Overview
This guide presents the instructions and other information concerning the lab activities for this course.
Outline
This guide includes these activities:
n Lab 1-1:
n Lab 2-1:
n Lab 3-1:
n Lab 4-1:
n Lab 5-1:
Lab Guidelines (Required reading)
The use of Ascolta’s CCIE lab assumes that all labs will start with the starting config file. The starting configs will be preloaded on the router and be provided to the learner as a download from www.ascoltalabs.com.
Assumptions:
n READ THE WHOLE SCENEREO BEFORE STARTING LAB!
n All domain names will be ascolta (lower case). Examples would be VTP, DNS etc.
n All passwords and keys should be CISCO (upper case)
n No static routes unless otherwise specified.
n Student have the use of the Cisco documentation homepage found at:
http://www.cisco.com/go/documentation
n No frame-relay inverse-arp unless otherwise specified.
n Any unused interfaces should be shutdown.
n BBR1, BBR2 and BBR3 will be preconfigured and will not require any modification by the learner. If there are any issues or questions with the equipment please consult the instructor.
§ BBR1 will have an IP address that changes every lab. The last octet will be .254
§ BBR2 will have an IP address of 192.10..254
§ BBR3 will have an IP address of 204.12..254
n All loopbacks must be reachable by all routers. Unless otherwise specified. All routers and switches will have at least one loopback interface with the format of 10.<pod>.<router>.<router>/24.
n Make sure that vlan.dat files are deleted from switches before starting a lab.
Physical Lab Diagram
This physical diagram is provide for reference and noted that the logical network diagram will vary greatly from what is shown. Please create your one diagram. On the actual CCIE test Cisco will allow you to bring colored pencils and a stencil (depending on proctor). Note: Some of the physical interface types and numbering may be different (e.g. fa0/0 = e0/0).
Ascolta CCIE Lab 1-1: Difficulty 5-6
Bridging and Switching (12 points)
Only the following Ethernet connections and VLANs will be used
Local Device | Interface | Switch | Interface |
R1 | Fa0/0 | Sw1 | Fa0/1 |
R2 | Fa0/0 | Sw1 | Fa0/2 |
R4 | Fa0/0 | Sw1 | Fa0/4 |
R5 | E0/0 | Sw1 | Fa0/5 |
R6 | Fa0/1 | Sw2 | Fa0/6 |
Sw1 | Fa0/13 | Sw2 | Fa0/13 |
Sw1 | Fa0/14 | Sw2 | Fa0/14 |
Sw1 | Fa0/15 | Sw2 | Fa0/15 |
BBR2 | Ethernet | Sw2 | Fa0/24 |
BBR3 | Ethernet | Sw1 | Fa0/24 |
Note: Some interfaces may be Ethernet instead of FastEthernet. However, all routers will have 2 Ethernet or 2 FastEthernet interfaces.
VLAN | Devices - Interfaces |
11 | R1-Fa0/0, Sw1-interface vlan 11 |
21 | R2-Fa0/0, Sw2-interface vlan 21 |
42 | R4-Fa0/0, BBR2-eth |
43 | R4-Fa0/0, BBR3-eth |
56 | R5-E0/0, R6-F0/1 |
n All VLANs should be created on Sw1. No VLAN modification on Sw2 is allowed.
n Build two standards compliant trunks between Sw1 and Sw2 using Fa0/13 and Fa0/14 ensure that no dynamic protocols are used establish trunking. All other trunks will use the standards compliant Ethernet trunking protocol.
n Ensure that only odd VLANs are communicated between switches on the odd trunk.
n Ensure that only even VLANs are communicated between switches on the even trunk.
n Without manually changing spanning-tree priority to a number between 0 and 61440, ensure that Sw1 is the root for odd VLANs, and that Sw2 is the root for even VLANs.
n On Sw2 ensure that active ports not connected to a neighbor switch or a BBR router should switch to a forwarding state immediately without the use of RSTP.
Frame Relay (10 points)
A | A to B | B | B to A | Device | Bandwidth | CIR | |
R1 | 103 | R3-S1/0 | 301 | R1- S0/0 | 768kbps | 384kbps | |
R2 | 203 | R3-S1/0 | 302 | R2- S0/0 | 256kbps | 128kbps | |
R4 | 403 | R3-S1/0 | 304 | R3- S1/0 | 1536kbps | 768kbps | |
R5 | 513 | R3-S1/1 | 315 | R3- S1/1 | 768kbps | 384kbps | |
R6 | 51 | BBR1 | N/A | R4- S0/0 | 256kbps | 256kbps | |
R5- S0/0 | 384kbps | 384kbps | |||||
R6- S0/0/0 | 1536kbps | 768kbps |
n Configure R1, R2, and R4 to be spokes of R3-S1/0 in a hub and spoke topology. No dynamic PVC mapping is allowed. No subinterfaces are allowed.
n Configure the frame relay link between R6 and BBR1without using any subinterfaces and do not allow layer 3 broadcast or multicasts across this link.
n Configure the link between R3-S1/1 and R5 to be a frame relay connection.
n Ensure that no layer 3 broadcasts or multicast are transmitted across the frame-relay network.
n Ensure that all frame-relay interfaces are reachable by ping.
IP Addressing
To complete the addressing you will need to know your Pod number, VLAN and device number. The following provides IP addressing changes to the base configuration file. Note: Sw1 will have the device number of 7 and Sw2 will have the device number of 8.
