Scribd Logo
Upload

Welcome to Scribd!

  • K8 Final by AMO

    Uploaded by

    Muzammil
    7 views6 pages
    sm

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    sm

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    7 views6 pages

    K8 Final by AMO

    Uploaded by

    Muzammil
    sm

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    1.

    On SW3
    no vlan 666
    int range Fa1/0/19 - 24
    switchport trunk allowed vlan remove 333 666
    exi
    int vlan 333
    ip address 10.10.33.8 255.255.255.0
    int Fa0/19
    sw trunk allowed vlan 333

    On SW4
    no vlan 666
    int range Fa1/0/19 - 24
    switchport trunk allowed vlan remove 333 666
    exi
    int vlan 333
    ip address 10.10.33.9 255.255.255.0
    int Fa0/19
    sw trunk allowed vlan 333

    On SW1 - SW2
    no vlan 333
    system mtu 1504
    system mtu routing 1500

    int port-channel 12
    sw trunk allowed vlan add 666

    int Fa1/0/19
    no switchport trunk nat vlan 999
    no switchport nonego
    switchport access vlan 666
    switchport mode dot1q-tunnel
    l2protocol-tunnel cdp
    no cdp enable

    *************************************
    4.1 Implement RIPv2 Authentication

    R4
    no service password-encryption
    do sho run | s key chain
    (it will give name of key chain)
    do sho key chain rip
    (it will give key-string)
    service password-encryption
    int f0/0
    ip rip authentication key-chain rip
    ip rip authentication mode md5

    R5

    no service password-encryption
    key chain RIP
    key 1
    key-string HiddenRIPKey

    int f0/1
    ip rip authentication key-chain rip
    ip rip authentication mode md5

    ***************************************************

    4.2 Zone Base Firewall

    zone sec A
    zone sec B

    int gi0/0
    zone-member sec A
    int gi0/1
    zone-member sec B
    int s0/0/1
    zone-member sec A
    int s0/0/0
    zone-member sec A

    class-map type inspect match-all A_B


    match protocol icmp

    policy-map type inspect pMap_A_B


    class type inspect A_B
    pass
    class class-default
    pass

    zone-pair sec A_B source A dest B


    service-policy type inspect pMap_A_B

    zone-pair sec B_A source B dest A


    service-policy type inspect pMap_A_B

    ***************************************

    On SW1---SW4

    instance 1 add vlan 713, 715, 717

    vlan 713
    private-vlan community
    vlan 715
    private-vlan community
    vlan 717
    private-vlan isolated

    vlan 45
    private-vlan primary
    private-vlan association 713,715,717

    On SW1
    interface fastethernet 0/4
    no shutdown
    no switchport access vlan 45
    switchport private-vlan host-association 45 713
    switchport mode private-vlan host

    interface Fastethernet 0/6


    no shutdown
    no switchport access vlan 999
    switchport private-vlan host-association 45 715
    switchport mode private-vlan host

    interface Fastethernet 0/7


    no shutdown
    no switchport access vlan 999
    switchport private-vlan host-association 45 717
    switchport mode private-vlan host

    interface Fastethernet
    no shutdown
    no switchport access vlan 999
    switchport private-vlan mapping 45 713,715,717
    switchport mode private-vlan promiscuous

    On SW2

    interface Fastethernet 0/5


    no shutdown
    no switchport access vlan 45
    switchport private-vlan host-association 45 713
    switchport mode private-vlan host

    interface Fastethernet 0/6


    no shutdown
    no switchport access vlan 999
    switchport private-vlan host-association 45 715
    switchport mode private-vlan host

    interface Fastethernet 0/7


    no shutdown
    no switchport access vlan 999
    switchport private-vlan host-association 45 717
    switchport mode private-vlan host

    *************************************************************

    4.5 QOS

    ON R3 AND R5
    class-map control
    match ip precedence 6 7
    class-map voice
    match ip precedence 5
    class-map video
    match ip precedence 3
    class-map business
    match ip precedence 2
    class-map Internet
    match ip precedence 0

    policy-map COS
    class video
    bandwidth remaining per 30
    class business
    bandwidth remaining percent 30
    random-detect
    random-detect exponential-weighting-constant 10
    class internet

    policy-map QOS
    class voice
    priority percent 20
    class control
    bandwidth per 5
    class class-default
    service-policy COS
    shape average per 100

    int s0/0/0
    bandwidth 2000
    max-reserved-bandwidth 100
    service-policy output QOS

    *********************************************

    4.6 HSRP

    On SW1
    interface vlan 500
    ip address 10.10.100.2 255.255.255.0
    standby 1 ip 10.10.100.254
    standby 1 preempt
    standby 1 timers 3 16
    standby 1 authentication md5 key-string CCIE

    On SW2
    track 1 ip route 150.1.10.0/24 reach

    interface vlan 500


    ip address 10.10.100.1 255.255.255.0
    standby 1 ip 10.10.100.254
    standby 1 preempt
    standby 1 timers 3 16
    standby 1 authentication md5 key-string CCIE
    standby 1 priority 110
    standby 1 track 1 decrement 50
    ********************************************

    4.7 Time based ACL

    On SW1 and SW2

    time-range HTTP
    periodic weekdays 9:00 to 16:59
    time-range FTP
    periodic daily 00:00 to 21:59
    time-range UDP
    periodic daily 9:00 to 16:59

    ip access-list extended TIME


    permit udp 10.10.100.0 0.0.0.255 eq 1985 host 224.0.0.2 eq 1985
    deny tcp 10.10.100.0 0.0.0.255 any eq www time-range HTTP
    deny tcp 10.10.100.0 0.0.0.255 any eq ftp time-range FTP
    deny tcp 10.10.100.0 0.0.0.255 any eq ftp-data time-range FTP
    deny udp 10.10.100.0 0.0.0.255 any time-range UDP
    permit ip 10.10.100.0 0.0.0.255 any

    interface Vlan500
    ip access-group TIME in

    ***************************************

    5.1

    access-list 17 permit 10.10.17.0 0.0.0.255


    access-list 67 permit 10.10.67.0 0.0.0.255

    snmp-server location San Jose, US


    snmp-server contact ccie@cisco.com

    snmp-server trap-source loo 0


    snmp-server enable traps

    snmp-server group admin v3 priv read ciscoview or adminview write adminwrite access
    17
    snmp-server user ccie admin v3 auth md5 cisco access 17

    snmp-server view adminview iso included


    snmp-server view adminwrite system included

    snmp-server community nms ro 67


    no snmp-server group nms v1

    ****************************************************

    5.2 NET FLOW

    ip cef

    flow-sampler-map Netflow
    mode random one-out-of 1000

    ip flow-export version 9
    ip flow-export source Loopback0
    ip flow-export destination 10.10.56.100 2222 sctp
    backup destination 10.10.56.101 2222
    backup mode fail-over

    ip flow-export template options sampler


    reliability full

    int Gi0/1 0/1


    flow-sampler Netflow
    flow-sampler Netflow egress
    no ip route-cache flow
    ip route-cache cef
    no ip flow ingress
    no ip flow egress

    You might also like