netmetric Solutions 2006-2010 Website: http://www.4.0 255.1.1 255.255.5.1.255 access-list 5 permit 202.255.255.5.0 0.0.1.0.1.255 access-list 5 permit 202. These routes should be seen be summarized.1.255.7.0 ip ospf network point-to-point ! access-list 5 permit 202.0 0. Email: khawarb@khawarb.255.252.1.0.0 0.0.7.com 58 of 230 .1.1 255. Make sure they appear in the routing table using a /24 mask.0 0.com.0.255 ! route-map redcon permit 10 match ip address 5 ! Router OSPF 1 Redistribute connected route-map redcon Summary-address 202.

255.255.1.com.0.3.0.234.2 Subnet Mask 255.12.0.3.0 IP Address 1.1.1 192.0 Copyrights Netmetric Solutions 2006-2010 Website: http://www.2 192.255.2.3 Subnet Mask 255.255.0/24 Lo 0 VLAN 5 192.netmetric-solutions.3.0/24 E 0/0 R2 Lo 0 S 0/0 R4 192.1.5.0/24 Switch 1 192. Email: khawarb@khawarb.1.0 255.3 3. 0.255.234.0 IP Address 192.1.255.1.1.0 255.255.0 255.1.0/24 VLAN 3 E 0/0 S 0/0 Lo 0 R3 R5 R1 Interface Loopback 0 E 0/0 R2 Interface E 0/0 S 0/0 Loopback 0 R3 Interface S 0/0 E 0/0 Loopback 0 IP Address 192.1.255.12.2.3.255.2 2.1.0 255.0.com 59 of 230 .0 255.3 192.1 Subnet Mask 255.12.0.255.1.234.Lab 7 – Redistribution R1 Lo 0 E 0/0 192.

0 255. Email: khawarb@khawarb.234.4 204 broadcast no frame-relay inverse-arp no shutdown R4 interface Loopback0 ip address 4.0 no shut down ! interface Serial0/0 ip address 192.5 Subnet Mask 255.com .4.55 Subnet Mask 255.0 encapsulation frame-relay frame-relay map ip 192.55.5.0 no shutdown Copyrights Netmetric Solutions 2006-2010 Website: http://www.255.3.0.0.3 255.0.netmetric-solutions.255.0.3 255.255.1 255.3.4 Subnet Mask 255.1.0 IP Address 4.4 255.0.4 255.0.255.1.0 ! interface Ethernet0/0 ip address 192.1.12.R4 Interface Loopback 0 S 0/0 R5 Interface Loopback 0 E 0/0 Switch 1 Interface Loopback 0 VLAN 3 VLAN 5 Interface Configuration R1 interface Loopback0 ip address 1.0 ! interface Ethernet0/0 ip address 192.255.234.0.0 255.1 255.55 192.2 255.0 ! interface Ethernet0/0 ip address 192.234.1.5.255.2 255.1.3.33 192.0.0 255.234.2.12.0 no shutdown R2 interface Loopback0 ip address 2.3 203 broadcast frame-relay map ip 192.1.0.255.0 255.3.255.255.2 255.1.255.5.2.0.0 encapsulation frame-relay 60 of 230 IP Address 55.4.1.255.1.5.1.0 ! interface Serial0/0 ip address 192.0 IP Address 5.1.255.0.255.1.55.255.255.255.255.5 192.4 192.com.1.255.234.0.4.0 R3 interface Loopback0 ip address 3.4.0.0.

1.3.234.55 255.234.1.1.com.5.2.2 402 broadcast frame-relay map ip 192.1/24 Loopback 7 – 192.255.5.2.5.255.0 no shutdown Lab Objective: Task 1 Create the following Loopbacks on R1.3 402 no frame-relay inverse-arp no shutdown Switch interface Loopback0 ip address 55.12.0.5.1.2.1.1 255.0 ! interface Ethernet0/0 ip address 192. Run RIP V2 as the Routing Protocol between R1 and R2. Advertise all directly connected networks including the newly created loopbacks in RIP.2.0.1 255.0 no auto-summary Copyrights Netmetric Solutions 2006-2010 Website: http://www.255.0 no shutdown frame-relay map ip 192.1.2.1/24 Loopback 4 – 192.0 encapsulation frame-relay frame-relay map ip 192.7.2.2.0 ! R2 router rip version 2 network 2.1.0 ! interface Loopback2 ip address 192.0.255.255.255.4 302 no frame-relay inverse-arp no shutdown R5 interface Loopback0 ip address 5.1.1/24 Loopback 2 – 192.234.255.com 61 of 230 .2.1/24 R1 interface Loopback1 ip address 192.0 network 192.55.2. Advertise the Loopback and the E 0/0 Interface on R2 in RIP.255.netmetric-solutions.5 255.1.0.2 302 broadcast frame-relay map ip 192.0.55.1.234.55 255. Email: khawarb@khawarb.! interface Serial0/0 ip address 192.1/24 Loopback 6 – 192.255.0.1/24 Loopback 5 – 192.0 ! interface Vlan3 ip address 192.255.3.4.1.1/24 Loopback 3 – 192.6.2.255.234.2.3 255.33 255.0 no shutdown ! interface Vlan5 ip address 192.2.8.1/24 Loopback 8 – 192.255.5.5 255. Loopback 1 – 192.

2. R3 and R4.0 network 192.2.2.0.0 ! interface Loopback8 ip address 192. Advertise all directly connected networks on R4 in EIGRP.1 255.0 network 192.255.0 ! interface Loopback5 ip address 192.netmetric-solutions.2.6.2.2.5.0 network 192.2.2.255.1.8.0 ! interface Loopback4 ip address 192.1 255.3.255.8.0 ! interface Loopback6 ip address 192.255.255.1.0 ! interface Loopback7 ip address 192.1 255.com.7.255.0 ! router rip version 2 network 1.1.6.2.255.2.interface Loopback3 ip address 192.7. Also advertise the Loopback 0 network of R3 in EIGRP.2.4.255.0.0 no auto-summary 62 of 230 . Advertise the S 0/0 interfaces on R2 and R3 in EIGRP.0 network 192.234.2. R2 router eigrp 234 network 192.1.0 no auto-summary Task 2 Run EIGRP in AS 234 as the Routing Protocol between R2.255. Email: khawarb@khawarb.255.3.2.com R3 router eigrp 234 network 3.0.0.255.0 network 192.5.1 255.0 network 192.0 network 192.1 255.4.0 network 192.0 network 192.1 255.255.2.2.234.12.0 no auto-summary R4 Copyrights Netmetric Solutions 2006-2010 Website: http://www.0 network 192.

com.0.0. Email: khawarb@khawarb.0 0.5.3.0 no auto-summary Task 3 Run OSPF in Area 0 as the Routing Protocol between R3. R2 router eigrp 234 redistribute rip metric 1 1 1 1 1 ! router rip redistribute eigrp 234 metric 5 Task 5 The RIP routes should not be leaked to OSPF and OSPF routes should not be leaked to RIP.0.0 0.255.0.0.0.0 network 192.0 0. Advertise all directly connected networks on R5 in OSPF.0 0.255 area 0 network 192.255.5.255 area 0 R3 router eigrp 234 redistribute ospf 1 metric 1 1 1 1 1 ! router ospf 1 redistribute eigrp 234 metric 150 metric-type 1 subnets 63 of 230 . Make sure OSPF adds the cost of the links in the OSPF metric for the External Routes. Advertise the 2 VLAN interfaces and the Loopback on the Switch in OSPF.1.0 0.netmetric-solutions.0 0.234.255 area 0 Switch router ospf 1 network 55.0.com R5 router ospf 1 network 5. R2 Route-map STAG per 10 Copyrights Netmetric Solutions 2006-2010 Website: http://www.0.1.0.0.1. the Switch and R5. R3 router ospf 1 network 192.255 area 0 network 192.0.router eigrp 234 network 4.0. You might have to re-configure the redistribution from the previous task to accomplish this.3. Advertise the E 0/0 network in OSPF on R3.1.0.255 area 0 network 192.255 area 0 Task 4 Configure Mutual redistribution between RIP and EIGRP at the appropriate router.0. Configure Mutual redistribution between EIGRP and OSPF at the appropriate router.1.255. Do not use the Distribute-list or Prefix-list command to accomplish this task.255.

com 64 of 230 .Set tag 120 ! Route-map MTAG deny 10 Match tag 110 Route-map MTAG permit 20 ! router eigrp 234 redistribute rip metric 1 1 1 1 1 route-map STAG ! router rip redistribute eigrp 234 metric 5 route-map MTAG R3 Route-map STAG per 10 Set tag 110 ! Route-map MTAG deny 10 Match tag 120 Route-map MTAG permit 20 ! router eigrp 234 redistribute ospf 1 metric 1 1 1 1 1 route-map STAG ! router ospf 1 redistribute eigrp 234 metric 150 metric-type 1 route-map MTAG subnets Copyrights Netmetric Solutions 2006-2010 Website: http://www.com.netmetric-solutions. Email: khawarb@khawarb.

com 65 of 230 .Module 6 – BGP Copyrights Netmetric Solutions 2006-2010 Website: http://www. Email: khawarb@khawarb.com.netmetric-solutions.

Email: khawarb@khawarb.Lab 1 – Connecting EBGP Physical Layout R1 Loopback 0 E 0/0 E 0/0 R2 Loopback 0 S 0/0 Loopback 1 Loopback 1 S 0/0 Loopback 1 Loopback 1 Loopback 0 R4 E 0/0 E 0/0 R3 Loopback 0 Logical Layout AS 1 AS 2 R2 R1 R4 R3 AS 4 AS 3 Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com 66 of 230 .com.

255.1.255.0.1.1.0 255.1.0.255.1.255. R1 should be in AS 1 and R2 should be in AS 2.255.255.2 12.com 67 of 230 .Interface IP Address Configuration R1 Interface Loopback 0 Loopback 1 E 0/0 R2 Interface Loopback 0 Loopback 1 E 0/0 S 0/0 R3 Interface Loopback 0 Loopback 1 S 0/0 E 0/0 R4 Interface Loopback 0 Loopback 1 E 0/0 Lab Objective: Task 1 Configure a BGP neighbor relationship between R1 and R2.0.255.1 11.1.1.3 13.0 Copyrights Netmetric Solutions 2006-2010 Website: http://www.1 192.0 255.4.1.1 192.0 255.0 IP Address 1. Hard-code the Router ID for the BGP routers as 11. Email: khawarb@khawarb.255.23.2.0 255.3.0.11.1.11 for R1 and 22.255.0.1.0 255.34.12.0 IP Address 2.0.com.4 Subnet Mask 255.1.255.255.2 Subnet Mask 255.22.0.0.0.0 255.255.0 255.23.2.11.1 192.netmetric-solutions.3 Subnet Mask 255.22.0 255.4.0 255.22 for R2.255.0.2 192. Advertise the loopback networks in BGP.1.0 255.255.0.255.255. R1 Router BGP 1 no auto-summary R2 Router BGP 2 no auto-summary IP Address 4.3 192.0.4 14.1 Subnet Mask 255.0.3.1 192.0.0 IP Address 3.12.34.0.0.

33 R2 Router BGP 2 Neighbor 192.0.0.0. R3 Ip route 4.44 Network 4.255.44.1.22.3 update-source loop 0 Neighbor 3.2 remote-as 2 Task 2 no sync bgp router-id 22.0.0.0 192.no sync bgp router-id 11.0.0.0.0.1.4 update-source loop 0 Neighbor 4.0.4 ebgp-multihop R4 Ip route 3.12.255.3.0 Network 11.0 Network 14.33.0 Neighbor 192.0 mask 255.33.2 remote-as 2 Task 3 Configure a BGP neighbor relationship between R3 and R4. R2 should already be configured in AS 2 and R3 should be in AS 3.com.0.1.0.44.3.3 ebgp-mulithop Copyrights Netmetric Solutions 2006-2010 Website: http://www.34.netmetric-solutions.4.0.0 255.44. Establish the neighbor relationship based on Loopback 0 addresses.0.33 Network 3.4.0.0 Neighbor 3.1.1.0 Neighbor 192.0 Network 12.4.12.3.4 remote-as 4 Neighbor 4.0.3 ! Router BGP 4 no auto-summary no sync bgp router-id 44.com 68 of 230 .1 remote-as 1 Configure a BGP neighbor relationship between R2 and R3.4.0 Network 13.0 mask 255. Advertise the loopback network of R4 in BGP.11 Network 1. Hard-code the Router ID for R3 as 33.4 ! Router BGP 3 Neighbor 4.255.11.33.1.3.0 mask 255.22.3 remote-as 3 R3 Router BGP 3 no auto-summary no sync bgp router-id 33.3 remote-as 3 Neighbor 3.23.0. You are allowed to create a static route on each router to accomplish this task.1.11.4.0 mask 255.33.0 192.0.0.0.3. Advertise the loopback network of R3 in BGP.22 Network 2.0 Neighbor 192.1.0 255.44.1.3. Hard-code the Router ID for R4 as 44.23.4.0. Email: khawarb@khawarb. R# should already be configured in AS 3 and R4 should be in AS 4.0.0.44.255.0.34.1.

R3 Router BGP 3 Neighbor 4.12.3 password cciesec Task 3 Configure MD5 Authentication between R3 and R4 using a password of cciers.4. R2 Router BGP 2 Neighbor 192. R1 Router BGP 1 Neighbor 192.3 password cciers R3 Router BGP 3 Neighbor 192.com.1 password cciers Copyrights Netmetric Solutions 2006-2010 Website: http://www.1.4.netmetric-solutions.4 password cciers R4 Router BGP 4 Neighbor 3.1.2 password cciers Task 2 Configure MD5 Authentication between R2 and R3 using a password of cciesec.23.1.Lab 2 – BGP Neighbor MD5 Authentication (Builds on Lab 1) Lab Objective: Task 1 Configure MD5 Authentication between R1 and R2 using a password of cciers.1.3. Email: khawarb@khawarb.com 69 of 230 .2 password cciesec R2 Router BGP 2 Neighbor 192.3.23.12.

com.com 70 of 230 . Email: khawarb@khawarb.Lab 3 – Configuring Route Reflectors Physical Layout R1 Loopback 0 E 0/0 E 0/0 R2 Loopback 0 S 0/0 S 0/0 Loopback 0 R4 E 0/0 E 0/0 R3 Loopback 0 Logical Layout R3 AS 234 AS 1 R3 R1 R2 R4 Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.

0.3.0 255.11 for R1 and 22.23.0.3 Subnet Mask 255.0 255.11.1 Subnet Mask 255.2 12.0.1.1.0 255.0.255.com.0 IP Address 2.2.255.0.1 192.255.4 14. Email: khawarb@khawarb.3 192.1.2.1 11.255.255.12.4.0 Copyrights Netmetric Solutions 2006-2010 Website: http://www.com 71 of 230 .1.4.0.34.255.0 255.255.0.0.3 13.22.3.255.0 255.255.0 IP Address 1.1.34.0.0.0.4 Subnet Mask 255.0 255.0.255.1.22 for R2.255.0.0 255.1.1.255.0 255.2 Subnet Mask 255.1 192.1.11.0.1 192.0.1 192.0 IP Address 3. Advertise the Loopback networks on both Routers.Interface IP Address Configuration R1 Interface Loopback 0 Loopback 1 E 0/0 R2 Interface Loopback 0 Loopback 1 E 0/0 S 0/0 R3 Interface Loopback 0 Loopback 1 S 0/0 E 0/0 R4 Interface Loopback 0 Loopback 1 E 0/0 Lab Objective: Task 1 Configure a neighbor relationship between R1 and R2 based on the Logical diagram.0.netmetric-solutions.255. Hard-code the Router ID for the BGP routers as 11.2 192.255.0 255.1. R1 Router BGP 1 no auto-summary R2 Router BGP 234 no auto-summary IP Address 4.1.22.255.23.1.12.0 255.255.

Do not configure a neighbor relationship between R2 and R4.0.255.0 Neighbor 192. R2 Router RIP Version 2 no auto-summary Network 192.1.22.0 mask 255.1.255.0 R2 Router BGP 234 no auto-summary no sync Network 2.11.255.1.com 72 of 230 .34.0 Network 12.1.1. Email: khawarb@khawarb.0.23.0. R3 Router RIP Version 2 no auto-summary Network 192.1.0 Neighbor 192.23.1.11.1 remote-as 1 Configure RIP V2 as the routing protocol within AS 234.23.1.255.1.0.0.22 Network 2.0.1.3 remote-as 234 Neighbor 192.0 mask 255.1.0.0 Neighbor 192.12.0.1.0 mask 255. Do not advertise the link between R1 and R2 in RIP.12.0.0 Network 12.0 R4 Router RIP no auto-summary Network 192.0.22.1.2 remote-as 234 Task 2 no sync bgp router-id 22. R3 and R4.0.netmetric-solutions.0.23.2 route-reflector-client Neighbor 192.com.0 mask 255.0.1.1.0 Network 13.3 next-hop-self R3 Router BGP 234 no auto-summary no sync Network 3.4 remote-as 234 Neighbor 192.34.34.no sync bgp router-id 11.2 remote-as 234 Neighbor 192.1.0. Advertise the Loopback networks under BGP.0 Task 3 Configure neighbor relationships between R2 and R3 and another one between R3 and R4.34.0 Network 11.23.0.23.11 Network 1.4 route-reflector-client R4 Copyrights Netmetric Solutions 2006-2010 Website: http://www. Only advertise the internal physical link in RIP on R2.0. Do not use a Confederation to accomplish this.0 Network 192.0 Neighbor 192. Make sure routes from R1 can get propagated to R3 and R4.

34.netmetric-solutions.0.0 mask 255.0 Network 14.0.3 remote-as 234 Copyrights Netmetric Solutions 2006-2010 Website: http://www.0 Neighbor 192. Email: khawarb@khawarb.Router BGP 234 no auto-summary no sync Network 4.com.1.0.1.255.0.com 73 of 230 .

255.2.255.2.2.5.7.1/24 Loopback 2 – 192.1 255.255.255.0 ! interface Loopback5 ip address 192.255.2.2.com.1/24 R2 interface Loopback1 ip address 192.6.0 ! interface Loopback2 ip address 192.1.5.1/24 Loopback 5 – 192.255.2.1/24 Loopback 3 – 192.1 255.255.6.2.1 255.1/24 Loopback 8 – 192.1.2.1/24 Loopback 6 – 192.2.4.Lab 4 – Route Filtering using Distribute List (Builds on R3) Lab Objective: Task 1 Create the following Loopbacks on R2 Loopback 1 – 192.1 255.2.2.netmetric-solutions.255.0 ! interface Loopback4 ip address 192.com 74 of 230 .8.255.2.2.255.3.2.4.7.3.255.1/24 Loopback 4 – 192.1 255.0 ! interface Loopback7 ip address 192.2.0 ! interface Loopback6 ip address 192.8.2.0 ! interface Loopback3 ip address 192.255.1/24 Loopback 7 – 192. Email: khawarb@khawarb.2.2.1 255.0 Copyrights Netmetric Solutions 2006-2010 Website: http://www.1 255.0 ! interface Loopback8 ip address 192.255.255.1 255.255.255.

R2 Access-list 1 deny 192.1 0.255 Access-list 1 permit any ! Router bgp 234 Neighbor 192.255 Access-list 1 permit 192.0.8.2. These routes should have an origin code of “igp”.Task 2 Advertise the newly created routes in BGP.0.X.255 Access-list 1 permit 192. Email: khawarb@khawarb.255 Access-list 1 permit 192.0 0.1 0.4.2.0.1.1 0.6.2.255 Access-list 1 permit 192.255 Access-list 1 permit 192.1.com 75 of 230 .2.7.2.1 0.0.2.3.0.1.0.2.0.2. Use the distribute-list command to accomplish this task.1 distribute-list 1 out Task 4 Configure R4 such that it blocks all the 192.254. Copyrights Netmetric Solutions 2006-2010 Website: http://www.12.255 Access-list 1 permit 192.0. R2 Access-list 1 permit 192.0.0.5.1 0.0.255 ! Route-map redcon permit 10 Match address 1 Set origin igp ! Router bgp 234 Redistribute connected route-map redcon Task 3 Configure R2 such that it blocks all the 192.0.1 0.1 0.2.2.2.0.0.com.0.0.X.255 Access-list 1 permit 192.0 routes that have an even number in the third octet from coming in.netmetric-solutions.0 routes that have an odd number in the third octet from propagating outside the local AS.2. Make sure that even if in the future that a neighbor relationship is established between R2 and R4 these routes don’t come into R4. Do not use the network command to accomplish this.0.1 0. Use the distribute-list command to accomplish this task.

0.0.com.254.com 76 of 230 .255 Access-list 1 permit any ! Router bgp 234 distribute-list 1 in Copyrights Netmetric Solutions 2006-2010 Website: http://www.2. Email: khawarb@khawarb.0 0.R4 Access-list 1 deny 192.netmetric-solutions.

3.1/22 Loopback 4 – 150.255.50.1/18 R3 interface Loopback1 ip address 150.3.255.1/20 Loopback 2 – 150.1/22 Loopback 3 – 150.255.0 ! interface Loopback5 ip address 150.3.16.0 ! interface Loopback4 ip address 150.0 ! interface Loopback3 ip address 150.3.36.36.0.13.1 255.252.14.65.50.0.64.40.65.40.0 ! interface Loopback7 ip address 150.com.1 255.1/24 Loopback 6 – 150.1 255.1 255.Lab 5 – Route Filtering using Prefix-List (Builds on R4) Task 1 Create the following Loopbacks on R3 Loopback 1 – 150.1 255.1/23 Loopback 5 – 150.0 Task 2 Advertise the newly created routes in BGP using the Network command.1/16 Loopback 7 – 150. R3 Copyrights Netmetric Solutions 2006-2010 Website: http://www.255.255.0.255. Email: khawarb@khawarb.252.1 255.3.3.14.0 ! interface Loopback2 ip address 150.240.254.255.255.3.192.3.0 ! interface Loopback6 ip address 150.com 77 of 230 .1 255.64.3.13.3.netmetric-solutions.16.

0/8 ge 17 le 23 IP Prefix-list PLIST permit 0.255.0. R2 IP Prefix-list PLIST deny 150.3.0.252.0 Network 150.255.40.252.255.0.50.0 Network 150.0 Network 150.16.X.3. Email: khawarb@khawarb.Router bgp 234 Network 150.0 mask 255.1.64.0 Network 150.0 mask 255.240.0.3 prefix-list PLIST in Copyrights Netmetric Solutions 2006-2010 Website: http://www.13.254.0 mask 255.192.0 Network 150.0/0 le 32 ! Router bgp 234 Neighbor 192.0 Network 150.3.0 mask 255.0 routes that have a subnet mask between 17 and 23 bits.65.255.0 mask 255.0 mask 255.X.255.com 78 of 230 .3.0.3.255.com.255.netmetric-solutions.23.36.0 Task 3 Configure R2 such that it blocks all the 150.14.

com.com 79 of 230 .Lab 6 – AS Path-Filter Physical Layout R1 Loopback 0 E 0/0 E 0/0 R2 Loopback 0 S 0/0 S 0/0 Loopback 0 R4 E 0/0 E 0/0 R3 Loopback 0 Logical Layout AS 1 R2 R1 AS 23 R4 R3 AS 4 Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions. Email: khawarb@khawarb.