Device | Interface | IP | Mask |
All Ethernet Connected (except when connecting to BBR) | Ethernet | 104. | /24 |
R6 (to BBR1 ) | S0/0/0 | 54.<pod>.3.6 | /24 |
R4 to BBR2 | Ethernet | 192.10.<pod>.<device> | /24 |
R4 to BBR3 | Ethernet | 204.12.<pod>.<device> | /24 |
R3 | S1/1 | 104.<pod>.3.3 | /24 |
R5 | S0/0 | 104.<pod>.3.5 | /24 |
SW1 | Fa0/15 | 104.<pod>.121.7 | /24 |
SW2 | Fa0/15 | 104.<pod>.121.8 | /24 |
EIGRP (17 points)
Note No redistribution (of any kind) or route tagging is allowed unless otherwise specified.
n Using your pod number as the AS number configure EIGRP on ALL routed interfaces of R1, R2, Sw1, Sw2.
n Configure EIGRP on R3 – Lo0 and S1/0 only.
n Configure EIGRP across the frame-relay network to fit the hub and spoke design.
n Redistribute RIP into EIGRP and allow only the loopback prefixs, the 115.0.0.0-116.0.0.0 prefixs from BBR1 , and BBR2 , BBR3 prefixes. Do not use a route-map with the redistribution. Note: Ensure that EIGRP prefixes are never redistributed back to EIGRP.
n Ensure that R1 reaches the R2 loopback via the successor route through the Ethernet interface and the route via frame-relay is selected as a feasible successor.
n Make sure that any changes to EIGRP are logged to the console.
n Ensure that EIGRP does not use more than 50% of the CIR bandwidth on any WAN connection.
RIPv2 (13 points)
Note: no redistribution (of any kind) or route tagging is allowed unless otherwise specified.
n Configure RIP on ALL routed interfaces of R3, R4, and R5
n Configure RIP on R6 – Lo0 and Fa0/1 only.
n Enable MD5 RIP update authentication between R4 and BB2. (Remember use a key of “CISCO” in uppercase).
n Redistribute EIGRP into RIP
n Redistribute BGP into RIP
BGP (10 points)
Note: no redistribution (of any kind) or route tagging is allowed unless otherwise specified.
n Using an AS Number of 100, configure an IBGP neighborship between the loopbacks of R6, R5 and R3. Ensure that BGP router-ID is the same as Lo0.
n Configure an EBGP neighborship between R6 and BBR1 using the AS number of 54.
n Originate Pod networks as a /16 into BGP without static routes.
IPv6 (3 points)
n Enable IPv6 between R4 and BBR2.
n Use the network of 2001:192:10:::/64. Ensure that you can ping BBR2 using IPv6
QoS (10 points)
n When R3 is sending traffic to a frame-relay peers make certain that traffic sent adapts to BECNs
n Ensure that R3 queues excess traffic sent to any frame-relay peer. The queue should give any IP one half of the bandwidth, and all other protocols the remaining half. The use of policy-maps in not allowed.
Multicast (6 points)
n R5 is adjacent multicast sources for the groups of 233.5.5.5 and 233.55.55.55 on the subnet of 104..56.0. Configure R5 as the rendezvous point. Ensure that R6 will permanently join these groups. R6 is not allowed to use PIM of any kind.
Security (6 points)
n When opening a telnet session to R1 ensure that authentication requires a username a password to gain access. Authentication will be provided by a TACACS server with the IP address of 116.0.0.1 and the key of “CISCO”. If connectivity to the TACACS server fails authentication should default to the local username of “admin” and password of “CISCO”
IP Services (10 points)
n Configure NTP synchronization between all devices. R1 should be the master. Ensure that time zone matches your local time zone.
n Ensure that CDP is working on all interfaces inside the pod.
Activity Verification
You have completed this activity when the instructor has verified your solution and you have verified that you can:
n Ping 115.0.0.1 and 116.0.0.1 from all routers
n Ping all loopbacks from all routers
n Show all CDP neighbors from all routers
Ascolta CCIE Lab 2-1: Difficulty 7
Before starting this lab ensure that you delete the startup-config from all devices and vlan.dat from sw. Base configurations will also need to be loaded.
Bridging and Switching (15 points)
Only the following Ethernet connections and VLANs will be used
Local Device | Interface | Switch | Interface |
R1 | Fa0/0 | Sw1 | Fa0/1 |
R2 | Fa0/0 | Sw1 | Fa0/2 |
R3 | Fa0/1 | Sw2 | Fa0/3 |
R4 | Fa0/0 | Sw1 | Fa0/4 |
R4 | Fa0/1 | Sw2 | Fa0/4 |
R5 | E0/0 | Sw1 | Fa0/5 |
R6 | Fa0/1 | Sw2 | Fa0/6 |
Sw1 | Fa0/13 | Sw2 | Fa0/13 |
Sw1 | Fa0/14 | Sw2 | Fa0/14 |
BBR2 | Ethernet | Sw2 | Fa0/24 |
BBR3 | Ethernet | Sw1 | Fa0/24 |
Note: Some interfaces may be Ethernet instead of FastEthernet. However, all routers will have 2 Ethernet or 2 FastEthernet interfaces.
VLAN | Devices - Interfaces |
2 | R1-Fa0/0, BBR2-eth |
3 | R4-Fa0/0, BBR3-eth |
46 | R4-Fa0/1, R6-Fa0/1 |
78 | Sw1-VL78, Sw2-VL 78 |
82 | R3-Fa0/1, R5-Fa0/0, Sw2-VL82 |
n Ensure that unused VLANS are automatically pruned from a trunk.
n Build two Cisco standard trunks between Sw1 and Sw2 using Fa0/13 and Fa0/14 ensure that the connection prefers trunking.
n Ports Fa0/13 and Fa0/14 between Sw1 and Sw2 should not be blocked by spanning-tree and traffic on these links should be balanced based upon destination MAC address. The methodology for balancing should be standards compliant.
n Make Sw1 the root for all configured VLANs. On Sw2 ensure that any downstream non-backbone devices that attempt to talk spanning-tree are automatically disconnected.
n Configure Sw1 to be able to respond to pause frames on connections to all Gigabit Ethernet interfaces.
n The system MTU of Sw1 and Sw2 should be set to 1504.
