Post on 10-Jun-2015
transcript
CCIE LAB Routing & Switching (V4.0)
1 www.passccielab.com All rights reserved Created by lofrent - 1 -
CCIE LAB Routing & Switching (V4.0)
Ver:K3
Update 2010-02-12
© www.passccielab.com All Rights Reserved.
CCIE LAB Routing & Switching (V4.0)
2 www.passccielab.com All rights reserved Created by lofrent - 2 -
CCIE LAB Routing & Switching (V4.0)
3 www.passccielab.com All rights reserved Created by lofrent - 3 -
CCIE LAB Routing & Switching (V4.0)
4 www.passccielab.com All rights reserved Created by lofrent - 4 -
CCIE LAB Routing & Switching (V4.0)
5 www.passccielab.com All rights reserved Created by lofrent - 5 -
CCIE LAB Routing & Switching (V4.0)
6 www.passccielab.com All rights reserved Created by lofrent - 6 -
CCIE LAB Routing & Switching (V4.0)
7 www.passccielab.com All rights reserved Created by lofrent - 7 -
CCIE LAB Routing & Switching (V4.0)
VLAN VLAN Name
VLAN 4 VLAN_BB2
VLAN 5 VLAN_BB3
VLAN 13 VLAN_A
Hostname Loopback0 IP Address
YYR1 YY.YY.1.1/32
YYR3 YY.YY.3.3/32
YYR4 YY.YY.4.4/32
YYR5 YY.YY.11.11/32
YYSW1 YY.YY.7.7/24
YYSW2 YY.YY.8.8/24
YYSW3 YY.YY.9.9/24
YYSW4 YY.YY.10.10/24
8 www.passccielab.com All rights reserved Created by lofrent - 8 -
Note1 : k3 is k1 update versions and k1 and k3
diagram/Pre-configuration and most of questions/ solutions
same with k1 , except few changed questions.
Note2.all solutions has been verified,you can pass ccie rs
exam the frist
Loop back IP Address & VLANS
• The equipment on the rack assigned to you is physically Cabled and should not be tempered
with.
• Router and Switch hostnames, basic ip addressing, 'no exec-timeout' and passwords on the
Con, AUX and VTYs have been preconfigured. Do not change these configurations.
• All preconfigured passwords are 'Cisco'. Do not change these passwords.
• If you need clarification on the meaning of a question, or, if you suspect hardware problems with
you equipment, contact the lab proctor as soon as possible.
• The following symbols are used throughout the exam: YY is your 2-digit rack number, for
example YY value for
• Rack3 is 03 and for Rackl 1 is 11. X is your router number, for example X Value for router 1 is 1. Z
is any number SW1 and SW2 refer to the Catalyst
YYR2 YY.YY.2.2/32
CCIE LAB Routing & Switching (V4.0)
9 www.passccielab.com All rights reserved Created by lofrent - 9 -
VLAN 15 VLAN_B
VLAN 24 VLAN_C
VLAN 26 VLAN_H
VLAN 46 VLAN_F
VLAN 47 VLAN_G
Frame Relay (R1-R2) R1: YY.YY.13.237, R2: YY.YY.13.236
BB1 150.1.YY.254/24
BB2 150.2.YY.254/24
BB3 150.3.YY.254/24
Pre-configured for CCIE LAB
R1
interface loopback 0
ip address YY.YY.1.1 255.255.255.255
!
interface fa0/1
ip address YY.YY.13.156
255.255.255.224
no shutdown
!
interface fa0/0
no ip address
shutdown
!
interface serial 0/0/0
no ip address
shutdown
!
interface serial 0/0/1
no ip address
encapsulation ppp
shutdown
R2
interface loopback 0
ip address YY.YY.2.2 255.255.255.255
!
CCIE LAB Routing & Switching (V4.0)
10 www.passccielab.com All rights reserved Created by lofrent - 10 -
interface fa0/1
no ip address
shutdown
!
interface fa0/0 no ip address shutdown !
interface serial 0/0/0
no ip address
shutdown
!
interface serial 0/0/0
no ip address
shutdown
R3
interface loopback 0
ip address YY.YY.3.3 255.255.255.255
!
interface fa0/1
ip address YY.YY.13.188
255.255.255.224
no shutdown
!
interface serial 0/0/0
ip address YY.YY.13.240 255.255.255.252
encapusulation ppp
no shutdown
!
R4
interface loopback 0
ip address YY.YY.4.4 255.255.255.255
!
interface fa0/0
ip address YY.YY.13.60 255.255.255.224
no shutdown
!
interface fa0/1
ip address YY.YY.13.28 255.255.255.224
no shutdown
!