4 14.4.4 Subnet Mask 255.3 Subnet Mask 255.1.2 192.0.255.3 13. R1 Router BGP 1 R2 Router BGP 23 Copyrights Netmetric Solutions 2006-2010 Website: http://www.12.Interface IP Address Configuration R1 Interface Loopback 0 Loopback 1 E 0/0 R2 Interface Loopback 0 Loopback 1 E 0/0 S 0/0 R3 Interface Loopback 0 Loopback 1 S 0/0 E 0/0 R4 Interface Loopback 0 Loopback 1 E 0/0 IP Address 4.1 Subnet Mask 255.255.0 IP Address 1. Email: khawarb@khawarb.23.1.0.1.com 80 of 230 .1.0.1.0 255.0.0.11.1 192.0.34.4.11.255.1.1.0.0 IP Address 3.255.com.0 255.3 192.22.255.0 IP Address 2.3.0 255.255.0 255.1 192.22 for R2.1.0.255.2.255.0.255.12.0 255.255.0.255.0 255.netmetric-solutions.22.1.0.1 11.0.0 Lab Objective: Task 1 Configure a neighbor relationship between R1 and R2 based on the Logical diagram.1 192.255.1 192.34. Advertise the Loopback networks on both Routers.0.0 255.0. Hard-code the Router ID for the BGP routers as 11.23.0 255.11 for R1 and 22.255.0.1.1.0.3.2.2 Subnet Mask 255.0 255.0 255.255.255.2 12.255.1.

44 for R4.netmetric-solutions.11.22. Email: khawarb@khawarb. it should sent 192.1.0.22. When R2 sends routes that it learns from R1.33 for R3 and 44.1 remote-as 1 Configure a neighbor relationship between R3 and R4 based on the Logical diagram.33.1.34.1. R2 Router BGP 23 Neighbor 192.3 remote-as 23 R3 Router BGP 23 Neighbor 192.1.44.23.* ! Copyrights Netmetric Solutions 2006-2010 Website: http://www.2 next-hop-self 81 of 230 .23.0 Network 12.2 remote-as 23 Task 2 no auto-summary no sync bgp router-id 22.0 mask 255.44.255.0 mask 255. Configuration should be done in AS 4.no auto-summary no sync bgp router-id 11.4 remote-as 4 Task 3 Configure a neighbor relationship between R2 and R3 based on the Logical diagram.255.255.2 as the next hop for those routes.0 Network 11.0.0.23.0 Neighbor 192.11.1.0. R3 Router BGP 23 no auto-summary no sync bgp router-id 33.1. When R3 sends routes that it learns from R4.0.0 Neighbor 192.1.0.44.1.33 Network 3.12.3 as the next hop for those routes.1.2 remote-as 23 Neighbor 192.0 Neighbor 192.34.0.1.33.0.0.1.0 mask 255.1.23.23.0.1.12. Advertise the Loopback networks on both Routers.0 Neighbor 192.255. it should sent 192.3 remote-as 23 Neighbor 192.11 Network 1.23.0. Hard-code the Router ID for the BGP routers as 33.44. R4 Ip as-path access-list 1 deny _1$ Ip as-path access-list 1 permit .0 Network 13.1.com R4 Router BGP 4 no auto-summary no sync bgp router-id 44.0.22 Network 2.0.3 next-hop-self Task 4 Configure BGP such that AS 4 does not use AS 23 to get AS 1 routes.44 Network 4.0.0.0.com.0 Network 14.0 mask 255.33.

com 82 of 230 .com.1. Configuration should be done in AS 23.1 filter-list 1 out Copyrights Netmetric Solutions 2006-2010 Website: http://www.34.12.Router BGP 4 Neighbor 192.3 filter-list 1 in Task 5 Configure BGP such that AS 1 does not use AS 23 to get AS 4 routes.1. You are only allowed a single line in the AS-path filter. R2 Ip as-path access-list 1 permit ^$ ! Router BGP 23 Neighbor 192. Email: khawarb@khawarb.netmetric-solutions.

0 ! interface Loopback2 ip address 203.5.252.255.255.1.1.1/24 Loopback 3 – 203.1.1.5.1 255.1.1.1.netmetric-solutions.1.1. Email: khawarb@khawarb.255.0 ! interface Loopback4 ip address 203.1 255.1.1.6.com 83 of 230 .255.255.0 Task 2 Configure Route Aggregation on R3 such that these routes are summarized as a single route.255.4.0 Network 203.0 Network 203.4.4.1/24 Loopback 2 – 203.255.5.7.1.com.1/24 R3 interface Loopback1 ip address 203.1.255.1/24 Loopback 4 – 203.255. Only the Summary route should be send to R3’s neighbors.1 255.7.0 ! interface Loopback3 ip address 203. R3 Router bgp 234 Aggregate-address 203.Lab 7 – Route Aggregation (Builds on Lab 6) Task 1 Create the following Loopbacks on R3 and advertise them under BGP: Loopback 1 – 203.4.0 ! Router BGP 23 Network 203.6.6.0 255.0 summary-only Task 3 Copyrights Netmetric Solutions 2006-2010 Website: http://www.1 255.7.0 Network 203.

0 ! interface Loopback3 ip address 204.1.0.255.1.4.1.7.6.1.1.0 Task 4 Configure Route Aggregation on R4 such that these routes are summarized as a single route.1 255.1 255.1.255. R4 IP Prefix-list PLIST deny 204.1.1.1.1.4.netmetric-solutions.0/0 le 32 ! Router bgp 4 Aggregate-address 204.1/24 Loopback 4 – 204.7.1.1.1 255.Create the following Loopbacks on R4 and advertise them under BGP: Loopback 1 – 204.0/22 ge 24 IP Prefix-list PLIST permit 0.255.0 255.34.com 84 of 230 .252. The routes should not be seen as suppressed on R4.1/24 R4 interface Loopback1 ip address 204. Only the Summary route should be send to R4’s neighbor.4.1 255.255.5.255.4.0 Network 204.255.0 ! interface Loopback4 ip address 204.6. Use the minimum number of lines in your filtering mechanism.5.0 Neighbor 192.3 prefix-list PLIST out Task 5 Copyrights Netmetric Solutions 2006-2010 Website: http://www.1.255.0 ! Router BGP 4 Network 204.5.1/24 Loopback 2 – 204.0 ! interface Loopback2 ip address 204.1.1/24 Loopback 3 – 204.255.0.0 Network 204.1.4. Email: khawarb@khawarb.com.7.0 Network 204.6.255.

0.0 ! interface Loopback3 ip address 202.0 Network 202.1 255.1 255.5.1/24 Loopback 4 – 202.255.1.1.1.255.1/24 Loopback 3 – 202.0 0.1/24 R2 interface Loopback1 ip address 202.255.5.1.4.5.252.7. Only the Summary route and the 202.5.1.255.1.255.1 255.255.0 ! Router BGP 23 Network 202.1.netmetric-solutions.0 ! interface Loopback4 ip address 202.com 85 of 230 .255.1.0 Task 6 Configure Route Aggregation on R2 such that these routes are summarized as a single route.6.6.6.255.4.7.1.1/24 Loopback 2 – 202.0 Network 202.1.0 supress-map SUPMAP Copyrights Netmetric Solutions 2006-2010 Website: http://www.5.1 255.4.1. Email: khawarb@khawarb.0 route should be send to R2’s neighbor.1.255.7.255 ! Route-map SUPMAP deny 10 Match address 5 Route-map SUPMAP permit 20 ! Router bgp 4 Aggregate-address 202.1.Create the following Loopbacks on R2 and advertise them under BGP: Loopback 1 – 202. R2 Access-list 5 permit 202.1.4.0.0 Network 202.0 ! interface Loopback2 ip address 202.0 255.com.1.

com. Email: khawarb@khawarb.netmetric-solutions.Lab 8 – Working with AS #’s Physical Layout R1 Loopback 0 E 0/0 E 0/0 R2 Loopback 0 S 0/0 S 0/0 Loopback 0 R3 Logical Layout AS 1 AS 2 R2 R1 R3 AS 65500 Interface IP Address Configuration Copyrights Netmetric Solutions 2006-2010 Website: http://www.com 86 of 230 .

255.11. Hard-code the Router-id as 22.1.22 Network 2.1.255.0.11.0.1.1.3. You cannot change the AS # on R2 to accomplish this task.3 192.1 local-as 12 IP Address 3.22.22.23.1 192.0 255.3 Subnet Mask 255.12.12.1 remote-as 1 Neighbor 192.22.0.2 Subnet Mask 255.1. Email: khawarb@khawarb. Advertise the Loopback 0 network under BGP.255.0 IP Address 1.1 Subnet Mask 255.netmetric-solutions.12. R2 Router bgp 2 No auto-summary No Sync Bgp router-id 22.255.255.2.1.0.0 255.255.12.0 Task 2 Configure R1 for BGP under AS 1.0. R1 sees R2 in AS 12.1.22.0 255.1.23.0 Copyrights Netmetric Solutions 2006-2010 Website: http://www. R1 Router BGP 1 No auto-summary No Sync R2 Router BGP 2 Neighbor 192.11.0.255.22. Setup a neighbor relationship between R1 and R2.com.2 192.0.0 IP Address 2.R1 Interface Loopback 0 E 0/0 R2 Interface Loopback 0 E 0/0 S 0/0 R3 Interface Loopback 0 S 0/0 Lab Objective: Task 1 Configure R2 for BGP under AS 2.2 192. Advertise the Loopback 0 network under BGP.0 255.com 87 of 230 .3.255.2.0. Hard-code the Router-id as 11.

1. R1 Router BGP 1 No Neighbor 192. R2 and R3 such that they use the actual AS number for R2 (2).23.23.1. R3 Router BGP 65500 No auto-summary No Sync Bgp router-id 33.33.23.12.12.0.1.0.11 Network 1.1.1.1.0 gets send to R1.com R2 Router BGP 2 Neighbor 192. Setup a neighbor relationship between R3 and R2. Hard-code the Router-id as 33. Email: khawarb@khawarb.0. Advertise the Loopback 0 network under BGP. R3 sees R2 in AS 23.0.Bgp router-id 11.33.2 remote-as 12 Task 3 Configure R3 for BGP under AS 65500.33.12.0.1.23.netmetric-solutions.2 remote-as 2 R2 Router BGP 1 No Neighbor 192.33 Network 3.0.com.1.0 Neighbor 192.12.2 remote-as 2 R3 Router BGP 65500 No Neighbor 192.0 Neighbor 192.3 remote-as 65500 Neighbor 192.1.23.1 local-as 12 No Neighbor 192.3 local-as 23 Task 5 Configure R2 such that the Private AS number is removed from the AS Path when 3.2 remote-as 12 Neighbor 192.33. You are only allowed a single command to accomplish this task.3 local-as 23 88 of 230 .23. R2 Copyrights Netmetric Solutions 2006-2010 Website: http://www.33.2 remote-as 23 Task 4 Reconfigure R1.11.2 remote-as 23 Neighbor 192.1.11. You cannot change the AS # on R2 to accomplish this task.

netmetric-solutions.1 remove-private-as Copyrights Netmetric Solutions 2006-2010 Website: http://www.Router BGP 2 Neighbor 192.12.com.com 89 of 230 .1. Email: khawarb@khawarb.

Lab 9 – Confederations Physical Layout R1 Loopback 0 E 0/0 E 0/0 R2 Loopback 0 S 0/0 S 0/0 Loopback 0 R4 E 0/0 E 0/0 R3 Loopback 0 Logical Layout R2 AS 2 AS 4 AS 123 R1 AS 1 R3 AS 3 R4 Copyrights Netmetric Solutions 2006-2010 Website: http://www. Email: khawarb@khawarb.com 90 of 230 .com.netmetric-solutions.

2.3 192.0 255.0.255.1.34.1.255.0 R3 R2 Router RIP No auto-summary Version 2 Network 192.0 R1 Router RIP No auto-summary Version 2 Network 192.1.255.0.com.255.3 192.0.4 Subnet Mask 255.2.netmetric-solutions.12.255.0 IP Address 1.255.255.255.0 255.23.1 192.1.0 255.0 255.3 Subnet Mask 255.0 Copyrights Netmetric Solutions 2006-2010 Website: http://www.1.2 192.255.4.1.4 192.0.1 Subnet Mask 255. Only advertised the R1-R2 and R2-R3 links in RIP on the appropriate routers.Interface IP Address Configuration R1 Interface Loopback 0 E 0/0 R2 Interface Loopback 0 E 0/0 S 0/0 R3 Interface Loopback 0 S 0/0 E 0/0 R4 Interface Loopback 0 E 0/0 Lab Objective: Task 1 Configure RIP V2 as the routing protocol between R1.1.255.23.255.3.12.com 91 of 230 .0 IP Address 3.0 Network 192.2 Subnet Mask 255.1.2 192.0.0.0.4.23.3.1.0 IP Address 2.1.1.255.0 255.12.12.0 255. IP Address 4. R2 and R3.34.0. Email: khawarb@khawarb.

3 remote-as 123 R2 Router BGP 2 No auto-summary No Sync Network 2.2 remote-as 2 bgp confederation identifier 123 bgp confederation peers 2 Task 3 Configure a neighbor relationship between R3 and R4.23.1 remote-as 1 Neighbor 192.0 Neighbor 192. R4 is in AS 4. Advertise the loopback 0 interface under BGP in AS 4. AS 2 and AS 3 are Sub Autonomous Systems of a Larger AS 123 using Confederations.23.1.0. Advertise the Loopback 0 networks under BGP in AS 1.23.0.0 Neighbor 192. Email: khawarb@khawarb.0.0.1. Configure a Neighbor relationship between AS 1 and AS 2 and another Neighbor relationship between AS 2 and AS 3.12.0.netmetric-solutions.1.0 Neighbor 192.1.0 Neighbor 192.0.1.0 Task 2 Configure AS 1.com.34.4 remote-as 4 R4 Router BGP 4 No auto-summary No Sync Network 4.12.Router RIP No auto-summary Version 2 Network 192.2 remote-as 2 bgp confederation identifier 123 bgp confederation peers 2 R3 Router BGP 3 No auto-summary No Sync Network 3. AS 2 and AS 3.0.1. R1 Router BGP 1 No auto-summary No Sync Network 1. R3 Router BGP 3 Neighbor 192.0.3 remote-as 3 bgp confederation identifier 123 bgp confederation peers 1 3 Copyrights Netmetric Solutions 2006-2010 Website: http://www.34.com 92 of 230 .1. It peers with R3 in the confederation AS 123.

Email: khawarb@khawarb.com.Lab 10 – Configuring MED Physical Layout R1 Loopback 0 E 0/0 E 0/0 R2 Loopback 0 S 0/0 S 0/0 S 0/0 S 0/0 Loopback 0 R4 E 0/0 E 0/0 R3 Loopback 0 Logical Layout R2 AS 1 AS 234 R3 R1 R4 Copyrights Netmetric Solutions 2006-2010 Website: http://www.com 93 of 230 .netmetric-solutions.

255.14.0.4 Subnet Mask 255.255.1.23.0 255.0 255.0 255.0 IP Address 2.1.0 IP Address 1.1.0.4 192.0 R4 R3 Router RIP Version 2 No auto-summary Network 192. 192.255.12.12.0.255.0.2.1.255.1.com 94 of 230 .3 Subnet Mask 255.0.1 192.1.1.0.12.23.34. Email: khawarb@khawarb.0 Network 192. R2 Router RIP Version 2 No auto-summary Network 192.3.0) or the Loopbacks in RIP.0.0.255.2.255.1.Interface IP Address Configuration R1 Interface Loopback 0 E 0/0 S 0/0 R2 Interface Loopback 0 E 0/0 S 0/0 R3 Interface Loopback 0 S 0/0 E 0/0 R4 Interface Loopback 0 E 0/0 S 0/0 Task 1 Run RIP V2 as the IGP in AS 234.4.0 IP Address 3.23.2 192.255.0 255.4.4 192.1.3 192.14.1.1.0 Copyrights Netmetric Solutions 2006-2010 Website: http://www.255.255.14.2 Subnet Mask 255.0.0 IP Address 4.0 255.34.3.34.com.3 192. Advertise the directly connected links under RIP.2 192.0 255.0 255.netmetric-solutions.255.1 192.255.1.255.255.255.0 255.1.1.255.1.1 Subnet Mask 255.23. Do not advertise the external links (192.

1.1.12.0.14.23.0. R1 Router BGP 1 No auto-summary No sync Network 1.Router RIP Version 2 No auto-summary Network 194.34.23.0.34.0.com R2 Router BGP 234 No auto-summary No sync Network 2. R2 Route-map SETMED permit 10 Set metric 100 ! Router BGP 234 Neighbor 192.3 next-hop-self Neighbor 192.2 remote-as 234 Neighbor 192.3 remote-as 234 Neighbor 192.0 Neighbor 192. Configure the Neighbor relationships also based on the Logical diagram.1.4 route-reflector-client Task 3 All ingress (incoming) traffic to AS 234 should use the path thru R4 using the MED attribute.34.0 Task 2 Configure the routers under BGP based on the Logical diagram.1 remote-as 1 95 of 230 .1.0.0.1.0.0 Neighbor 192.1.netmetric-solutions.1.3 next-hop-self R4 Router BGP 234 No auto-summary No sync Network 4.0 gets put into the routing table of R3. Also make sure that Routes from R2 are getting propagated to R4 and vice versa.0 Neighbor 192.1.1.1. R4’s MED is 0 by default.0 Neighbor 192. Configure the MED on R2 to 100. Make sure the 1.com.14.1.2 route-reflector-client Neighbor 192.1 remote-as 1 Neighbor 192.0. Lower MED will be preferred.23.23. Advertise Loopback 0 Networks on all routers under BGP.12.34.1.1. Email: khawarb@khawarb.34.0.1 route-map SETMED out Copyrights Netmetric Solutions 2006-2010 Website: http://www.4 remote-as 234 Neighbor 192.4 remote-as 234 R3 Router BGP 234 No auto-summary No sync Network 3.0.12.2 remote-as 234 Neighbor 192.3 remote-as 234 Neighbor 192.1.

1 route-map SETLP in Copyrights Netmetric Solutions 2006-2010 Website: http://www.1.com.Lab 11 – Setting Local Preference (Builds on Lab 10) Lab Objective: Task 1 Configure AS 234 such that all traffic destined for AS 1 should go through R2 in the outbound direction.netmetric-solutions.Use Local-Preference Attribute to accomplish this. R2 Route-map SETLP permit 10 Set Local-preference 200 ! Router BGP 234 Neighbor 192.com 96 of 230 . Email: khawarb@khawarb.12.

0 0.0. It is taking the R1-R4 route because of the MED attribute set in Lab 11. Use the Weight attribute to accomplish this task.1.2 route-map SETWT in Copyrights Netmetric Solutions 2006-2010 Website: http://www.0.255.0.netmetric-solutions. Email: khawarb@khawarb.0 should go thru R2.com 97 of 230 .12.0.255 ! Route-map SETWT permit 10 Match address 3 Set weight 5000 Route-map SETWT permit 20 ! Router BGP 1 Neighbor 192.Lab 12 – Setting Cisco Weight Attribute (Builds on Lab 11) Lab Objective: Task 1 Configure AS 1 such that all traffic destined for network 3.255.com. R1 Access-list 3 permit 3.

com 98 of 230 .com. Email: khawarb@khawarb.netmetric-solutions.Module 7 – Advanced Switching Part I Copyrights Netmetric Solutions 2006-2010 Website: http://www.

The protocol should be unconditionally LACP.14 udld port aggresive 99 of 230 .14 Switchport trunk encap dot1q Switchport mode trunk Channel-group 1 mode active SW2 port-channel load-balance dst-mac ! Interface range F0/13 . SW1 port-channel load-balance dst-mac ! Interface range F0/13 . when a unidirectional link fails. Email: khawarb@khawarb. Any other link on your topology connecting the 2 switches should be shutdown. these links should appear to STP as a single link using an IEEE mode and none of the interfaces should be in blocking state. If one of the links fails. the traffic should use the other link without any interruption.Lab 1 – Advanced Switch Configurations Task 1 Configure VTP on both switches as follows: Domain name = CCIE Password = Cisco Mode = Transparent On Both Switches Vtp domain CCIE Vtp password Cisco Vtp Mode Transparent Task 2 Configure ports F0/XX and F0/XX as trunk links using an industry standard protocol.netmetric-solutions.14 Switchport trunk encap dot1q Switchport mode trunk Channel-group 1 mode active Task 3 Ensure that the EtherChannel created in the previous step uses destination MAC addresses to load-balance the traffic load. SW1 Interface range F0/13 .14 udld port aggresive Task 4 Copyrights Netmetric Solutions 2006-2010 Website: http://www. Also make sure it can be able to detect unidirectional link failure. shuts down the affected port.com SW2 Interface range F0/13 .com.

Port F0/18 on SW1 is connected to a Cisco 7960 IP Phone. Ensure that the data traffic belongs to VLAN 3 and the Voice traffic belongs to VLAN 5. Voice traffic that originates from the phone is tagged with a CoS of 5. SW1 Mls qos Interface F0/18 Switchport access Vlan 3 Switchport voice Vlan 5 Switchport priority extend cos 1 Mls qos trust cos Task 5 Disable the Ether-channeling between SW1 and SW2. instance 1 and 2 Instance 1 should handle VLANs 12 and 34 Instance 2 should handle VLAN 56 All future VLANs should use instance 0 Instance 1 should use F0/13 Instance 2 should use F0/14 SW1 should be the root bridge for the first instance SW2 should be the root bridge for the second instance The name of this configuration should be CCIE The revision number should be 1 SW1 Interface range F0/13 .34 Instance 2 vlan 56 ! Spanning-tree mst 1 priority 4096 Copyrights Netmetric Solutions 2006-2010 Website: http://www.34 Instance 2 vlan 56 ! Spanning-tree mst 1 priority 0 SW2 Interface range F0/13 . whereas the traffic that originated from the PC connected to the 7960 IP Phone should be re-written with a CoS of 1.com.14 No Channel-group 1 mode desirable ! Spanning-tree mode mst ! Spanning-tree mst configuration Revision 1 Name CCIE Instance 1 vlan 12.com 100 of 230 . A PC is connected to the 7960 IP Phone which is generating traffic with CoS of 3. Configure Multi-instance of Spanning Tree on the switches as follows: There should be two instances of STP.14 No Channel-group 1 mode desirable ! Spanning-tree mode mst ! Spanning-tree mst configuration Revision 1 Name CCIE Instance 1 vlan 12. Email: khawarb@khawarb.netmetric-solutions. The traffic originated by the 7960 IP Phone should maintain it’s CoS value.

com.2 host 192.100 in their own VLAN VLAN34 should NOT forward IGMP protocol SW1 access-list 121 permit igmp any any ! access-list 122 permit ip host 192.1.com 101 of 230 .1.1.2 in VLAN34 should not have access to the server with an IP address of 192.34.100 Exit ! Vlan access-map TEST 10 Match ip addr 121 Action drop Vlan access-map TEST 20 Match ip addr 122 Copyrights Netmetric Solutions 2006-2010 Website: http://www.1. Email: khawarb@khawarb.1 host 192.34.34.Spanning-tree mst 2 priority 4096 ! Int F0/13 Spanning-tree mst 1 port-priority 0 Spanning-tree mst 2 priority 0 ! Int F0/14 Spanning-tree mst 2 port-priority 0 Task 6 There is a protocol analyzer connected to SW2 port F0/18. configure the switches to accommodate this request.34.netmetric-solutions.1. SW1 Vlan 90 Remote-span Exit Monitor session 1 source interface F0/16 Monitor session 1 destination remote vlan 90 reflector-port F0/17 SW2 Monitor session 1 source vlan 90 Monitor session 1 destination interface F0/18 Task 7 You have been requested to implement the following policy on SW1: Hosts 192.34.1.34.34.1.100 access-list 122 permit ip host 192. You received a request to monitor and analyze all packets for port F0/16 on SW1.1 and 192.