Frame Relay (11 points)
A | A to B | B | B to A | Device | Bandwidth | |
R1 | 103 | R3-S1/0 | 301 | R1- S0/0 | 768kbps | |
R1 | 102 | R2-S0/0 | 201 | R2- S0/0 | 768kbps | |
R2-S0/0 | 203 | R3-S1/0 | 302 | R3- S1/0 | 1536kbps | |
R4 | 413 | R3-S1/1 | 314 | R3- S1/1 | 1536kbps | |
R5 | 513 | R3-S1/1 | 315 | R4- S0/0 | 768kbps | |
R4 | 405 | R5 | 504 | R5- S0/0 | 768kbps | |
R6 | 100 | BBR1 | N/A | R6- S0/0/0 | 1536kbps |
n Configure R1, R2 and R3-S1/0 in a full-mesh topology. No dynamic PVC mapping is allowed.
n Configure R4, R5 and R3-S1/1 in a full-mesh topology. No dynamic PVC mapping is allowed.
n Ensure that all frame-relay interfaces are reachable by ping.
Serial (1 points)
n Configure the serial link between R2 and R3 to have a clock rate of 125000. Use PPP as the encapsulation protocol.
IP Addressing
The following provides IP addressing changes to the base configuration file. To complete the addressing you will need to know your Pod number, VLAN and device number. Note: Sw1 will have the device number of 7 and Sw2 will have the device number of 8.
Device | Interface | IP | Mask |
All Ethernet Connected (except when connecting to BBR) | Ethernet | 104. | /24 |
R6 (to BBR1 ) | S0/0/0 | 54.<pod>.2.6 | /24 |
R1 to BBR2 | Ethernet | 192.10.<pod>.<device> | /24 |
R4 to BBR3 | Ethernet | 204.12.<pod>.<device> | /24 |
R2 | Fa0/0 | 104.<pod>.72.2 | /24 |
R2 | S0/1 | 104.<pod>.2.2 | /24 |
R3 | S1/1 | 104.<pod>.3.3 | /24 |
R3 | S1/3 | 104.<pod>.2.3 | /24 |
R4 | S0/0 | 104.<pod>.3.4 | /24 |
R5 | S0/0 | 104.<pod>.3.5 | /24 |
SW1 | Fa0/2 | 104.<pod>.72.7 | /24 |
OSPF (17 points)
Note: OSPF devices should have a router-id of r.r.r.r where r=router number
n Configure OSPF area 0 on R1 and only include the loopback. Configure area 0 to use non-hashed authentication.
n Configure all non-BBR interfaces of R4 and R6 to be in Area 2. Configure R3-S1/1 and R5-S0/0 to join Area 2
n Configure R1-Fa0/0 to connect to OSPF area 51.
n Configure OSPF area 1 on R1 S0/0. Configure all interfaces of R2, Sw1 and Sw2 to be in Area 1. Configure the remaining unassigned interfaces of R3 and R5 to be assigned to Area 1. Configure R3 Ensure that R3 is the DR for all connections. Modification of OSPF network type is not allowed.
BGP (16 points)
Note: No aggregation is allowed.
n Configure BGP on all devices. Use an AS number of 100.
n R5 will be a route reflector. Sw1, R1, R2, R3, R4, and R6 will be clients of the route reflector.
n Ensure that IBGP can take advantage of IGP redundancy features.
n Configure an EBGP neighborship from R6 to BBR1 and R4 to BBR3 using the AS number of 54.
n On R3 configure two static routes of 104..0.0/16 and 10..0.0/16. Reallocate only these two local routes into the BGP table without redistribution.
n Ensure that only local pod prefixes are advertised to all external BGP peers. No prefix-lists or access-lists are allowed.
n Ensure the all routers in the pod prefer external prefixes from BBR1.
IPv6 (11 points)
Note: you are allowed the use of IPv6 static routes for this section.
n Configure IPv6 according to the following table. Do not use any other addressing than what is listed.
Device | Interface | IP | Mask |
R1 | Fa0/0 | 2001:192:10:<p>::1 | /64 |
R4 | Fa0/0 | 2001:204:12:<p>::4 | /64 |
R4 | Fa0/1 | 2001:104:<p>:46::<d> | /64 |
R6 | S0/0/0 | 2001:54:<p>:2::6 | /64 |
Note: R6 Fa0/1 must automatically learn its address from R4.
n Configure a tunnel to connect IPv6 from R1 to R4. You are not allowed the use of any automatic tunneling protocols. No bridging is allowed.
n Configure routing between all IPv6 networks in the pod or connecting to the pod. The use of dynamic routing protocols between routers is prohibited.
QoS (8 points)
n Trust CoS marking on Sw2 on interfaces connected to a non-backbone router then ensure that exit layer 3 is marked according to defaults.
n On all frame-relay interfaces of R3, assure that packets larger than 512 bytes have the DE bit set.
Multicast (4 points)
n Configure IP PIM on all routed devices connected VLAN 82. PIM should not support rendezvous points. Configure R5 to be the PIM DR.
n Verify that Sw2 can prune unsolicited multicasts from switched ports.
Security (8 points)
n Filter TFTP packets between R1 and R2 without the use of an access-list. Allow all other traffic.
n Ensure that you secure outside interfaces of the edge routers R4 and R6 by disabling ICMP unreachable replies, inbound telnet, and inbound NTP. Use of access-list applied to interfaces is prohibited on this task. No route-maps are allowed.
IP Services (8 points)
n Ensure that no CDP is enabled on any routers.
n On R6 configure the VTY ports to have an infinite timeout. Even though the exec-timeout line command has been set, other administrators still complain that their telnet sessions timeout due to inactivity. Configure R6 such that telnet sessions will not timeout due to inactivity.
n Configure HSRP on VLAN 82 using R3 and R5 as the gateway routers. Ensure that failover happens in less than 4 seconds. R3 should always be the primary router and r5 the backup. R5 should assume primary routing responsibility should the R3 S1/1 interface lose layer 2 connectivity.
