Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 CCIE4CAREER.COM - CCIE RS V5.0 H2 Plus WORKBOOK FRG § Document Information Author, CC Dreamer: Change Authority Advanced Team Focus Version. 1.9.6 Date 1/6/2017 ‘Comment History ‘Combat, CC Dreamer Version 1.9.6: updated solution and question. CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 Contents 1. SECTION 1: Layer 2 technologies. 7 1.1 Section 1.1: Jameson’s Datacenter: Access Ports. 7 1.2 Section 1.2: Jameson’s Datacenter: Trunk Ports. 1 1.3 Section 1.3 Jameson’s Datacenter: Link bundling 4 1.4 Section 1.4 Jameson’s Branch Offices. 7 2. SECTION 2 Layer 3 Technologies 20 2.1 Section 2.1 Jameson’s IGP, Part 1... : sevevnnnnnen seoneeeernneee 20 2.2 Section 2.2 Jameson’s IGP, Part 2. Ms Ms Ms soe 2B 2.3 Section 2.3 Jacob’s IGP. Ms Ms Ms 34 2.4 Section 2.4 Jameson’s Pre-merge. 7 7 7 fesse 1 2.5 Section 2.5 Jacob’s Pre-merge. 7 7 eee 5S 2.6 Section 2.6 Merge phase 1: BGP 60 2.7 Section 2.7 Merge phase 2: IGP. 63 2.8 Section 2.8 Merge phase 2: Routing Policies 65 2.9 Section 2.9 IPv6 Routing, Part 1 69 2.10 Section 2.10 IPv6 Routing, Part 2. 2 2.11 Section 2.11 Multicast in Jameson'’......... fvoseeeene fvoseeeene fveseeeen TB, 3. SECTION 3 VPN Technology. : sevevnnnnnen sevevnnnnnen sesererenvanen TO 3.1 Section 3.1 Jameson’s Branch Offices... Ms Ms Ms Ms Ms ve 76 3.2 Section 3.2 Jameson’s Pre-merge VPN....... sssseeeeane sssseeeeane vsseeeee TB 3.3 Section 3.3 Merge Phase 2: VPN. 7 7 7 onsen BB 3.4 Section 3.4 Inter-VPN Routing 87 4. SECTION 4 Infrastructure Security. 90 4.1 Section 4.1 Device Security 90 4.2 Section 4,2 Network Security. 92 SECTION 5 Infrastructure Services. 94 5.1 Section 5.1 Centralized DHCP. 5.2 Section 5.2 Internet Gateway .. 5.3 Section 5.3 First hop redundancy ....rocwurnnnnnnnnnnninnnnnnnninesne SS 5.4 Section 5.4 Tracking reachability......... sonnei IO 2 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 Main Topoloay JAMESON’S JACOB'S Core Network ra}enr AS85001 eon) 77 E00 _OSPF Area 0_E00 CS we ewe 02] zy Loo: 10256..Na2 172.1725300 |ERGP. NeDevie 10 ce Networt easel CCIE RS H2 Plus CFG ‘AS 85007 aa sorrmazs —1/e00 wzirion 254 |E00 ‘SV 100 asa: 10-3. am CclEaCareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 BGP Topology - _JAMESON’S | Datacenter Network ‘AS 65002 <> vs ince ‘AS 65002 eo eerrva ence tvs wens sr > unsirectiona Resictribute > siatrectiona! Resistribute | | CCIE4Career.com The best solution, very clear Workbook > The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 VPN Topology JAMESON’S: JACOB'S Core Network ‘AS 65001 CCIE4Career.com The best solution, very clear Workbook > The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 Physical - VLAN Topology VLAN 101 VLAN 100 (EO/0 E0/1 ee E0/0 VLAN 156 VLAN 164 ‘ tE0/0 E0/2 CclEaCareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 1. SECTION 1: Layer 2 technologies tion 1.1: Jameson’s Di nter: A Question: Refer to “Table 1: Jameson's Layer 2 connection and Table 1 : Jameson's VLAN to port Mapping” There has been pre-configured in Jameson’ s Datacenter. SW3 is the server and the other three switches are clients. Do not modify this configuration. Some other configuration was already started but it is your responsibility to verify and complete them Configure all four switches in Jameson’s datacenter network (AS 65002) as per the following requirements: ‘+ All 4 switches should be in transparent mode * All unused ports must be configured in VLAN 999 and administratively shutdown ‘+ Access-ports must immediately transition to the forwarding state upon link up, as long as they do not receive a BPDU. Use a unique command per switch to enable this feature. + If an access-port received a BPDU, it must automatically shut down, generate a syslog and a SNMP trap. Use a unique command per switch to enable to this feature. + Ports that were shutdown must always rely on a manual intervention to recover. ‘+ VLAN 911 (10.2.1.X/24) will be used as the management VLAN in Jameson's datacenter. Ensure that all datacenter switches are able to ping each other IP address in the management VLAN. + SWS and SW6 are low-end access switches and they do not have much processing power. Ensure that their only Layer 3 interfaces are Loopback0 and VLAN 911 + SW3 and SW4 are robust and powerfully distribution switches. Ensure that they maintain a Layer 3 interface for all local VLANs as well as all access VLANs, as specified in “Table 1: Jameson's VLAN to Port Mapping”. + Unused interface had associated VLAN 999 and shutdown CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 Jameson's VLAN to port Mapping VLAN SWITCH PORT SVI 34 ‘SW3-SW4 = ‘SW3-SW4 100 Sw1,SW2, E1/0-3 ‘SW1,SW2, SW10,SW11 SW10,SW11. 100 Sw3,SW4, SWS = SWw3,SW4 100 SW6 E0/1-3, = 101 SWISW2,SWi0 E0/0-1 SWiSW2,SWi0 101 SW11 E0/0 SWI 101 SWS E0/1-3 = 153 Sw3 EO/1 Sw3 156 Sw3,SW4 E0/0 - 164 Sw4 EO/t sw4 173 Sw3 = Sw3 173 SWS E0/0 = 184 Sw4 - sw4 184 SW6 E0/0 = 911 SW3,SW4,SW5,SW6 = ‘SW3,SW4,SW5,SW6 E1/23 E0/2-3 999 sw3,sw4 £2/2-3 - E3/0-3, E1/2-3 999 SWS,SW6 E2/0-3 - £3/0-3, Solution: Note: In the real exam, you will have many deivcies with pre-configuration - Vian is pre-configured in some switches but maybe it missed some VLANs, so you need to check it carefully. - Pay attention with trunk link (maybe it is pre-configured as well) - Check the physical interface, interface vian, it can be in “shutdown” status - Make sure that you save 30 minutes to read whole, and check the physical topology as well. ain jamesons word CTSCO vlan 34,100,101, 153,156,164, 173,184,911, 999 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 interface €0/0 switchport ac! 156 switchport moi no shutdown interface 0/1 switchport 153 switchpor no_shutdown Tatertace e070 switchpor tchpor no shutdown access vlan 156 int e0/1 switchpor access vlan 164 no_shut Int range ©0/2,60/3,el/2: vlan 999 Tat 0/0 vlan 173 no shut int range ¢0/1-3 sw ace vlan 101 an 184 CCIE4Career.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccied4career.com Skype ID 1: ccie04t Skype ID no shut int range 20/1-3 sw acc vlan 100 Int range ©1/2-3,e2/0-3,e3/0-3 sw ac vlan 999 shut Spanning-tree portiast edge default spanning-tree portfast edge bpduguard defau: snmp-server enable traps syslog Verification: [Swshow vien PrieF SY VLAN Name status active VLANOO34 active vLaNo100 tive VEANO10: active VLANO153 active o/1 VLANOI56 active 0/0 VLANOL64 tive VLANOL73 tive VLANO184 active VIANO91 active VLANO993 active 0/2, Et0/3, 2, BtL/3 2/2, Bt2/3, Bt3/0, Bt3/1 3/2, £t3/3 to 3 2 n Name esons ng Made Disabled nezation : Disabled 00. 6000, modi é 103 at 0-0-00 00:00 transparent Maximum VLANs supported locally: 1005 Number of existing VLANs 5 Configuration Revision 10 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 1.2 Section Question: Jameson’s Datacenter: Trunk Ports Refer to Diagram: Jameson’s Layer 2 Connections and Table 1 Jamesons Vian to Port Mapping. Configure Jameson’s data center network (AS 65002) as per the following requirements: ‘+ All inter switch-links on all switches must explicitly disable the dynamic trunk negotiate * All inter-switch links must be configured to use 4#BYt88 tag for encapsulation. «All four switches must maintain exactly three instances of spanning-tree o Instance 1 VLANs: 1,34,100,101,153,156. o Instance 2 VLANs: 164, 173, 184, 911, 999 =» Sw4 must be the root switch for VLANs 1,34,100,101,153,156(instance number 1) and backup root for VLANS 164,173,184,911,999 (instance number 2). + SW3 must be the root switch for VLANs 164,173,184,999(instance number 2) and backup root for VLANs 1,34,100,101,153,156 use instance number 1). + GQRAQUFEISWA so that the interface e2/1 of SW3 is forwarding traffic for VLAN 34 and the interface e2/0 is blocking traffic for VLAN 34. = Ensure that they both have the best chances of maintaining their respective role Even if any new normal-range VLAN were to be added in the future. SW3#sh spanning-tree mst 1 270 Alta 5 Int range @2/0-1,61/0- sw trunk en dot sw mod trunk no shut Spanning-tree mode mst Spanning-tree mst configuration Instance 1 vlan 1,34,100, 101,153,156 Instance 2 Vian 164,173, 184,911,999 a1 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 Int range ©1/0- sw trunk en dot no shut Spanning. Spanning-tree mst con Instance 1 vlan 1,34,10 1153, 186 Instance 2 Vlan 164,173,184, 911,999 ‘Spanning priority 4 Spanning-tree _mst_2 priority 0 mst i priority 0 ms| iority 4 int 2/1 spanning. ee port-priority 0 trunking trunking 1 on, 802. 1¢ trunking 1 Vlans all sunk wi08. 094 1-4094 Vlans allowed and active in management domail 734, 100-101, 153,156, 164,173, 184,911,999 134, 100-101, 153,156, 164,173, 184,911, 999 134, 100-101, 153, 156,164,173, 184,911, 999 Vlane in spanning tree forwarding state and not pruned 164,173,184, 911, 999 134, 100-101, 6,164, 173,184,911, 999 12 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccied4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 Poss 734, 100-101, 153, 156, 164,173, 184, 911, 959 CcLEdcareer.com-sW3¥show int ¢2/0 switchpozt nabled sative Mode: teunk Mode: trunk Access Mode VLAN: 1 (defaul Trunking Native Mode VLAN: 1 (default) Administrative Native VIAN tagging: enabled Voice VIAN: none Administrative private-vlan host-association: none Administrative pzivate-vian mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging Administrative trunk encapswlat dotia trunk normal VEANs trunk associat peivate-vlan trunk mappings: vate-vlan: none Enabled: ALL Pruning VLANs Enabled: 2-100 ure Mode Disabled VLANS Allowed: ALL Adminis protected: false Appliance trust: none aeaee mori 34, 100-101, 153, Bridge +6000 priority 4097 (4096 sysid 1) Root, 000 priosity 1 (a sysid 1) cos 2000000 rem hops 19 o.Nbr Type besg FwD 2000000 128.1 Shr Edge Desg FaD 2000000 128.2 Shr Edge Desg LRN 2000000 128.5 Sh 28.6 sh Desg LRN 2000000 13 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 1.3 Section 1.3 Jameson’s Datacenter: Link bundling Question: Refer to Diagram: Jameson's Layer 2 Connection and Diagram 2: Initial Topology Configure Jameson’s DataCenter network as per the following requirements: + All four switches must bundle their trunk ports E1/0 and E1/1 so that they maintain a single Layer2 link between distribution and access + Ensure that all four switches use a Cisco Proprietary Protocol to negotiate which port should become active in the bundle * The access switch SWS and SW6 must initialize the link bundling negotiation * The distribution switches SW3 and SW4 must balance traffic between all members of the link based on source and destination ip address. * The access switches SWS and SW6 must balance the incoming traffic (that is originated from servers) between all members of the link bundle based on the server's MAC address. Solution: Tat eange ©1/0-1 shutdown channe 35 mode auto nt range e1/0- shutdown channel-prote channel-g Tat range shutdown channel-proto pagp channel-group 35 mode int Eange ©1/0-1 shutdown channel-prot: channel-group pagp 46 mode desirable CCIE4Career.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate. 14Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 Int range e1/0- no_shutdown annel load balance annel load-balance =. int range ©0/0-1 Verification poulation on sie trunking on tia trunking 1 on, hg trunking 1 Vlans allowed on trunk 4094 094 094 Ylang allowed and active in management domai 734, 100-101, 153, 156, 164,173,184, 911, 99 14, 100-101, 153,156, 164,173,184, 911, 999 134, 100-101, 153, 156,164,173, 184,911, 999 Vlans in spanning tree £ 84,911,999 101,153,156, 164,173,184, 911,999 1153, 156,164,173, 184, 911, 999 warding state and ed in port~ ~ suspended (LAcP only} led to al Me minimum links not met us bundling wo wa aggregated 15 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccied4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 @ > default port Number of use: 1 Nunbe! a Group Port-channel Protocol Ports PRP Be1/o(e)— Bti/1 nel Loa src-dst-ip nel Load-Balancing Adresse. ource XOR Destination MAC ce XOR Destina ‘sequence to abort. 