Use a regular and smart port macro to accomplish this task.netmetric-solutions. A smartport macro is started by the “Macro name” command and then followed by an arbitrary name that is assigned to the macro. Interface range macro Router-Ports Macro apply Port-Secure Task 9 On Cat-2 port F0/14 configure the amount of bandwidth utilization for broadcast traffic to 50%. End with the character '@'. Line 3 to line 7 contains the actual commands that the macro will execute. If any other MAC address is detected on any of these ports. the appropriate switch should automatically shutdown that given port.6 (The above command defines a range of ports on the switch and names them Router-Ports. switchport mode access switchport port-security switchport port-security mac-address sticky @ Cat-1(config)# (The above configuration configures a smartport macro. This message tells us to use the @ sign in order to end this macro. or a regular macro. interface range. Once that command is entered. Cat-1 Define interface-range Router-Ports F0/1 . A smartport macro can be applied to an interface. in some documentation this is referred to as a regular macro) Macro name Port-Secure Enter macro commands one per line. as follows. Lastly the Smartport Macro is applied to the regular macro.com. a message is displayed in the next command line.Action drop Vlan access-map TEST 30 Action forward ! Vlan filter TEST vlan-list 34 Task 8 Configure the ports that the routers are connected such that they only allow one MACaddress to be connected to their assigned ports.com 102 of 230 . Email: khawarb@khawarb. Copyrights Netmetric Solutions 2006-2010 Website: http://www.

Upon successful authentication.Cat-2 Interface F0/14 Storm-control broadcast level 50.1. it should be put in VLAN 260.com 103 of 230 . the port should be put in VLAN 250.1.netmetric-solutions. it should be put in VLAN 240.1X client.com.168.168.2 key Cisco ! Interface f0/17 Switch mode access Switch access vlan 240 Dot1x port-control auto Dot1x guest-vlan 250 Dot1x auth-fail vlan 260 Copyrights Netmetric Solutions 2006-2010 Website: http://www.2 using “cisco” as the key. Email: khawarb@khawarb. Cat-1 VLAN 240 VLAN 250 VLAN 260 ! Dot1x system-auth-control ! Aaa new-model aaa authentication dot1x default group radius ! Radius-server host 192. This authentication should use CSACS located at 192. If the user provides wrong credentials to login. If the user does not a 802.00 Task 10 The PCs that are connected or will be connected to Cat-1 ports F0/17 – 18 should get authenticated before they are allowed access to the network.

com. Email: khawarb@khawarb.netmetric-solutions.Module 7 – Advanced Switching Part II Copyrights Netmetric Solutions 2006-2010 Website: http://www.com 104 of 230 .

com 105 of 230 .Lab 1 – QinQ Configuration SW1 Vlan 90 SW3 Vlan 80 SW2 Vlan 90 SW4 Vlan 2 Task 1 Configure SW1 and SW2 in transparent mode. SW1 VTP Domain CCIE VTP mode Transparent ! VLAN 80 VLAN 90 SW2 VTP Domain CCIE VTP mode Transparent ! VLAN 80 VLAN 90 Task 2 Configure SVI’s on SW1 and SW2 based on the following table: Copyrights Netmetric Solutions 2006-2010 Website: http://www. Email: khawarb@khawarb. Create VLAN 80 and 90 on them.netmetric-solutions.com. Set the Domain name to CCIE.

1 Subnet Mask 255.0 SW1 Interface VLAN 80 IP Address 150.255.90.com 106 of 230 .1.1.255.255.80.2 150. SW1 Interface range F0/XX – XX (All Trunk Ports) shutdown ! Interface F 0/X (Lowest Interface connecting SW1 to SW3) No shut SW2 Interface range F0/XX – XX (All Trunk Ports) shutdown Copyrights Netmetric Solutions 2006-2010 Website: http://www.255.0 ! Interface VLAN 80 IP Address 150.SW1 Interface Int SVI 80 Int SVI 90 SW2 Interface Int SVI 80 Int SVI 90 IP Address 150.2 Subnet Mask 255.90.1 255.255.255.0 Task 3 Shut all trunk ports on SW1 and SW2.255.2 255.1 255.255.255.0 IP Address 150. the only link between SW1 and SW2 should be thru SW3 and SW4.0 SW2 Interface VLAN 80 IP Address 150.80.1.80.2 255.255.255.netmetric-solutions.0 ! Interface VLAN 80 IP Address 150.255.1.90.255.80.0 255.1.1.0 255. Email: khawarb@khawarb.255.255.1 150. At the end of this task.com.1.90. Make sure all the other Trunk ports are down.1. Bring up the lowest interface on SW2 that is connecting SW2 to SW4.255. Bring up the lowest Interface on SW1 that is connecting SW1 to SW3.

com.netmetric-solutions. Configure QinQ on SW3 and SW4 to allow Customer Switches SW1 and SW2 to communicate to each to other. Use VLAN 120 as the Customer VLAN SW3 System mtu 1504 !Reload the switches to take effect ! VTP Domain CISCO VTP mode Server ! VLAN 120 ! Interface F0/X (Port actively connecting to SW1) Switchport access vlan 120 Switchport mode dot1q-tunnel SW4 System mtu 1504 !Reload the switches to take effect ! VTP Domain CISCO VTP mode Client ! VLAN 120 ! Interface F0/X (Port actively connecting to SW2) Switchport access vlan 120 Switchport mode dot1q-tunnel SW1 Interface F0/X (Port actively connecting to SW1) Switchport trunk encapsulation dot1q Switchport mode trunk SW2 Interface F0/X (Port actively connecting to SW2) Switchport trunk encapsulation dot1q Copyrights Netmetric Solutions 2006-2010 Website: http://www. Email: khawarb@khawarb. SW3 should be the VTP Server and SW4 should be a client.com 107 of 230 .! Interface F 0/X (Lowest Interface connecting SW2 to SW4) No shut Task 4 Configure SW3 and SW4 in a VTP Domain CISCO.

SW3 Interface F0/X (Port actively connecting to SW1) L2protocol-tunnel cdp L2protocol-tunnel stp SW4 Interface F0/X (Port actively connecting to SW2) L2protocol-tunnel cdp L2protocol-tunnel stp Copyrights Netmetric Solutions 2006-2010 Website: http://www.com 108 of 230 .90. STP cutomer's frames transparently. Email: khawarb@khawarb.1 and 150.netmetric-solutions.1 from SW1. Configure switches SW1 and SW2 ports facing SW3 and SW4 respectively.1. Task 6 Configure QinQ and Layer Protocol Forwarding (metro) in such a way that allows switches to forward CDP.80.Switchport mode trunk Task 5 You should be able to Ping 150.com.1.

60 and SW3 as the Secondary Root Copyrights Netmetric Solutions 2006-2010 Website: http://www.90.200.90.netmetric-solutions.50.30.50.30.70.200 and 300.40.70.20 and 30 SW1 ! Spanning-tree vlan 10.20.80.60. All Switches ! Vtp mode transparent ! Vlan 10.300 ! Vlan 10.40.100.60.80.50.20.300 Task 2 Configure SW1 as the Root for Vlans 10.100.30 root primary Task 3 Configure SW2 as the Root for Vlans 40.20.100.20. Email: khawarb@khawarb.30.50.com 109 of 230 .90.200.40.Lab 2 – Vlan Load Balancing in PVST FA0/19 FA0/19 FA0/20 FA0/21 7 SW1 FA0/20 FA0/21 SW2 FA0/16 FA0/17 FA0/18 7 FA0/22 FA0/23 FA0/24 7 FA0/16 FA0/17 FA0/18 7 FA0/22 FA0/23 FA0/24 7 FA0/19 FA0/19 FA0/20 FA0/21 SW4 FA0/20 FA0/21 7 SW3 Task 1 Configure VTP Transparent mode on all the switches and the following Vlans 10.60.80.70.com.

300 and SW1 as the Secondary Root SW4 ! Spanning-tree vlan 100.200.300 root secondary Task 6 Ensure that SW1 uses its highest interface connected to SW4 for vlans 70.90 port-cost 32 Task 7 Ensure that SW2 traverses its highest interface connected to SW3 for vlans 10.90 root primary SW4 ! Spanning-tree vlan 70.80.80.20.50.netmetric-solutions.90 root secondary Task 5 Configure SW4 as the Root for Vlans 100.com 110 of 230 .80.50.60 root secondary Task 4 Configure SW3 as the Root for Vlans 70.com.90.200.30. Email: khawarb@khawarb.300 root primary SW1 ! Spanning-tree vlan 100.200.80.60 root primary SW3 ! Spanning-tree vlan 40.80.90 and SW4 as the Secondary Root SW3 ! Spanning-tree vlan 70. Copyrights Netmetric Solutions 2006-2010 Website: http://www.SW2 ! Spanning-tree vlan 40. (This configuration must be done on SW1) SW1 ! Interface fa0/18 Spanning-tree vlan 70.

20.30 port-cost 32 Interface range f0/19 .200.300 port-priority 16 Copyrights Netmetric Solutions 2006-2010 Website: http://www. Email: khawarb@khawarb.300 (This configuration must not be done on SW2) SW1 ! Interface fa0/19 Spanning-tree vlan 100.(This configuration must be done on SW2) SW2 ! Interface fa0/18 Spanning-tree vlan 10.200.com 111 of 230 .30 port-cost 256 Task 8 Ensure that SW2 traverses through SW1 on its lowest interface facing SW2 for the vlans 100.20.netmetric-solutions.com.21 Spanning-tree vlan 10.

Email: khawarb@khawarb.F0/6 in SW1 in a way that.com. SW1 Spanning-tree portfast bpduguard Errdisable recovery cause bpduguard Errdisable recovery interval 240 Copyrights Netmetric Solutions 2006-2010 Website: http://www. SW1 Interface range F0/1 . All Switches Spanning-tree vlan 90 forward-time 8 Task 2 Configure the port range from F0/1 .netmetric-solutions. Configure a command globally on SW1 that if someone connects a hub or a switch to any of the access ports that have been enabled for Portfast. the port will be disabled. Also make sure that after 4 minutes the disabled port comes up automatically. Configure the TOTAL link startup delay until the port becomes forwarding to 16 seconds. Config the switches to accomplish this without jumping any state.com 112 of 230 . the link will come up as soon as someone plugs in a network cable into these ports bypassing STP learning/listening states.Lab 3 – STP Tunning (Builds on Lab 3) Task 1 Users in Vlan 90 are complaining about the time it usually takes for a network link to come up just after they have plugged in the network cable.6 Spanning-tree portfast Task 3 The IT departament just found out that someone in the lobby area just plugged in a switch into port F0/6 on SW1.

Email: khawarb@khawarb.com.netmetric-solutions.Module 8 – Security Copyrights Netmetric Solutions 2006-2010 Website: http://www.com 113 of 230 .

Authenticate the relationship using CCIERS as the password. Email: khawarb@khawarb. Switch1 VTP domain CCIE VTP mode server VTP password CCIERS Switch2 VTP domain CCIE VTP mode client VTP password CCIERS Switch3 VTP domain CCIE VTP mode client VTP password CCIERS Task 2 Switch4 VTP domain CCIE VTP mode client VTP password CCIERS Ensure that the Trunk ports of your Rack are statically configured to trunk using an industry standard protocol.0/24 VLAN 10 F0/0.Lab 1 – Controlling Telnet Access R1 F 0/0 (.netmetric-solutions.1.com.2 (. Copyrights Netmetric Solutions 2006-2010 Website: http://www.15) R3 SW1 Task 1 Configure Switch1 as the VTP Server and the other Switch(s) as VTP Clients.2) R2 F0/0.12.3) VLAN 30 (.0/24 VLAN 30 F 0/0 (.1) 192.2) 192.23.1 (. Configure these ports such that they will trunk even if the negotiation fails. Use CCIE as the Domain name.1.com 114 of 230 .

X.1.X/8 for the IP address of the loopback.X. Use 15 for Switch1.0 R3 Router Rip R2 Router Rip Version 2 No auto-summary Network 2.0 Network 192.1.0 Switch1 IP Routing Copyrights Netmetric Solutions 2006-2010 Website: http://www.com. Use the physical topology diagram for your rack to accomplish this. Email: khawarb@khawarb. SwitchX interface F0/XX Switchport mode access Switchport access vlan XX ! interface F0/XX Switchport trunk encapsulation dot1q Swithcport mode trunk Task 4 Configure Loopback 0 on all routers and Switch1.0 Network 192.0.0.0.com 115 of 230 .12.23.12. Task 5 Configure RIP V2 on all Devices to advertise all directly connected networks.netmetric-solutions. Make sure the ports are either set to Trunk or Access statically.0.1. Disable Auto-summary.0 Network 192. Use the format of X. R1 Router Rip Version 2 No auto-summary Network 1.All Switches Interface range F0/XX – XX Switchport trunk encapsulation dot1q Switchport mode trunk Task 3 Assign Ports to the appropriate VLANs based on the Network Diagram.

Version 2 No auto-summary Network 3.23.0.0 to Telnet in for Management access to it. Configure a password of “telnet” for this line.com 116 of 230 .com.255.1.0. Email: khawarb@khawarb.0 Network 192.netmetric-solutions.0.0.1.1. The administrator of R1 wants to reserve the 5th telnet line for himself by configuring a telnet port of 3020. Do not use an access-list for this step. Assign a password of “ccie” for this line.255 ! line vty 0 3 access-class 5 in password telnet login transport output none ! line vty 4 access-class 5 in password ccie login transport output none rotary 20 ! line console 0 transport output none ! line aux 0 transport output none Copyrights Netmetric Solutions 2006-2010 Website: http://www. R1 access-list 5 permit 1.0 ! Router RIP Version 2 No auto-summary Network 15.0 0.12.0 0.0.12.0. Configure the 5th telnet line for the administrator on port 3020.0.0 and 1.255 access-list 5 permit 192. R1 should not be able to Telnet out.23.0 Network 192.0.0 Task 6 Configure Telnet on R1 based on the following requirements: R1 should only allow the Internal networks 192.255.0.1.0.

netmetric-solutions.23.1. Use abc. Use a 512 bit key. R2 ip domain name abc.com as the domain name. Authentication should be done based on the Local Database. Only allow SSH connection to the VTY lines. Create a user sshuser with a password of ccie. Email: khawarb@khawarb.Lab 2 – SSH Management Access (Builds on Lab1) Task 1 Enable SSH on R2. Non-ssh Telnets should not be allowed. Configure R2 with local authentication on the vty lines. Copyrights Netmetric Solutions 2006-2010 Website: http://www.com. Make sure of it.com ! crypto key generate rsa usage-keys ! aaa new-model ! username sshuser password ccie ! aaa authentication login l-authen local aaa authentication login no-authen none ! line con 0 logging synchronous login authentication no-authen line aux 0 login authentication no-authen line vty 0 15 login authentication l-authen transport input ssh Note: Use ssh –l sshuser –c des 192. No authentication should be done on the aux and console lines.2 to test the configuration from R3.com 117 of 230 .

R2 should watch the traffic and if it does not complete the TCP handshake in 10 seconds. it should drop the packets.0.0.com 118 of 230 .0.0.netmetric-solutions.Lab 3 – IP TCP Intercept (Builds on Lab 2) Task 1 The Web Server is getting overwhelmed by syn-attacks.80. The router should only do it if the traffic is destined for the Web Server at 2.com.80 eq www ! Ip tcp intercept mode watch Ip tcp intercept watch-timeout 10 Ip tcp intercept list 161 Copyrights Netmetric Solutions 2006-2010 Website: http://www. R2 Access-list 161 permit tcp any host 2. Email: khawarb@khawarb.

Email: khawarb@khawarb.com.exe*" match protocol http url "*default.exe*" match protocol http url "*root.exe” “default.ida” Using NBAR classify the traffic on the inbound on S 0/0. You would also like to block P2P file transfer program like KaZaa.exe” “root.com 119 of 230 .netmetric-solutions. Drop the classified traffic.mpeg” match protocol gnutella file-transfer “*.mpeg files.Lab 4 – Blocking Attacks using NBAR (Builds on Lab3) Task 1 R3 is under the Code Red attack from R2.ida*" match protocol fasttrack file-transfer “*. BearShare and LimeWire. The footprint has the following url’s: “cmd. Grokster. R3 Ip cef class-map match-any ABC match protocol http url "*cmd. You only want to block .mpeg” ! policy-map Attacks class ABC drop ! interface S0/0 service-policy input Attacks Copyrights Netmetric Solutions 2006-2010 Website: http://www.

1.100.Lab 5 – IP Source Tracker (Builds on Lab4) Task 1 Host 192.12.com. Email: khawarb@khawarb. The syslog server is located at 192.netmetric-solutions.100 Copyrights Netmetric Solutions 2006-2010 Website: http://www.12. Configure R1 to keep track of incoming packets with their source addresses.12. You need to find out the IP address of the attacker so you can instruct the ISP to block this address. track the amount of traffic generated from the source and report it to a syslog server every 6 hours.25 is under a DoS service attack.25 Ip source-track syslog-interval 360 Logging on Logging 192.1. R1 Ip source-track 192.com 120 of 230 .1.1.12.

255.0 0.255.15.com 121 of 230 . Make sure the packet is permitted only if the packet has been received by the same interface the router would use to route the traffic.255 any log Access-list 105 deny ip 192.netmetric-solutions.0.2 interface.2 Ip verify unicast source reachable-via rx allow-default 106 Copyrights Netmetric Solutions 2006-2010 Website: http://www. All attacks must be logged.Lab 6 – IP Spoofing (Builds on Lab5) Task 1 Block any RFC 1918 and the loopback address coming into R2 from the F 0/0.0 0.255.255 any log Access-list 105 permit ip any any Int Fa0/0.255 any log Access-list 105 deny ip 172.0 0.255.0. all the other traffic should not be logged.16.255 any log Access-list 105 deny ip 127.255.2 to log when this event occurs including the input interface in the logs. R2 Access-list 105 deny ip 10. a default route can be taken into consideration as a valid entry.0.com.255. Email: khawarb@khawarb.2 ip access-group 105 in Task 2 Use uRPF to prevent IP spoofing and drop any traffic received that does not have a corresponding entry in its routing table.0.0.168. Configure R2 Fa0/0.0 0.0.0. R2 Ip cef Access-list 106 deny ip any any log-input Int Fa0/0.

com. drop it.netmetric-solutions. Rate limit this traffic to a maximum of 256 kbps. Also prevent R3 from being a reflector in any future Smurf Attack R3 access-list 130 permit icmp any any echo access-list 130 permit icmp any any echo-reply ! Interface Fa0/0 Rate-limit input access-group 130 256000 8000 8000 conform-action transmit exceedaction drop Copyrights Netmetric Solutions 2006-2010 Website: http://www. Email: khawarb@khawarb.com 122 of 230 .Lab 7 – Preventing Smurf Attack using CAR (Builds on Lab 6) Task 1 R3 is under a Smurf Attack (DoS) from the traffic entering F0/0. a normal burst size of 8000 Bytes and an excess burst size of 8000 Bytes any traffic transmission above this rates.

Email: khawarb@khawarb.Lab 8 – Port Security with Voice Vlan (Builds on Lab 7) Task 1 Ciso 7960 IP phones are connected to SW1 f0/18 along whit a desktop PC. The IP phone belongs to vlan 29 and the desktop belongs to vlan 30. This mac# should be learned dynamically and must be updated to the running config. the switch should place the ports in errdisable state. Also ensure that only 1 mac# is learnt from the IP phone. Ensure that only one mac address is learnt from the desktop pc. In case of a violation. SW1 Interface Fa 0/18 Switchport mode access Switchport voice vlan 29 Switchport access vlan 30 Switchport port-security Switchport port-security maximum 2 Switchport port-security maximum 1 vlan voice Switchport port-security maximum 1 vlan access Switchport port-security mac-address sticky Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com.com 123 of 230 ..

Module 9 – IOS Services Copyrights Netmetric Solutions 2006-2010 Website: http://www.com.com 124 of 230 .netmetric-solutions. Email: khawarb@khawarb.

4.0 255.2 Subnet Mask 255.12.1 Subnet Mask 255.1.23.255.netmetric-solutions.255.0 255.168.255.4 Subnet Mask 255.4.0.0 IP Address 10.255.0.0.12.2 192.0 Copyrights Netmetric Solutions 2006-2010 Website: http://www.1.3 Subnet Mask 255.255.0 255.255.1.255.1 192. Email: khawarb@khawarb.255.0.1.0 255.255.255.1.Lab 1 – GRE with RIP Physical Layout R1 Loopback 0 E 0/0 E 0/0 E 0/0 R2 Loopback 0 S 0/0 S 0/0 R4 Loopback 0 R3 Interface IP Address Configuration R1 Interface Loopback 0 E 0/0 R2 Interface Loopback 0 E 0/0 S 0/0 R3 Interface Loopback 0 S 0/0 R4 Interface Loopback 0 E 0/0 Interface Configuration IP Address 4.255.0 IP Address 2.com.2 192.255.12.1 192.255.0.255.com 125 of 230 .1.0.0 IP Address 192.2.2.4 192.23.0 255.

0.1.0.255. R1 and R3 should point towards R2 (ISP) as the default gateway R1 ip route 0.1.0.23.0 ! ! interface Serial0/0 interface Ethernet0/0 ip address 192.netmetric-solutions.255.4.1.4 255.com 126 of 230 .12.1 255.255.0 ! interface Ethernet0/0 ip address 192.R1 interface Loopback0 ip address 10.1 255.12.255.0.2 255.1. It is simulating the Internet.1.1 255.2 302 broadcast no frame-relay inverse-arp no shutdown Task 1 R2 is the ISP Router.4.0 ip address 4.1.2 255.0.com.255.0.255.4 255.168.0.3 255.0.0.1.0.23.0 ip address 192.2 255.0 ! interface Ethernet0/0 ip address 192.255.0 192.23.0 encapsulation frame-relay no shutdown frame-relay map ip 192.12.255.2 Task 2 Configure a GRE Tunnel from R1 to R3.0 0.0.0.23.255. Email: khawarb@khawarb.255.12.2.1.23.1. R3 ip route 0. The GRE Tunnel should be Authenticated.0.0.0.0 no shutdown ! interface Serial0/0 ip address 192.0 192.255.0.0 0.1.2 R1 R3 Copyrights Netmetric Solutions 2006-2010 Website: http://www.0 no shutdown R2 interface Loopback0 ip address 2. Use a RFC 1918 network for the Tunnel Interface.3 203 broadcast no frame-relay inverse-arp no shutdown R4 R3 interface Loopback0 interface Loopback0 ip address 192.255.2.0 encapsulation frame-relay frame-relay map ip 192.