Activity Verification
You have completed this activity when the instructor has verified your solution and you have verified that you can:
n Ping 51.51.51.51, 113.0.0.1 and 28.119.16.1 from all routers.
n Ping all loopbacks from all routers
Ascolta CCIE Lab 3-1: Difficulty 10
Before starting this lab ensure that you delete the startup-config from all devices and vlan.dat from both switches. Base configurations will also need to be loaded.
Bridging and Switching (7 points)
Only the following Ethernet connections and VLANs will be used
Local Device | Interface | Switch | Interface |
R1 | Fa0/0 | Sw1 | Fa0/1 |
R2 | Fa0/0 | Sw1 | Fa0/2 |
R3 | Fa0/0 | Sw1 | Fa0/3 |
R4 | Fa0/0 | Sw1 | Fa0/4 |
R4 | Fa0/1 | Sw2 | Fa0/4 |
R5 | E0/0 | Sw1 | Fa0/5 |
R5 | E0/1 | Sw2 | Fa0/5 |
R6 | Fa0/1 | Sw2 | Fa0/6 |
Sw1 | Fa0/13 | Sw2 | Fa0/13 |
Sw1 | Fa0/14 | Sw2 | Fa0/14 |
Sw1 | Fa0/15 | Sw2 | Fa0/15 |
BBR2 | Ethernet | Sw2 | Fa0/24 |
BBR3 | Ethernet | Sw1 | Fa0/24 |
Note: Some interfaces may be Ethernet instead of FastEthernet. However, port numbering will be the same.
VLAN | Devices - Interfaces |
22 | Sw2-VL2, R5-E0/0 BBR2-eth |
33 | R1-Fa0/0, BBR3-eth |
26 | R2-Fa0/0, R6-Fa0/1 |
37 | Sw1-VL37, R3-Fa0/0 |
44 | R4-Fa0/1 |
46 | R4-Fa0/0, R6-Fa0/0 |
58 | Sw2-VL58, R5-E0/1 |
Note: Verify that system MTU on switches is set to 1500 bytes.
n All switches should use VTP transparent mode.
n ONLY create VLANs used by a switch.
n Ports Fa0/14 and Fa0/15 must be configured as a single layer 3 port-channel interface on both switches.
n Port Fa0/13 on both switches should be configured as a dynamic trunk. Only Sw1 is allowed to initiate the trunking negotiation. VLAN 33 traffic must be untagged.
n Access ports connected to routers should transition to a forwarding state immediately. The use of portfast is not allowed and spanning-tree must not be disabled.
Frame Relay (7 points)
A | A to B | B | B to A | Device | Bandwidth | |
R1 | 105 | R5-S0/0 | 501 | R1- S0/0 | 768kbps | |
R1 | 102 | R2-S0/0 | 201 | R2- S0/0 | 768kbps | |
R5 | 513 | R3-S1/1 | 315 | R3- S1/0 | 1536kbps | |
R6 | 101 | BBR1 | N/A | R3- S1/1 | 1536kbps | |
R4- S0/1 | 768kbps | |||||
R5- S0/0 | 768kbps | |||||
R6- S0/0/0 | 1536kbps |
n Configure R1-S0/0 and R2 as a point-to-point frame-relay connection.
n Configure R5-S0/0 as the hub R3-S1/1 and R1-S0/0 as the spokes in a hub and spoke topology. Subinterfaces are not allowed on R3 or R5.
n Ensure that all frame-relay interfaces are reachable by ping.
Serial (2 points)
n Configure the serial link between R2 and R3 to have a clock rate of 512000. Use PPP as the encapsulation protocol.
n Configure the serial link between R4 and R5 to have a clock rate of 512000. Use PPP as the encapsulation protocol.
IP Addressing (1 point)
The following provides IP addressing changes to the base configuration file. To complete the addressing you will need to know your Pod number, VLAN and device number. Note: Sw1 will have the device number of 7 and Sw2 will have the device number of 8.
Device | Interface | IP | Mask |
All Ethernet Connected (except when connecting to BBR) | Ethernet | 104. | /24 |
R6 (to BBR1 ) | S0/0/0 | 54.<pod>.1.6 | /24 |
Ethernet device connecting to BBR2 | Ethernet | 192.10.<pod>.<device> | /24 |
Ethernet device Connecting to BBR3 | Ethernet | 204.12.<pod>.<device> | /24 |
R1 | S0/0.1 | 104.<pod>.3.1 | /24 |
R1 | S0/0.2 | 104.<pod>.1.1 | /24 |
R2 | S0/0 | 104. | /24 |
R2 | S0/1 | 104.<pod>.2.2 | /24 |
R3 | S1/1 | 104.<pod>.3.3 | /24 |
R3 | S1/3 | 104.<pod>.2.3 | /24 |
R4 | S0/1 | 104.<pod>.4.4 | /27 |
R5 | S0/0 | 104.<pod>.3.5 | /24 |
R5 | S0/1 | 104.<pod>.4.5 | /27 |
R5 | Lo1 | 104.<pod>.55.55 | /24 |
SW1 | Po1 | 104.<pod>.78.7 | /24 |
SW2 | Po2 | 104.<pod>.78.8 | /24 |
SW1 | Tu0 | 104.<pod>.5.7 | /24 |
R6 | Tu0 | 104.<pod>.5.6 | /24 |
OSPF (16 points)
Note: OSPF devices should have a router-id of r.r.r.r where r=router number. No tunnels allowed in this section. No OSPF commands are allowed on the interfaces of R3 or R5 except for priority.
n Configure OSPF area 0 on R4-Lo0 and R4-Fa0/1.
n Configure OSPF area 11 on R5-E0/1, Sw2-VL58 and Sw2-Lo0
n Configure OSPF area 22 between R4-S0/1 and R5-S0/1
n Configure OSPF area 33 on R5-S0/0, R3-S1/1, R3-Lo0, R1-S0/0.1, and R1-Lo0
n Configure OSPF area 44 on Sw1-Po0, Sw1-lo0, and Sw2-Po0
n Configure Sw2-VL2 to connect to OSPF area 51.