CCIE LAB Routing & Switching (V4.0)
11 www.passccielab.com All rights reserved Created by lofrent - 11 -
R5
interface loopback 0
ip address YY.YY.11.11 255.255.255.255
!
interface fa0/1
ip address YY.YY.13.92 255.255.255.224
no shutdown
!
interface serial 0/0/0
ip address YY.YY.13.245 255.255.255.252
encapsulation ppp
no shutdown
!
interface serial 0/0/1
ip address YY.YY.13.241 255.255.255.252
encapsulation ppp
no shutdown
SW1
vtp domain CCIE
vtp mode server
vtp password cisco
!
vlan 4
name VLAN_BB2
!
vlan 5
name VLAN_BB3
!
vlan 13
name VLAN_A
!
vlan 15
name VLAN_B
!
vlan 17
name VLAN_BB1
!
vlan 24
name VLAN_C
!
vlan 26
name VLAN_H
CCIE LAB Routing & Switching (V4.0)
12 www.passccielab.com All rights reserved Created by lofrent - 12 -
!
vlan 46
name VLAN_F
!
vlan 47
name VLAN_G
!
interface loopback 0 ip address YY.YY.7.7
255.255.255.255
!
interface fa0/3
switchport access vlan 5
switchport mode access
!
interface fa0/4
switchport access vlan 46
switchport mode access
!
interface fa0/10
switchport access vlan17
!
interface fa0/19 -24
switchport trunk
encapsulation dot1q
switchport mode trunk
SW2
vtp mode client
vtp password cisco
!
interface loopback 0
ip address YY.YY.8.8 255.255.255.255
!
interface fa0/1
switchport access vlan 13
switchport mode access
!
interface fa0/3
switchport access vlan 15
switchport mode access
CCIE LAB Routing & Switching (V4.0)
13 www.passccielab.com All rights reserved Created by lofrent - 13 -
!
interface fa0/4
switchport access vlan 26
switchport mode access
!
interface fa0/5
switchport access vlan 47
switchport mode access
!
interface fa0/10 switchport access vlan 4
switchport mode access
!
interface fa0/19 -24
switchport trunk encapsulation dot1q switchport mode trunk
SW2
vtp mode client
vtp password cisco
!
interface loopback 0
ip address YY.YY.8.8 255.255.255.255
!
interface fa0/1
switchport access vlan 13
switchport mode access
!
interface fa0/3
switchport access vlan 15
switchport mode access
!
interface fa0/4
switchport access vlan 26
switchport mode access
!
interface fa0/5
switchport access vlan 47
switchport mode access
!
interface fa0/10
CCIE LAB Routing & Switching (V4.0)
14 www.passccielab.com All rights reserved Created by lofrent - 14 -
switchport access vlan 4
switchport mode access
!
interface fa0/19 -24
switchport trunk encapsulation dot1q
switchport mode trunk
SW3:
vtp mode client
vtp password cisco
!
interface loopback 0
vtp mode client
vtp password cisco
!
interface loopback 0
ip address YY.YY.9.9 255.255.255.255
!
interface fa0/10
switchport access vlan 5
switchport mode access
!
interface fa0/19 -24
switchport trunk encapsulation dot1q
switchport mode trunk
SW4:
vtp mode client
vtp password cisco
!
interface loopback 0
ip address YY.YY.10.10 255.255.255.255
!
interface fa0/19 -24
switchport trunk encapsulation dot1q
switchport mode trunk
BB1-BB2
BB1-BB2#s run
Building configuration...
Current configuration : 7507 bytes
!
CCIE LAB Routing & Switching (V4.0)
15 www.passccielab.com All rights reserved Created by lofrent - 15 -
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname BB1-BB2
!
!
ip subnet-zero
no ip domain-lookup
!
interface Loopback10
ip address 197.68.4.1 255.255.255.0 secondary
ip address 197.68.5.1 255.255.255.0 secondary
ip address 197.68.21.1 255.255.255.0 secondary
ip address 197.68.22.1 255.255.255.0 secondary
ip address 197.68.1.1 255.255.255.0
!