1 tunnel destination 192.1.0 no auto-summary R3 router rip version 2 network 172.1 tunnel key 1234 You want to RIP as a routing protocol over a GRE tunnel so that the Private networks of the company are seen on R1 and R3.1.16.0 no auto-summary Copyrights Netmetric Solutions 2006-2010 Website: http://www.1.0.0.0 network 172. Email: khawarb@khawarb.12.3 tunnel key 1234 Task 3 interface Tunnel13 ip address 172.255.12.0.com. R1 router rip version 2 network 10.0 network 192.16.168.0.0.23.3 tunnel destination 192.255.16.0.0 tunnel source 192.3 255.interface Tunnel13 ip address 172.16.0 tunnel source 192.netmetric-solutions.23.1.com 127 of 230 .1 255.1.0.0.

0 0.1 195.1.1.255.1 to connect to the Internet.168.255.1.1.1.0.255.1 and 195.com.255. The GRE Tunnel would route these packets. although not all of them at the same time.1. Email: khawarb@khawarb.1. (195.1.0 ip nat inside source list 121 pool DP ! interface Loopback0 ip nat inside ! interface Ethernet0/0 ip nat outside R2 ip route 195.0 255.0/8 network going towards the internet to get translated based on this pool.0 0. R1 wants to use this address range in NAT as it has more than 254 hosts connecting to the Internet.255.com 128 of 230 .1 Task 2 ISP (R2) only assigns R1 2 IP’s.0.1.1.255.0 0.255.0.0 ip nat inside source list 121 pool PAT overload ! access-list 121 deny ip 10.1.0 No ip nat inside source list 121 pool DP ! ip nat pool PAT 195.0.1 195.1.1.2).255.255.0.255.1. Reconfigure the Pool to accommodate the change.254 netmask 255.1.0/24) assigned to R1 by the ISP.0 192.0 0.255 any Copyrights Netmetric Solutions 2006-2010 Website: http://www. R1 access-list 121 permit ip 10.1.255 192.255.0.0.1 netmask 255.0 Network behind R1 into a range of Class C address (195.255.255.0.1.1.0.255 access-list 121 permit ip 10.0.netmetric-solutions.1.1.1.1.1.0. Configure the router to NAT the 10.12.254 netmask 255.1.0.Lab 2 – NAT (Builds on Lab 1) Task 1 Translate the 10. R1 should not translated packets going from 10.0.1. R1 should use 195.0.0.1 195.0 network to 192.255 any ! ip nat pool DP 195. R1 No ip nat pool DP 195.168.255.

netmetric-solutions.0.0 secondary ! ip nat inside source static 10.80.80 255.com 129 of 230 . The internal web server is at 10.1.0.0.0.0.0.2 Copyrights Netmetric Solutions 2006-2010 Website: http://www. R1 interface Loopback0 ip address 10.0. Email: khawarb@khawarb.Task 3 R1 should use 195.2 for its Web Server so that people on the outside can access it.com.1.1.1.0.80 195.

com 130 of 230 .10 R3 ip dhcp excluded-address 192.1.255.168.168.168.1.netmetric-solutions. Email: khawarb@khawarb.1.com.255.1.168.168.8 default-router 192.168.1.168.1.1.0 255.Lab 3 –DHCP (Builds on Lab 2) Task 1 Configure R3 as a DHCP Server with the following parameters: IP ADDRESS : 192.168.1.6 192.168.168.1.0 netbios-name-server 192.1 lease 3 12 Task 2 Disable the DHCP server service on R1 R1 No service dhcp Copyrights Netmetric Solutions 2006-2010 Website: http://www.1.168.1.10 ! ip dhcp pool CCIE network 192. 192.1 LEASE TIME : 3 Days 12 hours Excluded addresses : 192.168.1 – 192.1.5 dns-server 192.168.1 192.168.5 DNS ADDRESS : 192.1.6.8 DEFAULT GATEWAY : 192.0 WINS ADDRESS : 192.1.

1.com 131 of 230 .netmetric-solutions. R1 exception dump 192.100 exception region-size 32768 exception protocol ftp Task 2 The router logs into the FTP Server using a username of ccie and a password of ccie. Set the Dump size to 32768.1. R1 ip ftp username ccie ip ftp password ccie Copyrights Netmetric Solutions 2006-2010 Website: http://www.12. Email: khawarb@khawarb.100.com.Lab 4 –Core Dump using FTP (Builds on Lab 4) Task 1 Configure R1 to send a Core Dump to a FTP Server located at 192.12.

12 Standby 1 priority 200 Standby 1 preempt Standby 1 authentication ccie R2 Interface E 0/0 Standby 1 ip 192.12.com 132 of 230 .12 as the Standby address.1. Configure a authenticated HSRP connection between the routers.12.1.1.com. R1 should be the Active router and R2 should be the Standby router. Set the Priority for R1 as 200.12. Use 192. Email: khawarb@khawarb.Lab 5 – HSRP (Builds on Lab 4) Task 1 Configure HSRP between R1 and R2 on the Ethernet segment. R1 Interface E 0/0 Standby 1 ip 192.12 Standby 1 authentication ccie Copyrights Netmetric Solutions 2006-2010 Website: http://www. Make sure R1 is the Active router whenever it is up.netmetric-solutions. Use ccie as the password.

1.2.0.Lab 6 – IP Accounting (Builds on Lab 5) Task 1 R1 has a web server located at 10. Email: khawarb@khawarb.1.2 0.1.0 ! Interface E 0/0 Ip accounting Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.1.080 which was translated to 195.0.com 133 of 230 . R1 Ip accounting-list 195.com.0. Turn on IP Accounting for this translated address.

2.2.com 134 of 230 .2.2. Email: khawarb@khawarb.2.2 ! Ip forward-protocol udp mobile-ip Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com.Lab 7 – Broadcast Management (Builds on Lab 6) Task 1 Configure R2 F0/0 to forward incoming Mobile IP registration broadcasts to the server 2. R4 Interface F 0/0 Ip helper-address 2.

com 135 of 230 .com. Email: khawarb@khawarb. R3 Ip drp server Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.Lab 8 – Distributed Director Server Redirect (Builds on Lab 7) Task 1 A Distribute Director Server is installed on your network. Enable R3 to respond to these queries.

0 as a destination segment.0.0.com 136 of 230 .23.Lab 9 – Web Cache Communication Redirect (Builds on Lab 8) Task 1 A Web Caching System will be installed on R4 E0/0. R1 Access-list 101 deny ip any 192. Configure R1 to redirect any traffic going out through its E0/0 with the exception of 192. WCCP will be using version 1.1.23.255 Access-list 101 permit ip any any Ip wccp version 1 Ip wccp web-cache redirect-list 101 Interface E0/0 ip wccp web-cache redirect out Copyrights Netmetric Solutions 2006-2010 Website: http://www.0 0.netmetric-solutions.1. Email: khawarb@khawarb.com.

12.1. Configure R2 such that any traffic received on S0/0 destined to this new loopback 1 should be sent sent to R1's F0/0.com.1 ! Route-map PBR permit 10 match ip address 115 set ip precedence critical set ip next-hop 192.1.2 Copyrights Netmetric Solutions 2006-2010 Website: http://www. R1 Interface Loopback1 ip address 192.1.255 192.com 137 of 230 .netmetric-solutions.1 R3 Ip route 192.1.255. Email: khawarb@khawarb.1 255.1.23.255.0 R2 Interface Serial0/0 ip address 192.Lab 10 – Traffic Engineering (Builds on Lab 9) Task 1 Configure R1's loopback 1 with the ip address of 192.255.1.1.1.1 255.0 ip policy route-map PBR Access-list 115 permit ip any host 192. It should also be marked with ip precedence 5.1.255.255.1 255.0.255.2 255.23.255.1.1. You are allowed to add a static route.2552.

Lab 11 – Logging Errors messages (Builds on Lab 10) Task 1 You are suspecting that R3 has some errors during during the nights because a night shift reported that they can't work at all. alerts and emergencies on R3 to the buffer. Configure the buffer size to be 16400 and add date and time to the logging messages including the order number of the messages.com.netmetric-solutions. so you decided to logging errors. R3 Logging on Logging count Service timestamps log datetime localtime msec Logging buffered 16400 errors Copyrights Netmetric Solutions 2006-2010 Website: http://www. critical.com 138 of 230 . Email: khawarb@khawarb.

R1 Time-range WEEK_TIME Absolute start 00:00 1 Apr 2009 end 23:59 31 dec 2009 periodic weekdays 7:00 to 17:00 ! access-list 171 deny tcp any any eq www time-range WEEK_TIME access-list 171 permit ip any any ! Interface F 0/0 Ip access-group 171 out Copyrights Netmetric Solutions 2006-2010 Website: http://www.Lab 12 – Time Range ACL (Builds on Lab 11) Task 1 Users behind R1 are not allowed to use www traffic towards the Internet (R2) during the week from 07:00 to 17:00. Email: khawarb@khawarb.com. The policy should go into affect on the first day of next month and should be in affect till the end of the year.com 139 of 230 .netmetric-solutions.

0/24 Lo 0 R4 E 0/0 E 0/0 R3 192.0/24 Lo 0 Task 1 Enable IPv6 routing on R1.1.34.netmetric-solutions.1.R2.23.com.0/24 S 0/0 Frame S 0/0 192. Assign IPv6 addresses to the E0/0 interface of the routers as follows: R1 – 2001:1:1:12::1 /64 R2 – 2001:1:1:12::2 /64 R3 – 2001:1:1:34::3 /64 R4 – 2001:1:1:34::4 /64 R1 ipv6 unicast-routing ! Interface F0/0 ipv6 address 2001:1:1:12::1/64 no shut R3 ipv6 unicast-routing ! Interface F0/0 ipv6 address 2001:1:1:34::3/64 no shut R2 Ipv6 unicast-routing ! Interface F0/0 Ipv6 address 2001:1:1:12::2/64 No shut R4 Ipv6 unicast-routing ! Interface F0/0 Ipv6 address 2001:1:1:34::4/64 No shut 140 of 230 Copyrights Netmetric Solutions 2006-2010 Website: http://www.com .12. R3 and R4.1. Email: khawarb@khawarb.Lab 13 – Configuring IPv6 with RIPng R1 Lo 0 E 0/0 E 0/0 R2 Lo 0 192.

Use a sun-interface on R2 and R3 for the Frame relay configuration.3 point-to-point ipv6 address 2000:1:1:23::2/64 frame-relay interface-dlci 203 R3 Interface S0/0 Encap frame-relay no shut ! Interface S 0/0.netmetric-solutions. Also allow R2 and R3 to ping their own IP addresses.2 point-to-point ipv6 address 2000:1:1:23::3/64 Copyrights Netmetric Solutions 2006-2010 Website: http://www.com.com R2 Interface Loopback 0 ipv6 address 2000:2:2:2::/64 eui-64 R4 Interface Loopback 0 ipv6 address 2000:4:4:4::/64 eui-64 141 of 230 . R2 Interface S0/0 Encap frame-relay No shut ! Interface S 0/0.Task 2 Configure the Loopback0 interface on all routers as follows: R1 – Loopback0 – 2000:1:1:1::/64 R2 – Loopback0 – 2000:2:2:2::/64 R3 – Loopback0 – 2000:3:3:3::/64 R4 – Loopback0 – 2000:4:4:4::/64 R1 Interface Loopback 0 Ipv6 address 2000:1:1:1::/64 eui-64 R3 Interface Loopback 0 Ipv6 address 2000:3:3:3::/64 eui-64 Task 3 Configure Frame-relay between R2 and R3 using the folloing IPV6 addresses: R2 – 2000:1:1:23::2/64 R3 – 2000:1:1:23::3/64 Ensure that the routers can ping each other’s serial interface. Email: khawarb@khawarb.

com.frame-relay interface-dlci 203 Task 4 Configure RIPng on all routers to route all loopbacks.netmetric-solutions. Loopback 0. Email: khawarb@khawarb. Loopback 0 R1 Interface Loopback 0 ipv6 rip CCIERS enable Interface E 0/0 ipv6 rip CCIERS enable R2 Interface Loopback 0 ipv6 rip CCIERS enable Interface S 0/0. Enable RIPng under the following interfaces: R1 – E 0/0.com 142 of 230 . S 0/0 R4 – E 0/0. S 0/0 R3 – E 0/0. Loopback 0 R2 – E 0/0.3 ipv6 rip CCIERS enable ! Interface E 0/0 ipv6 rip CCIERS enable R4 Interface Loopback 0 ipv6 rip CCIERS enable Interface E 0/0 ipv6 rip CCIERS enable R3 Interface Loopback 0 ipv6 rip CCIERS enable ! Interface S0/0 ipv6 rip CCIERS enable ! Interface S0/0.2 ipv6 rip CCIERS enable Copyrights Netmetric Solutions 2006-2010 Website: http://www. Loopback 0.

1.1.com 143 of 230 .1. Email: khawarb@khawarb.0/24 Lo 0 R4 E 0/0 E 0/0 R3 192.Lab 14 – Configuring OSPF V3 R1 Lo 0 E 0/0 E 0/0 R2 Lo 0 192.34.0/24 S 0/0 Frame S 0/0 192.netmetric-solutions.12. R1 Interface Loopback 0 No ipv6 rip CCIERS enable Interface E 0/0 No ipv6 rip CCIERS enable R2 Interface Loopback 0 No ipv6 rip CCIERS enable Interface S 0/0 No ipv6 rip CCIERS enable ! Interface E 0/0 No ipv6 rip CCIERS enable R4 Interface Loopback 0 No ipv6 rip CCIERS enable Interface E 0/0 No ipv6 rip CCIERS enable R3 Interface Loopback 0 No ipv6 rip CCIERS enable Interface S 0/0 No ipv6 rip CCIERS enable ! Interface E 0/0 No ipv6 rip CCIERS enable Copyrights Netmetric Solutions 2006-2010 Website: http://www.23.com.0/24 Lo 0 Task 1 Disable RIP NG on all routers on all interfaces.

3 ipv6 ospf 1 area 0 R4 ipv6 unicast-routing ! ipv6 router ospf 1 router-id 4.2 ! Interface Loopback0 ipv6 ospf 1 area 0 ! Interface E0/0 ipv6 ospf 1 area 0 ! Interface S 0/0.3.2 ipv6 ospf 1 area 0 Task 3 Ensure that the loopback interfaces are advertised with their correct mask.4 ! Interface Loopback0 ipv6 ospf 1 area 0 ! Interface E0/0 ipv6 ospf 1 area 0 R3 ipv6 unicast-routing ! ipv6 router ospf 1 router-id 3.2.1. Email: khawarb@khawarb.1.netmetric-solutions.com 144 of 230 .3. R1 Interface Loopback0 ipv6 ospf network point-to-point R2 Interface Loopback0 ipv6 ospf network point-to-point Copyrights Netmetric Solutions 2006-2010 Website: http://www.4.Task 2 Configure the routers in OSPFv3 area 0 and advertise their directly connected interfaces in this area R1 ipv6 unicast-routing ! ipv6 router ospf 1 router-id 1.4.3 ! Interface Loopback0 ipv6 ospf 1 area 0 ! Interface E0/0 ipv6 ospf 1 area 0 ! Interface S 0/0.com.2.1 ! Interface Loopback0 ipv6 ospf 1 area 0 ! Interface E0/0 ipv6 ospf 1 area 0 R2 ipv6 unicast-routing ! ipv6 router ospf 1 router-id 2.

R3 Interface Loopback0 ipv6 ospf network point-to-point R4 Interface Loopback0 ipv6 ospf network point-to-point Copyrights Netmetric Solutions 2006-2010 Website: http://www.com 145 of 230 .netmetric-solutions. Email: khawarb@khawarb.com.

netmetric-solutions.1.Lab 15 – Configuring IPv6 through a IPv4 Network using a Tunnel R1 Lo 0 E 0/0 E 0/0 R2 Lo 0 192.0/24 Lo 0 Task 1 Enable IPv6 routing on R1.12.0/24 S 0/0 Frame S 0/0 192. R3 and R4.com 146 of 230 .1.0/24 Lo 0 R4 E 0/0 E 0/0 R3 192.1.R2.23. Assign IPv6 addresses to the E0/0 interface of the routers as follows: R1 – 2001:1:1:12::1 /64 R2 – 2001:1:1:12::2 /64 R3 – 2001:1:1:34::3 /64 R4 – 2001:1:1:34::4 /64 R1 ipv6 unicast-routing ! Interface E0/0 ipv6 address 2001:1:1:12::1/64 no shut R3 ipv6 unicast-routing ! Interface E0/0 ipv6 address 2001:1:1:34::3/64 no shut R2 Ipv6 unicast-routing ! Interface E0/0 Ipv6 address 2001:1:1:12::2/64 No shut R4 Ipv6 unicast-routing ! Interface E0/0 Ipv6 address 2001:1:1:34::4/64 No shut Copyrights Netmetric Solutions 2006-2010 Website: http://www. Email: khawarb@khawarb.34.com.

Enable RIPng under the following interfaces: R1 – E 0/0.com 147 of 230 .Task 2 Configure the Loopback0 interface on all routers as follows: R1 – Loopback0 – 2000:1:1:1::/64 R2 – Loopback0 – 2000:2:2:2::/64 R3 – Loopback0 – 2000:3:3:3::/64 R4 – Loopback0 – 2000:4:4:4::/64 R1 Interface Loopback 0 Ipv6 address 2000:1:1:1::/64 eui-64 R3 Interface Loopback 0 Ipv6 address 2000:3:3:3::/64 eui-64 Task 3 Configure RIPng between R1 and R2. Email: khawarb@khawarb. Enable RIPng under the following interfaces: R3 – E 0/0. Loopback 0 R1 Interface Loopback 0 ipv6 rip CCIERS enable ! Interface E 0/0 ipv6 rip CCIERS enable Task 4 Configure RIPng between R3 and R4. Loopback 0 R4 – E 0/0.com. Loopback 0 R2 – E 0/0. Loopback 0 R3 Interface Loopback 0 ipv6 rip CCIERS enable ! Interface E 0/0 R4 Interface Loopback 0 ipv6 rip CCIERS enable ! Interface E0/0 R2 Interface Loopback 0 ipv6 rip CCIERS enable ! Interface E0/0 ipv6 rip CCIERS enable R2 Interface Loopback 0 ipv6 address 2000:2:2:2::/64 eui-64 R4 Interface Loopback 0 ipv6 address 2000:4:4:4::/64 eui-64 Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.

R2 Interface S0/0 Ip address 192.23. R2 Interface Tunnel 23 Ipv6 address 2000:23:23:23::2/64 Ipv6 enable Ipv6 rip CCIERS enable Tunnel source S 0/0 Tunnel destination 192.1.255.com.com 148 of 230 .3 255.netmetric-solutions.23.255.2 302 b No shut Copyrights Netmetric Solutions 2006-2010 Website: http://www.1.255.23.0 Encap frame-relay No frame-relay inverse-arp Frame-relay map ip 192. Enable RIPng on the Tunnel Interface.1.1.1.23.1.ipv6 rip CCIERS enable Task 5 ipv6 rip CCIERS enable Configure the Frame Relay link between R2 and R3 as an IPv4 Link on the 192. Email: khawarb@khawarb.3 203 b No shut Task 6 Create a Tunnel between R2 and R3 Assign it an IPv6 address of 2000:23:23:23::/64.0 Encap frame-relay No frame-relay inverse-arp Frame-relay map ip 192.23.255.23. Set the Tunnel Mode to IPv6.1.3 Tunnel mode IPV6IP No shut R3 Interface Tunnel 23 Ipv6 address 2000:23:23:23::3/64 Ipv6 enable Ipv6 rip CCIERS enable Tunnel source S 0/0 Tunnel destination 192.2 Tunnel mode IPV6IP No shut R3 Interface S0/0 Ip address 192.0/24 network.2 255.23.

123: 2001:1:1:14::1 /64 S0/0.com 149 of 230 .com.Lab 16 – Configuring IPv6 over Point-to-point and Multipoint with OSPFv3 R1 R4 Frame-Relay R2 R3 IP addressing and DLCI information Chart Routers R1 IP address S0/0. Email: khawarb@khawarb.netmetric-solutions.104: 2001:1:1:123::1 /64 S0/0: 2001:1:1:123::2 /64 S0/0: 2001:1:1:123::3 /64 S0/0: 2001:1:1:14::4 /64 Local DLCI 102 103 104 201 301 401 Connecting to: R2 R3 R4 R1 R3 R1 R2 R1 R2 R3 R4 Task 1 Copyrights Netmetric Solutions 2006-2010 Website: http://www.

R1 Ipv6 unicast-routing Int S0/0 Encapsulation frame-relay No frame-relay inverse No shut ! Int S0/0. R3 and R4 the spokes. Email: khawarb@khawarb. One of the two sub-interfaces must be configured to connect R1 to R4.123 multipoint Ipv6 address 2001:1:1:123::1/64 Frame-relay map ipv6 2001:1:1:123::2 102 broadcast Frame-relay map ipv6 2001:1:1:123::3 103 broadcast Frame-relay map ipv6 Link-Local Address for R2 Broadcast Frame-relay map ipv6 Link-Local Address for R3 Broadcast R2 Ipv6 unicast-routing Int S0/0 Ipv6 address 2001:1:1:123::2/64 Encapsulation frame No frame-relay inverse Copyrights Netmetric Solutions 2006-2010 Website: http://www. o Ensure R2 and R3 can ping each other.netmetric-solutions. and R4 = 2001:1:1:14::4 /64. This sub-interface must be configured to connect R1 to routers R2 and R3 using the following IP addressing: R1 = 2001:1:1:123::1 /64.14 point-to-point Ipv6 address 2001:1:1:14::1/64 Frame-relay interface-dlci 104 ! Int S0/0. R3 and R4 should not be configured with a sub-interface and these routers should NOT rely on Inverse-arp. This sub-interface should be configured in a point-to-point manner using the following IP addressing: R1 = 2001:1:1:14::1 /64. o The routers connecting to the frame-relay cloud should be configured in a hub and spoke.com 150 of 230 . R2 = 2001:1:1:123::2 /64 and R3 = 2001:1:1:123::3 /64. o The second sub-interface on R1 must be configured in a multipoint manner.com. with R1 being the hub and R2. o Routers R2.Configure the routers connected to the frame-relay cloud as follows: o R1 (The HUB) must be configured with two sub-interfaces.

com 151 of 230 .netmetric-solutions.com.Frame-relay map ipv6 2001:1:1:123::1 201 broadcast Frame-relay map ipv6 2001:1:1:123::3 201 Frame-relay map ipv6 Link-Local Address for R1 Broadcast No shut Exit R3 Ipv6 unicast-routing Int S0/0 Encapsulation frame Ipv6 address 2001:1:1:123::3/64 Frame-relay map ipv6 2001:1:1:123::1 301 broadcast Frame-relay map ipv6 2001:1:1:123::2 301 Frame-relay map ipv6 Link-Local Address for R1 Broadcast No frame-relay inverse No shut R4 Ipv6 unicast-routing Int S0/0 Encapsulation frame Ipv6 address 2001:1:1:14::4/64 Frame-relay map ipv6 2001:1:1:14::1 401 broadcast Frame-relay map ipv6 Link-Local Address for R1 Broadcast No frame-relay inverse No shut Task 2 Ensure that the loopback interfaces are advertised with their correct mask. Email: khawarb@khawarb. R1 Interface Loopback0 ipv6 ospf network point-to-point R3 Interface Loopback0 ipv6 ospf network point-to-point R2 Interface Loopback0 ipv6 ospf network point-to-point R4 Interface Loopback0 ipv6 ospf network point-to-point Task 3 Copyrights Netmetric Solutions 2006-2010 Website: http://www.