n R5 is allowed to originate a default for OSPF.
n Assure that R5-Lo0 is announced into OSPF without using any “network” statements (in any routing protocols) and without the use of access-list or prefix-list. Ensure the subnet mask for the route matches the mask of the Lo0
n On R1 redistribute RIP into OSPF and ensure that any routes marked with a route-tag of 88 are redistributed as OSPF E1 routes.
n Suppress the flooding of unnecessary LSAs on interfaces in Area 22
RIPv2 (15 points)
n Configure RIP on R1-S0/0.2, R1-Fa0/0, R2-Fa0/0, R2-Lo0, R2-S0/0, R6-Lo0, R6-Fa0/1, R6-S0/0/0.
n Do not send any routing updates to BBR3. You must still ensure that all other devices can ping BBR3s networks successfully. You may use a single access-list if needed.
n Do not allow RIP to send broadcast or multicasts on the Ethernet connection between R2 and R6.
n On R1 redistribute OSPF into RIP.
n Ensure that on all RIP speaking routers that have 51.51.51.51/32 displayed as a rip route has an AD of 150.
n Only allow the odd networks starting with 212.18.0.0/16 network to be from BBR1 and set a route-tag of 88. Use the least number of lines possible when configuring this task.
EIGRP (12 points)
n Configure a tunnel between Sw1 and R6. The source and destination of the tunnel will be the loopback interfaces.
n Configure EIGRP with an AS of 100 on Sw1-lo0, Sw1-Tu0, R2-S0/1, R3-S1/3, R3-Fa0/0, R6-Lo0, R6-Tu0.
n Configure EIGRP on R6-S0/0/0 to BBR1 using AS 10 and MD5 authentication.
n Redistribute AS 10 into RIP and set a route-tag of 88.
n Between devices running EIGRP 100 ensure that bandwidth is measured as being twice as important as delay.
BGP (13 points)
Note: IBGP neighborship should be established between loopbacks except between R4 and R6.
n Configure BGP on Sw2, R4, and R5. Use a real AS number of 100 and a confederation AS of 65002
n Configure BGP on R6 with a real AS number of 100 and a confederation AS of 65001.
n Configure BGP on R1 with a confederation AS of 65003.
n Establish a BGP neighborship between AS 65001 and AS65002.
n Configure a BGP neighborship between R4 and R6. Packets routed by BGP should use this connection.
n Configure an EBGP neighborship from R6 to BBR1 using the peer AS number of 54.
n On R6 Ensure that all local pod prefixes are advertised to all external BGP peers. The use of the network statement is not allowed. Originated route must have an origin-code of “IGP”.
n Have R4 change the origin-code to unknown for any routes marked with the community of 54
IPv6 (1 point)
n Configure IPv6 according to the following table. Do not use any other addressing than what is listed.
Device | Interface | IP | Mask |
R5 | E0/0 | 2001:192:10:<p>::5 | /64 |
R4 | S0/1 | 2001:104:<p>:4::4 | /64 |
R4 | Fa0/0 | 2001:104:<p>:46::4 | /64 |
R5 | S0/1 | 2001:104:<p>:4::5 | /64 |
R6 | Fa0/0 | 2001:104:<p>:46::6 | /64 |
R6 | S0/0/0 | 2001:54:254:<p>::6 | /64 |
OSPF for IPv6 (6 points)
n Configure R5-E0/0 to be in Area 0
n Configure R4-S0/1 and R5-S0/1 to be in Area 33
n Configure R4-Fa0/0 and R6-Fa0/0 to be in Area44
n Redistribute IPv6 RIP into IPv6 OSPF and block only the 2001:254:0:115::/96 prefix.
RIP for IPv6 (3 points)
n Configure R6-S0/0/0 to use RIPv6
n Redistribute IPv6 OSPF into IPv6 RIP.
QoS (4 points)
n Configure congestion avoidance on R5-S0 such that packets of any precedence should begin to randomly discard when the queue depth reaches 15 packets and drop at the rate of 20%. The queue should have a maximum depth of 50 packets. You may not use a policy-map to accomplish this task.
Multicast (6 points)
Note: Only PIM version 1 is allowed. Loopback addresses should be used when possible.
n Configure Sw2 to assign R5 as the RP. No manual configuration of RP allowed.
n Configure R4 to answer the pings to 225.5.5.5
n Ensure that Sw1 and R3 can ping the multicast-group on R4
Security (4 points)
n Configure R4 such that a successful telnet login is required before TFTP is allowed through the router.
IP Services (1 points)
n Configure the following aliases:
Full Command | Alias |
show running-config | begin | sb |
show running-config | include | si |
show ip interface brief | sib |
n Change the command history to buffer 256 lines.
n Change the console 0 exec-time out to 8 hours.
Activity Verification
You have completed this activity when the instructor has verified your solution and you have verified that you can:
n All devices must have connectivity to 118.0.0.1, 51.51.51.51, and 204.12.
.254n All IPv6 capable devices must have connectivity to 2001:254:0:112::1 and 2001:51:51:51::51
Ascolta CCIE Lab 4-1: Difficulty 10
Before starting this lab ensure that you delete startup-config from all devices and vlan.dat from both switches. Base configurations will also need to be loaded.
Bridging and Switching (10 points)
Only the following Ethernet connections and VLANs will be used. All other interfaces should be administratively shutdown.
