CPS B5

CCIE RS v5 TS - B5 Variant
==========================
===================================================================================
==
1. L2 Switching, DHCP [2 points]
- On SW1 and SW2 create the missing vlans
vlan 12,17,18,27,28,100,200,78
sta act
no shut
exit
! SW1
interface Vlan200
ip helper-address 172.8.8.8
! SW2
interface Vlan100
- On R7 and R8 correct the dhcp reservations
ip dhcp pool BancoBank_VLAN200
network 172.16.200.0 255.255.255.0
default-router 172.16.200.1
domain-name bancobank.org
dns-server 172.7.7.7 172.8.8.8
!
ip dhcp pool BancoBank_VLAN100
network 172.16.100.0 255.255.255.0
default-router 172.16.100.1
domain-name bancobank.org
dns-server 172.7.7.7 172.8.8.8
!
ip dhcp pool BancoBank_VLAN200_Server1
host 172.16.200.200 255.255.255.0
client-identifier 01aa.bbcc.0064.00
!
ip dhcp pool BancoBank_VLAN100_USER
host 172.16.100.200 255.255.255.0
client-identifier 01aa.bbcc.0065.00
Verification:
PC101(config-if)#do ping server1
Translating "server1"...domain server (172.7.7.7) [OK]
Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.200.200, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
2. PPP [2 points]
- On R17 correct the ip assignment method and the ppp configuration
interface Serial4/0
ip address negotiated
ppp chap password 0 cisco
ppp ipcp route default
- On R12 correct the ppp/ipcp configuration
ip dhcp excluded-address 145.67.89.21
username UberMarket_Spoke1_R17 password 0 cisco
interface Serial4/0
peer default ip address dhcp-pool UberMarket_Spoke1
ppp authentication chap
Verification:
CPS_TSB5_BUYER_R17(config-if)#do ping 145.11.11.11
!!!!!
3. OSPF [2 points]
- On R21 correct the OSPF configuration
interface Ethernet0/0
no ip ospf network point-to-point
router ospf 1
no passive-interface default
ip address 134.56.78.49 255.255.255.252
no ip ospf cost 1
- On R22 correct the mask
ip address 134.56.78.50 255.255.255.252
no ip ospf cost 30
no ip ospf network point-to-point
router ospf 1
no max-metric router-lsa
Verification:
CPS_TSB5_BUYER_R1(config)#do trace 134.56.78.49
Tracing the route to 134.56.78.49
VRF info: (vrf in name/id, vrf out name/id)
1 123.45.67.6 [MPLS: Label 44 Exp 0] 0 msec
123.45.67.18 [MPLS: Label 37 Exp 0] 0 msec
123.45.67.6 [MPLS: Label 44 Exp 0] 0 msec
2 134.56.78.42 1 msec
134.56.78.38 0 msec
134.56.78.42 1 msec
4. EIGRP [2 points]
- On R12 remove the EIGRP metric/prefixes influence
router eigrp 145
no distribute-list 10 in
no bandwidth 1000
- On R13 remove the EIGRP metric influence
no delay 1000
- On R11, R12, R13, R14 adjust the metric values
router eigrp 145
metric weights 0 1 1 1 1 1
Verification:
CPS_TSB5_BUYER_R11(config-router)#do sh ip route 145.14.14.14
Routing entry for 145.14.14.14/32
Known via "eigrp 145", distance 90, metric 1703, type internal
Redistributing via eigrp 145
Last update from 145.67.89.2 on Ethernet0/0, 00:00:06 ago
Routing Descriptor Blocks:
* 145.67.89.6, from 145.67.89.6, 00:00:06 ago, via Ethernet1/0
Route metric is 1703, traffic share count is 1
Total delay is 7000 microseconds, minimum bandwidth is 10000 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 2
145.67.89.2, from 145.67.89.2, 00:00:06 ago, via Ethernet0/0
Route metric is 1703, traffic share count is 1
Total delay is 7000 microseconds, minimum bandwidth is 10000 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 2
5. BGP [2 points]
- On R4 adjust the BGP MED assignment for 123.3.3.3
no access-list 123 permit ip 123.0.0.0 0.255.255.255 any
access-list 123 permit ip host 123.3.3.3 any
route-map MED permit 10
set metric 50