4 ! Interface Loopback0 ipv6 ospf 1 area 0 ! Interface S0/0 ipv6 ospf 1 area 0 ipv6 ospf network point-to-multipoint Copyrights Netmetric Solutions 2006-2010 Website: http://www.Configure the routers in OSPFv3 area 0 and advertise their directly connected interfaces in this area R1 ipv6 unicast-routing ! ipv6 router ospf 1 router-id 1. Email: khawarb@khawarb.com.14 ipv6 ospf 1 area 0 ! Interface S0/0.3.4.3 ! Interface Loopback0 ipv6 ospf 1 area 0 ! Interface S 0/0 ipv6 ospf 1 area 0 ipv6 ospf network point-to-multipoint R2 ipv6 unicast-routing ! ipv6 router ospf 1 router-id 2.com 152 of 230 .1 ! Interface Loopback0 ipv6 ospf 1 area 0 ! Interface S0/0.3.2.2.2 ! Interface Loopback0 ipv6 ospf 1 area 0 ! Interface S0/0 ipv6 ospf 1 area 0 ipv6 ospf network point-to-multipoint R4 ipv6 unicast-routing ! ipv6 router ospf 1 router-id 4.4.123 ipv6 ospf 1 area 0 ipv6 ospf network point-to-multipoint R3 ipv6 unicast-routing ! ipv6 router ospf 1 router-id 3.1.netmetric-solutions.1.

Module 10 – Quality of Service (QoS) Copyrights Netmetric Solutions 2006-2010 Website: http://www.com. Email: khawarb@khawarb.netmetric-solutions.com 153 of 230 .

255.0.3 192.12.Lab 1 – Frame Relay QoS R1 Lo 0 E 0/0 E 0/0 R2 Lo 0 192.0.1 192.1.3.255.2.23.1.34.1.255. Email: khawarb@khawarb. 0.12.0 IP Address 192.0 255.1.netmetric-solutions.2 192.com.255.0.255.2.1 Subnet Mask 255.0/24 Lo 0 R4 E 0/0 E 0/0 R3 192.3 3.0 255.0 255.0 Copyrights Netmetric Solutions 2006-2010 Website: http://www.2 Subnet Mask 255.1.255.12.0/24 Lo 0 R1 Interface Loopback 0 E 0/0 R2 Interface E 0/0 S 0/0 Loopback 0 R3 Interface S 0/0 E 0/0 Loopback 0 IP Address 192.0 255.com 154 of 230 .0/24 S 0/0 Frame S 0/0 192.255.23.23.1.0.1.255.255.3 Subnet Mask 255.3.1.0.0 255.255.34.1.2 2.1.0 IP Address 1.

4.4 192.0 encapsulation frame-relay ip ospf network point-to-point no shutdown Task 1 Run OSPF as the Routing protocol on all routers R1 router ospf 1 log-adjacency-changes network 0.12.34.4.0.255 area 0 R2 router ospf 1 log-adjacency-changes network 0.netmetric-solutions.0.1 255.0 R3 interface Loopback0 ip address 3.0 ! interface Ethernet0/0 ip address 192.1.1.255 area 0 Copyrights Netmetric Solutions 2006-2010 Website: http://www.34.0.255.23.0.255.2.0.0.255.R4 Interface Loopback 0 E 0/0 Interface Configuration R1 interface Loopback0 ip address 1.0 255.1.3 255.255.255.0.1.4 255.255.255.4 Subnet Mask 255.1.3 255.4.1.0.255.0 255.0 no shutdown R2 interface Loopback0 ip address 2.0 ! interface Ethernet0/0 ip address 192.255.1.0.4.255.255.com. Email: khawarb@khawarb.255.2.1.3.23.0.4 255.0 no shutdown IP Address 4.3.0 255.255.2 255.2 255.0 ! interface Ethernet0/0 ip address 192.34.0.3 255.0 ! interface Ethernet0/0 ip address 192.255.1.0.255.255.255.com 155 of 230 .0 no shutdown ! interface Serial0/0 ip address 192.12.1 255.2 255.0 encapsulation frame-relay ip ospf network point-to-point no shutdown R4 interface Loopback0 ip address 4.0.255.0 no shutdown ! interface Serial0/0 ip address 192.0.

make sure your throughput changes accordingly based upon BECNs received only and throttle down to 192000 bps upon the receipt of BECNs. your provider will mark any traffic in excess of 48kbps as discard eligible. During congestion.255. Bc.0 255.0.255.0. Email: khawarb@khawarb. The router should send at a rate of 384000 bps. Your token bucket interval is 125 ms. R1 Map-class frame-relay FRTS Frame-relay cir 384000 Frame-relay bc 48000 Frame-relay be 96000 Frame-relay mincir 192000 Frame-relay adaptive-shaping becn ! Interface s0/0 Frame-relay traffic-shaping Frame-relay class FRTS R3 Access-list 101 deny ospf any any Access-list 101 permit ip any any ! Frame-relay de-list 1 protocol ip list 101 ! Interface S 0/0 Frame-relay de-group 1 302 Copyrights Netmetric Solutions 2006-2010 Website: http://www. considering the following: Your interface speed is 768000 bps.255.com 156 of 230 .netmetric-solutions. Allow the Router to double the speed if it has tokens available. Be and MINCIR.com. Use a "map-class" to apply this feature to all PVCs.0 255.255.0. R2 Access-list 101 deny ospf any any Access-list 101 permit ip any any ! Frame-relay de-list 1 protocol ip list 101 ! Interface S 0/0 Frame-relay de-group 1 203 Task 3 Configure the R2 Frame Relay interface for rate limiting by configuring the parameters CIR.R3 router ospf 1 log-adjacency-changes network 0.0.255 area 0 Task 2 R4 router ospf 1 log-adjacency-changes network 0.255 area 0 Make sure that OSPF packets between R2 and R3 are not Discard Eligible.

255.0 0.255 4.netmetric-solutions.0.1.255 eq 443 ! Class-map match-all WEB Copyrights Netmetric Solutions 2006-2010 Website: http://www.0.0 0.0.0.Lab 2 – QoS using Class Maps (Builds on Lab1) Task 1 Configure R1 for Rate Limiting (Policing) for traffic originating from the 1.255.0.0. if it exceeds the CIR.0 should have a Precedence of 5 if it is within the CIR.255.com.255 any eq 20 ! Class-map match-all HTTP Match access-group 101 Class-map match-all FTP Match access-group 102 ! Policy-map CB-CAR Class HTTP Police 750000 Class FTP Police 400000 ! Interface E 0/0 Service-policy output CB-CAR Task 2 R2-R3 has a CIR of 512 and Peak CIR of 1544. R2 Access-list 103 permit tcp 192.255.0 0.com 157 of 230 .255.255 any eq 80 ! Access-list 102 permit tcp 1.255.0. it should be set with a Precedence of 1.255.0.0 0.255.0.0. the packet should be dropped.255 eq 80 Access-list 103 permit tcp 192. The rest of the traffic should to set to a Precedence of 3.0.0 0.12.12.0 networks towards Network 4.255 any eq 21 Access-list 102 permit tcp 1.0 0.255. If it exceeds the Peak. If it exceeds the CIR.0.255 4.0.0.0.1.0.255. set the DE bit on. Also.12.0. Configure R2 such that all HTTP and HTTPS traffic going from 192.0 network going towards the Ethernet segment using the following parameters: HTTP traffic should be limited to 750 kbps FTP traffic should be limited to 400 kbps R1 Access-list 101 permit tcp 1.0 0.1. Email: khawarb@khawarb.0.

netmetric-solutions.com 158 of 230 . R4 Ip cef Access-list 104 permit tcp any any eq 80 Access-list 104 permit tcp any any eq 443 ! Access-list 105 permit tcp any any eq 23 ! class-map Telnet match access-group 105 ! class-map WEB match access-group 104 ! policy-map QoS class Telnet priority percent 15 class WEB bandwidth percent 30 ! Interface E 0/0 Service-policy output QoS Task 4 Copyrights Netmetric Solutions 2006-2010 Website: http://www.com. Telnet traffic should use LLQ. Email: khawarb@khawarb.Match access-group 103 ! Policy-map SETPREC Class WEB Police cir 512000 pir 1544000 Conform-action set-prec-transmit 5 Exceed-action set-frde-transmit Exceed-action set-prec-transmit 1 Violate-action drop Class class-default Set precedence 3 Interface S 0/0 Service-policy output SETPREC Task 3 Configure R4 Ethernet interface for CB-WFQ using the following: HTTP and HTTPS traffic = 30% of the bandwidth Telnet Traffic = 15% of the bandwidth.

0 0.0.0.255.255.0.255. R2 Access-list 110 permit tcp any 1.Configure R1 Ethernet interface for QoS using the following criteria: Configure Policing such that HTTP downloading is policed at 100 kbps for *. Configure R3 such that all HTTP and HTTPS traffic going towads 1.255.com.0 network should have a minimum reserved bandwidth of 256 kbps and should be shaped to the average rate.255. FTP traffic towards the 1.255 eq 80 Access-list 110 permit tcp any 1. R1 class-map match-any FILES match protocol http url “*.gif*” match protocol http url “*.netmetric-solutions.0.jpg files.jpg*” ! policy-map FT-PMAP class FILES police 100000 ! Interface E 0/0 Service-policy input FT-MAP Task 5 R2-R3 has a Average CIR of 512 and Peak CIR of 1544.255 eq 21 ! Class-map match-all WEB Match access-group 110 ! Class-map match-all FTP Match access-group 111 ! Policy-map SHAPE Class WEB Bandwidth 256 Shape average 512000 Class FTP Bandwidth 56 Shape average 512000 Copyrights Netmetric Solutions 2006-2010 Website: http://www.255 eq 443 ! Access-list 111 permit tcp any 1.0.0.0 0.0.255 eq 20 Access-list 111 permit tcp any 1.0 network should have a minimum of 56Kbps reserved and should be shaped to Averate rate.gif or *.255.255.255.com 159 of 230 .0 0.0. Email: khawarb@khawarb.0.0 0.0.0.0.

netmetric-solutions. Email: khawarb@khawarb.com 160 of 230 .com.! Interface S 0/0 Service-policy output SHAPE Copyrights Netmetric Solutions 2006-2010 Website: http://www.

Lab 3 – QoS – CAR (Builds on Lab2) Task 1 There is a Server located at 192.230 range 4000 5000 ! Interface F0/0 Rate-limit output access-group 130 3000000 200000 300000 conform-action set-prec-transmit 5 exceed-action set-prec-transmit 0 Rate-limit output 800000 150000 300000 conform-action set-prec-transmit 0 exceed-action drop Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.230 with UDP ports ranging from 4000 to 5000.1. set the precedence to 5 and if it exceeds set the precedence to 1.com. Task 2 Transmit all other traffic with a rate of 800kbps with a normal burst of 150000 Bytes and a excess burst of 300000. If it conforms. R3 Access-list 130 permit udp any host 192. Email: khawarb@khawarb. If it conforms.34. drop the packet.com 161 of 230 .34. Configure the rate to 3Mbps with a normal burst size of 200000 Bytes and an excess burst size of 300000 Bytes. Configure CAR for outbound traffic on R3 going towards the server. set the precedence to 0 and if it exceeds.1.

0 network goes towards 192.netmetric-solutions.0.1.12.0. R2 Access-list 105 permit ip 192.1. Do NOT use policing or rate-limiting.34.255 192.0 0. Task 2 Reserve 128K for all other traffic leaving F0/0.1..34. Email: khawarb@khawarb.Lab 4 – QoS (Congestion Avoidance) (Builds on Lab3) Task 1 Configure R2 such that when 192. Reserve 256 kbps for this type of traffic.0. in case of congestion. Set the Precedence to 2.com 162 of 230 . the precedence should be set to 3.1. that these packets get dropped randomly.0 0. Make sure.0.12.com.0.255 Class-map 34-12 Match access-group 105 Policy-map QoS Class class-default Set ip precedence 2 Bandwidth 128 Random-detect Class 34-12 Set ip precedence 3 Bandwidth 256 ! Interface F0/0 Service-policy ouput QoS Copyrights Netmetric Solutions 2006-2010 Website: http://www.

1. 2 3.4 5.com.Lab 5 – Switch QoS (Builds on Lab3) Task 1 Configure SW1 to Map the CoS values to the wrr queues based on the following table on port F 0/16: CoS Value 0.netmetric-solutions.6 7 Wrr Queue 4 3 2 1 SW1 Mls qos ! Interface F 0/16 Wrr-queue cos-map 1 7 Wrr-queue cos-map 2 5 6 Wrr-queue cos-map 3 3 4 Wrr-queue cos-map 4 0 1 2 Task 2 Change the bandwidth ratio in each Queue on WRR for port F 0/16 using the following table: Bandwidth 10 15 25 50 Wrr Queue 4 3 2 1 SW1 Interface F 0/16 Wrr-queue bandwidth 50 25 15 10 Task 3 Configure SRR on Switch 2 such that F 0/11 port using the following parameters: Copyrights Netmetric Solutions 2006-2010 Website: http://www.com 163 of 230 . Email: khawarb@khawarb.

netmetric-solutions.com 164 of 230 .CoS Value 3. mark all Web traffic on that Vlan with flash on precedence. Sw1 . 6 2 . SW1 Mls qos Access-list 101 permit tcp any any eq www ! Interface F0/18 Switchport mode access Switchport access vlan 10 Class-map MATCH_TRAFFIC Mach ip access-group 101 Copyrights Netmetric Solutions 2006-2010 Website: http://www. Email: khawarb@khawarb.7 0. 3 and 4 should be shared with a ratio breakdown of 50 30 and 20 percentage respectively. It should used 12.1 5 Srr Queue 4 3 2 1 SW1 Mls qos srr-queu output cos-map queue 1 5 Mls qos srr-queu output cos-map queue 2 0 1 Mls qos srr-queu output cos-map queue 3 2 7 Mls qos srr-queu output cos-map queue 4 3 4 6 Task 4 Configure Shaping on the first queue.com. 4. Queues 2. SW1 Interface F 0/16 srr-queue bandwidth shape 8 0 0 0 srr-queue bandwidth share 8 50 30 20 Task 6 Traffic Classification on a Per-Port Per-VLAN Basis Using Class Maps (3550). Configure Sharing on the remaining queues.5% percent of the interface Bandwidth.port Fa0/18 is assigned to a VLAN_ID 10.

com 165 of 230 .netmetric-solutions. Email: khawarb@khawarb.com.! Class-map MATCH_VLAN Match VLAN 10 Match class-map MATCH_TRAFFIC ! Policy-map QoS Class MATCH_VLAN Set ip precedence 3 ! Interface F0/18 Service-policy inputt QoS Copyrights Netmetric Solutions 2006-2010 Website: http://www.

Email: khawarb@khawarb.com 166 of 230 .netmetric-solutions.com.11 – Multicasting Copyrights Netmetric Solutions 2006-2010 Website: http://www.

255.1.12.1.255.2 2.255.1 Subnet Mask 255.0.0.1.255.0 IP Address 10.2 Subnet Mask 255. Email: khawarb@khawarb.1.com.12.0 255.com 167 of 230 .255.0 255.0 255.2.255.0/24 R1 Interface E 0/0 S 0/0 Loopback0 R2 Interface S 0/0 E 0/0 Loopback0 Task 1 Configure PIM dense mode on the routers.2 10.12.2.2.0.0 255.1 1. R1 Ip multicast-routing Int E0/0 Ip pim dense-mode Int S0/0 Ip pim dense-mode R2 Ip multicast-routing Int E0/0 Ip pim dense-mode Int S0/0 Ip pim dense-mode IP Address 192.1.0.Lab 1 – Configuring Multicast Dense-mode S 0/0 S 0/0 R2 E 0/0 R1 Frame E 0/0 192.255.netmetric-solutions.1.2.0 Copyrights Netmetric Solutions 2006-2010 Website: http://www.1 192.1.255.

11.22. R1 Int E0/0 Ip igmp join-group 224.11 R2 Int E0/0 Ip igmp join-group 224.22 on the Ethernet interfaces.netmetric-solutions.22.22. Email: khawarb@khawarb.com.11.Task 2 Configure R1 to join the multicast group 224.22 Copyrights Netmetric Solutions 2006-2010 Website: http://www.11.22.11 and R2 to join the multicast group 224.com 168 of 230 .11.

0 255.255.1 Subnet Mask 255.0.2 Subnet Mask 255.12.1.2.0.0.0 IP Address 10.0.0 Network 1.2.12.0 Network 10.1.1.2. R1 Router RIP Version 2 No auto-summary Network 192.255.0/24 R1 Interface E 0/0 S 0/0 Loopback0 R2 Interface S 0/0 E 0/0 Loopback0 Task 1 Configure RIPv2 on both routers and advertise your directly connected interfaces.1.0 Copyrights Netmetric Solutions 2006-2010 Website: http://www.0.255.0.0 R2 Router RIP Version 2 No auto-summary Network 192.com.0.netmetric-solutions. Email: khawarb@khawarb.255.255.12.255.1 1.0 Network 2.1.2.2 10.0.255.12.12.255.1.com 169 of 230 .0.1.1 192.Lab 2 – Configuring Static-RP S 0/0 S 0/0 R2 E 0/0 R1 Frame E 0/0 192.0 255.2 2.0 IP Address 192.1.0 255.1.0 Network 10.0.0.0.0 255.

1. R1 Interface loopback0 Ip pim sparse-mode Ip multicast-routing Ip pim rp-address 1.com. Use the most reliable interface.11.12.netmetric-solutions.1.1 Copyrights Netmetric Solutions 2006-2010 Website: http://www.com 170 of 230 .Task 2 Configure R1 to be the RP for all groups.11. Email: khawarb@khawarb.1.3.11 Int F0/0 Ip pim sparse-mode Int S0/0 Ip pim sparse-mode R2 Ip multicast-routing Ip pim rp-address 1.53 R2 Int E0/0 Ip igmp join-group 224.1.1 Int F0/0 Ip pim sparse-mode Int S0/0 Ip pim sparse-mode Task 3 Have R2 E 0/0 to join the multicast group 224.

0/24 Lo 0 R1 Interface Loopback 0 E 0/0 R2 Interface E 0/0 S 0/0 Loopback 0 R3 Interface S 0/0 E 0/0 Loopback 0 IP Address 192.Lab 3 – Configuring Multiple RPs using Static-RP R1 Lo 0 E 0/0 E 0/0 R2 Lo 0 192.0.1 192.0. 0.1.1.0 IP Address 192.netmetric-solutions.255.255.255.0.23.1.3.0 255.255.255.2 Subnet Mask 255.255.34.12.3 Subnet Mask 255.1.1.2 2.2 192.1.0 IP Address 1.3. Email: khawarb@khawarb.com 171 of 230 .0 255.255.255.34.0 255.com.3 192.0/24 S 0/0 Frame S 0/0 192.0.2.255.2.0 255.1 Subnet Mask 255.0 Copyrights Netmetric Solutions 2006-2010 Website: http://www.3 3.1.23.1.12.12.1.0/24 Lo 0 R4 E 0/0 E 0/0 R3 192.0 255.255.0.23.1.

1.1 255.R4 Interface Loopback 0 E 0/0 Interface Configuration R1 interface Loopback0 ip address 1.2.255.4 Subnet Mask 255.0.0 Network 192.255.255.0.23. R1 Router RIP Version 2 No auto-summary Network 1.0 encapsulation frame-relay no shutdown Task 1 Configure RIP V2 on all routers and advertise all the directly connected networks.255.2 255.34.1.0.0.0.1.4 255.3.1.255.0 ! interface Ethernet0/0 ip address 192.0.0 no shutdown R2 interface Loopback0 ip address 2.0 no shutdown ! interface Serial0/0 ip address 192.0 255.0 encapsulation frame-relay no shutdown R4 interface Loopback0 ip address 4.1.0 Network 192.0.0 R3 interface Loopback0 ip address 3.netmetric-solutions.0 Network 192.0.0.0 no shutdown ! interface Serial0/0 ip address 192.0 R2 Router RIP Version 2 No auto-summary Network 2.4 255.3 255.23.0 no shutdown IP Address 4.255.1.4.34.0. Email: khawarb@khawarb.3.0 ! interface Ethernet0/0 ip address 192.12.12.1 255.1.0 ! interface Ethernet0/0 ip address 192.1.0.0 Copyrights Netmetric Solutions 2006-2010 Website: http://www.com 172 of 230 .23.0 ! interface Ethernet0/0 ip address 192.0.255.1.34.4.2 255.com.4.2.12.255.3 255.1.0.255.1.255.12.255.4 192.4.255.2 255.255.0.1.255.3 255.

4.1.4.1.1.4.1.4.0.com.1 10 Ip pim rp-address 4. 224.2 R3 Ip multicast-routing ! Ip pim rp-address 1.1. and R4 to be the RP for the groups 224.2 Task 3 Configure R1 Loopback 0 and R4 loopback to to join the following Multicast groups: R1 – 224.1 – 2.0.1.1.netmetric-solutions.1. 224.4.1.4.1.4.1.1. These two RPs should use their Loopback 0 interface for this purpose.com R2 Ip multicast-routing ! Ip pim rp-address 1.1. 224.1.0 Network 3.1.1 Access-list 10 permit 224.0 Task 2 R4 Router RIP Version 2 No auto-summary Network 192.1 Access-list 10 permit 224.1.1 – 2.4 20 ! Access-list 10 permit 224.2.0.2 ! Access-list 20 permit 224.4.0 Configure R1 to be the RP for Multicast groups 224.0 Network 192.4 20 ! Access-list 10 permit 224.1 10 Ip pim rp-address 4.4.1.1.1.34.2 ! Access-list 20 permit 224.0.23.1. Email: khawarb@khawarb.1. R1 Ip multicast-routing ! Ip pim rp-address 1.1.2 ! Access-list 20 permit 224.1 Access-list 20 permit 224.34.1.4.1 Access-list 20 permit 224.1.4.1.4.1.1 Access-list 10 permit 224.3 R4 – 224.4 20 ! Access-list 10 permit 224.4.2 R4 Ip multicast-routing ! Ip pim rp-address 1.2 173 of 230 .1 Access-list 10 permit 224.4.1.4.1.4.2.1.4.1 Access-list 20 permit 224.1.4.4.4.4.3 Copyrights Netmetric Solutions 2006-2010 Website: http://www.4.R3 Router RIP Version 2 No auto-summary Network 192.1.1 Access-list 20 permit 224.4.4.4 20 ! Access-list 10 permit 224.1.1.4. 224.1.4.4.4.1 10 Ip pim rp-address 4.1.1 10 Ip pim rp-address 4.1.4.0 Network 4.2 ! Access-list 20 permit 224.4.4.4.1.