interface Ethernet0
ip address 150.1.2.254 255.255.255.0 secondary
ip address 150.1.3.254 255.255.255.0 secondary
ip address 150.1.4.254 255.255.255.0 secondary
ip address 150.1.13.254 255.255.255.0 secondary
ip address 150.1.1.254 255.255.255.0 secondary
ip address 150.1.11.254 255.255.255.0 secondary
ip address 150.1.10.254 255.255.255.0 secondary
ip address 150.1.9.254 255.255.255.0 secondary
ip address 150.1.7.254 255.255.255.0 secondary
ip address 150.1.8.254 255.255.255.0 secondary
ip address 150.1.29.254 255.255.255.0 secondary
ip address 150.1.30.254 255.255.255.0 secondary
ip address 150.1.31.254 255.255.255.0 secondary
ip address 150.1.12.254 255.255.255.0
!
interface Ethernet1
ip address 150.2.2.254 255.255.255.0 secondary
ip address 150.2.3.254 255.255.255.0 secondary
ip address 150.2.4.254 255.255.255.0 secondary
ip address 150.2.12.254 255.255.255.0 secondary
ip address 150.2.13.254 255.255.255.0 secondary
ip address 150.2.9.254 255.255.255.0 secondary
ip address 150.2.10.254 255.255.255.0 secondary
ip address 150.2.11.254 255.255.255.0 secondary
ip address 150.2.7.254 255.255.255.0 secondary
CCIE LAB Routing & Switching (V4.0)
16 www.passccielab.com All rights reserved Created by lofrent - 16 -
ip address 150.2.8.254 255.255.255.0 secondary
ip address 150.2.29.254 255.255.255.0 secondary
ip address 150.2.30.254 255.255.255.0 secondary
ip address 150.2.31.254 255.255.255.0 secondary
ip address 150.2.1.254 255.255.255.0
!
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
shutdown
!
!
router bgp 254
no synchronization
bgp log-neighbor-changes
network 197.68.1.0
network 197.68.4.0
network 197.68.5.0
network 197.68.21.0
network 197.68.22.0
neighbor 150.1.1.1 remote-as 1
neighbor 150.1.1.1 prefix-list filter-bb out
neighbor 150.1.1.1 route-map addas out
neighbor 150.1.2.1 remote-as 2
neighbor 150.1.2.1 prefix-list filter-bb out
neighbor 150.1.2.1 route-map addas out
neighbor 150.1.3.1 remote-as 3
neighbor 150.1.3.1 prefix-list filter-bb out
neighbor 150.1.3.1 route-map addas out
neighbor 150.1.4.1 remote-as 4
neighbor 150.1.4.1 prefix-list filter-bb out
neighbor 150.1.4.1 route-map addas out
neighbor 150.1.7.1 remote-as 7
neighbor 150.1.7.1 prefix-list filter-bb out
neighbor 150.1.7.1 route-map addas out
neighbor 150.1.8.1 remote-as 8
neighbor 150.1.8.1 prefix-list filter-bb out
neighbor 150.1.8.1 route-map addas out
neighbor 150.1.9.1 remote-as 9
neighbor 150.1.9.1 prefix-list filter-bb out
neighbor 150.1.9.1 route-map addas out
CCIE LAB Routing & Switching (V4.0)
17 www.passccielab.com All rights reserved Created by lofrent - 17 -
neighbor 150.1.10.1 remote-as 10
neighbor 150.1.10.1 prefix-list filter-bb out
neighbor 150.1.10.1 route-map addas out
neighbor 150.1.11.1 remote-as 11
neighbor 150.1.11.1 prefix-list filter-bb out
neighbor 150.1.11.1 route-map addas out
neighbor 150.1.12.1 remote-as 12
neighbor 150.1.12.1 prefix-list filter-bb out
neighbor 150.1.12.1 route-map addas out
neighbor 150.1.13.1 remote-as 13
neighbor 150.1.13.1 prefix-list filter-bb out
neighbor 150.1.13.1 route-map addas out
neighbor 150.1.29.1 remote-as 29
neighbor 150.1.29.1 prefix-list filter-bb out
neighbor 150.1.29.1 route-map addas out
neighbor 150.1.30.1 remote-as 30
neighbor 150.1.30.1 prefix-list filter-bb out
neighbor 150.1.30.1 route-map addas out
neighbor 150.1.31.1 remote-as 31
neighbor 150.1.31.1 prefix-list filter-bb out
neighbor 150.1.31.1 route-map addas out
neighbor 150.2.1.1 remote-as 1
neighbor 150.2.1.1 prefix-list filter-bb out
neighbor 150.2.2.1 remote-as 2
neighbor 150.2.2.1 prefix-list filter-bb out
neighbor 150.2.3.1 remote-as 3
neighbor 150.2.3.1 prefix-list filter-bb out
neighbor 150.2.4.1 remote-as 4
neighbor 150.2.4.1 prefix-list filter-bb out
neighbor 150.2.7.1 remote-as 7
neighbor 150.2.7.1 prefix-list filter-bb out
neighbor 150.2.8.1 remote-as 8
neighbor 150.2.8.1 prefix-list filter-bb out
neighbor 150.2.9.1 remote-as 9
neighbor 150.2.9.1 prefix-list filter-bb out
neighbor 150.2.10.1 remote-as 10
neighbor 150.2.10.1 prefix-list filter-bb out
neighbor 150.2.11.1 remote-as 11
neighbor 150.2.11.1 prefix-list filter-bb out
neighbor 150.2.12.1 remote-as 12
neighbor 150.2.12.1 prefix-list filter-bb out
neighbor 150.2.13.1 remote-as 13
neighbor 150.2.13.1 prefix-list filter-bb out
neighbor 150.2.29.1 remote-as 29
CCIE LAB Routing & Switching (V4.0)
18 www.passccielab.com All rights reserved Created by lofrent - 18 -
neighbor 150.2.29.1 prefix-list filter-bb out
neighbor 150.2.30.1 remote-as 30
neighbor 150.2.30.1 prefix-list filter-bb out
neighbor 150.2.31.1 remote-as 31
neighbor 150.2.31.1 prefix-list filter-bb out
no auto-summary
!