100-byte ICMP Echos meout is 2 seconds request eques reques request request reques request, reques request eques request 16 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 1.4 Section Question: Jameson’s Branch Offices Refer to Diagram: Jameson's Layer 2 Connections Configure interface ethernet0/0 in Jameson's branch routers R19, R20 and R21 per following requirements: + The Ethernet WAN links must rely on a layer 2 protocol that support link negotiation and authentication. * The service provider expect that the branch router completes a three-way handshake by providing the expected response of a challenge that is sent by ISP. + R19 must use the username “Jamesons-R19” and password “CCIE” (without quotes). + R20 must use the username “Jamesons-R20” and password “CCIE” (without quotes), + R21 must use the username “Jamesons-R21” and password “CCIE” (without quotes), + All three routers must receive an IP address and a default route from Router ISP. + Ensure that all three routers can ping the ip address of each other's interface Etheo/o Solution: | Taterface dialert ip address negotiated encap P| dialer pool 1 ppp chap hostname Jamesons-R19 im nae pass 0 CCIE int e0/0 pppoe enable group global pppoe-client dial-pool-aumber 1 no shut 17 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccied4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 int dialer ip add nego en ppp dialer pool 1 ppp chap hostname Jamesons-R20 ppp chap pass 0 CCIE int 20/0 pppoe enable group global pppoe-client dial-pool-number 1 no_shut iat dialer 1 ip add nego en ppp dialer pool 1 p chap hostname pp chap pass 0 mesons-R21 int e0/¢ poe enable group global pppoe-client dial-pool-number 1 no. shut. OK? Method Status administratively down administratively down tively down tively dows administratively down administratively down 18 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.ccieO4final Ccie4career.com ‘Skype ID Skype ID 2: nguyenbich279 EX - EIGRP external, NSSA external type 1, external type 1, E2 — 0s?! Ta © ser in NSSA external type 2 S lev static route P - periodic’ downloaded ed, connected, Et ly conn 2 subne 8 directly Connected, Dialer! 8 directly connected, 3 subnets, 2 masks wernet0/ hernet0/ Type escape sequence to abort Sending 5, 100-byte IOMP Echos to 192 Success rate is 100 p Type escape sequence to abort Sending 5, 100-byte ICMP Echos to 192.0.2 scent (5/5), round-trip min/avg/max = 1/1/2 me neout is 2 seconde: Success rate is 100 percent (5/5), round Type escape sequence to abort ‘2 ICMP Echos to 192 rip min/avg/max = 1/1/2 ms Sending 5, 10 0, timeout is 2 seconds: Success rate is 100 percent (5/5), round: zip mia/avg/max = 1/3/1 ms 19 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 2. SECTION 2 Layer 3 Technologies Rules and restrictions: Y After finishing each of the following questions make sure that all configured interfaces and subnets are consistently visible on all pertinent router and switches. ¥ Do not redistribute route between any interior gateway protocol IGP and BGP if not explicitly required. Y If not explicitly stated otherwise, you need to ping a BGP route only if it is stated in a question otherwise the route should be only in the BGP table. Y At the end of this section all subnets in your topology in your topology including the loopback interface must be reachable via Ping from anywhere in your topology the back bone interfaces must be reachable only if they are part of the solution to a question. ¥ The loopback interface must be seen as a host route /32 in the routing tables unless stated otherwise in a question. 2.41 Section 2.1 Jameson's IGP, Part 1 Question: Refer to “Diagram 2: Initial Topology”. The configuration was already started. It is your responsibility to complete and verify all requirements. Configure Jameson's network (AS 65001 and AS 65002) according to the following requirements: + Ensure that all routers use their interface Loopback 0 as OSPF router-id. + Ensure that OSPF is not running on any interface that is facing another BGP AS + SWS and SW6 must not participate in OSPF at all + Do not use the “network” statement under the “router ospf” configuration anywhere in the core network (AS 65001). * Do not change the default OSPF cost of any interface anywhere + Ensure that R1, SW1 and SW2 are elected the Designated router on all of their interfaces, and that they have the best chances of maintaining that role as long as their interfaces are up. * Ensure that R2 is elected the Backup Designated router on all of their interfaces, and that it has the best chances of maintaining that role as long as its interfaces are up + Request passive interface VLAN 100, VLAN 101, VLAN 911 on exam. + OSPF process is 1. R17 tunnel 0, loopback 0 and E0/1 need associate to vrf Corp 20 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 passive-int vlan passive-int vlan 101 passive-int vlan 91 Tater vlan 911 ip os net point-to-point inter vlan 101 ip os net point-to-point inter vlan 100 ip os net point-to-point inter vlan 173 ip os net point-to-point inter vlan 34 ip 08 net point~ inter vlan 193 ip os net_point- point int vian 91 ip os net point-to-point int vlan 101 ip os net point-to-point int vlan 100 ip os net point~ int vlan 184 point ip os net point~ int vlan 164 CCIE4Career.com 21 The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 router ospr 1 vif CORP router-id 10.255.1.17 interface loopback 0 ip vr£ forwarding ip address 10.255.1.17 255.255.255.255 ip ospf 1 area 0 int etherneto/1 ip vr£ forwarding ip address 10.2.0. ip ospf 1 azea 0 ip ospf network point-to-poin router-id 10.255.1.18 int lo ip ospf 1 area 0 int e0/ ip ospf 1 area 0 ip ospf network poin! wlan 100 vlan 10 router osp? i router-id int 10 ip ospf 1 a int vlan 1 ip ospf 1 are 0 int vlan 10 ip ospf 1 area ip ospf pri 255 CCIE4Career.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate. 22Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 router ospr 1 router-id 10.255.1. int 10 ip ospf 1 area 0 int e0/1 ip ospf 1 area 0 router esp? i router-id 10.255. int 10 ip ospf 1 azea 0 int e0/1 ip ospf 1 azea 0 router osp router-id int 10 ip ospf 1 int vlan 1 ip ospf 1 int vlan 10 ip ospf 1 azea 0 ip ospf priority 255 router ospi 1 router-id 10.255.1.13 int 10 ip ospf 1 area 0 int e0/1 ip ospf 1 are 0 ter ospt 1 router-id int 10 ip ospf 1 are 0 int e0/ ip ospf 1 are 0 255.1.14 23 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 router ospr 1 router-id 10.255.1.1 int 10 ip ospf 1 are ¢ int range 0/0 ip ospf 1 are 0 yel/o ip ospf 1 area 0 int 00/0 ip ospf 1 int 0/2 ip ospf 1 youter osp? 1 router-id int 10 ip ospf 1 are 0 int 00/0 ip ospf 1 are 0 int 0/2 ip ospf 1 area ip ospf pri 25 255.1.4 router ospr i router-id 10.255.1.5 int 10 ip ospf 1 int rang e0/0- ip ospf 1 24 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 router ospr 1 router-id 10.255.1.6 int 10 ip ospf 1 area 0 int e0/ ip ospf 1 are 0 int e0/1 ip ospf 1 0 ip ospf pri 255 router esp? 1 router-id ale int 10 ip ospf 1 int 0/3 ip ospf 1 youter osp? 1 router-id 10.255.1. int 10 ip ospf 1 area int 00/3 ip ospf 1 are 0 ip ospf pri 255 Tat range 60/0- no_shut outer osp router-id int 10 ip ospf 1 int e0/ ip ospf 1. 25 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 router ospr 1 router: int 10 ip ospf 1 area 0 int e0/0 ip ospf 1 area ip ospf pri 255 router esp? i router int 10 ip ospf 1 are 0 int range e0/0-3,e1/0 ip ospf 1 are 0 ip ospf pri 254 Verification: [RastowIpos tater SY P address/t 255.2.4/32 1 254.0:34/30 30 254.0.50/30 8 Address Interface 10.254.0.33 _Etheznet0/2 9,254.04 Bthernet0/0 Neighbor 1D Pri State bead Time addres: nterface 10.255.1.17 3 - 00:00: a 10.285.1.10) ° - 90:00 a 10.255.1.15 - 0:00: 20 Address/t 255.1.103/32 2.1.103/24 21102.253/24 21100.253/24 210.39/30 210113730 012.0.6/30 Neighbor ID Pri State Dead Time addres: nterface 10.258.1.2 254 FULL/aDR 00:00:39 10, 255.215 a FULL 00:00:39 20, 10.255.1.3 GLL/BOR 90:00:33 10. 10.255.1.7 LL/BOR 99:00:37 10, 10,255.19 1 FULL/2DR 0:00:35 10 26 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 Ne: state Dead Time addres nterface 10 09:0 0.254. Ethernet0/0 10 09:0 10125410122 Ethernet0/1 10. oa:0 30125410.34 Ether 10. 00:0 0125410126 Bthern 10 09:0 0125610130 Etnewneti/0 27 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 2.2 Section 2.2 Jameson’s IGP, Part 2 Question: Refer to “Diagram 2: Initial Topology”. Configure Jameson's branch network according to the following requirements + Each branch router must establish an OSPF adjacency with R17 in area 51. * R17 Must advertise the prefix 10.2.0.0/16 into area 51. + Each branch router must install the prefix 10.2.0.0/16 in their routing table as an OSPF Type-3 LSA «R17 must propagate a default route in both area 0 and area 51 only if it has a default route in its routing table. (OUIarSaIISWEd Ito lace sina lSistaticnoureco achieve the requirement. + Each branch router must advertise their interfaces lo 0 and e0/1 into OSPF. Do not add remote or modify any BGP configuration on R17 «= OSPF Type 2 LSAs must not appear in any link state database in any branch router. + Do not use the OSPF network statement anywhere in area 51. Solution: router bap 65002 bgp router-id 10.255.1 nei 192.0.2.1 remote-as 12345 interface tunnel ip vr£ forwarding coR> ip address 10.100.0.1 255.255.255.0 ip nhrp map multicast dynamic ip nhrp network-id 12345 ip nhrp redirect tunnel source 0/0 tunnel mode gre multipoint Explain Help others network go to internet. It is needed configure for 3.1 section DMVPN Note: Pay attention with the name of VRF, it will be “CORP” or “Corp”, read the question and check the pre-conifugre carefully. 28 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 int tunnelo ip vré forwarding ip address 10.100 ip nhrp map multicast 192.0.2.2 ip nhrp map 10.100.0.1 192 ip nhrp network-id 12345 ip nhrp shortcut ip nhrp nhs 10.100.0.1 unnel Tunnel no: ource Dialer 1 ie gre multipoi: iat vannelo ip vrf forwarding coRP ip address 10.100.0.20 255.255.255.0 ip nhrp map multicast 192.0.2.2 ip nhrp map 10.100.0.1 192.0.2.2 ip nhrp network-id 12345 ip nhrp ip nhrp n cunnel tunnel_mode iat tannelo ip vrf forwarding CORP 10.100.0.21 255. ip map multicast 192.0. ip map 10.100.0.1 192. ip network-id 12345 ip nhrp shortcut ip nhrp nhs 10.100.0.1 tunnel source Dialer 1 sunnel mode gre multipoint int shutdown end cont t int tu 0 no shutde end 29 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 Explain: Sometime the state of interface still down, so the best practice you should do: shutdown and no shutdown interface Tunnel 0, Even after you shut and no shut interface tunnel 0, the DMVPN still not up, so we need to reload router R17, R18, R20 and R21. router cap! 1 vet default-information criginate interface ip ospf 1 ip ospf network point-to-miltipoint [ip route vif CORP 0.0.0.0 0.0.0.0 20/0 292.0.2.2 global Explain: This command is very important: SEER its iises teen Because when traffic from R19 want to go Internet (ping 8.8.8.8) it will be via vrf CORP, when packet go to R17 it still in VRF CORP, so you need leaking route from VRF to Global (routing between R17 and ISP via Global) so this command: BEBSBEE vee CORP 0.0.0.0 0.0.0.0 e0/0 192.0.2.1 global will do it for you R19 router ospr 1 vif CORP interface tunnel 0 ip ospf 1 area 51 ip ospf network poi interface loopback 0 ip vrf forwarding CORP ip address 10.255.1.19 25 ip ospf 1 area 51 int ethernet0/1 ip vrf forwarding CORP ip address 10.16.1.1 255. ip ospf 1 area 51 to-maltipoint 30 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccied4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 router ospr 1 vir CORP router-id 10.255.1.20 interface tunnel 0 ip ospf 1 area $1 ip ospf network point-to-multipoint interface loopback 0 ip vrf forwarding CORP ip address 10.255.1.20 255.255.255.255 ip ospf 1 area 51 int ethernet0/1 ip vrf forwarding Co! ip address 10.16.2.1 255.255.255.0 ip ospf 1 area 51 youter csp! 1 vet G 255.121 nel 0 ip ospf 1 area 51 ip ospf network point-to-mu interface loopback ( ip vré forwarding CORP ip address 10.255.1.21 255.255.255.255 ip ospf 1 area 51 int ethernet0/1 ip vrf forwarding ip address 10.16 ip ospf 1 area 51 point coRP 255.255.255.0 Verification: pRIshow dmvpn : Attrb Static, ynamic, complete N - NATed, L - Local, X - No Socket 4 Bnt --> Number