- On R6 adjust the BGP MED assignment for 123.3.3.3 and for the other prefixes
no access-list 123 permit ip 123.0.0.0 0.255.255.255 any
access-list 123 permit ip host 123.3.3.3 any
no set metric 100
set metric 150
- On R21 adjust the BGP LP assignment for 8.8.8.8
no ip prefix-list 194 seq 5 permit 194.1.1.0/24
ip prefix-list 194 seq 5 permit 8.8.8.0/24
no route-map setLocalPref deny 5
route-map setLocalPref permit 5
match ip address prefix-list 194
set local-preference 150
route-map setLocalPref permit 10
set local-preference 50
- On R22 correct the next hop for the external prefixes
router bgp 12345
address-family ipv4
neighbor INTERNAL next-hop-self
Verification:
CPS_TSB5_BUYER_R12#tr 8.8.8.8
1 123.45.67.46 [AS 12345] 1 msec
123.45.67.45 [AS 12345] 1 msec
123.45.67.46 [AS 12345] 1 msec
2 123.45.67.9 [AS 12345] [MPLS: Label 31 Exp 0] 1 msec
123.45.67.13 [AS 12345] [MPLS: Label 31 Exp 0] 1 msec
3 123.45.67.1 [AS 12345] [MPLS: Label 31 Exp 0] 2 msec 1 msec 1 msec
5 134.56.78.38 [AS 12345] 2 msec 1 msec 1 msec
6 134.56.78.6 [AS 12345] 2 msec 1 msec 1 msec
7 8.8.8.8 [AS 10001] 2 msec * 2 msec
1 123.45.67.45 [AS 12345] 1 msec
123.45.67.46 [AS 12345] 0 msec
123.45.67.45 [AS 12345] 0 msec
2 123.45.67.13 [AS 12345] [MPLS: Label 16 Exp 0] 2 msec
5 134.56.78.42 [AS 12345] 11 msec 2 msec 1 msec
6 134.56.78.14 [AS 12345] 2 msec * 2 msec
1 123.45.67.45 [AS 12345] 0 msec 1 msec 0 msec
4 123.45.67.6 [AS 12345] 0 msec * 2 msec
1 123.45.67.46 [AS 12345] 1 msec 0 msec 1 msec <-- Via R6
2 123.45.67.46 [AS 12345] !H * !H <--- No more information in
the task to identify where this IP should be configured!
6. IPv6 [2 points]
- On MOBILE (R114) add the missing ip config
ipv6 address autoconfig
- On R22 allow the traffic (including the BGP one)
interface Serial4/0
no ipv6 traffic-filter noTCPv6 in
no ipv6 traffic-filter noTCPv6 out
- On R32 configure the requested address and advertise it
ipv6 address 2001::26/128
router bgp 10001
address-family ipv6
network 2001::26/128
- On R25 remove the PBR
no ipv6 policy route-map IPv6-NH
Verification:
MOBILE(config-if)#do ping 2001::26
Sending 5, 100-byte ICMP Echos to 2001::26, timeout is 2 seconds:
!!!!!
7. DMVPN [4 points]
- On SW5 and SW6 create all missing vlans
vlan 56,100,200,515,516,615,616,156
sta act
no shut
- On R18 correct the DMVPN/IPSec config
interface Tunnel0
ip nhrp map 215.0.0.1 145.67.89.10
no tunnel protection ipsec profile ubermarket_prof shared
tunnel protection ipsec profile ubermarket_prof
- * BONUS * access to PC110 and PC112
! R17 - correct the DMVPN config
interface Tunnel0
bandwidth 1000
no ip nhrp authentication Ubermark
no ip nhrp map 215.0.0.1 145.67.89.9
no ip nhrp map multicast 145.67.89.8
ip nhrp authentication ubermark
ip nhrp map multicast 145.67.89.10
ip nhrp map 215.0.0.1 145.67.89.10
! R19 - correct the DMVPN/IPSec config
interface Tunnel0
no ip nhrp authentication Ubermark
no tunnel protection ipsec profile ubermarket_prof shared
ip nhrp authentication ubermark
tunnel protection ipsec profile ubermarket_prof
! R20 - correct the NAT T config
no ip nat inside source static udp 200.100.3.2 500 145.67.89.34 500
extendable
no ip nat inside source static udp 200.100.3.2 4500 145.67.89.34 4500
extendable
ip nat inside source static udp 200.100.3.2 500 interface Serial4/0 500
ip nat inside source static udp 200.100.3.2 4500 interface Serial4/0 4500
ip access-list extended CPS_R19
permit udp any host 145.67.89.34 eq non500-isakmp
Verification:
PC103(config)#do ping 200.100.2.100
!!!!!
SERVER2(config)#do ping 200.100.2.100