4.com 174 of 230 .4. Email: khawarb@khawarb.com.netmetric-solutions.1.1.R1 Interface Loopback0 Ip igmp join-group 224.4.2 Ip igmp join-group 224.1.3 Configure PIM on the physical and loopback interfaces in such a way that all routers have access to all the multicast groups.1 Ip igmp join-group 224.1.3 Task 4 R4 Interface Loopback0 Ip igmp join-group 224.4.4.2 Ip igmp join-group 224.4. including the ones that are not configured for RP’s.1 Ip igmp join-group 224. R1 Interface E 0/0 Ip pim sparse-dense-mode ! Interface Loopback0 Ip pim sparse-dense-mode R3 Interface E 0/0 Ip pim sparse-dense-mode ! Interface S0/0 Ip pim sparse-dense-mode R2 Interface E 0/0 Ip pim sparse-dense-mode ! Interface S0/0 Ip pim sparse-dense-mode R4 Interface E 0/0 Ip pim sparse-dense-mode ! Interface Loopback0 Ip pim sparse-dense-mode Copyrights Netmetric Solutions 2006-2010 Website: http://www.1.1.

2 Subnet Mask 255.255.3 3.255.1.0 255.0.2 2.0.1 192.0.1.255.1.255.255.netmetric-solutions.0 Copyrights Netmetric Solutions 2006-2010 Website: http://www.255.3 192.0 255.3 Subnet Mask 255.23. 0.0 255.255.23.0/24 S 0/0 Frame S 0/0 192. Email: khawarb@khawarb.1.3.34.1 Subnet Mask 255.1.1.255.34.2 192.255.0 255.12.com.0 IP Address 1.2.1.Lab 4 – Configuring AUTO-RP with a Single RP R1 Lo 0 E 0/0 E 0/0 R2 Lo 0 192.com 175 of 230 .0.23.0 IP Address 192.255.1.0.1.2.1.0/24 Lo 0 R4 E 0/0 E 0/0 R3 192.3.0 255.12.12.0/24 Lo 0 R1 Interface Loopback 0 E 0/0 R2 Interface E 0/0 S 0/0 Loopback 0 R3 Interface S 0/0 E 0/0 Loopback 0 IP Address 192.

4.255.0 ! interface Ethernet0/0 ip address 192.255.0.4.4 255.1.3 255.255.0 255.0 encapsulation frame-relay no shutdown Task 1 Configure RIP V2 on all routers and advertise all the directly connected networks.0 Copyrights Netmetric Solutions 2006-2010 Website: http://www.1.0 Network 192.255.com 176 of 230 . R1 Router RIP Version 2 No auto-summary Network 1.1.0.23.4.1.2.0.com.0.255.4.1.0 Network 192.0.0 no shutdown ! interface Serial0/0 ip address 192.1.0 ! interface Ethernet0/0 ip address 192.255.12.1.0 R3 interface Loopback0 ip address 3.1 255.3 255.34.0.0 encapsulation frame-relay no shutdown R4 interface Loopback0 ip address 4.23.255.255.23.0.4 255.0.4 Subnet Mask 255.0 ! interface Ethernet0/0 ip address 192.34.0 R2 Router RIP Version 2 No auto-summary Network 2.0 ! interface Ethernet0/0 ip address 192.1 255.2 255.1.12.255.0 no shutdown R2 interface Loopback0 ip address 2.0.R4 Interface Loopback 0 E 0/0 Interface Configuration R1 interface Loopback0 ip address 1.0.3.34.netmetric-solutions.255.2 255.2.1. Email: khawarb@khawarb.0.2 255.255.12.0.0.0 no shutdown ! interface Serial0/0 ip address 192.3.255.1.3 255.1.255.12.0.1.0 Network 192.255.0 no shutdown IP Address 4.4 192.

Email: khawarb@khawarb.23.com 177 of 230 .R3 Router RIP Version 2 No auto-summary Network 192.3.3.3.3. All multicast routers should be able to ping all R3 multicast routes.34. Loopback0).0.3.1 and 224.1.com.0 Network 192. S0/0) and R3 (S0/0. Configure R2 Loopback0 to be the RP for multicast groups 224.2 ! Ip pim send-rp-announce loopback0 scope 5 group-list 1 interval 10 Ip pim send-rp-discovery scope 5 ! Interface S0/0 Ip pim sparse-mode ! Interface E0/0 Ip pim sparse-mode R1 Ip multicast-routing Ip pim autorp listener ! Interface loopback 0 Ip pim sparse-mode ! R3 Ip multicast-routing Ip pim autorp listener ! Interface S0/0 Ip pim sparse-mode Copyrights Netmetric Solutions 2006-2010 Website: http://www.3.0. E 0/0).1 access-list 1 permit 224.3. R2 (E0/0.0.0 Configure IP Multicast Sparse Mode on R1 (Loopback0.3.netmetric-solutions.3.2 on the Loopback 0 interface.3.0 Network 3.34.0. R3 should join the multicast groups 224.0 Task 2 R4 Router RIP Version 2 No auto-summary Network 192. Ensure that is sends its RP-announcements every 10 seconds with a TTL of 5.1 and 224. R2 Interface loopback 0 Ip pim sparse-mode Ip multicast-routing Ip pim autorp listener ! access-list 1 permit 224. Do not configure any Static RP on any router.1.0 Network 4.1.3.3.2 only.

com.Interface E0/0 Ip pim sparse-mode ! Interface Loopback0 Ip pim sparse-mode Ip igmp join-group 224.netmetric-solutions.3.2 Copyrights Netmetric Solutions 2006-2010 Website: http://www.3.com 178 of 230 . Email: khawarb@khawarb.1 Ip igmp join-group 224.3.3.

13.13.13 and 224.3.com 179 of 230 .13.3.33. limit the bandwidth of the multicast traffic sent to group 224.Lab 5 – Configuring Multicast Rate-Limiting (Builds on Lab 4) Task 1 On R1.com.1 on E0/0 to 4 Mbps and traffic sent to group 224.2 to 1 Mbps R1 Access-list 5 permit 224. SW1 Ip igmp filter ! Ip igmp profile 1 Permit Range 224.3.13.2 ! interface E 0/0 ip multicast rate-limit out group-list 5 4000 ip multicast rate-limit out group-list 6 1000 Task 2 Only all IGMP join messages coming into F 0/15 on SW1 for the Multicast groups 224.3. Email: khawarb@khawarb.netmetric-solutions.33 interface F 0/15 ip igmp filter 1 Task 3 Block all Multicast traffic coming into interface F 0/18 SW1 interface F 0/18 switchport block multicast Copyrights Netmetric Solutions 2006-2010 Website: http://www.13.3.3.1 Access-list 6 permit 224.13.13.13 Range 224.13.3.3.

Email: khawarb@khawarb. Both don’t support multicast traffic.1.4 and send this traffic to R3 S0/0.netmetric-solutions.4 100 R3 Ip forward-protocol udp 2305 ! access-list 100 permit udp any any eq 2305 ! int S 0/0 ip multicast helper-map 224. Translate it to broadcast so that clients on E0/0 segment of R3 can receive it properly.com 180 of 230 . Translate the broadcast traffic to multicast address 224.0. Configure R2 to receive the traffic from server E0/0.com.1.0.Task 4 There is a server On R2 E0/0 and Clients on R3 E0/0.255 100 ! Int E0/0 Ip directed-broadcast Copyrights Netmetric Solutions 2006-2010 Website: http://www.0. Server is sending broadcast traffic to the clients on destination port UDP port 2305.34. R2 Ip forward-protocol udp 2305 ! access-list 100 permit udp any any eq 2305 ! Int E0/0 ip multicast helper-map broadcast 224.4 192. You are required to send this broadcast as multicast traffic for this application from R2 to R3 to avoid congestion on the intermediate link. Configure R3 to receive multicast traffic from R2.1.1.

15.100) BB2 R6 (.1) R1 E 0/0.4) S 0/0.111.2 (.2) S 0/0 (.1.21) (.Super Lab – I Physical Connections and IP Addressing BB1 (.com.1.234.1.1 (.1 (.com 181 of 230 .1.0/24 192.100) R3 E 0/0.1.1 (.1.0/24 E 0/0 (.netmetric-solutions.1.5) 192.0/24 VLAN 26 192.3) 192.45.1.26.0/24 VLAN 11 R2 E 0/0 (.1 (.9) 192.5) R5 F0/0.20) E 0/0.36.0/24 VLAN 111 192.6) E 0/0.234 (.2 (.2 (.0/24 VLAN 3 (.1.21) SW1 SW2 Copyrights Netmetric Solutions 2006-2010 Website: http://www.11.6) E 0/0.1 (.3) S 0/0 (.3.14. Email: khawarb@khawarb.4) R4 S 0/0.0/24 VLAN 45 E 0/0 (.0/24 VLAN 36 S 0/0 (.2 (.1) 192.4) 192.0/24 VLAN 15 10 F 0/0.2) Frame Relay 192.3) E 0/0.

1.1 F 0/0.1 F 0/0.1.45.5 / 8 192.1.3.5.1.1.1.2.1.11.14.234.3/24 3.5/24 192.234.1.4/24 192.36.3.4/24 4.1.1.4/24 192.2 Loopback 0 R6 F 0/0.21/24 Copyrights Netmetric Solutions 2006-2010 Website: http://www.2 Loopback 0 R4 F 0/0 S 0/0.1.6.3/24 192.234 S 0/0.45.26.3.1/24 1.3.1 F 0/0.1.4/8 192.6/24 6.5/24 5.1.5.1.20/24 192.6.com 182 of 230 .234.2/8 192.6/24 192.1.1 Loopback 0 R5 F 0/0.4. Email: khawarb@khawarb.3/8 192.1.3/24 192.1 /8 192.4.26.15.2 Loopback 0 SW1 SW2 VLAN 3 VLAN 3 VLAN 111 IP Address 192.2.36.netmetric-solutions.6/8 192.111.IP Addressing Device R1 Port F 0/0 Loopback 0 R2 F 0/0 S 0/0 Loopback 0 R3 S 0/0 F 0/0.2/24 192.com.1.3.2/24 2.21/24 192.1.

Email: khawarb@khawarb.com.RIP V2 Configuration R5 R3 BB1 SW1 OSPF Configuration R5 Area 0 R4 Area 10 R1 R2 Area 100 R6 R3 R6 Area 50 BB2 SW2 Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com 183 of 230 .

netmetric-solutions. Email: khawarb@khawarb.EIGRP Configuration R1 AS 100 BB2 BGP Configuration R5 AS 345 R4 AS 2 R2 R3 AS 1 R1 AS 65500 R6 SW2 AS 21 Copyrights Netmetric Solutions 2006-2010 Website: http://www.com.com 184 of 230 .

Secure VTP with a password of CCIERS.3 – Port Fast with Macros (2 Point) Add any 2 unused ports to VLAN 26. Define an interface-range with all ports that are part of VLAN 26 except for any trunk ports. Only allow appropriate VLANs to cross the trunk 1.4 – SPAN (3 Point) There is a Traffic Analyzer connected to port 10 on Switch 1.5 – MST (3 Point) Copyrights Netmetric Solutions 2006-2010 Website: http://www. Define a Smart Macro that sets the ports in VLAN 26 to Access mode and turns on Port Fast on them. Configure Switch 1 as the VTP Server in a VTP Domain of CCIE. Set the encapsulation as Dot1q.com.2 – VLAN Creation and Assignment (2 Point) Create the following VLANs with the appropriate names: o VLAN 3 – Name : VLAN_03 o VLAN 11 – Name : VLAN_11 o VLAN 15 – Name : VLAN_15 o VLAN 26 – Name : VLAN_26 o VLAN 36 – Name : VLAN_36 o VLAN 45 – Name : VLAN_45 o VLAN 111 – Name : VLAN_111 Assign the appropriate ports to the appropriate VLANs based on the Diagram. Email: khawarb@khawarb.Section 1 – Layer 2 (20 points) 1.com 185 of 230 . 1.netmetric-solutions.1 – Trunking (3 Point) Configure all the ports that connect switches together as Trunk ports. 1. Send a copy of all traffic received on VLANs 15 and 26 to the Traffic Analyzer. 1. Configure the rest of the Switch(s) as VTP Client(s) in the CCIE VTP Domain.

These routers must authenticate each other before they can communicate.netmetric-solutions. 36. Do not rely on inverse ARP for frame relay mappings. 1. R3 and R4 should be configured in a hub-n-spoke configuration.Configure Multi-instance of Spanning Tree on the switches as follows: o o o o o o o The name of this configuration should be CCIE The revision number should be 1 Instance 1 should handle VLANs 3 . You cannot create sub-interfaces on R2 and R3. 11 and 15 Instance 2 should handle VLANs 26 .7 – Frame Relay (3 Point) Configure frame relay to connect R1.8 – Frame Relay Authentication (2 Point) Ensure that R1 and R4 use CHAP authentication using Cisco as the password.com. R4 being the hub and R2 and R3 being spokes. 1. R2.6 – Controlling Multicast and broadcast Traffic (2 Point) Configure F0/1 on SW1 such that the maximum amount of bandwidth utilization for broadcast traffic is 40% and 50% for Multicast traffic. R2. R2 should be able to ping R3 and vice versa. 45 and 111 All future VLANs should use instance 0 SW1 should be the root bridge for the first instance SW2 should be the root bridge for the second instance 1. You can create 2 sub-interfaces on R4. All routers should be able to ping their local frame relay interface. R3 and R4 based on the Diagram. Copyrights Netmetric Solutions 2006-2010 Website: http://www. Email: khawarb@khawarb.com 186 of 230 .

2. Disable auto-summary. Create the following loopback on Switch 1: o Loopback 15: 15.15.0 network range. Configure R3 and Switch 1 such that SW2 does not see RIP traffic.15/8 Advertise the Loopbacks on R3 and Switch 1 under RIP V2. 2. Do the filtering on R5.X. Email: khawarb@khawarb. BB2 has been configured with a key # 1 with a key-string of cisco.3 – Route Filtering using RIP (2 Points) Deny all networks that have an even number in the 195. Advertise the Loopback network on R5 in RIP.2 – RIP Authentication (2 Points) Configure R5 to authenticate with BB1. Use the most secure authentication mechanism.1.4 – Configuring EIGRP (2 Points) Configure EIGRP on R1 in AS 100 to communicate with BB2. BB1 has been configured with a Key # of 1 and key-string of cisco. 2. Copyrights Netmetric Solutions 2006-2010 Website: http://www.5 – EIGRP Authentication (2 Points) Authenticate the EIGRP connection with BB2.com 187 of 230 . 2. Use a password of ccie with a key # of 1. Configure authentication between R3 and the Switch.15. Configure RIP V2 between R3 and Switch 1. Don’t advertise the Loopback network in EIGRP.1 – Configure RIP Version 2 (3 Points) Configure RIP V2 on R5 to communicate to BB1 which is already configure with RIP V2.com. Use minimum number of lines possible to accomplish this task.netmetric-solutions.Section 2 – IGP (30 points) 2.

22 R3 – 33.22.21. 2.7 – Configuring OSPF Virtual Links (4 Point) Configure Virtual Links on the appropriate routers to connect Area 50 to Area 0. Use Message Digest as the authentication Mechanism.21 2.21.com 188 of 230 . Do not use the IP OSPF Network Broadcast command on R2. Make sure the route appears on R4 with the proper mask and not a host mask Configure the appropriate interfaces on SW2 and R1 in Area 50. Use ccie as the key with a key id of 1.55. Use ccie as the key with a key id of 1.11.com. R3 and R6 to accomplish this task. Advertise the Loopback addresses on R2. R3 and R4 and also between R2 and R6. 2.55. Advertise the Loopback interface on R4 in Area 0.66. Email: khawarb@khawarb.55 R6 – 66. Advertise the Loopback interface on R1 in Area 10.66. Use Message Digest as the authentication Mechanism. Configure Authentication for the neighbor relationships between R2.6 – Configuring OSPF (4 Point) Configure OSPF between R4 and R5 in Area 0. Configure Authentication for OSPF routers in Area 10. Use the following as the router-ids: o o o o o o o R1 – 11. Use ccie as the key with a key id of 1. R6 and SW2 in Area 100.33.66 SW2 – 21.22.Use the most secure authentication mechanism.44 R5 – 55.netmetric-solutions. Copyrights Netmetric Solutions 2006-2010 Website: http://www. Hard code the router-id on all OSPF devices.33 R4 – 44.33. R3. R4. Configure OSPF between R1 and R4 in Area 10.11 R2 – 22.11. They should appear with the proper mask and the not a host mask. Make sure the route appears on R5 with the proper mask and not a host mask Configure OSPF between R2. Use Message Digest as the authentication Mechanism.44. R3 and R6 in Area 100.8 –OSPF Authentication (4 Point) Configure authentication for OSPF routers in Area 0.44. Make sure you provide full redundancy for your network.

only the even networks should be redistributed at the appropriate router.1/24 o Loopback 203: 206.1/24 o Loopback 202: 201.1.1/24 o Loopback 202: 206.14. Routes should be redistributed in such a way that OSPF adds the link cost at each router.1/24 o Loopback 204: 201.1.1/24 o Loopback 204: 206.0 routes learned from BB1.10 – Summarization (3 Point) Configure the following loopbacks on R1: o Loopback 201: 201. Configure the following loopbacks on R6: o Loopback 201: 206.1. All routers should have connectivity to this network. Create loopback 100 with an Ip address of 100.1.1.1/8 on Switch 1. All OSPF routers should have access to the EIGRP routes on R1.21.1/24 Advertise the newly created loopbacks under OSPF on R6. Don’t use the network command to accomplish this task.1.1/24 o Loopback 203: 201.1/24 Advertise the newly created loopbacks under EIGRP on R1. When redistributing the 200.1. These routes should be summarized on R4.1.20. 2. You are not allowed to redistribute EIGRP into OSPF.1.Configure Authentication on all virtual links. You are allowed to create a single static route on 1 router to accomplish this task.23.13.9 – Redistribution (4 Point) Mutually redistribute RIP and OSPF at the appropriate router. 2.15. Copyrights Netmetric Solutions 2006-2010 Website: http://www.1.1. Inject these routes into OSPF as well. You are allowed a create a single static route on a router to accomplish this task.1.22. Only send a summarized route into OSPF.com 189 of 230 . Email: khawarb@khawarb.com. These routes should be summarized towards BB2. Do not advertise this network in any routing protocol on Switch 1.netmetric-solutions.12.

Don’t use the network command to accomplish task The origin should be internal. Configure a EBGP neighbor relation between AS 345 and AS 1. Configure the neighbor relationship with redundancy in mind.1 –IBGP (3 Point) Configure the following Loopbacks: o R1 – Loopback 125: 125. Configure R1 in AS 1.2 – EBGP (3 Points) Configure a EBGP relationship between AS 2 and AS 345.2.com 190 of 230 .21/24 Configure R3.Section 3 – BGP (12 points) 3.21. R5 should not have a neighbor relationship with R3.1. Email: khawarb@khawarb. Advertise the Loopback 125 network in BGP on R2. Use R5 in AS 345 to set this relationship up.2/24 o R3 – Loopback 125: 125.6/24 o SW2 – Loopback 125: 125.2.netmetric-solutions. Authenticate this relationship Advertise the Loopback 125 network in BGP on R6.21.3.4/24 o R5 – Loopback 125: 125. 3.3/24 o R4 – Loopback 125: 125. Configure SW2 in AS 21. Configure the remote-as as 1000 for AS 1 on R4. All IBGP routers using the most secure authentication method.1.6. Use CCIE as the password.5.3.4.6.5/24 o R6 – Loopback 125: 125.1/24 o R2 – Loopback 125: 125. R4 and R5 in AS 345.com. Copyrights Netmetric Solutions 2006-2010 Website: http://www. Advertise the Loopback 125 networks on the appropriate routers.5.4. AS 345 sees AS 1 in AS 1000. Advertise the Loopback 125 network under BGP. Configure a EBGP relationship between AS 2 and AS 65500. Advertise the Loopback 125 network under BGP.

Copyrights Netmetric Solutions 2006-2010 Website: http://www.4.1/24 o Loopback 193: 199.1/24 o Loopback 194: 199.4 – Filtering Private AS number (2 Points) R2 should not send the Private AS number in the AS Path for route(s) from AS 65500 to AS 345.5. 3. Summarize these networks on R1.com 191 of 230 .1/24 Advertise these networks under BGP.1/24 o Loopback 192: 199. This route should get propagated in addition to the summary route.netmetric-solutions. 3. Do not use the AS-Path or Weight Attributes to accomplish this task. You can use a single command under the BGP Routing process to accomplish this task.3 – Route Aggregation (2 Points) Create the following loopback on R1: o Loopback 191: 199. 3.1.1.1.5.6. Configure AS 21 such that it uses AS 1 to get to AS 2 routes.7.0/24.Configure an EBGP neighbor relation between AS 21 and AS 345 based on the network diagram. Suppress the specific routes from getting propagated to BGP neighbors except for 199. Also configure an EBGP neighbor relation between AS 21 and AS 1 based on the network diagram.1.5 – Path Attributes (2 Points) Configure AS 345 such that it uses AS 21 to get to AS 1 routes. Email: khawarb@khawarb.1.com.

1 – Dot 1X Authentication (3 Points) Configure Ports F 0/13 – 18 on Switch 1 for Dot1X authentication. There is a web server located at 192.netmetric-solutions.2 – SSH Configuation (3 Points) Configure R3 such that remote management can only be done by SSH.15.com 192 of 230 .Section 4 – Security (8 points) 4. Configure a Local User SSHADMIN with a password of cciers. Copyrights Netmetric Solutions 2006-2010 Website: http://www. it should be put in VLAN 300. 4. 4. R5 should block access to this server during the Maintenance times. SSH authentication should be done based on the local database.3 – ACL Configuration (2 Points) Configure RFC 1918 filtering on R5 for anti-spoofing from the Frame cloud.25. Email: khawarb@khawarb. Also make sure packets with internal address as source addresses should not be allowed in. If the host does not support Dot1X authentication.3. Assign them to VLAN 250.com.1.100. Use cciers as the secret key. Do not use an ACL for this task. Authentication should be done based on a RADIUS Server located at 192. This should be in affect for the month of December. Only allow Remote Management from VLAN 3. This web server will be going down for Maintenance on Friday.1. Saturday and Sunday from 9:00 PM to 11:30 PM.