ip classless
ip route 172.16.0.0 255.255.0.0 150.1.12.253
ip route 172.17.0.0 255.255.0.0 150.1.12.253
no ip http server
!
!
ip prefix-list filter-bb seq 5 permit 197.68.1.0/24
ip prefix-list filter-bb seq 10 permit 197.68.4.0/24
ip prefix-list filter-bb seq 15 permit 197.68.5.0/24
ip prefix-list filter-bb seq 20 permit 197.68.21.0/24
ip prefix-list filter-bb seq 25 permit 197.68.22.0/24
access-list 10 permit 150.100.1.0 0.0.0.255
access-list 10 deny 150.0.0.0 0.255.255.255
access-list 10 permit any
route-map addas permit 10
match ip address prefix-list filter-bb
set as-path prepend 253
!
!
!
line con 0
logging synchronous
login
line aux 0
line vty 0 4
login
!
end
BB3
BB3#s run
Building configuration...
Current configuration : 2871 bytes
!
version 12.1
CCIE LAB Routing & Switching (V4.0)
19 www.passccielab.com All rights reserved Created by lofrent - 19 -
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname BB3
!
!
!
!
!
!
ip subnet-zero
no ip domain-lookup
!
!
!
!
interface Loopback0
ip address 4.1.1.1 255.255.255.0 secondary
ip address 198.2.3.1 255.255.255.0 secondary
ip address 198.2.5.1 255.255.255.0 secondary
ip address 128.28.2.1 255.255.255.0 secondary
ip address 182.2.2.1 255.255.255.0 secondary
ip address 182.2.4.1 255.255.255.0 secondary
ip address 198.1.1.5 255.255.255.252 secondary
ip address 198.2.1.1 255.255.255.0
!
interface Loopback10
ip address 197.68.4.1 255.255.255.0 secondary
ip address 197.68.5.1 255.255.255.0 secondary
ip address 197.68.21.1 255.255.255.0 secondary
ip address 197.68.22.1 255.255.255.0 secondary
ip address 197.68.1.1 255.255.255.0
!
interface Ethernet0
description Connect to BBSW F0/5
ip address 150.3.8.254 255.255.255.0 secondary
ip address 150.3.12.254 255.255.255.0 secondary
ip address 150.3.7.254 255.255.255.0 secondary
ip address 150.3.11.254 255.255.255.0 secondary
ip address 150.3.9.254 255.255.255.0 secondary
CCIE LAB Routing & Switching (V4.0)
20 www.passccielab.com All rights reserved Created by lofrent - 20 -
ip address 150.3.10.254 255.255.255.0 secondary
ip address 150.3.0.254 255.255.255.0
no ip mroute-cache
!
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
shutdown
!
interface BRI0
no ip address
shutdown
!
router eigrp 100
network 4.1.1.0 0.0.0.255
network 128.28.2.0 0.0.0.255
network 150.3.0.0
network 182.2.2.0 0.0.0.255
network 182.2.4.0 0.0.0.255
network 198.1.1.0
network 198.2.1.0
network 198.2.3.0
network 198.2.5.0
no default-information in
no default-information out
no auto-summary
no eigrp log-neighbor-changes
no eigrp log-neighbor-warnings
!