Local Device | Interface | Switch | Interface |
R1 | Fa0/0 | Sw1 | Fa0/1 |
R2 | Fa0/0 | Sw1 | Fa0/2 |
R3 | Fa0/0 | Sw1 | Fa0/3 |
R3 | Fa0/1 | Sw2 | Fa0/3 |
R4 | Fa0/0 | Sw1 | Fa0/4 |
R4 | Fa0/1 | Sw2 | Fa0/4 |
R5 | E0/0 | Sw1 | Fa0/5 |
R5 | E0/1 | Sw2 | Fa0/5 |
R6 | Fa0/0 | Sw1 | Fa0/6 |
R6 | Fa0/1 | Sw2 | Fa0/6 |
BBR2 | Ethernet | Sw2 | Fa0/24 |
BBR3 | Ethernet | Sw1 | Fa0/24 |
Note: Some interfaces may be Ethernet instead of FastEthernet. However, port numbering will be the same.
VLAN | Devices - Interfaces |
111 | Sw1-VL111, Sw2-VL111 |
11 | BBR3-Eth, R1-Fa0/0 |
56 | R5-E0/0, R6-Fa0/1 |
65 | R6-Fa0/0, R5-E0/1 |
37 | Sw1-VL37 |
47 | Sw2-VL47 |
Note: Verify that system MTU on switches is set to 1500 bytes.
n Switches should use VTP transparent mode.
n Configure Sw1-Fa0/3 and Sw2-Fa0/3 as standards based trunks with an untagged VLAN of 1.
n Configure Sw1-Fa0/4 and Sw2-Fa0/4 as standards based trunks with an untagged VLAN of 1.
n R3 and R4 must be configured to forward tagged Ethernet traffic between their first and second Ethernet interfaces. R3 must connect to VLAN 37 at layer 3 and R4 should connect to VLAN 47 at layer 3 as well.
n Ensure that Sw2 is a leaf switch and that it recovers from a link failure as fast as possible for all VLANs shared between switches.
Frame Relay (8 points)
Note: Only the PVCs listed below are allowed.
A | A to B | B | B to A | |||
R1-S0/0 | 104 | R4-S0/0 | 401 | |||
R1-S0/0 | 103 | R3-S1/0 | 301 | |||
R2-S0/0 | 203 | R3-S1/0 | 302 | |||
R3-S1/1 | 314 | R4-S0/0 | 413 | |||
R6-S0/0/0 | 201 | BBR1 | N/A |
n Configure R3-S1/0 as the hub R2-S0/0 and R1-S0/0 as the spokes in a hub and spoke topology. Make sure that a single sub-interface is used on R3-S1/0.
n Configure R4-S0/0 as the hub R3-S1/1 and R1-S0/0 as the spokes in a hub and spoke topology.
n In relevance to frame-relay treat R2 as if it were a non-Cisco router. The Cisco standards are preferred in all other cases.
Serial (5 points)
n Configure the serial link between R4 and R5 to have a clock rate of 512000. Use PPP as the encapsulation protocol. This serial link will need to support voice and minimize jitter. Configure this link to break up large packets and interleave them with the smaller packets. Ensure that fragment size is between 600 bytes and 640 bytes.
n Configure PPP over Frame on the connection from R6 to BBR1. This connection will use CHAP and require a username of “ROUTER6” with a password of “CISCO”.
IP Addressing (1 point)
The following provides IP addressing changes to the base configuration file. To complete the addressing you will need to know your Pod number, VLAN and device number. Note: Sw1 will have the device number of 7 and Sw2 will have the device number of 8.
Device | Interface | IP | Mask |
All Ethernet Connected (except when connecting to BBR) | Ethernet | 104. | /24 |
R6 (to BBR1 ) | S0/0/0 | 54.<pod>.7.<device> | /24 |
R2 to BBR2 | Fa0/0 | 192.10.<pod>.<device> | /24 |
R1 to BB3 | Fa0/0 | 204.12.<pod>.<device> | /24 |
R1 | S0/0.1 | 104.<pod>.1.1 | /24 |
R1 | S0/0.2 | 104.<pod>.3.1 | /24 |
R2 | S0/1 | 104.<pod>.1.2 | /24 |
R3 | S1/0 | 104.<pod>.1.3 | /24 |
R3 | S1/1 | 104.<pod>.3.3 | /24 |
R4 | S0/0 | 104.<pod>.3.4 | /24 |
R4 | S0/1 | 104.<pod>.45.4 | /24 |
R5 | S0/1 | 104.<pod>.45.5 | /24 |
OSPF (13 points)
Note: OSPF devices should have a router-id of r.r.r.r where r=router number. No route-maps or distribute-lists are allowed on R1, R3 or R4[HLS1] !
n Configure OSPF area 0 on R4-S0/1 and R5S0/1
n Configure OSPF area 34 on R4-Lo0, R4-S0/0, R3-S1/1, and R1-S0/0.2. No static neighbors are allowed in this area.
n Configure OSPF area 56 on R5-E0/0, R5-E0/1, R6-Fa0/0, and R6-Fa0/1. Ensure that no type 5 updates are allowed in this area.
n Configure OSPF area 78 on R3-Ethernet, R3-Lo0, R4-Ethernet, Sw1-VL37, Sw1-VL111, Sw2-VL111, and Sw2-Vl47.
RIPv2 (17 points)
Note: Do not allow RIP on any interfaces other than what is listed.
n Configure RIP on R1-S0/0.1, R1-Lo0, R2-S0/0, and R3-s1/0.
n Ensure that all RIP routes sent by R2 have extra 12 hops added to the metric.
n Redistribute RIP into OSPF and OSPF into RIP on R1 and R3.
EIGRP (10 points)
Note: Do not allow EIGRP on any interfaces other than what is listed
n Configure EIGRP with an AS of 10 between R6-S0/0/0 and BBR1.
n Configure redistribution to and from OSPF. Ensure that you only learn routes with a mask of /8 or higher from OSPF.
BGP (10 points)
Note: IBGP neighborship should be established between loopbacks.
n Configure AS 100 on R1 and R6. Build BGP peering to BBR1 at AS54.
n Configure AS 200 on R2, R3, R4, and R5. Configure R2 to peer with BBR2 in AS 254.
n AS200 should peer with AS 100 between R5 and R6. Ensure that these two connections are load balanced in BGP.
n AS200 should also peer with AS 100 between R1 and R3.
n Ensure, from a BGP perspective, that traffic sent to AS 100 from AS 200 has a preferred return path through R5.
n Ensure that only class A subnets originating in 54 are blocked when being received AS 200.