15.1 – IOS DHCP Server (3 Points) Enable R5 as a DHCP Server with the following information: o o o o o o IP ADDRESS : 192.1.1.6 DEFAULT GATEWAY : 192.1.15.0. Allow the outside user’s access to these servers using a common outside address of 192.81.1-192. Configure NAT on R1 to allow the 10.1.3 – NAT (3 Points) Configure a Loopback 10 on R1.10 5.1.0/24 WINS ADDRESS : 192.1. Assign it an address of 10.100. Do not create a pool to accomplish this.com 193 of 230 .0. 5. There is a DNS Server located at 10.0.4 – DRP (3 Points) R5 will be queried by Cisco DistributedDirector from the following IP Addresses: o 195.1.0.com.35 Enable the DRP Server Agent on R5 Only allow DRP Queries from the above listed DistributedDirector’s.2 – Core Dumps (3 Points) Configure R1 to send a Core DUMP to a FTP server located at 192.15. Email: khawarb@khawarb.7.15.1.0.1. R5 should be configured to authenticate the DistributedDirector with a key of ccie Copyrights Netmetric Solutions 2006-2010 Website: http://www.1/8.netmetric-solutions.80.0. There is a web server that will be installed at 10. Use CCIE as the Username to log into the FTP with a password of 12353.5 DNS ADDRESS : 192. 5.1 LEASE TIME : 6 Days Exclude-addresses : 192.1.15.0 network to access the rest of routers using S 0/0 interface address.5.Section 5 – IOS Services (12 points) 5. Set the Dump size to 32768.14.0.0.12.15 o 195.83.15.

R2 and R4 should be able to ping both Multicast groups.com 194 of 230 . R2 should be the RP for 224.4.4.1 – Configuring PIM Sparse Mode (3 Points) Configure VLAN 26 to receive and send multicast Traffic from and to VLAN 45.4.com.Section 6 – Multicasting (6 points) 6.4. Copyrights Netmetric Solutions 2006-2010 Website: http://www.2.2.2 and R4 to statically join the multicast group 224. Email: khawarb@khawarb. 6.2 – Configuring IGMP (3 Points) Configure R2 to statically join multicast group 224.4.2.netmetric-solutions. Perform configurations on R2 and R4 using PIM-Sparse-Mode.4.2 and R4 should be the RP for 224.2.

7 0. It should used 25% percent of the interface Bandwidth. If it exceeds the CIR.Section 7 –QoS (8 points) 7. Configure it for LLQ.3 – SRR (2 Points) Configure SRR on Switch 1 such that F 0/10 port using the following parameters: CoS Value 3. Copyrights Netmetric Solutions 2006-2010 Website: http://www. 7. o FTP traffic should be limited to 256 kbps.netmetricsolutions. If it exceeds the Peak. Configure R4 such that all HTTP and HTTPS traffic going from 192.15. it should be set with a Precedence of 1. if it exceeds the CIR. Also.1 – Configuring CB-WFQ using NBAR (3 Points) Configure R3 such that traffic going towards the Frame Cloud uses the following QoS parameters: o All HTTP traffic towards a Web Server http://www. 7.com should be assigned a minimum bandwidth of 35%. 4.0 networks towards Network 6.0 should have a Precedence of 5 if it is within the CIR. 3 and 4 should be shared with a percentage breakdown of 45 30 and 25 percentage respectively. 6 2 . o Telnet Traffic should be assigned a minimum bandwidth of 10%.0. Configure Sharing on the remaining queues.netmetric-solutions.1 5 Srr Queue 4 3 2 1 Configure Shaping on the first queue. set the DE bit on.com 195 of 230 . Email: khawarb@khawarb.1. the packet should be dropped.2 – Configuring Policing using MQC (3 Points) R3-R4 has a CIR of 256 and Peak CIR of 512. Queues 2. The rest of the traffic should to set to a Precedence of 3.com.0.

Section 8 – IPV6 (4 points) 8. Copyrights Netmetric Solutions 2006-2010 Website: http://www.com.2 IPv6 Address 2222:1111:3333:3333::3/64 2222.2 Loopback 0 E 0/0. Run RIPng between R3 and R6 and advertise the Loopback networks. Email: khawarb@khawarb.2 – Running RIPng (2 Points) Enable IPv6 Unicast Routing.com 196 of 230 .netmetric-solutions.1 – Configuring IPV6 (2 Points) Configure R3 and R6 with the following IPv6 Addresses: Router R3 R3 R6 R6 Interface Loopback 0 E 0/0.1111:3333:3636::3/64 2222:1111:6666:6666::6/64 2222:1111:2222:3636::6/64 8.

11.1.0/24 VLAN 36 S 0/0 (.5) 192.2 (.0/24 VLAN 45 E 0/0 (.2) Frame Relay 192.0/24 192.1) 192.0/24 VLAN 111 192.36.4) S 0/0.1 (.234.3) S 0/0 (.com 197 of 230 .1 (.4) 192.0/24 VLAN 11 R2 E 0/0 (.Super Lab – I (Answers) Physical Connections and IP Addressing BB1 (.1.0/24 VLAN 15 10 F 0/0.2 (.2 (.6) E 0/0.3.1.20) E 0/0.100) R3 E 0/0.1 (.2) S 0/0 (.9) 192.1.0/24 E 0/0 (.21) (.111.1.1.26.netmetric-solutions.234 (.21) SW1 SW2 Copyrights Netmetric Solutions 2006-2010 Website: http://www.6) E 0/0.1) R1 E 0/0.0/24 VLAN 26 192.4) R4 S 0/0.3) E 0/0.15.1 (.0/24 VLAN 3 (.1.45.2 (.1 (.5) R5 F0/0.14.1. Email: khawarb@khawarb.1.3) 192.com.100) BB2 R6 (.

5/24 5.15.4.26.21/24 192.3/24 3.234.6/24 192.234 S 0/0.3.2/24 192.4/8 192.netmetric-solutions.5/24 192.4.5.1.3/24 192.1.1.234.1 F 0/0.6/8 192.3.1/24 1.4/24 4.4/24 192.1.2/8 192.2.1.com 198 of 230 .2 Loopback 0 R4 F 0/0 S 0/0.234.1 Loopback 0 R5 F 0/0. Email: khawarb@khawarb.3/24 192.3.4/24 192.IP Addressing Device R1 Port F 0/0 Loopback 0 R2 F 0/0 S 0/0 Loopback 0 R3 S 0/0 F 0/0.1.1.3.1.2/24 2.1.5.45.1.1 F 0/0.11.6.1.1.5 / 8 192.21/24 Copyrights Netmetric Solutions 2006-2010 Website: http://www.26.1.1.6.2 Loopback 0 SW1 SW2 VLAN 3 VLAN 3 VLAN 111 IP Address 192.1.2.111.1.3.45.6/24 6.1.1 /8 192.1 F 0/0.36.1.com.2 Loopback 0 R6 F 0/0.20/24 192.3/8 192.36.14.

com.RIP V2 Configuration R5 R3 BB1 SW1 OSPF Configuration R5 Area 0 R4 Area 10 R1 R2 Area 100 R6 R3 R6 Area 50 BB2 SW2 Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com 199 of 230 . Email: khawarb@khawarb.

com 200 of 230 .com. Email: khawarb@khawarb.netmetric-solutions.EIGRP Configuration R1 AS 100 BB2 BGP Configuration R5 AS 345 R4 AS 2 R2 R3 AS 1 R1 AS 65500 R6 SW2 AS 21 Copyrights Netmetric Solutions 2006-2010 Website: http://www.

11.11.45.36. Only allow appropriate VLANs to cross the trunk SW1 VTP mode server VTP domain CCIE VTP password CCIERS ! interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport trunk allowed vlan 3.111 switchport mode trunk SW3 SW2 VTP mode client VTP domain CCIE VTP password CCIERS ! interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport trunk allowed vlan 3.netmetric-solutions.111 switchport mode trunk ! interface FastEthernet0/16 switchport trunk encapsulation dot1q switchport trunk allowed vlan 3.15.45.36.11.45.36. Configure Switch 1 as the VTP Server in a VTP Domain of CCIE.26.26. Secure VTP with a password of CCIERS.1 – Trunking (3 Point) Configure all the ports that connect switches together as Trunk ports.26.com 201 of 230 .45.45.26.111 switchport mode trunk ! interface FastEthernet0/17 switchport trunk encapsulation dot1q switchport trunk allowed vlan 3.36. Configure the rest of the Switch(s) as VTP Client(s) in the CCIE VTP Domain.36. Set the encapsulation as Dot1q.36.111 switchport mode trunk ! interface FastEthernet0/14 switchport trunk encapsulation dot1q switchport trunk allowed vlan 3.15.com.15.11.26. Email: khawarb@khawarb.15.26.15.45.Section 1 – Layer 2 (20 points) 1.11.11.15.111 switchport mode trunk ! interface FastEthernet0/14 switchport trunk encapsulation dot1q switchport trunk allowed vlan 3.111 switchport mode trunk SW4 Copyrights Netmetric Solutions 2006-2010 Website: http://www.

111 switchport mode trunk ! interface FastEthernet0/14 switchport trunk encapsulation dot1q switchport trunk allowed vlan 3.11.11.15.VTP mode client VTP domain CCIE VTP password CCIERS ! interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport trunk allowed vlan 3.36.111 switchport mode trunk VTP mode client VTP domain CCIE VTP password CCIERS ! interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport trunk allowed vlan 3.36.com.111 switchport mode trunk 1.36.45.111 switchport mode trunk ! interface FastEthernet0/14 switchport trunk encapsulation dot1q switchport trunk allowed vlan 3.11.36.26. SW1 Vlan 3 Name VLAN_3 Vlan 11 Name VLAN_11 Vlan 15 Name VLAN_15 Vlan 26 Name VLAN_26 Vlan 36 Name VLAN_36 Vlan 45 Name VLAN_45 Vlan 111 Name VLAN_111 SW2 interface FastEthernet0/2 switchport access vlan 26 switchport mode access ! interface FastEthernet0/4 switchport access vlan 45 switchport mode access ! interface FastEthernet0/6 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0/24 switchport trunk encapsulation dot1q Copyrights Netmetric Solutions 2006-2010 Website: http://www.26.2 – VLAN Creation and Assignment (2 Point) Create the following VLANs with the appropriate names: o VLAN 3 – Name : VLAN_03 o VLAN 11 – Name : VLAN_11 o VLAN 15 – Name : VLAN_15 o VLAN 26 – Name : VLAN_26 o VLAN 36 – Name : VLAN_36 o VLAN 45 – Name : VLAN_45 o VLAN 111 – Name : VLAN_111 Assign the appropriate ports to the appropriate VLANs based on the Diagram.26.45.15.26.com 202 of 230 .netmetric-solutions.11.15.45. Email: khawarb@khawarb.45.15.

Email: khawarb@khawarb.4 – SPAN (3 Point) Copyrights Netmetric Solutions 2006-2010 Website: http://www. SW1 interface FastEthernet0/7 switchport access vlan 26 ! interface FastEthernet0/8 switchport access vlan 26 ! define interface-range VLAN26 FastEthernet0/7 . switchport mode trunk Define an interface-range with all ports that are part of VLAN 26 except for any trunk ports.com.! interface FastEthernet0/1 switchport access vlan 11 switchport mode access ! interface FastEthernet0/3 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0/5 switchport trunk encapsulation dot1q switchport mode trunk SW3 interface FastEthernet0/24 switchport access vlan 15 switchport mode access 1.com 203 of 230 . FastEthernet0/8 ! macro name VLAN26 switchport mode access switchport access vlan 26 spanning-tree portfast @ 1.3 – Port Fast with Macros (2 Point) Add any 2 unused ports to VLAN 26. Define a Smart Macro that sets the ports in VLAN 26 to Access mode and turns on Port Fast on them.netmetric-solutions.

15 instance 2 vlan 26. 11. 15 instance 2 vlan 26. 36. 11. 15 instance 2 vlan 26. 36. Email: khawarb@khawarb.There is a Traffic Analyzer connected to port 10 on Switch 1. 45.netmetric-solutions. 111 ! spanning-tree mst 1 priority 0 SW3 spanning-tree mode mst ! spanning-tree mst configuration name CCIE revision 1 instance 1 vlan 3. 36.6 – Controlling Multicast and broadcast Traffic (2 Point) Copyrights Netmetric Solutions 2006-2010 Website: http://www. 45.com. 45. 11. 111 The name of this configuration should be CCIE The revision number should be 1 Instance 1 should handle VLANs 3 . 15 instance 2 vlan 26.5 – MST (3 Point) Configure Multi-instance of Spanning Tree on the switches as follows: o o o o o o o SW1 spanning-tree mode mst ! spanning-tree mst configuration name CCIE revision 1 instance 1 vlan 3. 36. 26 rx monitor session 1 destination interface Fa0/10 1. 11. SW1 monitor session 1 source vlan 15 . 11 and 15 Instance 2 should handle VLANs 26 . 111 1.com 204 of 230 . 36. 111 ! spanning-tree mst 2 priority 0 SW4 spanning-tree mode mst ! spanning-tree mst configuration name CCIE revision 1 instance 1 vlan 3. 45 and 111 All future VLANs should use instance 0 SW1 should be the root bridge for the first instance SW2 should be the root bridge for the second instance SW2 spanning-tree mode mst ! spanning-tree mst configuration name CCIE revision 1 instance 1 vlan 3. Send a copy of all traffic received on VLANs 15 and 26 to the Traffic Analyzer. 45.

com.255. SW1 Int F0/1 storm-control broadcast level 40.234. R2. Do not rely on inverse ARP for frame relay mappings.1.7 – Frame Relay (3 Point) Configure frame relay to connect R1.255.2 204 frame-relay map ip 192.3 204 frame-relay map ip 192. R1 username R4 password 0 Cisco ! interface Virtual-Template1 ip address 192.1 point-to-point frame-relay interface-dlci 104 ppp Virtual- R2 interface Serial0/0 ip address 192.00 1.1. All routers should be able to ping their local frame relay interface.1 255.14.0 ppp authentication chap ! interface Serial0/0 no ip address encapsulation frame-relay no frame-relay inverse-arp ! interface Serial0/0. You can create 2 sub-interfaces on R4. R2. These routers must authenticate each other before they can communicate.4 204 broadcast no frame-relay inverse-arp Copyrights Netmetric Solutions 2006-2010 Website: http://www.234.netmetric-solutions. R3 and R4 based on the Diagram.2 255.00 storm-control multicast level 50.255.8 – Frame Relay Authentication (2 Point) Ensure that R1 and R4 use CHAP authentication using Cisco as the password. Email: khawarb@khawarb.234.Configure F0/1 on SW1 such that the maximum amount of bandwidth utilization for broadcast traffic is 40% and 50% for Multicast traffic.255. 1.1.0 encapsulation frame-relay frame-relay map ip 192. You cannot create sub-interfaces on R2 and R3.1.1. R4 being the hub and R2 and R3 being spokes.234. R2 should be able to ping R3 and vice versa.com 205 of 230 . R3 and R4 should be configured in a hub-n-spoke configuration.

255.4 255.234.1 point-to-point frame-relay interface-dlci 401 ppp VirtualTemplate1 ! interface Serial0/0.3 403 broadcast frame-relay map ip 192.234 multipoint ip address 192.4 402 ! interface Virtual-Template1 ip address 192.4 304 broadcast no frame-relay inverse-arp R4 username R1 password 0 Cisco ! interface Serial0/0 no ip address encapsulation frame-relay no frame-relay inverse-arp ! interface Serial0/0.234.0 ppp authentication chap Copyrights Netmetric Solutions 2006-2010 Website: http://www. Email: khawarb@khawarb.2 402 broadcast frame-relay map ip 192.234.1.1.234.234.1.255.3 304 frame-relay map ip 192.2 304 frame-relay map ip 192.1.1.255.234.14.234.4 255.netmetric-solutions.234.0 frame-relay map ip 192.255.1.3 255.255.1.com 206 of 230 .com.255.1.0 encapsulation frame-relay frame-relay map ip 192.Template1 R3 interface Serial0/0 ip address 192.1.

0.0 R3 router rip version 2 passive-interface FastEthernet0/0.0 network 192.0 network 192. Create the following loopback on Switch 1: o Loopback 15: 15.0.0 ! Ip routing ! router rip version 2 passive-interface Vlan3 network 15.1 – Configure RIP Version 2 (3 Points) Configure RIP V2 on R5 to communicate to BB1 which is already configure with RIP V2.15.15/8 Advertise the Loopbacks on R3 and Switch 1 under RIP V2.15. BB1 has been configured with a Key # of 1 and key-string of cisco.0.1.0 neighbor 192.1.3.1 network 3.com 207 of 230 .3.0 network 192. Configure R3 and Switch 1 such that SW2 does not see RIP traffic.0.15 255.0.0.15.15.0.3.20 no auto-summary SW1 Interface Loopback 15 Ip address 15.1. R5 router rip version 2 network 5. Advertise the Loopback network on R5 in RIP.netmetric-solutions.15.1.com.0 neighbor 192. Configure RIP V2 between R3 and Switch 1. Email: khawarb@khawarb. Copyrights Netmetric Solutions 2006-2010 Website: http://www.0.1.3.2 – RIP Authentication (2 Points) Configure R5 to authenticate with BB1.Section 2 – IGP (30 points) 2.3 no auto-summary 2.

0.0 0.netmetric-solutions. Use a password of ccie with a key # of 1.Configure authentication between R3 and the Switch. Do the filtering on R5. Don’t advertise the Loopback network in EIGRP.X. Use the most secure authentication mechanism.254. Copyrights Netmetric Solutions 2006-2010 Website: http://www.1.0. R5 Access-list 101 deny 195.1 ip rip authentication mode md5 ip rip authentication key-chain RIP 208 of 230 .0 network range. R5 key chain RIP key 1 key-string cisco ! interface FastEthernet0/0.1.1 ip rip authentication mode md5 ip rip authentication key-chain RIP SW1 key chain RIP key 1 key-string ccie ! interface vlan 3 ip rip authentication mode md5 ip rip authentication key-chain RIP 2. Email: khawarb@khawarb.255 Access-list 101 permit any ! Router rip distribute-list 101 in 2.com R3 key chain RIP key 1 key-string ccie ! interface FastEthernet0/0.3 – Route Filtering using RIP (2 Points) Deny all networks that have an even number in the 195. Disable auto-summary.4 – Configuring EIGRP (2 Points) Configure EIGRP on R1 in AS 100 to communicate with BB2. Use minimum number of lines possible to accomplish this task.com.

11 R2 – 22.1. Make sure the route appears on R4 with the proper mask and not a host mask Configure the appropriate interfaces on SW2 and R1 in Area 50. Hard code the router-id on all OSPF devices.22.44.11.1 0. They should appear with the proper mask and the not a host mask. Configure OSPF between R1 and R4 in Area 10.33.11. Use the most secure authentication mechanism. Advertise the Loopback addresses on R2. Do not use the IP OSPF Network Broadcast command on R2. R6 and SW2 in Area 100. Advertise the Loopback interface on R1 in Area 10.5 – EIGRP Authentication (2 Points) Authenticate the EIGRP connection with BB2.33 R4 – 44. R5 key chain EIGRP key 1 key-string cisco ! interface FastEthernet0/0 ip authentication mode eigrp 100 md5 ip authentication key-chain eigrp 100 EIGRP 2. BB2 has been configured with a key # 1 with a key-string of cisco. Email: khawarb@khawarb.0 no auto-summary 2.11.com. R3 and R6 to accomplish this task.22 R3 – 33. Advertise the Loopback interface on R4 in Area 0. Use the following as the router-ids: o o o o R1 – 11. R4.0. Make sure the route appears on R5 with the proper mask and not a host mask Configure OSPF between R2. R3. R3 and R6 in Area 100.6 – Configuring OSPF (4 Point) Configure OSPF between R4 and R5 in Area 0.com 209 of 230 .netmetric-solutions.33.44.R1 router eigrp 100 network 192.44 Copyrights Netmetric Solutions 2006-2010 Website: http://www.22.0.

2 0.33 0.0.1.0 area 0 SW2 router ospf 1 Copyrights Netmetric Solutions 2006-2010 Website: http://www.66.0.0.55 log-adjacency-changes network 192.5 0.1 0.66.0.33 log-adjacency-changes network 192.0 area 100 network 192.11.1.33.234 ip ospf network point-to-multipoint ! router ospf 1 router-id 44.11.0.66.0.1.2 0.66.1.0 area 50 network 192.234.33.4 0. Email: khawarb@khawarb.11.0.3 0.0 area 100 network 33.0.1.45.21.netmetric-solutions.0 area 100 R4 Interface Loopback 0 ip ospf network point-to-point ! Interface s0/0.0.44.14.0 area 100 network 66.1.0.0 area 10 network 192.6 0.o R5 – 55.55.1.4 0.1.0 area 100 network 192.0.0 area 100 R5 router ospf 1 router-id 55.0 area 0 network 192.21.0.66 o SW2 – 21.44 0.0.22 log-adjacency-changes network 192.26.0 area 10 network 192.0 area 10 R2 Interface Loopback 0 ip ospf network point-to-point ! Interface s0/0 ip ospf network point-to-multipoint ! router ospf 1 router-id 22.234.33.com 210 of 230 .14.0.44 log-adjacency-changes network 44.22.1 0.1.0.4 0.66.0.0.3 0.1.0.22.21 R1: Int loopback 0 Ip ospf network point-to-point ! router ospf 1 router-id 11.234.1.66 log-adjacency-changes network 192.0 area 0 network 192.44.0.0.0.11 log-adjacency-changes network 1.0 area 100 R3 Interface Loopback 0 ip ospf network point-to-point ! Interface s0/0 ip ospf network point-to-multipoint ! router ospf 1 router-id 33.45.26.1.55.0.0 area 100 network 22.1 0.0.22.0.0.0.44.com.0.0.22.3.55.1.33.22 0.55 o R6 – 66.0 area 100 R6 Interface Loopback 0 ip ospf network point-to-point ! router ospf 1 router-id 66.44.66.0.0.0.66 0.0.55.

3.44.1.0 area 50 2.21. Use ccie as the key with a key id of 1. Configure Authentication for OSPF routers in Area 10.21 0.111.com 211 of 230 .21.router-id 21.44. Use Message Digest as the authentication Mechanism. Configure Authentication on all virtual links.44 area 50 virtual-link 21. Use ccie as the key with a key id of 1.44 messagedigest-key 1 md5 ccie area 10 authentication message-digest R2 Interface s0/0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 ccie ! Interface f0/0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 ccie R4 Router ospf 1 area 10 virtual-link 11.0.11.21. R3 and R4 and also between R2 and R6.44.11 2.44.com.0. R1 Router ospf 1 area 10 authentication message-digest area 10 virtual-link 44.21 log-adjacency-changes network 192.21.netmetric-solutions.44.0.11.11 area 100 virtual-link 21.44.44 area 50 virtual-link 11.11. R1 Router ospf 1 area 10 virtual-link 44.44. Use ccie as the key with a key id of 1. Email: khawarb@khawarb. Use Message Digest as the authentication Mechanism.0 area 100 network 192. Use Message Digest as the authentication Mechanism.44.21 0.7 – Configuring OSPF Virtual Links (4 Point) Configure Virtual Links on the appropriate routers to connect Area 50 to Area 0.21 Copyrights Netmetric Solutions 2006-2010 Website: http://www.21 SW2 Router ospf 1 area 100 virtual-link 44.21.8 –OSPF Authentication (4 Point) Configure authentication for OSPF routers in Area 0.0.11.21. Configure Authentication for the neighbor relationships between R2.44 authentication message-digest area 10 virtual-link 44. Make sure you provide full redundancy for your network.1.