of NARP entries with same NBMA peer nus Expecting Replies, R --> Responding, W --> Waiting upon Time a’ Tunnel v4 NERP Det: ees Tunnel Add state 31 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Cciedcareer.com Skype ID 1: ccieo4t Skype ID Neighbor ID Pri State Dead Time Address Interface 10.255.1.103 0 FULL/ - 00:00:31 10.2.0.37 Ethernet0/1 20.255.1.21 oO FULL/ = 00:01:44 © 10.100.0.21 —Tunne1o 10.255.1.19 o FULL/ = 00:01:41 10.100.0.19 Tunnel 10.255.1.20 oO runL/ 00:01:59 10.100.0.20 — Tunneid. Routing Table: CORP Codes: L - local, C ~ connected, § - static, R- RIE, M~ mobile, B - BGP D - EIGRP, EX - EIGRP external, 0 - OSPF, TA - OSPF inter area Ni - OSPF NSSA external type 1, N2 ~ OSPF NSSA external type 2 El ~ OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-I8 summary, L1 - IS-IS level-1, L2 - Is-18 level-2 ja - IS-IS inter area, * - candidate default, U - per-user static route © - ODR, P - periodic downloaded static route, - NHRP, 1 - LISP. a - application route + - replicated route, $ - next hop override Gateway of last is 10.100.0.1 to network 0.0.0.0 10.0.0.0/8 is Er subnetted, 19 subnets, 3 masks c 10.16,1.0/24 is directly connected, Ethernet0/1 L 10.16.1.1/32 is directly connected, Ethernet0/1 ° 10.16.2.0/24 [110/2010] via 10.100.0.1, 0; 1, Tunne1o ° 10.16.3.0/24 [110/2010] via 10.100.0.1, 00:09:00, Tunnelo c 10.100.0.0/24 is directly connected, Tunnel0 ° 10.100.0.1/32 [1109/1000] via 10.100.0.1, 00:10:31, Tunnelo L 10.100.0,19/32 is directly connected, Tunnel ° 10-100.0.20/32 [110/200] via 10.100.0.1, 00:10:31, Tunnelo ° 10.100.0.21/32 [10/2000] via 10.100.0.1, 00:09:00, Tunnelo OTA — 10.255.1.15/32 [110/1012) via 10.100.0.1, 00:10:31, Tunnelo OTA — 10.255.1.16/32 [110/1013] via 10.100.0.1, 00:10:31, Tunnelo OTA 10.255.1.17/32 [110/101] via 10.100.0.1, 00:10:31, TunnelO OTA — 10.255.1.18/32 [110/1013] via 10.100.0.1, 00:10:31, Tunnel c 10.255.1,19/32 is directly connected, Loopback0 0 10.255.1.20/32 [10/2001] via 10.100.0.1, 00:10:31, Tunnelo ° 10.255.1.21/32 [110/201] via 10.100.0.1, 00:09:00, Tunnelo OTA 10.255.1.103/32 [110/1011] via 10.100.0.1, 00:10:31, Tunneld OTA 10.255.1.104/32 [110/1012] via 10.100.0.1, 00:10:31, Tunneld Codes: L = local, C ~ connected, $ - static, R - RIP, M~ mobile, B - BGP D ~ EIGRE, BX - EIGRP external, 0 - OSPF, IA ~ OSPF inter area Ni - OSPE'NSSA external type 1, N2 - OSPF NSSA external type 2 El - OSPF external type 1, £2 ~ OSPF external type 2 i - I-18, su - IS-I8 summary, L1 - TS-1S level-1, L2 - Is-18 level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route © - ODR, P - periodic downloaded static route, ii - NURP, 1 - LISP + - replicated route, © - next hop override Gateway of last is 10.2.0.38 to network 0.0.0.0 32 CclEaCareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccied4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 : ably sul subnets, 3 masks ° 10.2.0.0/30 [110/11] via 10 23, Ylanis3 ° 10.2.0.8/30 [110/2] vlan34 ° 10.2.0.40/30 [110/2 vian34 oma 10.16.1.0/24 [10/1011 0.2.0.38, 00:11:01, Viant73 OIA 22. 110/1 6, Vianil3 OIA 3 2110/1011] 2. 241, VlaniT3 OIA [110/11 10.2.0 9, lant OIA 0/1001] via 10 oma 20/32 (110/1001} via 10 OA 0.21/32 (110/1001] via 10 ° 5/32 (110/2] via 10 ° 6/32 [110/3] via 10. ° 17/32 [110/2] via 10 ° 18/32 [110/3] via 10. oA 19/32 [110/1002] via OIA 20/32 [110/102] via OTA 21/32 (110/102) via 2. [119/21 10 33 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 2.3 Section Question: Jacob’s IGP Refer to “Diagram 2: Initial Topology”. Jacob’s network is partly preconfigured. It is your responsibility to verify and complete them. Configure EIGRP for IPv4 in Jacob's core network (AS 65006) according to the following requirements: + All EIGRP routers must support 64-bit metric calculations and Routing Information Base (RIB) scaling in EIGRP topologies. «The interface Lo0 of each router must be seen as an internal EIGRP prefix by all other routers in their local domain. «Ensure that EIGRP is not running on any interface that is facing another AS. Use any method to accomplish this requirement. = Jacob's core network must use the EIGRP autonomous system number 1. «R52 must inject its interface loopback 52 into EIGRP as an external prefix. No other prefix may be injected as an EIGRP external prefix by R52. Do not configure any metric with the redistribution command. eee R50 need to display as below TsUtshow 1p clgep topoles BIGRE-IPva VR 85968732 Blocks: hherneto/0) 00.3, Send flag is 9x0 687680000), route is Interna 34 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 Solut In the exam, all routers had configured EIGRP with normal mode, you should check with command: SHOMMEUNIIEEES. and delete it after configure with name mode Ro Fouter eigep 1 router eigrp JACOBS address-family ipv4 unicast autonomous-system 1 network 172.30.1.50 0.0.0.0 network 172.30.100.1 0.0.0.0 outer eig address-family ipv4 unicast autonomous-system network 172. network 172. router elg=p address-fanily ipv4 unicast autor net. 172.30.1.52 0.0.0.0 net_172.30.100.3 0. metric rib-scale 153 topology base nous-system 1 redistribute connected route-map CONNECTED route-map match interf opback 52 router eigrp JACOBS address-family ipvé uni network 172.30.1.53 0.0. net_172.30.100.4 0.0 [metric rib-scale 153 00 35 3 g CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 router eigrp JACOBS address-family ipv4 unicast autonomous network 172.30.1.54 0.0.0.0 net 172.30.100.5 0.0.0.0 ystem 1 Expla Why we need this command: [ISEnGND=Sea/emisama2? Let me brief about the theor EIGRP named mode automatically uses wide metrics when speaking to another EIGRP named mode process. No additional configuration is necessary, this is automatic. So if it's speaking to a traditional EIGRP process, it uses the old calculations. The new metric is designed to be able to differentiate paths above 10GB. The new metric essentially changes four things: - Delay is now measured in picoseconds instead of microseconds. 10ms was the minimum previously. - Bandwidth's scaling factor is made much larger, the calculation is now 10*7 * 65536 / Interface Bandwidth, as opposed to the original 107 * 256 / Interface Bandwidth. = The overall metric is now 64 bit. - The K6 value has been added "for future use", but Cisco has indicated this will be used for accumulated energy or accumulated jitter. Jitter is reasonably obvious. Energy is the actual electric power it takes to use an interface, so that you could literally do "least cost" routing based on how inexpensively the packet can be sent from the various interface types in a path. By default, the RIB’s metric cannot exceed 32-bits, so there are circumstances with the new, more granular metrics won't fit into the RIB. So all metrics, regardless of if the value would fit into 32-bits, are divided by the rib-scale value. The rib-scale is 128 by default 36 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 Check in Router R52: inte: ce Loopback0 bandwidth 1 ip address 172.30 RS2#show int 10 Loopback is up, Line p: Hardware is Loopback Internet address is 172.30.1,52/32 6 byces, SREY, OLY 5000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation LOOPBACK, Loopback Keepalive set (10 sec) input never, output never, output hang never Input queue: 0/75/0/0. (size/max/drop 255.255.255.25. Queueing strategy: fifo Output queue: 0/0 (size/max) 5 minute input rate 0 bits/sec, 5 minute output rate 0 bits/sec, IP multicast O runts, 0 giants, 0 throttles input bytes, 0 unde: [R82#show un Tet TOT CRC, 0 frame, 0 overrun, 0 ignored, tt drops: abo: In Router R51. R5lfshow ip route 172.3) et_not_in table of Router R52. Let check EIGRP topology 72.30.100.3 (Bthernet0/0), from 172.30 posite netric 1s Vana 7c flag i 20), route is So question here? Why router R51 don’t have route in routing table for Loopback 0 Internal CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate. 37Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 liability Load is 1/2 Minimun MTU ‘op count is 1 Originat The EIGRP topology table indicates SSSUSSQNS000 and the RIB: 4294967295 because: By default: RIB = BSSZSS2N6000 /128 = 5123072000 Because the RIB’s metric cannot exceed 32 bit (The largest number that can be represented in a 32-bit unsigned integer is 4,294,967,296) BSOAOGG > 4294967295, therefore it cannot be represented in the RIB. So how we can be represented the route: 172.30.1.52 into the routing table (RIB)? We need to modify the value: With SISESSSISNSMISS, when you check in R51 TGRP=TPvd VR(JACOBS) Topology y (1) /1D(072.30.1.51) for 0.1.52/3) e is Passive, Query origin fl g is 1, 1 Successor (s), FD is 655753216000, 2.30.100.3 (Rthernetd, m172.30.100.3, Send flag is 0x0 Conposite metric is (SESMSMANBUNY 655627680000), route is Internal Vector metric: Minimum bandwi Total delay is Reliability is Load is 1/2 Minimun MTU is 1500 ‘op count is 1 Originating zo! is 1 Kbit 000000 picoseconds 301.52 R16 = BSS7SS206000/153 - 4285968732.026144 < MISNSGIES (The largest number that can be represented in a 32-bit unsigned integer is 4,294,967,296) Now you check in the routing table of R51 ng ent known via ibuting v update from 172 on Ethernet0/0, 00:02 ng Descriptor B 4285968732, type inteznal 38 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 Note: Metric rib-scale [1-255] so you want to have route with loopback LO of R52, you need to modify rib-scale value from 153 to 255 (in our solution we choose value 153 for every router in EIGRP Topology) vlan 100 vlan 10 router eigep 10 network 172.18.2.1 0.0 network 172.30.1.57 0. Version 1.5 (CCIE4career.com updated) * Do not change the preconfigured bandwidth SEMIMEGMSGSILS2NOnRG2, it must reserve as 1kbps. + R50 need to display as below for 52.52.52.52/32 is 658753216000, RIB compos: Load ie 1/255 Minimom vu 1s 1500 Hop count as 1 Originating router is 172.30.1.82 External data: Connected, extern 39 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 The solution is not changed, the pre-config in R52 you will see this output: Tish von tnt 15) copbacks2 Address-ramily Neighbors for AS (1) Interface Rt 3 100 2 100 1 100 100 nected, B - BoP IGRP external, 0 - area NSSA external type 1, N2 - A external type 2 type 2 external type 1, B2 + 03?! sa ~ 15-5 sunmary, 11 - unter area, : P - periodic’ downloaded = application route S + next hop Gateway of last resort is not set 52,0.0.0/32 28 eubnetted, 1 subnets Bx '52.52.52,52 (170/897215] 00:05:22, Ethernet0/0 0/16 is variably : be, 2 mask: 1.51/32 [90/857215] via 172.30.100.2, 00:08 1152/ 4285968732) via 172.30.200 11.53/32. [90/85 via 1 18ye herneto/0 4, 00:05 hernet 0/0 [sore via 172/301100.5, 00:05:21, Etherneto/0 E VR (I y or AS(1}/1D(172,30,1.50) for $2,52.52.52/32 7 1, 1 Successor(s), FD is 131153920, RIB is ‘om 172.30.100,3, Send flag is 0x0 ic is (131153920/163840), route is Externa’ Minimum bandwidth is 10000 Kbit al delay is 1001250000 pi ity is 2 Load is 1/255 Manimom MII i ‘op count is 1 riginating router is 172.30.1.52 External data: ‘AS number of route is 0 5 Connected, external metric is 0 axternal prot Administrator tag is 0 (0x00000000) 40 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 2.4 Section 2.4 Jameson’s Pre-merge Question: Refer to the “Overall Scenario”, “Diagram 2: Initial Topology” and “Diagram 4: Pre- merge Topology” Jameson's decided to enable MPLS VPN in their network Configure Jameson’s network as per the following requirements: + R11, R12, R13 and R14 must redistribute OSPF into BGP and they must advertise a default route into their respective OSPF domain. They may not redistribute BGP into OSPF. (Read question carefully, if question! ask:\route table do not have default route, it also send default route to OSPF neighbor, you must add command “always”). + R15 and R16 must mutually redistribute OSPF and BGP + R11, R12, R13 and R14 must advertise only four prefixes via eBGP to Jameson's core network as follows: © R11 and R12 must advertise 10.1.0.0/16, 10.255.1.11/32, 10.255.1,12/32 and 10.255.1.101/32, © R13 and R14 must advertise 10,3.0.0/16, 10.255.1.13/32, 10.255.1.14/32 and 10.255.1.102/32; + R1 must reflect IPv4 BGP prefixes to all core routers except R2. All internal BGP peers must be established using interface Lod. + Ensure that each Jameson's site receives BGP prefixes from other sites. ‘+ Avery smaller output as the one shown below must be seen on R11, R12, R13 and R14 (only the next-hop, version and update-group may differ). + R3 and R4 use vrf DC + RS, R6, R7, RB use vrf CORP + R15, R16 request aggregate 10.0.0.0/8 and use a single command and must use summary-only. (aggregated by 65002 s1.16 12 (metric 11) from 10.2 2 (10,255.1.12) } valid, intesnal, atom garegate , (aggregated by 65002 0.53 from 10.254.0.53 (10 craggregate, b 41 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 Configure Jameson’s network as per the following requirements: + Ensure that any prefix that originate in any of these main site will not advertise back to same site via redundant gateway. + The configuration must equally apply to any future prefixes that may be advertised by any site router bgp 65001 bgp router-id 10.255.1 nei 10. group group outer bgp 65001 bgp router-id 10.255.1.3 nei 10.255.1.1 remote-as 65001 nei 10.255.1.1 update-source 10 nei 10.255.1.1 next—hop-self Touter bgp 65001, bgp router-id 1 nei 10.255 nei 10.255 nei 10.25 router bgp 6500 bgp router -255.1.4 remote-as 65001 update-source 10 next-hop-selt 295.1.5 nei 10 1 remote-as 65001 nei 10.255.1.1 update-source 10 nei_10,255.1.1 next-hop-self 42 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 router bgp 6500 bgp router-id 0.255.1.6 nei 10.255.1.1 remote-as 65001 nei 10.255.1.1 update-source 10 nei 10,255.1.1 next-hop-self router bap 65001 bgp router-id 10.255.1.7 nei 10.255.1.1 remote-as 65001 nei 10.255.1.1 update-source 10 nei 10. 