!!!!!
8. MPLS, NAT [4 points]

- On SW4 created missing vlans
vlan 16,100,200
sta act
no shut
exit
- On SW3 created missing vlans
vlan 13,100,200
sta act
no shut
exit
- On the PE routers fix the VRFs
! R3
ip vrf BancoBank_ToHub
no route-target import 65100:100
route-target import 65100:101
! R4
ip vrf BancoBank_ToHub
! R5
ip vrf BancoBank
! R6
ip vrf BancoBank
- On R8 correct the NAT/BGP config
no ip nat source list 172 interface Ethernet0/0.125 overload
ip nat inside source list 172 interface Ethernet0/0.125 overload
access-list 172 permit ip 172.16.0.0 0.0.255.255 any
router bgp 65100
neighbor 125.45.67.25 remote-as 12345
- On R7 correct the NAT/BGP config
interface Ethernet0/0.125
ip nat outside
ip nat inside source list 172 interface Ethernet0/0.125 overload
access-list 172 permit ip 172.16.0.0 0.0.255.255 any
router bgp 65100
- On R3 add the missing BGP peering
router bgp 12345
address-family ipv4
network 125.45.67.20 mask 255.255.255.252
neighbor 125.45.67.22 activate
- On R4 add the missing BGP peering
router bgp 12345
address-family ipv4
neighbor 125.45.67.26 activate
Verification:
PC105(config)#do tra 8.8.8.8
1 172.16.102.1 1 msec 1 msec 0 msec
2 172.16.1.1 1 msec 1 msec 1 msec
3 123.45.67.29 0 msec 0 msec 1 msec
4 123.45.67.17 [MPLS: Labels 22/16 Exp 0] 2 msec 3 msec 1 msec
5 123.45.67.21 [MPLS: Label 16 Exp 0] 1 msec 2 msec 1 msec
6 123.45.67.22 1 msec 1 msec 1 msec
7 125.45.67.21 4 msec 7 msec 1 msec
8 134.56.78.38 3 msec 2 msec 1 msec
9 134.56.78.6 3 msec 2 msec 4 msec
10 8.8.8.8 2 msec 2 msec *
PC105(config)#do ping 172.16.200.200
!!!!!
PC106(config)#do tra 8.8.8.8

1 172.16.201.1 2 msec 2 msec 1 msec
2 172.16.2.2 1 msec 1 msec 1 msec
3 123.45.67.33 1 msec 2 msec 0 msec
6 123.45.67.21 [MPLS: Label 16 Exp 0] 1 msec 5 msec 113 msec
7 123.45.67.22 1 msec 3 msec 1 msec
8 125.45.67.21 3 msec 10 msec 3 msec
9 134.56.78.38 3 msec 2 msec 2 msec
10 134.56.78.6 4 msec 3 msec 3 msec
11 8.8.8.8 3 msec 4 msec *
PC106(config)#do ping 172.16.200.200
!!!!!
9. DMVPN, NAT T, DNS [2 points]

- On R24 correct the DMVPN config
interface Tunnel10
ip nhrp map 172.247.247.1 125.45.67.22
tunnel source Ethernet0/0
- On R23 correct the NAT
access-list 192 permit ip host 192.168.1.2 host 125.45.67.22
Verification:
PC109(config)#do ping server1.bancobank.org
!!!!!
10. HTTP, NAT, DNS [2 points]

- On R23 correct the NAT
ip nat inside source static tcp 192.168.1.3 80 interface Serial4/0 8008
- On R21 add DNS record
ip host nas.home.net 134.56.78.10
- On NAS enable dns resolving
ip domain lookup
- On R23 correct the DHCP reservation and add missing DNS record
ip dhcp pool PRIVATE_NAS
no host 192.168.1.200 255.255.255.0
no client-identifier 01aa.bbcc.0063.00
no default-router 192.168.1.1
no domain-name home.net
host 192.168.1.3 255.255.255.0
client-identifier 01aa.bbcc.006c.00
ip host www.cciecloud.net 192.168.1.4
Verifications:
CPS_TSB5_BUYER_R21(config)#do teln nas.home.net 8008
Trying nas.home.net (134.56.78.10, 8008)... Open
get
HTTP/1.1 400 Bad Request
Date: Mon, 06 Apr 2015 16:23:02 GMT
Server: cisco-IOS
Accept-Ranges: none
400 Bad Request

[Connection to nas.home.net closed by foreign host]
NAS(config-if)#do ping www.cciecloud.net

Translating "www.cciecloud.net"...domain server (192.168.1.1)
Translating "www.cciecloud.net"...domain server (192.168.1.1) [OK]

.!!!!
===================================================================================
==
Summary for TS B5
- 10 tickets
- 34 faults
- 151 configuration lines

CPS B5

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CPS B5

Uploaded by

Copyright:

Available Formats

CCIE RS v5 TS - B5 Variant

Type escape sequence to abort.

SERVER2(config)#do ping 200.100.2.100

8. MPLS, NAT [4 points]

PC106(config)#do tra 8.8.8.8

9. DMVPN, NAT T, DNS [2 points]

10. HTTP, NAT, DNS [2 points]

400 Bad Request

NAS(config-if)#do ping www.cciecloud.net

Translating "www.cciecloud.net"...domain server (192.168.1.1) [OK]

Type escape sequence to abort.

You might also like