21.11.21 authentication message-digest area 50 virtual-link 21.44.21.1 ip ospf message-digest-key 1 md5 ccie ! Interface s0/0.21.11. Email: khawarb@khawarb.21.21.21.2 ip ospf message-digest-key 1 md5 ccie SW2 Router ospf 1 area 100 virtual-link 44.44.21 messagedigest-key 1 md5 ccie ! Interface f0/0 ip ospf message-digest-key 1 md5 ccie ! Interface s0/0.44.21.com 212 of 230 .234 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 ccie R5 Router ospf 1 area 0 authentication message-digest ! interface f0/0.21.1 point-to-point ip ospf message-digest-key 1 md5 ccie R3 Interface s0/0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 ccie R4 Router ospf 1 area 0 authentication message-digest area 10 authentication message-digest area 10 virtual-link 11.21 authentication message-digest area 50 virtual-link 21.area 50 virtual-link 21.21.44 messagedigest-key 1 md5 ccie area 50 virtual-link 21.com.21 messagedigest-key 1 md5 ccie ! interface Serial0/0.21.1 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 ccie Copyrights Netmetric Solutions 2006-2010 Website: http://www.11 messagedigest-key 1 md5 ccie area 100 virtual-link 21.21 messagedigest-key 1 md5 ccie R6 Int F0/0.44.netmetric-solutions.44 authentication message-digest area 100 virtual-link 44.

0.3.com.0 255.1 255.0 R5 Access-list 121 deny 200.0.0 routes learned from BB1.20 SW1: interface Loopback100 ip address 100.0.1.1.0.2. You are not allowed to redistribute EIGRP into OSPF. You are allowed a create a single static route on a router to accomplish this task.0.1.0 0. Create loopback 100 with an Ip address of 100.0 Null0 ! Router ospf 1 redistribute static subnets R3 Router ospf 1 redistribute rip metric-type 1 subnets redistribute static subnets ! Router rip redistribute ospf 1 metric 5 ! ip route 100.0.1.1.com 213 of 230 . When redistributing the 200.1/8 on Switch 1.10 – Summarization (3 Point) Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions. only the even networks should be redistributed at the appropriate router. Routes should be redistributed in such a way that OSPF adds the link cost at each router.0.0 192.0. All OSPF routers should have access to the EIGRP routes on R1.255. You are allowed to create a single static route on 1 router to accomplish this task.1. Do not advertise this network in any routing protocol on Switch 1.2. Email: khawarb@khawarb. R1: ip route 202.255 Access-list 121 permit any ! route-map R-2-O permit 10 match ip address 121 ! Router ospf 1 redistribute rip metric-type 1 subnets routemap R-2-O ! Router rip redistribute ospf 1 metric 5 2.0.254. All routers should have connectivity to this network.9 – Redistribution (4 Point) Mutually redistribute RIP and OSPF at the appropriate router.1.0 255.1.1.

13.0 network 201.1.255.23.1.0 R4: Router ospf 1 area 100 range 206.Configure the following loopbacks on R1: o Loopback 201: 201.com.0 network 201.0.1.1/24 o Loopback 203: 201.1.1 255.1.0 Copyrights Netmetric Solutions 2006-2010 Website: http://www.1.14.255.1.1 0.15.13.20.255.0.12.0 ! interface Loopback202 ip address 201.1/24 o Loopback 202: 206.1 0.1.0.0.14.1. Configure the following loopbacks on R6: o Loopback 201: 206.1.20.1. These routes should be summarized on R4.0. Don’t use the network command to accomplish this task.1/24 o Loopback 203: 206.1 255.1. Inject these routes into OSPF as well.255.12.252.0 ! Interface f0/0 ip summary-address eigrp 100 201. Only send a summarized route into OSPF.1 255.1.0 255.1.1. These routes should be summarized towards BB2.255.1/24 o Loopback 202: 201.1/24 Advertise the newly created loopbacks under OSPF on R6.0 ! interface Loopback204 ip address 201.netmetric-solutions.0.0 ! router eigrp 100 network 201.255.15.1.0 network 201.1/24 Advertise the newly created loopbacks under EIGRP on R1. R1 interface Loopback201 ip address 201.1 0.12.255.0 ! interface Loopback203 ip address 201. Email: khawarb@khawarb.1 0.12.1/24 o Loopback 204: 201.1 255.1/24 o Loopback 204: 206.255.1.22.255.0.13.21.com 214 of 230 .15.1.14.0.

255.23.com.1.12.6.1.1.0.0 ! interface Loopback204 ip address 206.2. Email: khawarb@khawarb.1 255.255.255.netmetric-solutions.0 ! Router ospf 1 network 206.3.1.0.1.6.6/24 o SW2 – Loopback 125: 125.255.0 ! interface Loopback202 ip address 206.1 0. Copyrights Netmetric Solutions 2006-2010 Website: http://www.1 –IBGP (3 Point) Configure the following Loopbacks: o R1 – Loopback 125: 125.20.3/24 o R4 – Loopback 125: 125.255.255.23.255.5/24 o R6 – Loopback 125: 125.1 255.22.0.255.21.1 0.1.0 area 100 Section 3 – BGP (12 points) 3.2/24 o R3 – Loopback 125: 125.1 0.252.5.0 area 100 network 206.0 R6 interface Loopback201 ip address 206.0.1.1.5.3.0.252.4.1/24 o R2 – Loopback 125: 125.1 255.1 0.0 area 100 network 206.0 area 100 network 206.2.255.1.0.4/24 o R5 – Loopback 125: 125.20.1.com 215 of 230 .255.1.22.21. R4 and R5 in AS 345.0.0 5 ! route-map RC permit 10 match interface Loopback201 Loopback202 Loopback203 Loopback204 ! Router ospf 1 Redistribute connected route-map RC subnets summary-address 201.0.255.21.4.0 ! interface Loopback203 ip address 206.1 255.21/24 Configure R3.21.0 255.

R5 should not have a neighbor relationship with R3. Advertise the Loopback 125 networks on the appropriate routers. Configure the neighbor relationship with redundancy in mind. All IBGP routers using the most secure authentication method. Use CCIE as the password. R1: Int loopback125 Ip address 125.1.1.1 255.255.255.0 R3 Int loopback125 Ip address 125.3.3.3 255.255.255.0 ! router bgp 345 no auto-summary no sync network 125.3.3.0 mask 255.255.255.0 neighbor 44.44.44.44 remote-as 345 neighbor 44.44.44.44 password CCIE neighbor 44.44.44.44 update-source Loopback0 R2 Int loopback125 Ip address 125.2.2.2 255.255.255.0 R4: Int loopback125 Ip address 125.4.4.4 255.255.255.0 ! router bgp 345 no auto-summary no sync network 125.4.4.0 mask 255.255.255.0 neighbor 33.33.33.33 remote-as 345 neighbor 33.33.33.33 password CCIE neighbor 33.33.33.33 update-source Loopback0 neighbor 33.33.33.33 route-reflector-client neighbor 55.55.55.55 remote-as 345 neighbor 55.55.55.55 password CCIE neighbor 55.55.55.55 update-source Loopback0 neighbor 55.55.55.55 route-reflector-client R6: Int loopback125 Ip address 125.6.6.6 255.255.255.0

R5 Int loopback125 Ip address 125.5.5.5 255.255.255.0 ! router bgp 345 no auto-summary no sync neighbor 44.44.44.44 remote-as 345 neighbor 44.44.44.44 password CCIE neighbor 44.44.44.44 update-source Loopback0 SW1

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com

216 of 230

Int loopback125 Ip address 125.21.21.21 255.255.255.0 3.2 – EBGP (3 Points) Configure a EBGP relationship between AS 2 and AS 345. Use R5 in AS 345 to set this relationship up. Advertise the Loopback 125 network in BGP on R2. Don’t use the network command to accomplish task The origin should be internal. Configure a EBGP relationship between AS 2 and AS 65500. Authenticate this relationship Advertise the Loopback 125 network in BGP on R6. Configure R1 in AS 1. Advertise the Loopback 125 network under BGP. Configure a EBGP neighbor relation between AS 345 and AS 1. AS 345 sees AS 1 in AS 1000. Configure the remote-as as 1000 for AS 1 on R4. Configure SW2 in AS 21. Advertise the Loopback 125 network under BGP. Configure an EBGP neighbor relation between AS 21 and AS 345 based on the network diagram. Also configure an EBGP neighbor relation between AS 21 and AS 1 based on the network diagram. R1 router bgp 1 no auto-summary no sync network 125.1.1.0 mask 255.255.255.0 neighbor 192.1.3.21 remote-as 21 neighbor 192.1.3.21 ebgp-multihop 255 neighbor 192.1.14.4 remote-as 345 neighbor 192.1.14.4 local-as 1000 R2 route-map RC-2-BGP permit 10 match interface Loopback125 set origin igp ! router bgp 2 no auto-summary no sync redistribute connected route-map RC-2BGP neighbor 192.1.26.6 remote-as 65500 neighbor 192.1.26.6 password CCIE neighbor 192.1.45.5 remote-as 345 neighbor 192.1.45.5 ebgp-multihop 255 R4

R3

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com

217 of 230

router bgp 345 neighbor 192.1.3.21 remote-as 21 R5 router bgp 345 neighbor 192.1.234.2 remote-as 2 neighbor 192.1.234.2 ebgp-multihop 255

router bgp 345 neighbor 192.1.14.1 remote-as 1000 R6 router bgp 65500 no auto-summary no sync network 125.6.6.0 mask 255.255.255.0 neighbor 192.1.26.2 remote-as 2 neighbor 192.1.26.2 password CCIE

SW2 router bgp 21 network 125.21.21.0 mask 255.255.255.0 neighbor 192.1.3.3 remote-as 345 neighbor 192.1.14.1 remote-as 1 neighbor 192.1.14.1 ebgp-multihop 255 3.3 – Route Aggregation (2 Points) Create the following loopback on R1: o Loopback 191: 199.1.4.1/24 o Loopback 192: 199.1.5.1/24 o Loopback 193: 199.1.6.1/24 o Loopback 194: 199.1.7.1/24 Advertise these networks under BGP. Summarize these networks on R1. Suppress the specific routes from getting propagated to BGP neighbors except for 199.1.5.0/24. This route should get propagated in addition to the summary route. R1 interface Loopback191 ip address 199.1.4.1 255.255.255.0 ! interface Loopback192 ip address 199.1.5.1 255.255.255.0 ! interface Loopback193 ip address 199.1.6.1 255.255.255.0 ! interface Loopback194
Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com

218 of 230

ip address 199.1.7.1 255.255.255.0 ! router bgp 1 network 199.1.4.0 network 199.1.5.0 network 199.1.6.0 network 199.1.7.0 aggregate-address 199.1.4.0 255.255.252.0 summary-only suppress-map SM ! access-list 131 deny 199.1.5.0 0.0.0.255 access-list 131 permit any ! route-map SM permit 10 match ip address 131 3.4 – Filtering Private AS number (2 Points) R2 should not send the Private AS number in the AS Path for route(s) from AS 65500 to AS 345. You can use a single command under the BGP Routing process to accomplish this task. R2 Router bgp 2 neighbor 192.1.45.5 remove-private-as 3.5 – Path Attributes (2 Points) Configure AS 345 such that it uses AS 21 to get to AS 1 routes. Do not use the AS-Path or Weight Attributes to accomplish this task. Configure AS 21 such that it uses AS 1 to get to AS 2 routes. R3 ip as-path access-list 1 permit _1$ ! route-map LP permit 10 match as-path 1 set local-preference 200 ! route-map LP permit 20 ! Router bgp 234 SW2 ip as-path access-list 2 permit _2$ ! route-map LP permit 10 match as-path 2 set local-preference 200 ! route-map LP permit 20 ! Router bgp 21

Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: khawarb@khawarb.com

219 of 230

com 220 of 230 .1.com.neighbor 192.1.1 route-map LP in Copyrights Netmetric Solutions 2006-2010 Website: http://www.3.21 route-map LP in neighbor 192.netmetric-solutions.14. Email: khawarb@khawarb.

1 – Dot 1X Authentication (3 Points) Configure Ports F 0/13 – 18 on Switch 1 for Dot1X authentication.Section 4 – Security (8 points) 4.300 ! aaa new-model aaa authentication dot1x default group radius ! dot1x system-auth-control ! radius-server host 192.3. Configure a Local User SSHADMIN with a password of cciers. Only allow Remote Management from VLAN 3.100.1.3.2 – SSH Configuation (3 Points) Configure R3 such that remote management can only be done by SSH.com. Use cciers as the secret key. Email: khawarb@khawarb. SW1 Vlan 250 Vlan 300 ! Under all trunk interfaces: switchport trunk allowed vlan add 250.100 key cciers ! Interface range F0/13-18 Switchport mode access Switchport access vlan 250 dot1x port-control auto dot1x guest-vlan 300 4. SSH authentication should be done based on the local database. If the host does not support Dot1X authentication.com 221 of 230 . it should be put in VLAN 300. R3: username SSHADMIN password 0 cciers ! Copyrights Netmetric Solutions 2006-2010 Website: http://www. Assign them to VLAN 250. Authentication should be done based on a RADIUS Server located at 192.1.netmetric-solutions.

255. Saturday and Sunday from 9:00 PM to 11:30 PM.255 any access-list 141 deny ip 172.255 any access-list 141 deny ip 192.16.3 – ACL Configuration (2 Points) Configure RFC 1918 filtering on R5 for anti-spoofing from the Frame cloud.0.25 time-range SM Access-list 142 permit ip any any Copyrights Netmetric Solutions 2006-2010 Website: http://www.1.255. Do not use an ACL for this task.15.2 ip verify unicast source reachable-via rx ip access-group 141 in ! time-range SM absolute start 00:00 01 December 2008 end 23:59 31 December 2008 periodic Friday 21:00 to 23:30 periodic Saturday 21:00 to 23:30 periodic Sunday 21:00 to 23:30 ! Access-list 142 deny ip any host 192.255 any access-list 141 permit ip any any ! Interface F0/0.0. There is a web server located at 192.168. This should be in affect for the month of December.0 0.0.0 0. This web server will be going down for Maintenance on Friday.netmetric-solutions.0.255 ! line vty 0 4 access-class 3 in login local transport input ssh line vty 5 1180 access-class 3 in login local transport input ssh 4.3.0.0 0.com ! crypto key generate rsa ! access-list 3 permit 192.15.0 0.1.com 222 of 230 . Also make sure packets with internal address as source addresses should not be allowed in.0.0.255.1.15. R5 access-list 141 deny ip 10. Email: khawarb@khawarb.255.25. R5 should block access to this server during the Maintenance times.ip domain name ccie.com.

1 ip access-group 142 in Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com.! Interface f0/0. Email: khawarb@khawarb.com 223 of 230 .

0.1.1 LEASE TIME : 6 Days Exclude-addresses : 192.15.100 ! ip ftp username CCIE ip ftp password 12353 5.15.5 DNS ADDRESS : 192.0 netbios-name-server 192.1.0.0/24 WINS ADDRESS : 192.0.com.10 5.1. Copyrights Netmetric Solutions 2006-2010 Website: http://www.12.6 DEFAULT GATEWAY : 192.1.1.15.3 – NAT (3 Points) Configure a Loopback 10 on R1.2 – Core Dumps (3 Points) Configure R1 to send a Core DUMP to a FTP server located at 192.12.255.6 default-router 192. Use CCIE as the Username to log into the FTP with a password of 12353.1.15.100.1 lease 6 ! ip dhcp excluded-address 192. Assign it an address of 10.15.1.0 255.15.0.5 dns-server 192.15.1. R1 exception protocol ftp exception region-size 32768 exception dump 192. Email: khawarb@khawarb.10 224 of 230 .15. Configure NAT on R1 to allow the 10.netmetric-solutions.1 – IOS DHCP Server (3 Points) Enable R5 as a DHCP Server with the following information: o o o o o o R5 ip dhcp pool CCIE network 192.1.1.15. Do not create a pool to accomplish this.15.1-192.15.1/8. Set the Dump size to 32768.com IP ADDRESS : 192.255.1 192.Section 5 – IOS Services (12 points) 5.15.0 network to access the rest of routers using S 0/0 interface address.1.1.1.1.

0.35 Enable the DRP Server Agent on R5 Only allow DRP Queries from the above listed DistributedDirector’s.0.0.4 – DRP (3 Points) R5 will be queried by Cisco DistributedDirector from the following IP Addresses: o 195.80 80 extendable ip nat inside source static udp 192.0.0 0.35 ! key-chain DRP key 1 key-string ccie ! ip drp server ip drp access-group 15 Copyrights Netmetric Solutions 2006-2010 Website: http://www.0.5.0.7.80.14.1 255.14.1 overload ip nat inside source static tcp 192.1. Allow the outside user’s access to these servers using a common outside address of 192.1.15 access-list 15 permit 195.0.83 53 10.0.1.0 Ip nat inside ! Interface S 0/0.There is a web server that will be installed at 10.14.1.83 80 10.255 any ! ip nat inside source list 161 interface S 0/0. There is a DNS Server located at 10.0.netmetric-solutions. R5 should be configured to authenticate the DistributedDirector with a key of ccie R5 access-list 15 permit 195.255. R1 Interface Loopback10 Ip address 10.0.0.1. Email: khawarb@khawarb.83.5.15 o 195.81.1.0.1.com 225 of 230 .255.0.com.7.1 Ip nat outside ! Access-list 161 permit 10.0.81 53 extendable 5.

com.com 226 of 230 . Email: khawarb@khawarb.netmetric-solutions.ip drp authentication key-chain DRP Copyrights Netmetric Solutions 2006-2010 Website: http://www.

4 32 ! access-list 31 permit 224.4.4.4.Section 6 – Multicasting (6 points) 6.4. Email: khawarb@khawarb.2.2.2 access-list 32 permit 224. R2 Interface F 0/0 Ip igmp join-group 224.2.4.4 32 ! access-list 31 permit 224.2.2.2.2. R2 Ip multicast-routing ! Interface s0/0 Ip pim sparse-mode ! Interface F 0/0 Ip pim sparse-mode ! ip pim rp-address 2.4.2.2 access-list 32 permit 224.1 – Configuring PIM Sparse Mode (3 Points) Configure VLAN 26 to receive and send multicast Traffic from and to VLAN 45.2 R4 Interface F 0/0 Ip igmp join-group 224.2 31 ip pim rp-address 4.2 – Configuring IGMP (3 Points) Configure R2 to statically join multicast group 224. R2 and R4 should be able to ping both Multicast groups.4 6.com.2 and R4 should be the RP for 224.4.2.2. Perform configurations on R2 and R4 using PIM-Sparse-Mode.4 R4 Ip multicast-routing ! Interface s0/0.4.4. R2 should be the RP for 224.2.234 Ip pim sparse-mode ! Interface F 0/0 Ip pim sparse-mode ! ip pim rp-address 2.2 31 ip pim rp-address 4.4.2 and R4 to statically join the multicast group 224.com 227 of 230 .4.2.4.4 Copyrights Netmetric Solutions 2006-2010 Website: http://www.4.4.2.4.netmetric-solutions.2.4.

0. o FTP traffic should be limited to 256 kbps.1. Configure R4 such that all HTTP and HTTPS traffic going from 192.com.255 6.com*" class-map match-all FTP match protocol ftp ! ! policy-map QoS class HTTP bandwidth percent 35 class TELNET priority percent 10 class FTP police 256000 ! Interface s0/0/0 service-policy output QoS 7. If it exceeds the CIR.netmetric-solutions.15. R3 class-map match-all TELNET match protocol telnet class-map match-all HTTP match protocol http url "*http://www. Configure it for LLQ. Email: khawarb@khawarb.0.0 networks towards Network 6.0 0.0.1 – Configuring CB-WFQ using NBAR (3 Points) Configure R3 such that traffic going towards the Frame Cloud uses the following QoS parameters: o All HTTP traffic towards a Web Server http://www.0.255 eq www Copyrights Netmetric Solutions 2006-2010 Website: http://www. it should be set with a Precedence of 1.com should be assigned a minimum bandwidth of 35%.0.netmetric-solutions.255.0 0. If it exceeds the Peak.com 228 of 230 .2 – Configuring Policing using MQC (3 Points) R3-R4 has a CIR of 256 and Peak CIR of 512. set the DE bit on.15.Section 7 –QoS (8 points) 7.255. Also.netmetricsolutions.1. the packet should be dropped. o Telnet Traffic should be assigned a minimum bandwidth of 10%.0 should have a Precedence of 5 if it is within the CIR. if it exceeds the CIR. R4 Access-list 171 permit tcp 192. The rest of the traffic should to set to a Precedence of 3.0.

1 5 Srr Queue 4 3 2 1 Configure Shaping on the first queue.0. 6 2 .netmetric-solutions.com. Configure Sharing on the remaining queues.0. 3 and 4 should be shared with a percentage breakdown of 45 30 and 25 percentage respectively.Access-list 171 permit tcp 192.3 – SRR (2 Points) Configure SRR on Switch 1 such that F 0/10 port using the following parameters: CoS Value 3. 4.0.7 0.0.234 service-policy output POLICE 7.255 6. Email: khawarb@khawarb. Queues 2. It should used 25% percent of the interface Bandwidth.15.255.255.255 eq 443 ! class-map match-all WEB match access-group 171 ! policy-map POLICE class WEB ! police cir 256000 pir 512000 conform-action set-prec-transmit 5 exceed-action set-prec-transmit 1 exceed-action set-frde-transmit violate-action drop class class-default set precedence 3 ! Interface s0/0.1. SW1 Mls qos ! mls qos srr-queue output cos-map queue 1 5 mls qos srr-queue output cos-map queue 2 0 1 mls qos srr-queue output cos-map queue 3 2 7 mls qos srr-queue output cos-map queue 4 3 4 6 ! interface FastEthernet0/10 srr-queue bandwidth share 4 45 30 25 srr-queue bandwidth shape 4 0 0 0 Copyrights Netmetric Solutions 2006-2010 Website: http://www.0 0.com 229 of 230 .0 0.

Email: khawarb@khawarb.2 ipv6 address 2222:1111:3333:3636::3/64 Interface loopback0 ipv6 address 2222:1111:3333:3333::3/64 8.2 ipv6 rip RIPNG enable Interface loopback0 ipv6 rip RIPNG enable Interface Loopback 0 E 0/0.netmetric-solutions.com.2 ipv6 address 2222:1111:2222:3636::6/64 Interface loopback0 ipv6 address 2222:1111:6666:6666::6/64 IPv6 Address 2222:1111:3333:3333::3/64 2222.Section 8 – IPV6 (4 points) 8.2 ipv6 rip RIPNG enable Interface loopback0 ipv6 rip RIPNG enable R6 ipv6 unicast-routing ! Interface F0/0.2 R6 Interface F0/0.2 – Running RIPng (2 Points) Enable IPv6 Unicast Routing. Run RIPng between R3 and R6 and advertise the Loopback networks. R3 ipv6 unicast-routing ! Interface F0/0.1 – Configuring IPV6 (2 Points) Configure R3 and R6 with the following IPv6 Addresses: Router R3 R3 R6 R6 R3 Interface F0/0.com 230 of 230 .2 Loopback 0 E 0/0.1111:3333:3636::3/64 2222:1111:6666:6666::6/64 2222:1111:2222:3636::6/64 Copyrights Netmetric Solutions 2006-2010 Website: http://www.

Sign up to vote on this title
UsefulNot useful