IPv6 (4 points)
n Configure IPv6 on R1-Fa0/0 with the address of 2001:204:12:<p>::<d>/64.
n Configure IPv6 on R2-Fa0/0 with the address of 2001:192.10:<p>::<d>/64
n Configure IPv6 between R2 and R1 using the address of 2001:104:
:1::IPv6 RIP (2 points)
n Ensure that IPv6 traffic can forward from R1 to R2.
QoS (7 points)
n Configure R2-S0/0 to shape all outbound http traffic to a peak of 64kbps. Tc should be set to .125 seconds. The use of frame-relay map-class is not allowed.
n Configure R4 to compress only RTP traffic sent to R5.
Multicast (5 points)
Note: Only PIM version 1 is allowed. Loopback addresses should be used when possible.
n Configure R1, R3, R4 and R5 to forward multicast only across frame-relay and serial connections. Configure R6-FA0/0 to join the multicast group of 233.5.5.5. R1 should be able to ping this group successfully.
n Configure R5 to be a multicast stub router. There should be no PIM neighborship between R4 and R5.
IP Services (3 points)
n Configure R4 to be a DHCP server for VLAN47. Use the existing subnet as the scope. Ensure that no unnecessary DHCP functions are enabled. R4 should be the gateway and SW2 should be the DNS server. The domain name will be ascolta.com
n Configure all devices to have the correct time and time-zone. BBR1 will be responsible for providing the time.
Security (5 points)
n Because of problems with rogue DHCP servers on VLAN 47 you have decided to allow only R4’s Ethernet to serve DHCP. You must ensure that clients can still listen to DHCP. To test this task you may configure a port on R3 to have a port in VLAN 47 to learn an IP Address. No routing protocols should be configured for this port.
n Configure R4 to be able to analyze what protocols are being used on VLAN 47.
n Configure VL65 to only forward traffic during the hours of 8am to 5pm.
n Build an Access-list between R4 and R5 that permits only routing protocols, traceroute, ICMP echo, ICMP echo-reply, NTP and telnet
Activity Verification
You have completed this activity when the instructor has verified your solution and you have verified that you can:
n Verify that R2 can ping 2001:30::1 and 2001:31::1
n Verify that all loopbacks can be reached by all routers.
Ascolta CCIE Lab 5-1: Difficulty 9
Before starting this lab ensure that you delete the startup-config from all devices and vlan.dat from both switches. Base configurations will also need to be loaded.
Bridging and Switching (10 points)
Only the following Ethernet connections and VLANs will be used. All other interfaces should be administratively shutdown.
Local Device | Interface | Switch | Interface |
R1 | Fa0/0 | Sw1 | Fa0/1 |
R2 | Fa0/0 | Sw1 | Fa0/2 |
R3 | Fa0/1 | Sw2 | Fa0/3 |
R4 | Fa0/1 | Sw2 | Fa0/4 |
R5 | E0/1 | Sw2 | Fa0/5 |
R6 | Fa0/1 | Sw2 | Fa0/6 |
Sw1 | Fa0/13 | Sw2 | Fa0/13 |
Sw1 | Fa0/14 | Sw2 | Fa0/14 |
Sw1 | Fa0/15 | Sw2 | Fa0/15 |
BBR2 | Ethernet | Sw2 | Fa0/24 |
BBR3 | Ethernet | Sw1 | Fa0/24 |
Note: Some interfaces may be Ethernet instead of FastEthernet. However, port numbering will be the same.
VLAN | Devices - Interfaces |
1 | R4-Fa0/1 |
22 | BBR2-Eth, R1-Fa0/0 |
23 | R3-FA0/1, Sw1-VL23 |
33 | BBR3-Eth, Sw2-VL33 |
n Switches should use Rapid Spanning-Tree and MST.
n Configure Sw2-Fa0/4 to allow the reception of Ethernet frames from MAC address of 0000.0c12.3456 and deny any other addresses. The use of access-list for this task is prohibited. Verify that you are not receiving CDP from R4.
n Configure Sw1 to authenticate all Layer 2 static-access ports and Layer 3 routed ports. Use a local database for authentication with a username of “student”. Ensure that ports connected to network devices are authorized for access.
n Configure ports Fa0/13-15 on Sw1 and Sw2 to trunk using IEEE 802.1q. Ensure that all three ports are forwarding packets. Etherchannel is no allowed.
Frame Relay (5 points)
Note: Only the PVCs listed below are allowed.
A | A to B | B | B to A | |||
R1-S0/0 | 103 | R3-S1/0 | 301 | |||
R1-S0/0 | 113 | R3-S1/1 | 311 | |||
R2-S0/0 | 204 | R4-S0/0 | 402 | |||
R3-S1/1 | 315 | R5-S0/0 | 513 | |||
R6-S0/0/0 | 101 | BBR1 | N/A | |||
n Configure R1-S0/0 with two point to point subinterfaces. Assign PVC according to the table above.
n Configure R3-S1/1 with two point to multipoint subinterfaces.
Serial (10 points)
n Configure PPP authentication on the serial connection between R2 and R3. R2 should not authenticate R3. R3 will authenticate R2 with hash based authentication. Use the highest functional clock rate.
n Configure the serial link between R5 and R4 in such a way that R4 provides R5 with an IP address without the use of DHCP. You may use any encapsulation you deem fit. Use the highest functional clock rate.
n On the serial link between R1 and R3 configure PPP. Ensure that this connection is load-balanced at layer 2 with the frame-relay connection between R1 and R3. Use the highest functional clock rate.