1_next-hop-self router bgp 650 bgp router-id 65001 update-source 10 next-hop-self Explain: Why do you need the command: next-hop-self under the BGP configuration? Because the interface faced to the edge router, you don’t advertise it into the core network, so if the route from Tat e0/i ip vrf forwarding vc ip address 10.254.0.73 25 router bgp 65001 255,255,252 no neighbor 10.254.0.74 remo a family ipv4 vrf pc neighbor 10.254.0.74 remote-as 65002 neighbor 10.254.0.74 as-override 43 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 int €0/ ip vré forwarding Dc ip address 10.254.0.77 255.255.255.252 router bgp 6500 no neighbor 10.254.0.78 remote-as 65002 address-family ipv4 vrf DC neighbor 10.254.0.78 remote-as 65002 neighbor 10.254.0.78 as-override int e0/2 ip vré forwarding ip address 10.254.0.41 258.255.255.252 router bgp 65001 no neighbor 10.254 remote-as 65002 address-family ipv4 vrf CORP neighbor 10.254.0.42 remote-as 65002 neighbor 10.254.0.42 as-override int e0/2 ip vré forwarding ip address 10.254.0.45 255.255.255.252 router bgp 65001 no neighbor 10.254.0.46 remote-as 65002 address-family ipv4 vrf CORP neighbor 10.254.0.46 remote-as 65002 neighbor 10.254.0.46 as-override int e070 ip vrf forwarding CORP ip address 10.254.0.53 255.255.255.252 router bgp 65001 no neighbor 10.254.0.54 remote-as 65002 address-family ipw4 vrf CORP neighbor 10.254.0.54 remote-as 65002 neighbor 10.254.0.54 as-override 44 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 int e0/0 forwarding router bgp 6500 no neighbor 10.254 address-family ipv4 vrf CORP neighbor 1 gp router-id neighbor 10. neighbor 10 neighbor 10. neighbor 10 6500 65002 ‘ce loopback 0 router bgp 65002 bgp router-id 1 neighbor 10.254 bgp router- neighbor 10. neighbor 1 neighbor 10. neighbor 1 router bap 650 bgp router-id neighbor 10.254.0.45 remote-as 6500 neighbor 10.255.1.13 -as 65002 neighbor 10.255.1.13 ce loopback 0 neighbor 10.255.1.13 next-hop-self 45 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 router bgp 65002 bgp router-ia 10 nei 10.25 nei 10.255.1.16 nei 10.255 nei 10.255 next-hop-self router bgp 6500 bgp router-id 10. nei 10. nei 10. nei 10. nei 10.2! update-source 5 _next—hop-selt router bgp 65002 redi: aggregate-address 1.0.0 255.255 summary: router ospf 1 default-information originate always router bgp 65002 ssp 1 aggregate-address 10 router ospf 1 default-information originate always redistribute summary-only outer bgp 65002 regate-address 10.0.0.0 255.0.0.0 summary-only ess-family ipv4 neighbor 10.254.0.73 default-origin, ter ospf 1 46 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 aggregate-address 1 address-family ipv4 neighbor 10.254.0.77 0.0 summary-only ginate router ospf 1 47 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 48 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 a9 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccied4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 Version 1.5 (based on CCIE4career.com) Question ask you with the output: Le entry for 10.0.0.0/8, (2 available, best 42, table default) update-groups 2 10.255.1.16) from 10.255.1.12 (10.25. localpzef 100, valid, zx pathid: 0, tx pathid: 0 Serres trom 10.254.0.83,(10.255.1.7) ‘in 162, localpeef 100, valid, external, Px pathid: 0, tx pathid: 0x0 yy 65002 10.255.1.15) Pay attention with the AS-Path in the output, with that output, we must use allowas- in AS in CE and don’t use BSE6¥eLEade in PE router. Full Solution: int 0/7 ip vrf forwarding 0c ip address 10.254.0.73 255.255.255.252 router bgp 6500 no neighbor 10.254.0.74 remote-as 65002 address-family ipv4 vrf DC neighbor 10.254.0.74 remo: Tat 07 ip vrf forwarding oc ip address 10.254.0.77 255.255.255.252 router bgp 6500 no neighbor 10.254.0.78 remote-as 65002 address-family ipv4 vrf DC neighbor 10.254.0.78 remote-as 65002 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate. e-as 65002 50Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 Int e0/2 ip vrf forwarding CORP router bgp 6500 no neighbor 10.254 address-family ip neighbor 10.254. Tat e072 ip vrf forwarding CORP ip address 10.254.0.45 255.255.255.252 router bap 650 or 10.254.0.46 reme vr£ CORP 6 remote-as 65002 addzess-family neighbor 10.254 int 0/0 ip vrf forwarding ip address 10.254.0.53 255.255.255.252 router bgp 650 no nei 10.254.0.54 remote-as 65002 address-family ipv4 vef CORP neighbor 10.254. int 0/0 ip vrf forwarding CORP ip address 10.254.0.57 255.255.255.252 router bgp 6500 no neighbor 10.254.0.58 remote-as 65002 address-family ipv4 vrf CORP neighbor 10.254.0.58 remote-as 6500. CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate. 51Ccied4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 router bgp 65002 1 mou bgp router-id 1 neighbor 10.254. 5... 53 rei as 65001 neighbor 10.255.1.12 remote-as 65002 neighbor 10.255.1.12 update-source loopback 0 neighbor 10.255.1.12 next-hop-se network 10.255.1.11 mask 255.255.255.255 router bgp 65002 bgp router-id 10.255.1.12 neighbor 10.254.0.57 rei as 65001 neighbor 10.255.1.11 rei as 65002 neighbor 10.255.1.11 update-source loopback 0 neighbor 10.255.1.11 next-hop-sel£ network 10.255.1.12 mask 255.255.255.255 router bgp 65002 bgp router-id 10.255.1. neighbor 10.254.0.41 remote-as 65001 neighbor 10.254,.0.41 allowas-in neighbor 10.255.1.14 neighbor 10.255.1.14 update-source loopback 0 cighbor 10.255.1.14 next-hop-self network 10.255,.1.13 mask 255.255.255.255 router bgp 65002 bgp router-id 1 neighbor 10.254 or 10.255.1.13 re 1.13 upda igh neighbor 10 e-source loopback 0 neighbor 10.255.1.13 next-hop network 10.255.1.14 mask 255.255.255.255 router bap 65002 bgp router-id 10.255.1.15 nei_10.254.0.73 remote-as 6500 [neighbor 10.254.0.73 allowascin 0 52 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 Tel 10.255.1.16 remove-as 65002 nei 10.255.1.16 update-source 1 nei_10.255.1.16 next-hop-self router bgp 65002 router-id 10.255.1.16 neignbor 10.254.0.77 allowas-in nei 10.255.1.15 remote-as 65002 nei 10.255.1.15 update-source 10 nei 10.255.1.15 next-hop-self, Verification: @ router identifier 10 1 loca p table version is 1, main routing t eighbor v 10.25 4 21 0 10 4 5 3 1 ° 10 4 5 3 0 10 4 a 2 0 10 4 4 2 ° 10.28: 4 4 2 ° CORE C - connected, § - static, R- RII EIGRE external, 0 - OSPE, 1A 1 NSSA external type 1, N2 - OSPF NSSA external type 2 1 - OSPF external type 1, F2 — OSPF external © £- rss, su - sunmary, Ll - 18-1 level: inter area, * ~ candidal 10 ='pe P - periodic downloaded static . plicated route, § - next hop override B 20 : c 52/30 is directly Etherneto/o L 53/32 is directly connected, Ethernet0/0 = 32 [20/0] via 10.254.0.54, 00:10:19 5 2 (20/11) via 10.254.0.54, 3 0 101/32 [20/11] via 10.254.0.54, 00:07:14 RS¥show ip route wrt CORP Codes: L - local, C - connected, $ - static, R - RIP, M~- mobile, B- BGP D- EIGRE, EX ~ EIGRP external, 0 ~ OSPE, IA + OSPF ini 28 NL - OS2F'NSSA external type 1, N2 - OSPF NSSA external type 2 El ~ oser external type 1, 62 * OsPe external type 2 53 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 = a STevele 3 7 summary, ut - Is-18 inter area, * ~ candid: P = periodic downleade: cated route, $ - next hop override TTevel-t, 12 2 default, U - per-user static route atic route, K - NARP, 1 - LISP resort is not set 0.0/8 is variably subnetted, 6 subnets 16 (20/0) via 10.254.0.42, 002 40/30 is directly 4/32 (20/11) via 10.254.0.42, 00 £1,102/32 [20/12] via 10.254.0.42, 00:06:48 show ip route vrf pe Routing Table 8: b= local, C - connected, S - static, R - RIP, M~- mobile, B- BGP > = EIGRE, EX - EIGRP external, 0 - OSP2, IA - OSPF inter mL - NSSA external type 1, N2 - OSPF NSSA external type 2 external type 1, E2 + 03?! al type 2 F sumtary, Ll - 1-18 level-1, 12 - 19-18 level-2 vos candidate default, U -\per-user static route atic route, K- NARP, 1 - LISP & - next hop override 0,0.0.0/8 is variably subnetted, 3 subnets, 3 masks 2540.74, 54 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 2.5 Section 2.5 Jacob's Pre-merge Question: Refer to the “Overall Scenario”, “Diagram 2: Initial Topology” and “Diagram 4: Pre- merge Topology”. Jacob’s decided to enable MPLS VPN in their network Configure Jameson's network as per the following requirements: based on Topology. + Redistribute between EIGRP and BGP, not allow to do any aggregate at R55, and R56. R1 have peer with R50, R51, R52 and Ri must be router-reflecto! forwarding ip address 112.18.253.1 255.255.255.252 router bgp 6500 Log-neighbor no bgp default ipv4-unica: neighbor 10.255.1.1 remote-as 65001 neighbor 10.255.1.1 update-source LoopbackO neighbor 172.30.1.51 remote-as 65001 neighbor 172.30.1.51 update-source Loopback0 1 1 neighbor 172.30.1.52 remote-as 65001 neighbor 172.30.1.52 update-sourc Loopback0 address-family ipv4 neighbor 172.30.1.51 activate neighbor 172.30.1.51 next-hop-self neighbor 172.30.1.52 activate neighbor 172.30.1.52 next-hop-self address: ily address-family vpnv4 neighbor 10.255.1.1 activate neighbor 10.255.1.1 send-commanity extended exit-address-family address-family ipv4 vrf JACOBSCORP neighbor 172.18.253.2 remo 65005 neighbor 172.18 exit-address—family 55 CCIE4Career.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 R51//PE role int €0/ ip vrf forwarding JACOBSCORP ip address 172.18.253.5 255.255.255.252 router bgp 6500 bgp router-id 172.30.1.51 bgp log-neighbor-changes no bgp default ipv4-unicast neighbor 10.255.1.1 re as 65001 neighbor 10.255.1.1 update-source Loopback0 neighbor 172.30.1.50 remote-as 65001 neighbor 172.30.1.50 update-source Loopback0 neighbor 172.30.1.52 remote-as 65001 neighbor 172.30.1.52 update-source Loopback0 address-family ipv4 neighbor 172.30.1.50 activate neighbor 172.30.1.50 next-hop-self neighbor 172.30.1.52 activate neighbor 172.30.1.52 next-hop-self address-family address-family vpnv4 neighbor 55.1.1 activate neighbor 10.255.1.1 send-community extended exit-address-family address-family ipv4 vrf JACOBSCORP neighbor 1/2.18.253.6 remote-as 65005 neighbor 172,18.253.6 activate exitcaddress-family R52//PE role Tat 607 ip vrf forwarding JACOBSCORP ip address 172.17.253.22 255.255.255.252 router bgp 65001 bgp router-id 172.30.1.52 bgp log-neighbor-changes no bgp default ipvd-unicast neighbor 10.255.1.1 re as 65001 neighbor 10.255.1.1 update-source Loopback0 neighbor 172.30.1.50 remote-as 65001 neighbor 172.30.1.50 update-soarce Loopbackd neighbor 172.30.1.51 remote-as 65001 56 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccied4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 Teighbor 172.30.1.51 update-source Loopbacko address-family ipv4 neighbor 172.30.1.50 activa neighbor 172.30.1.50 next-hop-self neighbor 172.30.1.51 activate neighbor 172.30.1.51 next-hop-self exit-address-family address-family vpnv4 neighbor 10.255.1.1 activate neighbor 10.255.1.1 send-community extended exit-address-family address-family ipv4 vrf JACOBSCORP, neighbor 172.17.253.21 rem neighbor 1/2.11.253.21 activate interface Btherneto/1 ip address 172.17.253.21 255.255.255.252 router bgp 65007 bgp router-id 172.30.1.58 ighbor 172.17.253.22 remote-as 65006 aggregate-address 172.17.0.0 255.255.0.0 summar: Redistribute eigrp 10 router ei 10 [summary-metric 0.0.0.0/0 distance 100 0 Note: Pay attention with the IP address between R51 and R58, it was wrong you must correct it. Explain: why we need this command? if we don’t have this command: BGP table ve odes: s ID is 172.30. istory, * valid, > best, i - nternal, b backup-path, f RT © RLB-compzessed, gin codes: £ RPAT validat nvalid, N Not found 57 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 © Looe: +S, 6 *> lo, 06 *> lo. 006 % 10. 