IP Addressing (1 point)
The following provides IP addressing changes to the base configuration file. To complete the addressing you will need to know your Pod number, VLAN and device number. Note: Sw1 will have the device number of 7 and Sw2 will have the device number of 8.
Device | Subnet | Mask |
All Ethernet Connected (except when connecting to BBR) | 104. | /24 |
R6-S0/0/0 (to BBR1 ) | 54.<pod>.1.<device> | /24 |
R1- Fa0/0 to BBR2 | 192.10.<pod>.<device> | /24 |
Sw2- VL33 to BB3 | 204.12.<pod>.<device> | /24 |
R1-S0/0, R3-S1/0 | 104.<pod>.1.<device> | /24 |
R1-S0/1, R3-S1/2 | 104.<pod>.0.<device> | /24 |
R2-S0/0, R4-S0/0 | 104.<pod>.4.<device> | /24 |
R2-S0/1, R3-S1/3 | 104.<pod>.2.<device> | /24 |
R2-Fa0/0, Sw1-Fa0/2 | 104.<pod>.3.<device> | /24 |
R3-S1/1, R5-S0/0 | 104.<pod>.6.<device> | /24 |
R4-S0/1, R5-S0/1 | 104.<pod>.5.<device> | /24 |
R5-E0/1, Sw2-Fa0/5 | 104.<pod>.7.<device> | /24 |
R6-Fa0/1, Sw2-Fa0/6 | 104.<pod>.8.<device> | /24 |
OSPF (10 points)
Note: OSPF devices should have a router-id of r.r.r.r where r=router number.
n Configure OSPF area 0 on the 104.<p>.4.0/24 and 104.<p>.6.0/24 subnet. Include R3-Lo0 and R4-Lo0 into area 0
n Configure OSPF area 1 on the 104.<p>.5.0/24 subnet.
n Configure OSPF area 2 on the 104.<p>.7.0/24 and 104.<p>.8.0/24 subnet. Inclue R5-Lo0, R6-Lo0, and Sw2-Lo0 into area 2.
n Configure R2 to advertise a default route to its OSPF peers only if the route to 10.
.2.0/24 is reachable[HLS4] .EIGRP (10 points)
Note: EIGRP will use the AS number of 10
n Configure EIGRP on the 104.<p>.0.0/24 and the 104.<p>.1.0/24 subnets between R1 and R3. Ensure that EIGRP load balances these connections equally[HLS5] .
n Configure EIGRP on the 104.<p>.23.0/24, 104.<p>.3.0/24 and 104.<p>.2.0/24 networks. Ensure that R2 load balances its connections that use EIGRP. The traffic across these connections should be balanced proportional to the speed of the link.
n Configure EIGRP on R2-Lo0, Sw1-Lo0, and R1-Lo0.
n Redistribute EIGRP in to OSPF at R2 and R3. Redistribute OSPF into EIGRP at the same routers.
RIP (8 points)
n Configure RIP on VL33.
n Redistribute only those routes from EIGRP AS10. No access-list or prefix-lists are allowed.
BGP (12 points)
Note: IBGP neighborship should be established between loopbacks. Make sure that only IP reachable routes are advertised to EBGP peers.
n Configure BGP AS 100 on SW2, R6 and R1. Do not configure BGP on any other routers or switches.
n Build an authenticated EBGP peering relationship from R1 to BBR2. Note: BBR2 is configured with a neighbor for R1 that uses AS 200.
n Configure EBGP between R6 and BBR1. Configure EBGP between SW2 and BBR3.
n Ensure that routes coming from BBR3 are not allowed to flap rapidly more that 3 times before the routes are suspended from further advertisement. The duration they should be suspended should be no longer than 2 hours.
n Ensure that R6 will never receive more that 100 BGP prefixes from BBR1. The use of access-list or prefix-list, and filter-lists is not allowed.
n Verify that routes are being exchanged between BGP AS 100 and its EBGP peers.
IPv6 (8 point)
n Configure IPv6 between R3-S1/1.2 and R5-S0/0 Using the addressing of 2001:104:
:6::n Build an IPv4 tunnel across this IPv6 network. On R3-S1/1.2 and R5-S0/0 move all IPv4 from Ethernet to tunnel 0.
n Create an automatic ISATAP tunnel on R3 for clients on VLAN 23.
QoS (8 points)
n On R2 set the IP precedence of all packets forwarded to Sw1 to a value of 2
n On R3 set the IP precedence of all packets forwarded to Sw2 to a value of 3
n On Sw1 convert R2’s marking of 2 to an IPP marking of 4 and CoS marking of 4
n On Sw2 convert R3’s marking of 3 to an IPP marking of 5 and CoS marking of 5.
Multicast (7 points)
n Ensure that multicast forwarding is only enabled on frame-relay devices between R1 and R5.
n Have Sw2 join the multicast group of 229.9.9.9. Ensure that R1 can ping this multicast group.
IP Services (6 points)
n Configure Local Area Mobility for all subnets of R1.
n On R3 ensure that only broadcasts forwarded to R4 are TFTP.
n Configure a text menu on R1 to:
§ show ip int brief
§ show users
§ show logging
§ exit from menu
Security (5 points)
n On Sw2 ensure that no user based TCP traffic (telnet, HTTP, etc) is allowed to be started in from BBR3. Users in your pod should be able to send TCP based traffic out and have it return successfully. You are not allowed to specify the specific TCP port numbers for telnet, HTTP, and you are not allowed to use the established access-list option.
Activity Verification
You have completed this activity when the instructor has verified your solution and you have verified that you can:
n Ping all loopbacks from all routers and switches.
[HLS1]Must use the distance command on R1 and R3 to change AD to be higher than rip to fix routing loop.
[HLS2]BGP will cause a routing loop, because ebgp has a lower AD. Change AD for EBGP to 200 on all ASBRs.
[HLS3]Student may try to build rip across router 3 but IPv6 rip doesnt support turning off split horizon. You will have to fix this with a manual tunnel.
No comments:
Post a Comment