006 *> lo. 006 +> 172.0.0.0/8 06 *> 192.17 32768 i s> 172.17.1.0/24 12. 32768 7 s> 192.17.254.0/24 0.0 32768 7 > 172,18.2.0/24 172 0 65 2 Because the summary route point to null 0 with AD = 5, so this is reason you need to increase AD so R58 can be installed default route, and you can ping from SW11 to 8.8.8.8 Verification: router identifier 1/2.30.1.58, local AS number 6500 @ table version is 61, main routing table version 61 21 network entries using 2940 bytes of mem th entries using 1680 bytes of menory /bestpath attribute entries using 1296 bytes of entries using 48 bytes of menory fe entries using 0 bytes of ner “list cache entries using 0 bytes of memory ng $964 total bytes of menor uv oy 18 age activity 211/190 pre 250/279 paths, scan interval 60 secs oi ghbo: v AS MegRevd MsgSent Tb1Ver_ InQ Out Up, ate/Pixked 172.17.253.22, 65006 44 2 0 0 vas19216 16 P table version is 154, local router ID is 172.30.1.58 8 suppressed, d damped, h history, * valid, > best, \ ~ internal, r RIB-failure, § Stale, m multipath, b backup-path, f RI-Filter, x best-external, a additional-path, ¢ RIB-conpressed, Origin codes: i - IGP, ¢ - EGP, ? ~ inconplete REKI validation codes? V valid, I invalid, N Not found Network Metric LoePr# Weight Ps “> 10-0.0.0 0 65006 65001 65002 4 +> 172,0.0.0/8 © 65006 65001 s5006 65005 2 1 72.17.283.22 0 65006 65001 65006 58 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 TS T0a.30T 55732 TTa,17 DBS ae T E5008 S501 ESE 65005 2 y> 112.30,1,96/32 172.17.253.22 © 65006 65001 6s006 65005? > 172,30.1,57/32 172,17,253.22 © 65006 65001 65006 65005 2 > 112.30,1,98/32 9.0.0.0 ° 32768 2 +> 172130111107/32 172117,253.22 0 65006 65001 65006 65005 2 > 192.30.1.108/32 172.17.254.254 409600 22768 2 BGP taple version is 32, local router ID is 172.30.1.50 Status codes: 5 suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failuré, § Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, © RIB-compressed, Origin codes: 1 - IGP, e - EGP, ? - incomplete RPKI validation codes! V valid, I invalid, N Not found Network Next Hop Wetric LocPrt Weight Path Route Distinguisher: 65002:15 >i 0.0.0.0 20.255.1. 0 100 © 65002 i +51 10.0.0.0 30125511, 0 100 © 65002 1 Route Distinguisher: 65002:16 ">i 0.0.0.0 10,255.14 0 100 0 65002 +34 10.0.0.0 10,255.14 9 100 © 65002 i Route Distinguisher: 6§005:55 (default for vet JACOBSCORP) +1 0.0,0.9 10.255.1 0 100 © 65002 3 we 101285.1 a 100 0 65002 +i 10.0.0.0 201255.1. 0 100 © 65002 i a 30125511, 9% 100 © 65002 1 +> 172,0.0.0/8 172.181 283.2 332800 © 65006 65005 7 *34 172117.0.0 37213011 a 100 © 65006 65007 i > 192:18.2.0/24 172.18.253.2 307200 © 65006 65005 7 +> 1721181254.0/24 172118125312 a © 65006 65005 7 +> 17213011.55/32 172118125312 a © 65006 65005 7 > 19213011156/32 172118125312 499600 0 65006 65005 2 > 192.30.1.99/32 172.18.253.2 435200 © 65006 65005 2 y>i 172.30.1,58/32 172.30.2. 0 100 © 65006 65007 > +>. 172.30111107/32 1721181253.2 499600 © 65006 65005 7 54 172130.11108/32 172.30.1 499600 100 © 65006 65007 2 Route Distinguisher: 65005:58 334 172.17.0.0, 172.30.1.52 0 100 © 65006 6007 4 ei 17213011158/32_ 172.3011 182 9 100 0 65006 65007 7 w>i 172.30,1,308/32 _172.30.1.52 409600 100, 0 65006 65007 2 59 CCIE4Career.com The best solution, very clear Workbook > The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 2.6 Section 2.6 Merge phase 1: BGP Question: Refer to the “Overall Scenario” and “Diagram 5: Merge Phase: 1” Jameson’s and Jacob's started the first phase of their merge and add a new border router in their respective main site (R18 and R57). Configure the network as per the following requirements: * Interface loopback 0 of both R18 and RS7 must be add into their respective IGP domain. «Interface Eth0/1 of both R18 and R57 must peer with its connected IGP neighbor. + Both R18 and R57 must advertise a summary prefix via eBGP to each other as, follows R18 advertises 10.0.0.0/8 SUMMER =OnIy R57 advertises 172.0.0.0/8 SUMman=only Must use summary-only and only advertise one prefix use a single command to implement this + Both R18 and R57 must propagate the received summary prefix into their respective IGP domain. + Ensure that the backdoor link is never used as a transmit link for local prefixes. + Jameson’s prefixes may never be advertised in EBGP by R57 + Jacob's prefixes may never be advertised in EBGP by R18. + Ensure that Jacob’s CE’s (R55 and R56) don’t propagate prefix 172.0.0.0/8 to the Jacob’s Corp VPN Solution: Youter bgp 65002 bgp router-id 1 neighbor 10.2.0.46 remote-as 650 network 10.2.100.0 mask 255.255 aggregate-address 10.0.0.0 255.0.0.0 summary- 295.1.18 ip prefix-list LEAK seq 5 permit 10.2.1 route-map LEAK permit 10 match ip address prefix-list LEAK router ospf 1 60 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 router bgp 65005 bgp router-id 172.30.1.57 neighbor 10.2.0.45 remote-as 65002 network 172.18.1.0 mask 255.255.255.0 aggregate-address 172.0.0.0 255.0 neighbor 10.2.0,.45 unsuppress-map LEAK ip prefix-list LEAK seq 5 permit 172.18.1.0/24 route-map LEAK permit 1 match Ip address prefix-list LEAK router eigzp 10 [redistribute bgp 65005 metric 1000 100 2551 1500 RSS router bgp 65005 bgp router-id 172.30.1.55 neighbor 172.18.253.1 remote-as neighbor 172.18.253.1 prefix-lis neighbor 172.30.1.56 remote-as 6500 neighbor 172. 6 update-souzce loopback 0 neighbor 172. R56 router bgp 65005 bgp router-id 172.30.1.56 neighbor 172.18,253.5 remote-as 65006 neighbor 172.18. ixcList PERMITLI2 out neighbor 172.30. e-as 65005 neighbor 172.30. ce-source loopback 0 172.30. If question, ask you: ‘+ Ensure that Jacob’s CE’s (R55 and R56) don’t propagate prefix 172.18.1.0/24 to the Jacob’s Corp VPN. 61 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com ‘Skype ID ccieO4final Skype ID 2: nguyenbich279 You must modify the prefix-list in R55 and R56 like that: Routing Table: JACOBSCOR? GRE, FX - EIGRP external, 0 ~ 03: NL ~ OS2F'NSSA exte: 1 = OSPF external ype 1, E2 ~ 03?! S summary, nds not set ably subi 172118.253.0/30 19 directly connected, 1721181253.1/22 is directly connected, © 410/24 (20/0) via 172.18.253.2, subnetted, 4 subnets 20/0) via 172.18.253.2, 00:04:28 20/409600) via 172.18.252.2, 0020 20/435200] via 172,18.253.2, 20/409600] via 172.18.253.2, 00:04:28 Local, C= connected, S > static, R - RIP, M~ mobile, B - RGF = EIGRE, EX - BIGRP external, O - OSPF, 1A + OSPF inter area NL - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 EL - OSPF external type 1, E2 + OSPF external type 2 $, eu - 18-19 sunary, bl ~ level-1, 12 - 18-15 level: Is-18 inter area, * - candidate default, U - per-user static route © - ODR, P - periodic’ downloaded static route, H - NHRP, 1 - LISP. a ~ appitcation route + = replicated $+ next hop override CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate. 62Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 2.7 Section 2.7 Merge phase 2: IGP Question: Refer to “Diagram 2: Initial Topology” and “Diagram 6: Merge Phase 2”. Jameson’s and Jacob’s are entering in the second phase of the merge and have deployed two new border routers in their respective core network. Configure the core networks as per the following requirements: R9 and R10 must run OSPF on their interface Eth0/0 and Loopback 0. R9 and R10 must run EIGRP on their interface Eth0/1. R53 and R54 must run EIGRP on all of their interfaces. Mutually redistribute EIGRP and OSPF on both R9 and R10 Avoid routing loops and ensure that all current and future prefixes are routed via their optimal path. Delnotluse!any route-map, access-list or prefix-listiin order to achieve this requirement Solution: router eig address-family ipv4 unicast autonomous-system 1 network 10.254.0.61 0.0.0.0 [metric rib-scale 153 0 R10 router eigep JACOB: address-family network 10.254. unicast autonomou: 0.0.0.0 unicast aut 0.0.0.0 0 mous-system 1 router eigzp JACOBS address-family ipv4 unicast autonomous-system 1 network 10.254.0.66 0.0.0.0 network 172.30. 63 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieo4t Skype ID R9/R10 router ospr 1 redistribute eigrp 1 subnets router eigrp JACOBS address-family ipv4 topology base router ospf 1 distance ospf ex unicast autonomous-system 1 nal 175 int 0/0 no shut int e0/1 no_shut. Verification: ng ent Known via "eig 10, metric 1713359, type external Redistributing update from 1 on Ethernet0/0, 00:00:43 ago ng Descriptor Blocks 172.30.100.5, from 172.30.100.5, 00:00:43 ago, via Etherneto/0 Route metric is 1713459, traffic share count is Total delay is 3000 microseconds, minimum bandwidth is 10000 Kbit Reliability 255/255, minimum MPU 1500 bytes Loading 1/255, Hops 2 0.100.4, from 17 5 3000 microseconds, minimum bandwidth is 10000 Kbit 255/255, minimum MTU 1500 bytes Loading 1/255, Hops 2 via Ethernet0/0 ce mete 64 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 2.8 Section 2.8 Merge phase 2: Routing Policies Question: Refer to the “Overall Scenario”, “Diagram 2: Initial Topology” and “Diagram 6 Merge Phase 2”, Configure the network as per the following requirements: * Network managers have decided that the primary path for all traffic between Jameson's 10.2.100.0/24 and Jacob's 172. 18.1.0/24 must be routed preferably via the BGP backdoor link between R18 and R57. If this link should fail, then traffic should fall back over the MPLS core network. + Allother traffic must be routed preferably via the MPLS core network. + Do not configure any route-map nor access-list in order to achieve this requirement «Ensure that the following test reveals the same path as shown below: [Rl0l#traceroute 172.18.1.254 Type escape sequence to abort. Tracing the route to 172.18.1.254 VRF info: (vrf in name/id, vrt out name/id) 1 10.2.100.254 1008 msec 2 msec 2 msec 10.20.42 5 msec 5 msec 6 msec 10.2.0.46 7 msec 6 msec @ ms 4172.18.2.254 6 msec * 3 msec sW10#traceroute 10.2.100,100 Type escape sequence to abort. Tracing the route to 10.2.100.100 VRF info: (vrf in name/id, vrf out name/id) 1 172,18.2.1 1 msec 1 0 msce 2 10.2.0.45 4 msec 3 3 10.2.0.41 4 10.2.100.10¢ Type escape sequence to Tracing the route to 172.18.2.254 VRP info: (vrf in name/id, vrf out name/id) 1 10.2.100.254 2 msec 1 msec 2 msec 2 10. 2 msec 1 msec 1 msec 3 10. .1T 3 msec 2 msec 2 msec 410. 33. (MPL 34/48 Exp 0] 4 msec 4 msec 5 msec 5 30 [MPL 37/48 Exp 0] 5 msec 3 msec 5 msec 6 39/48 Exp 0] 5 msec 4 msec 5 msec 7 48 Exp 0] 8 msec 5 msec 9 msec e 5 msec 4 msec 9 172.18.254.254 5 msec * 4 msec 65 CCIE4Career.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccied4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 [Swl0Ftraceroute 10.2.101.254 Type escape sequence to abor Tracing the route Lo 10.2 VRF info: (vrf in name/id, vrf out name/id) 1172.18. msec 172.1822 msec 172.18. 172.18 172.18. 172.18. 3 172.30 172.30. 410.254 3 msec 10.25 10.254 10.254. 10.25 10.254.0.1 10.254.0.7. 10.254 msec 3 msec 2 msec 8 10.254.0. 10.2.0.6 3 msec 3 msec 9 10.2.0.6 3 3 msec 10.2.10 msec Solution: Note: Maybe you will get a problem when you trace or ping from R101, the reason is in H2+ we used IOS IRON, and it have a bug with CEF. How to fix: just disable CRF in Switch 3 and Switch 4 with command: Holipleet router eigep 10 Tracing VRF info: (vrf in name/id, id) 1 10.2.100.253 1 msec 2 2 10.2.0.5 2 msec 1 mse 310.254.0.73 2 m msec 1 msec 66 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 7 10.254.0.15 (MPLS: Labels 53/79 Exp 0| 3 msec > msec 3 mSeC 5 10.254.0.18 [MPLS: Labels 37/79 Exp 0] 2 msec 3 msec 2 msec 6 10. 62. (MPL: 23/79 Exp 0] 2 msec 3 msec 2 msec 7 172,18.253.5 (MPLS: Label 79 Exp 0] 3 msec 2 msec 3 msec 8 172.18.253.6 2 msec 2 msec 2 msec 9172.18.254.254 2 msec * 3 msec Verification: 172.18.1.254 Type escape sequence Tracing the route to info: (vrf in name/id, vrf out name/id) 1 10.2.100.254 1008 msec 2 msec 2 msec 2 10.2.0.42 5 msec 5 msec 6 msec 3 10.2.0.46 7 msec 6 msec 8 msec 172.18.2.254 6 msec * 3 msec Type escape sequence to abort. Tracing the route to 10.2.100.100 VRP info: (vrf in name/id, vrf out name/id) 1 172.18.2.1 1 msec 1 msec 0 msec 2 10.2.0.45 4 msec 3 msec 2 msec 310.2.0.41 3 msec 3 msec 3 msec 4 10.2.100.100 4 msec | eer reererreererrrrerrers| Type escape sequenc Tracing the route to 172.18.2.254 VRE info: name/id, vrf out name/id) 1 10.2.100.254 2 msec 1 msec 2 msec 2 10. 2 msec 1 msec 1 msec 310. 77 3 msec 2 msec 2 msec 410 133 [MPLS: Labels 34/48 Exp 0] 5 10. 30 [MPLS: Labels 37/48 Exp 0] 6 10.2 66 abels 39/48 Exp 0] 7 :172.18.253. habel 48 Exp 0) 8 m 8 172.18.253.2 5 msec 5 msec 4 msec 9 172.18.254.254 5 msec * 4 msec [RlOl#traceroute 172.18.1.254 4 msec 4 msec 5 msec 5 msec 3 msec 5 msec sec 5 msec 9 msec CCIE4Career.com 67 The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 Type escape sequence to abort Tracing the route to 10.2.101.254 VRF info: (vrf in name/id, vrf out name/id) 1 172.18.254.1 1 msec 172.18.254.2 0 msec 172.18.254.1 2 msec 2172.18. 1 msec 172.18.2: 2 msec 172.18.253.5 2 msec 3 172.30.100.4 4 msec 3 msec 172.30.100.5 3 msec 4 10.254.0.65 3 msec 10.254 68 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 2.9 Section 2.9 IPv6 Routing, Part 1 Question: Refer to “Diagram 2: Initial Topology”. Jameson’s started deploying IPV6 in dual- stack mode in the datacenter Configure Jameson's datacenter network as per the following requirements: + Establish OSPFv3 adjacencies in Area 0 between SW3, SW4, R15 and R16. + Do not use the command “ipv6 router ospf” anywhere in order to accomplish the previous requirement. ‘+ Interface VLAN 100 of SW4 must be configured with default route preference set to “high”. «Interface VLAN 100 of SW3 must be configured with default route preference set to “medium”. + The interval between Router Advertisement transmissions on VLAN 100 must be set 10 seconds on both SW3 and Sw4. Solution: outer ospiva 1 pv6 unicast interface ethernet0/o 1 ipvé area 0 ce ethernet0/2 osptv3 1 ipvé area 0 Tourer oa) aT address-family ipvé unicast router-id 10.255.1.16 interface ethernet0/0 ospfv3 1 ipvé area 0 interface ethernet0/2 espfv3 1 ipvé area 69 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyent ich279 router osprva 1 addzess-family ipvé unicast router-id 10.255.1.103 int loopback 0 ospfv3 1 ipvé area int vlan 153 ospfv3 1 ipvé area int vlan 10 ospfv3 1 ipvé area 0 ipv6é nd ra val 10 int vlan 34 ospfv3 1 ipvé area 0 router ospivs 1 address-family ipvé unicast router-id 10.255.1.104 int loopback 0 ospfv3 1 ipvé area 0 int vlan 164 ospfv3 1 ipvé area 0 int vlan 10¢ ospiv3 1 ipvé area 0 ipv6 nd ra interval 10 int vlan 34 ospfv3 1 ipvé area 0 Verification: CCIE4Career.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate. (10.255,1.103) (Process ID 1) Dead Time Interface Interface FULL/DR 00:00:36 © 21 vlan34 SLL /DR 00:00:32 22 vlanioo SUT. BOR o0:00:35 5 viani53 OSPEv3 Routes with ID (10.255.1.104) (Process ID 1) ate Dead Time Inte Intesface FULL/BDR sa 21 vian34 FULL/BDR 100:38 22 vianioo PULL/BDR oo:00:39 5 vianie4 70Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 Vlani00 is up, line protocol is IPv6 is enabled, link. Virtual link-local address(es) : 100 is PERO: :ABBB:CCFF:FE80:8000 [UNA] 254, subnet is :CCLE:BEEF:100::/64 MTU is 1500 bytes CMP error messages limited Lo one every 100 mil ICMP redirects aze enabled ICMP unreachables are sent ND DAD is enabled, number a : ND reachable time is 30000 milliseconds (using 30000) ND advertised zeachable time is 0 (unspecified) ND advertised zetranemit interval is 0 (unspec ND router advertisements aze sent every 10 se ND router advertisements live for 1800 seconds Viani00 is up, line protocol is up TPs Link= address is Virtual link-local address(es): BESO: 100 Global uni 2001 Joined gz 80: :AGBB:CCFF 80:6000 [UNA] 9s (es): ‘or messages limited to one ev: 9 100 milliseconds zedizects aze enabled unreachables are sen ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds (using 30000) wertised reachable time is 0 (unspecified) ND advertised retransmit interval is 0 (unspeci ND route: adve sent every ND route: adve ed) 0 seconds dresses 71 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 2.10 Section 2.10 IPv6 Routing, Part 2 Question: Configure Jameson's datacenter network as per the following requirements: * SW3 and SW4 must provide first-hop redundancy for hosts in VLAN 100 by sharing the virtual link-local address FE80: 100 + SW4 must be elected as the active router and SW3 must be elected the standby router. + Incase SW4 is down, SW3 must take over the active role. If SW4 comes back online, it must automatically recover the active role from SW3 + Ensure that HSRP Hello packets are exchanged every 5 second and that the standby takes over the active role if three consecutive Hello packets were missed from the active. Solution: iat vlan 1 standby ver 2 standby 1 ipvé fe80:100 standby 1 timer 5 15 andby 1 preempt Tat vian 100 standby version 2 standby 1 ipvé fe80:100 standby 1 timer 5 15 1 priority 110 1 72 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 2.11 Section 2.11 Multicast in Jameson's Question’ Refer to “Diagram 2: Initial Topology”. An application running on SW3 (which is located in Jameson's datacenter) uses multicast to deliver specific traffic to users located in Jameson’s branch network. Configure Jameson's network as per following requirements: + Use PIM Sparse-mode. + The interface LoO of R17 must be elected as the RP for the whole multicast domain + R17 must announce its candidacy to advertise the group-to-RP mapping set to the router link local address. + For interoperability reasons the selection of R17 as the RP must select to USE Cisco Proprietary protocol and must use the default priority value as per the standard ‘+ The streaming server at R19 e0/1 uses the group address 239.1.1.1 to send traffic to interested receivers. + Receivers are located in the branch network and they are connected to the DataCentre via DMVPN. Ensure that the following test is successful Type escape sequence Sending 10, 100-pyte 1 Packet sent with a source address o Reply to request 1 from 10 1, 30 ms Reply to request 1 from 10 1 1 1 Reply to request 1 from 10 Reply to request 1 from 10 Reply to reque: from 10. Solution: ip multicast-routing vet CORP interface tunnel 0 ip pim sparse-mode ip pim nbma-mode interface Loopback 0 ip pim sparse-mode ip pim vrf CORP send-rp-announce Loopback0 scope 5 ip pim vrf CORP send-rp-discovery Loopback0 scope 5 73 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 If question, ask you: R17 always is DR for multicast segment, you need to add command Ip wulticast-routing vet CORP 0 interface tunne ip pim sparse-mode Ip multicast-routing vet CORP interface tunnel 0 ip pim sparse-mode interface Bthernet ip pim ip igmp join-group 239. CCIE4Career.com R20/R21 [ip pin vrf CORP spt-threshold infinity The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 Verification: t Routing Table Flags: D- Dense, $ ~ Sparse, 8 ~ Bidir Group, nected, L - local, P - Pruned, & - RP-bit set, T- set, J - Join SPT, M ~ MSDP E - Extranet, xe Join Times Running, A - Candidate sement, 1 Specific Host Rep z - MDT-data group sender, y - Sending to MDT-data group, ¥ - Joined MD?-a: G - Received BGP N Q = Received BGP rune, n ~ BG BGP § se, q - Sent AGP s = RD & Vector, v - Vector, p ~ PIM Joins on route Outgoing interface flags: H - Hardware switched, A - Assert winner, p — PIM » Next-Hop or VCD, :53/stopped, RP 10.255 Tunneld, RPF nbr 10.100.0.1 List: Null ao 00:00:53/00:02:53, flags: FT ncoming’ in ernetO/1, RPF nbr 0.0.0.0 outgoing i st: Tunneld, , 00:00:53/00:02:38 R1S#ping vz£ CORP 239.1.1 peat 10 Type escape sequence to abort. ding 10, 100-byte ICMP Echos to 239.1.1.1, timeout is 2 si ket sent with a source address of 10.16.1-1 Jun 13 18:14:17,592 Reply to request 0 16 Reply to request 0 re. Reply to request 1 i16. Reply to request 1 16 Reply to request 1 16 Reply to request 1 116.2. Reply to request 1 r16. Reply to request 1 r16. 75 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 3. SECTION 3 VPN Technology n’s Branch Offic Question: Refer to “Diagram 2: Initial Topology”. Configure DMVPN Phase 3 in Jameson's branch network as per the following requirements: Use the preconfigured interface Tunnel0 on all four routers in order to accomplish this task. + R17 must be configured as the hub router. + R19, R20 and R21 must be the spoke routers and must participate in the NHRP information exchange. ‘+ Ensure that spoke-to-spoke traffic does not transit via the hub. + Protect the tunneled traffic by attaching the preconfigured IPsec profile to the tunnel interface on all tunnel end-points. + Ensure that all spoke establish an OSPF adjacency through the tunnel with the hub R17, without attempting to elect any Designated Router. + Ensure that the following test are successful Type escape sequen: Tracing the route to 10.16.2.1 vRF info: (vrf in name/id, vrf out name/id) 1 10.100.0.20 5 msec * 5 msec Type escape sequence to ab Tracing the route to 10.16 VRF info: (vrf in name/id, vrt 110.100.0.21 5 msec * 5 m Solution: Tat tunnel oO ip nhrp map multicast dynamic ip nhrp network-id ip nhrp redirect tunnel source 20/0 tunnel _mode gre multipo 76 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccied4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 int tunnel 0 ip nhrp map multicast 192.0.2.2 ip nhrp map 10.100.0.1 192.0.2.2 ip nhrp nhs 10.100.0.1 ip nhrp network-id 12345 ip nhrp shortcut tunnel source dialer1 unnel mode gre multipo. int tunnel sunnel_prote: on ipsec profile DMV! PROFILE, Verification: Legend: er DD cal, X ~ No Socket = Incomplete entries with sane Na ==> Expecting Replies, R ==> Re 10 0 BULLY = 9/100:0.20 10 8 FULLY ~ 9:100.0.21 10 0 FULL, 30110010119 Type escape sequen abort Tracing the route to 10.16.2.1 VRE info: (vrf in name/id, vrf out name/ia) 10.100.9.20 5 msec * 5 msec Type escape sequence ng the route to 10.16.3.1 info: (vet in nane/id, vef out name/id) 10.100.0.21 5 meee + 5 nsec 77 CCIE4Career.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 3.2 Section 3.2 Jameson's Pre-merge VPN Question: Refer to the “Overall Scenario” and “Diagram 4: Pre-merge Topology”. Jameson's decided to enable MPLS VPN in their network. They started configuring it but it is your responsibility to complete it and verify that it is fully functional. Configure Jameson’s network as per the following requirements: * Enable LDP in the core network as indicated in “Diagram 4: Pre-merge Topology” «Ensure that all LDP routers use their interface Loopback0 as their LDP router- id. + Ri must reflect VPNv4 prefixes to all PE’s. «The datacenter and main office network must be connected to the VPN via eBGP. + The headquarter network must be connected to the VPN “CORP” via eBGP. + Allsix PE’s must use a consistent format “ASN.nn" for the VPN route- distinguisher, where © ASN is the Autonomous System Number of the connected CE © Minis any relevant number for the VPN site «+ Ensure that R101 in the datacenter’s VLAN 100 can successfully ping SW2 in the main office as shown below: Type escape sequence to abort. Tracing the route to 10.1.1.254 name/id, vr out name/id) 254 2 msec 1 msec 1 msec 1 msec 1 msec 2 msec 17 2 msec 2 msec 1 msec 33 [MPLS: Labels 30/4 3 msec 3 msec 2 msec 57 [MPLS: Label 44 Exp 0] 2 msec 3 msec 2 msec 158 2 msec 2 msec 3 msec +254 5 msec * 4 msec Type escape sequence to abort. Tracing the route to 10.3.1.254 VRF info: (vrf in name/id, vrf out name/id) 1 10.2.100.254 1 msec 1 msec 1 msec 10.2.0.9 1 msec 1 msec 2 msec 10.254.0.77 2 msec 1 msec 3 msec 10.254.0.33 [MPLS: Labels 28/43 Exp 0] 3 msec 3 msec 4 msec 10.254.0.45 [MP abel 43 Exp 9] msec 4 msec 10.254.0.46 3 msec 4 msec 5 msec 10.3.254.254 4 msec * 8 msec 78 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 Solut ip mpls ip mpls label protocol 1dp mpls ldp router-id loop! int range e0/ mpls ip int e1/0 mpls ip mpls ip mpls label protocol ldp mpls ldp ro int range e0/0, ¢0/2 mls ip copback 0 mpls ip mpls label protocol 1dp mpls ldp ro} id loopback 0 int rang e0/0-1 mpls ip mpls ip mpls label protocol 1dp mpls ldp router-id loopback int 0/3 mpls ip otecol 1dp mpls Idp router-id loop! int range e0/0-1 mpls ip CCIE4Career.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate. 79Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 router bgp 6500 address-family vpnv4 nei IBK nei 10.2 nei 10. nei 10.2 nei 10. nei 10. nei 10.2 router bgp 650 address-family vpnv4 nei_10.255.1.1 act Rd 6500. route-target export 221516 route-target import 65002:1112 route-target import 65002:1314 Explain: show ip bgp vpnv4 all interesting, if don't have Route-target then Router will Send all Routes. but don't have receive in other PE vrf table. R3 update to R1, Ri advertise to RS, but R5 don't insert to VRF routing table. check again the send-community both, R1 receive and understanding RD but don't config RD, RT -->show ip bgp vpnv4 all 2 65002:16 route-target export 65002:1516 route-target import 65002:1112 route-target import 65002:1314 80 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccied4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 ip vet CORP Rad 65002113 route-target export route-target import routectarget import Tp vel CORP Rd 65002:14 route-target export route-target import route-target_import ip vet CORP Rd 65002:11 route-target export route-target import route-target_import, ip vet CORP Ra 65002:12 route-target export route-target import route-target import dentifser 10.255.1 is 958, main using’ 8360 by es of menory BGP _path/bestp: entries using 12 5 BCP extended community entries using 120 0 BGP route-map cache entries using 0 bytes of menory 0 BGP filter-Iist cache en BGP using 16904 toral bytes BOP activity 442/287 pre: ies using 0 bytes of menory ate/PExRed, 10.255.1.3 4 5001 19 10.255.1.4 4 65001 3 10,255.1,5 4 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccied4career.com Skype ID 1: ccieO4final Skype ID 7 DOT 20 ao 4 6501 98 9590 4 65001 98 9580 4 5001 101 9598 4 901 00 9590 4 50) 98 9590 Type esce Je sequence © Tracing the route to 10.1.1.254 VRF info: (vrf in name/id, vrf out name/id) 1 10.2 lo. 2 msec 1 msec 1 msec 1 msec 2 msec 310. 2 msec 2 msec 410. abels 51/48 Exp 0] 2 msec 3 msec 2 msec 5 10.2 Label 48 Exp 0] 2 msec 2 msec 2 msec 6 10. 54 2 msec 3 msec 2 msec 7 10. 254 3 msec * 3 msec Type escape sequence to abor Tracing the route to 10.3.1.254 VRF info: (vrf in name/id, vrf o 1 name/ id) 253 1 msec 1 msec 1 msec 1 msec 1 msec 1 msec 73 2 msec 1 msec 1 msec -13 [MPLS: Labels 41/46 Exp 0] 3 msec 3 msec 2 msec Label 46 Exp 0] 2 msec 3 msec 2 msec 2 msec 2 msec 2 msec «3 msec 82 CCIE4Career.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 3.3 Section 3.3 Merge Phase 2: VPN Question: Refer to the “Overall Scenario” and “Diagram 6: Merge Phase 2”. Jameson’s and Jacob's are entering in the second phase of the merge and have deployed two new border routers in their respective core network. Configure the network as per the following requirements: «The BGP AS number of Jacob's original core network must be converted to use Jameson's AS number 65001, as indicated in “Diagram 6: Merge Phase bs «All BGP sessions between Jacob's core and remote sites (including headquarters and office networks) must be recovered using the new AS number. + Do not modify the BGP configuration of Jacob's CEs (R55, R56, R58) in order to accomplish this requirement. «Enable LDP in the merged core network as indicated in “Diagram 6: Merge Phase2", including the four new border router (R9, R10, R53, R54) and Jacob's core network. + Ensure that all LDP routers use their interface Loopback0 as their LDP router- id. R1 must reflect VPNv4 prefixes to all PE’s, including to Jacob's PE. Jacob's headquarters network must be added to the VPN JACCOBSCORP Jacob's office network must be added to the VPN JACCOBSCORP. Allnine PE’s must use a consistent format “ASN.nn” for the VPN route distinguisher, where © ASN is the Autonomous System Number of the connected CE © nnis any relevant number ype escape sequence to abort. Tracing the route to 172.17.254.1 VRF info: (vrf in name/id, vr£ out name/id) 1 10.2.100.254 1 msec 1 msec 1 msec 210.2.0.9 2 msec 3 msec 1 msec 3 10.254.0.77 2 msec 2 msec 2 msec 4 10.254.0.3 Labels 36/16 Exp 0] 7 msec $ msec 5 msec 5 10.254 labels 39/16 Exp 0] 7 msec 7 msec 13 msec 6 10.254.0.66 [MPLS: Labels 41/16 Exp 0] 6 msec 6 msec 6 msec 7:172.17.253.22 [MPLS: Label 16 Exp 0] 5 msec 7 msec 5 msec 8 172.17.253.21 8 msec * 12 msec 83 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 Solut ip mpls ip mpls label protocol ldp mpls ldp router-id 10 int 0/0 mpls ip mpls ip mpls label proto: mpls ldp router-id loopback 0 interface range e0/0-1 mpls ip 50/51/52 router bap 6500 no bgp default ipvé-unicast nei 10. remote-as 65001 apdate-source 10 nei 10. address-family vpnv4 nei 10,255.1.1 outer bap 6500 no bgp default nei 172.30 nei 172.30.1.51 nei 172.30 addres nei 172 nei 172.30 nei 172.30.1.52 act address-family nei 172.30. nei 172.30.1.5: 301.52 oup 18GP eer-group IBGP -group IBGP nei 172 CCIE4Career.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate. 84Ccied4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 Ip vrf JACOBSCORP xd 65005:55 route-target export route-target import, route-target export route-target_import Ip VEE JACOBSCORP ra 65007:5 route-target export route-target_import Verification: ‘table version is 156, a 30.1.50 * valid, > best, i — s codes: 5 suppressed, a a nternal, + RlB-failure, $ Stale, m mult , b backup-path, £ 81 best ae codes: V valid, I invalid, N Not found cessed, Network Metric LocPrf Weig! Distinguisher: +54 0.0.0.0 Si 10 “51 0.0.0.0 “51 10.0.0.0 i Route Distinguisher: * 4 0.0.0.0 i ‘aid 0 i > 172.0.0.0/8 ? *>4172.17.1.0/24 2 #54 172.17.254.0/24 2 +> 172118.2.0/24 > *>192.18.254.0/24 2 > 1972.30.1.55/32 2 & 230.156 /32 2 85 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID ich279 ED F35700 7 8/32 ° 2 409600 2 409600 2 281856 2 0 2 409600 2 LDP Ident 172. LDP Tdent 172 172.30.1. LDP Ident 172. 172.30.1.52: LDP Tae: 2. 10.255.1.9:0; Local LDP Ident 172.31 172.30, Type escape sequence to abo. Tracing the route to 172.17.254.1 VRF info: (vrf in name/id, vré out name/id) 1 10.2 253 2 msec 1 msec 1 msec 2 10.2. cc 2 msec 3 10.254.0.73 2 msec 2 msec 2 msec 4 10.254.0.13 [MPLS: Labels 57/65 Exp 0] 3 msec 4 msec 5 msec 0.18 [MPLS: Labels 39/65 =xp 0] 11 msec 5 msec 4 msec 62 [MPLS: Labels 16/65 Exp 0] 10 msec 4 msec 3 msec 172.17.253.22 [MPLS: Label 65 Exp 0] 4 msec 3 msec 3 msec 112.17.253.21 4 msec * 4 msec —————EEEeeee 6 ‘ 8 86 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 3.4 Section 3.4 Inter-VPN Routing Question: Refer to the “Overall Scenario” and “Diagram 6: Merge Phase 2”. Configure the network as per the following requirements: + Jameson's headquarters (VPN CORP), main office (VPN CORP) and Jaco’s office (VPN JACOBSCORP) must receive datacentre prefixes (VPN DC). + Jameson's main office (VPN CORP) may not receive prefixes from Jacob (headquarters (VPN JACOBSCORP) and Office (VPN JACOBSCORP) prefixes). + In order to simplify future changes, your solution may not be limited to specific prefixes, Solution: ip vrt De route-target import 65005:5556 route-target_import_65007:58 ip VEE JACOBSCORP route-target import 65002:1516 int 0/0 ip loa sharing per-packet Network #51 0.0.0.0 #54 10.0.0.0 87 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Cciedcareer.com Skype ID 1: ccieo4t Skype ID Route Distinguisner? 65005!55 ¥54-172.0.0.0/8 172.30.1.50 332800 100 0 65006 65005 2 Yi 172.18.2.0/24 — 172.30.1.50 307200 100 0 65006 65005 ? “>i 172.18.254.0/24 172.30.1.50 0 100 0 65006 65005 2 451 172.30.1.55/32 172.30.1.50 0 100 0 65006 65005 ? ¥54172.30.1.56/32 172.30.1.50 409600 100 0 65006 65003 ? ¥54 192.30.1.57/32 172.30.1.90 435200 100 0 65006 65005 2 ¥>4 172.30.1.107/32 172.30.1.50 409600 100 0 65006 65005 ? Route Distinguishe:: 6500 +51 172.0.0.0/8 172.30.1.51 332800 200 0 65006 65005 2 451 172.18.2.0/24 r13t 307200 200 0 65006 65005 ? ¥5i172118.254.0/24 1.51 0 200 0 65006 65005 7 ¥>4-192.30.1.55/32 1.51 409600 200 0 65006 65005 2 %54-172.30.1.56/32 21.51 0 200, 0 65006 65005 2 854 -172.30.1.57/32 t1.5L 435200 200 0 65006 65005 ? Yo 172.30.1.107/32 21.81 409600 200 0 65006 65005 2 Route Distinguisher: 65005:5@ (default for vef JACOBSCORP) + 1 0.0.0.0 10.255.1.4 0 100 0 65002 i i 10.255.1.3 2 100 0 65002 i * i 10.0.0.0 a 0 100 © 65002 i coe i 0 100 0 65002 i #51 172.0.0.0/8 i 332800 200 0 65006 65005 2 +i nL 332800 100 0 65006 65005 ? >. 172.17.0.0 2 0 0 65006 65007 i >i 172.18.2.0/24 1 307200 200 0 65006 65005 7 wa i 307200 100 0 65006 65005 2 voi 172.18.254.0/24 ne 0 200, 0 65006 65005 ? wa a 100 0 65006 65005 2 #51 172.30.1.55/32 1 200 0 65006 65005 ? +i i 100 0 65006 65005 ? 451 172.30.1.56/32 1 200 0 65006 65005 7 vi ae 100 0 65006 65005 2 ¥>4-172.30.1.57/32 oe 200 0 2 “a ne 100 0 2 >) 172.30.1.58/32 0 > 451 172.30.1.107/32 409600 200 0 ? vi 409600 100, ° 2 >) 172.30.1,108/32 409600, ° 2 sil0straceroute 8.8.8.8 Type escape sequence to abort. Tracing the route to 8.8.8.8 RF info: (vef in name/id, vef out name/id) 1 172.18.254.2 1 msec 172.18. 0 msec. 172.18. 1 msec 2172.18. 0 msec 172.18. 1 msec 172.18 1 msec 3172.30 4 msec. 3 msec 2 msec 4 10.65 3 msec 3 msec 1254.0.61 2 msec 5 10.254.0.17 3 msec 10.254.0.29 3 msec 2 msec 6 10.254.0.73 2 msec 2 msec 88 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 TT? msec 174 5 msec 5 msec 174 6 msec 3 msec 6 msec * * 89 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 4. SECTION 4 Infrastructure Security 41 ion 4.1 Devi Question: Refer to “Diagram 1: Initial Topology” Configure the network as per the following requirements ‘+ Protect R17’s control-plane from TTL expiry attacks so that match IP packets with a TTL of 0 or 1 are dropped before the CPU processes them. + Legit packets include expected control protocols running on the link. Se-list extended TTL ospf any any y tcp any any eq bgp any eq bgp any pim any any esp any any gre any any y udp any any eq 500 any any eq 4500 any any ttl eq 0 any any ttl eq 1 class-map match-all TTL match access~ roup name TTL policy-map TTL class TTL drop Control-plane service-policy input TTL Why? Because the output from Trace after exam will never show exacly as required from cisco. Verification: [Rivfshow ip access-lists = ——SSsSsS~s@™Y Extended IP access list TTI 10 deny ospt any any (4 matches) 20 deny tcp any any eq bap 30 deny tcp any eq bgp any (1 match) 40 deny pim any any (4 matches) 50 deny esp any any 60_deny gre any any 90 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 0 deny udp any any eq isakmp 80 deny udp any any eq non! 90 permit ip any any ttl eq 0 100 permit ip any any ttl eq 1 Control Plane sakmp Service-policy input: TTL Class-map: TTL (match-all) 0 packets, 0 bytes 5 minute offered rate 0000 bps, drop rate 0000 bps access-group name Class-map: class-default (match-any) 15 packets, 1363 bytes 5 minute offered bps, drop rate 0000 bps Mi hi_any CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate. 91Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 4.2 Section 4.2 Network Security Question: Refer to “Diagram 1: Jameson's Layer 2 Connections” and “Diagram 2: Initial Topology”. Configure the network as per the following requirements: + SWS and SW6 must filter DHCP message received by untrusted hosts by comparing the source MAC address and the DHCP client hardware address. If the address match, the switches must forward the packet. If the addresses do not match, the switches must drop the packet. + Ensure that these access switches do not filter DHCP packets on their uplinks + Ensure that the DHCP relay switches (refer to item 5.1) allow DHCP message received on their interface VLAN 100 with the added Option 82 and uninitialized GIADDR field to be accepted Solution: information option 35 Tp dhep snooping ip dhcp ing vlan 100 ip dhep snooping information option interface port-channel 46 ip dhep sno 92 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Skype ID 1: ccieO4final Ccie4career.com Skype ID 2: nguyent Verification: snooping is enabled snooping is configured on following VLANs: ezational lowing VLANs: following La Interfaces: option 82 is enabled id default fozmat: vlan~mod- e-id: aabb.cc00.7000 (MAC on untrusted port is not allowed Verification of hwaddr field is enabled Verification of giaddr field is enabled oping trust/rate is gured on the following Inte Teusted option Rate Limit (pps) unlimited a yes yes unlimited ne135 yes unlimited ich279 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate. 93Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 5. SECTION 5 Infrastructure Services ntralized DHCP Question: Refer to “Diagram 1: Jameson’s Layer 2 Connections” and “Diagram 2: Initial Topology”. Jameson's R15 must centralize DHCP service for the datacenter’s hosts VLANs. Configure the network as per the following requirements: + Ensure that the distribution switches SW3 and SW4 forward DHCP discover broadcast message received from VLAN 100’s hosts to interface LoopbackO of R15 as unicast messages. + R15 must assign hosts in VLAN 100 a valid IP address from the prefix 10.2.100.0/24. + Ensure that addresses that were statically configured will never be assigned to any host. ‘+ The DHCP offer must include the IP address 10.2.100.1/24 as the default gateway for VLAN 100 users. + Ensure that the server R101 effectively receives an IP address from the expected prefix 10.2.100.0/24 as well as its default gateway information. Solution: Tp dhcp pool RiOt host _10.2.100.100 255.255.255.0 default-router 10.2.100.1 2 VLAN 100 network 10.2.100.0 255.255.255.0 default-router 10.2.100.1 op excluded-address 10.2 cp excluded-address 10.2.1 op _excluded-address 10.2.100.254 Taterface Vianloo ip dhep relay info! on trusted ip helper-address 10.255.1.15 94 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 Expla RI0ifshow int e0/0 ernet0/0 is up, line protecol is up Hardware is AmdP2, address is aabb Internet address is 10.2.100.2/24 MIU 1500 bytes, BW 10000 Kbit/sec, DLY 1000 us reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set 00.a000 (bia aabl Find the MAC address: aabb.cc00.a000, add 01 to aabb, it will become: O1aabb.cc00.a000. Now you must convert it to Hexa: SSSIESEEIOSSOI00 Verification: Risvshow ip ahep binding Bindings fron all pools addzess User name 100.2 Olas bcc. 00a0.00 Infinite Manual 95 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 5.2 Section 5.2 Internet Gateway Question: Refer to “Diagram 1: Initial Topology”. Configure the network as per the following requirements: * R17 is Jameson's Internet gateway router. + Ensure that R17 enables all internal hosts (that is: hosts with source IP address in the range of 10.0.0.0/8 or 172.0.0.0/8) to simultaneously connect to the Internet using the public IP address of interface Eth0/0. + The following tests must be successful: Type escape sequence Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds: Success rate is 100 p Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds: rcent (5/5), round-tr: nfavg/max = 2/2/3 as Success rate is 100 percent (5/5), round Type escape sequence Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds: rip min/avg/max = 2/3/4 ms Success rate is 100 percent (5/5), roun Javg/max = 2/3/4 ms Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 second Success rate is 100 percent (5/5), round-trip min/avg/max = 3/3/4 ms Type escape sequence Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds: Success rate is 100 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds: cent (5/5), roun /avg/max = 3/3/3 ms Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 as 96 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 Solut access-list 1 permit 10.0. ess-list 1 permit 172.0 ip nat inside source list 1 interface Ether net0/0 vf CORP overload interface 20/0 ip nat outside interface e0/1 ip nat inside interface to ip nat inside Verification: [RIOIFpIng 8.8.8.8 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 as Type escape sequence t Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds: Success rate is 100 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds: reent (5/5), roun /avg/max = 2/3/4 ms Success rate is 100 percent (5/5), round~ Type escape sequence to ab Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout i min/avg/max = 2/3/4 ms Success rate is 100 Type escape sequence ¢: Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds: reent (5/5), roun Success rate is 100 percent (5/5), round-trip min/avg/max = 3/3/3 as 97 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos Lo 8.8 , timeout is 2 se Success rate is 100 percent (5/5), round-trip min/avg/max = 1/i/1 as 98 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 5.3 Section 5.3 First hop redundancy Question: Refer to “Diagram 1: Jameson’s Layer 2 Connections” and “Diagram 2: Initial Topology”. Jameson’s datacenter’s SW3 and SW4 must offer first hop redundancy to VLAN 100’s host using HSRP. Configure the network as per the following requirements: * SW3 and SW4 must use the multicast address 224.0.0.102 in order to negotiate the active and standby roles « SW4 must be elected as the active router and SW3 must be elected as the standby router. «In case SW4 is down, SW3 must take over the active role. If SW4 comes back online, it must automatically recover the active role from SW3. «Ensure that HSRP hello packets are exchanged every 10 second and that the standby takes over the active role if three consecutive Hello packets were missed from the active. «= Both routers must share the virtual IP address 10.2.100.1 that will be used as default gateway for VLAN 100's hosts. Solution: = vian 100 2 ip 10.2.100.1 2 timers 10 30 standby 2 priority 105 standby 2 preempt standby standby timers standby 2 preempt andby version 2 Many guys feedbacked for me, they got a problem with HSRP in the Real Lab, EVE-NG, IOU. After they configured VTP and Standby verion 2 (HSRP), it is okay. So please follow this workbook and configure VTP and Standby version 2. 99 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccied4career.com Skype ID 1: ccie04t Skype ID Verification: Vlani00 - Group 1 (version 2) State is Active tate change, last state Link-Local Virtual IPv6 addre: Active virtual MAC addzess is aabb Local vi MAC address is aabb Hello time 5 sec, hold Next hello sent in 0.5 Preemption enabled Active routes is local is FER0::A8BB:CCFF:FE80:6000, priority 100 (expires in nange 00: 0:100::1 (co cc80.8000 (MAC Th 20.8000 (bia vse) Priority 110 (configured 110) Group name is "hsrp-V1100-1" (default) 00 ~ Group 2 (version 2) ate change, state 1 ress is 10.2.100.1 Active virtual MAC address is aabb.cc80.8000 (MAC In Use} Lo! 1 MAC address is aabb.cca0.8000 (b: jello time 10 sec, hold time 30 sec Ne: nge 00:34: t hello sent in 1.904 secs Preemption enabled Active router is local ndby router is 10,2.100.253, priority 100 (expires in 32 Priority 105 (configured 105) object 1 state Up decrement 10 ame_is "hsrp-V1100-2" (default) 212 sec) CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 5.4 Section 5.4 Tracking reachability Question: Refer to “Diagram 1: Jameson's Layer 2 Connections” and “Diagram 2: Initial Topology”. Configure the network as per the following requirements: + SW3 and SW4 must monitor the reachability of their OSPF IPv4 default route and in case it is not available, the HSRP priority must be decreased by 10. Solution: Track 1 ip route 0.0.0.0 0.0.0.0 reachability interface vlan 100 standby 2 track 1 decrement 10 Verification: [SWRshow track TO ——SSC(Cti‘S™SCSC*” Track 1 IP route 0.0.0.0 0.0.0.0 reachability 1 change, last change 00:01:31 rst-hop interface is Vlanl173 Tracked by: HSRP vlan1¢ +0.0 (OSPF) 2 changes, last change 01:24:59 First-hop interface is Vlan34 Tracked by: ISRP_VianlO 0 reachability 101 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID ich279 [Rl¥show ip bap 10.0.0.078 GP routing table entry £ -0/8, a8 Paths: (2 available, best 42, table default) ‘Advertised date-gr 2 poe 65001 65001, (aggregated by 65002 10.255.1.16) 10.255.1.12 (metric 11) from 10. 2 (10.255.1.12) gin IGP, metric 0 0, valid, intesnal, pathid: 0, tx pathid: 0 Refresh Epoc 65001 65001, (aggregated 0.254.0.53 from 10.254.0 Origin TGP, localpref =x pathid: 0, tx pa id: 0x0 pe escape sequence to abort. Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 sec Success =ate is 100 percent (5/5), round-trip min/avg/max = 3/5/ Type escape sequence to abor Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds: Success rate is 100 percent (5/5), round: ip min/avg/max = 2/2/3 as "ype escape sequence to abort Tracing the route to 8.8.8.8 (vet in v name/id) 102 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID ich279 | © abort. Echos to 8.8.8.8, timeout is 2 seconds ent (5/5), round-trip min/avg/max = 4/4/7 ns Type escape sequence to abort. Tracing the route to 8.8.8.8 VRF info: (vef in name/id, v name/id) 1 0 msec Type escape sequence to abort. ding 5, 100-byte ICMP Eches to 8.8.8.8, timeout is 2 uccess rate is 100 percent (3/5), round-trip min/avg/max sil0straceroute 8.8.8.8 Type escape sequence to abort. facing the route to 8.8.8.8 RF infor (vef in nane/id, vet 2.18.254.2 1 msec wt name/id) 103 CCIE4Career.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccied4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 (pe sequence to abort. ng the route to 8.8.8.8 (vef in name/id, vef out name/id) 0.2.100.254 2 msec 1 msec 1 msec 2 10.2.0.13 2 msec 1 msec 1 msec 4192.0.2.1 5 msec * 19 msec Type escape sequence to abort Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds: is 100 percent (5/5), round-t rip min/avg/max = 2/2/3 ms name/id) rie 00.100 3 msec * 104 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccied4career.com Skype ID 1: ccieO4final nguyen! Skype ID Type escape si ‘acing the VRE info: (v 192 msec 9 77 8 ype ©: Tracing the route to 10.2. VRE info: (v: ai name/id) pe Sequence to al rie 00.100 4 msec * 4 msec ich279 CCIE4Career.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate. 105Ccied4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 Type escape sequence to abort. ‘acing the route to 172.18.1.254 VRE ame/id, v: name/id) 1 msec 1 msec 1 msec 2 msec 2 nse! 3 msec 4 mse 6 msec Type escape sequence to abort. racing the soute Lo 172.18.2.254 VRF info: (vrf in name/id, vef out name/id) 0.2.100.254 3 msec 2 msec 1 msec 2 9.2 msec 2 msec 3 msec 3 4.0.77 1 msec 1 msec 2 nsec 4 10.254. MPLS: Labels 34/48 Exp 0] 5 msec 4 msec 3 msec 4 MPLS: Labels 37/48 Exp 0] 3 msec 3 msec 3 msec 6 54.0.66 (MPLS: Labels 39/49 Exp 0] 4 msec 4 msec 3 msec 7 172.18.253.1 [MPLS: Label 48 Exp 0) 3 msec 5 msec 4 msec BL 53.2 3 msec 3 msec 5 msec 9 172.18.254.254 4 msec * 7 msec 106 CCIEACareer.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.Ccie4career.com Skype ID 1: ccieO4final Skype ID 2: nguyenbich279 [Rolitraceroute 117 T8.75073F mence to abort. e 18.254.254 in name/id, vzf out name/id) 41 msec 1'msec 1 msec 0.92 msec 2 msec 2 msec <1] 2. msec 2 msec 2 nse: 33 (MPLS: Labels 34/16 Exp 0] 9 msec 4 msec MPLS: Labels 37/16 Exp 0] 6 msec 4 nsec MPLS: Labels 39/16 :1 MPLS: Labe 3.25 msec 5 ms 72.18.254.254 5 msec * 1 Type escape sequenc abo: Sending 5, 100-byte ICMP Echos to 172.18.1.254, timeout is 2 seconds: Success rate is 100 percent (5/5), roune Type escape sequence to abort Tracing the route to 172.18.1.254 VRF info: (vrf in name/id, vrf out name/id) rip min/avg/max = 3/4/5 ms 10.2.100.253 1 msec 1 msi msec 10.2.0.5 2 msec 1 msec 1 msec 10. 73 2 msec 1 msec 1 msec <13. [MP msec 3 msec s 58/84 Exp 0] 4 msec 218 s 38/84 Exp 0] 4 msec 4 msec 3 msec 20/84 Exp 0] 4 msec 5 msec 4 msec 84 Exp 0] 4 msec 3 msec 3 msec 4 msec [MpLs: 1 2 3 7 8 9 The End 107 CCIE4Career.com The best solution, very clear Workbook -P The best way you can get CCIE Certificate.