!
ip classless
ip http server
!
privilege exec level 0 show ip route
!
line con 0
logging synchronous
line aux 0
line vty 0 4
logging synchronous
login
CCIE LAB Routing & Switching (V4.0)
21 www.passccielab.com All rights reserved Created by lofrent - 21 -
!
end
CCIE LAB Routing & Switching (V4.0)
Rack YY R1 YY.YY.1.1/32
Rack YYR3 YY.YY.3.3/32
Rack YYR4 YY.YY.4.4/32
Rack YYR5 YY.YY.11.11/32
Rack YYSW1 YY.YY.7.7/32
Rack YYSW2 YY.YY.8.8/32
Rack YYSW3 YY.YY.9.9/32
Rack YYSW4 YY.YY.1010/32
22 www.passccielab.com All rights reserved Created by lofrent - 22 -
VLAN and IP Address
-vlan 2 name VLAN_BB2
-vlan 3 name VLAN_BB3
-vlan 11 name VLAN_A
-vlan 13 name VLAN_B
-vlan 15 name VLAN_BB1
-vlan 22 name VLAN_C
-vlan 24 name VLAN_H
-vlan 44 name VLAN_F
-vlan 45 name VLAN_G
-frame-realy: (R1-R2)
R1: YY.YY.15.242, R2: YY.YY.15.241
-BB1 is 150.1.YY.254/24
-BB2 is 150.2.YY.254/24
-BB3 is 150.3.YY.254/24
Loopback ip address
Host name Loopback 0 interface IP address
Unless specified above, all interface else must be 24 bit mask addressing.
Please use these script Verify the entire network
Yyrack# tclsh
foreach i {
11.11.15.161
11.11.15.242
11.11.15.249
11.11.1.1
11.11.15.129
11.11.15.34
11.11.15.241
11.11.2.2
150.3.12.1
11.11.15.193
Rack YYR2 YY.YY.2.2/32
CCIE LAB Routing & Switching (V4.0)
Hostname Loopback0 IP Address
YYR1 YY.YY.1.1/32
YYR2 YY.YY.2.2/32
YYR3 YY.YY.3.3/32
YYR4 YY.YY.4.4/32
YYR5 YY.YY.5.5/32
YYSW1 YY.YY.7.7/24
YYSW2 YY.YY.8.8/24
23 www.passccielab.com All rights reserved Created by lofrent - 23 -
11.11.15.245
11.11.3.3
11.11.15.65
11.11.15.33
11.11.4.4
11.11.15.97
11.11.15.250
11.11.15.246
11.11.5.5
11.11.15.162
11.11.15.194
11.11.7.7
11.11.15.130
11.11.8.8
11.11.15.66
11.11.15.98
11.11.10.10
} { puts [exec "ping $i" ]}
Loop back IP Address & VLANS
• The equipment on the rack assigned to you is physically Cabled and should not be tempered
with.
• Router and Switch hostnames, basic ip addressing, 'no exec-timeout' and passwords on the
Con, AUX and VTYs have been preconfigured. Do not change these configurations.
• All preconfigured passwords are 'Cisco'. Do not change these passwords.
• If you need clarification on the meaning of a question, or, if you suspect hardware problems with
you equipment, contact the lab proctor as soon as possible.
• The following symbols are used throughout the exam: YY is your 2-digit rack number, for
example YY value for
• Rack3 is 03 and for Rackl 1 is 11. X is your router number, for example X Value for router 1 is 1. Z
is any number SW1 and SW2 refer to the Catalyst
CCIE LAB Routing & Switching (V4.0)
24 www.passccielab.com All rights reserved Created by lofrent - 24 -
YYSW3 YY.YY.9.9/24
YYSW4 YY.YY.10.10/24
VLAN VLAN Name
VLAN 4 VLAN_BB2
VLAN 5 VLAN_BB3
VLAN 13 VLAN_A
VLAN 15 VLAN_B
VLAN 24 VLAN_C
VLAN 26 VLAN_H
VLAN 46 VLAN_F
VLAN 47 VLAN_G
Frame Relay (R1-R2) R1: YY.YY.13.237, R2: YY.YY.13.236
BB1 150.1.YY.254/24
BB2 150.2.YY.254/24
BB3 150.3.YY.254/24
R1
interface loopback 0
ip address YY.YY.1.1 255.255.255.255
!
interface fa0/1
ip address YY.YY.13.156
255.255.255.224
no shutdown
!
interface fa0/0
no ip address
shutdown
!
interface serial 0/0/0
no ip address
shutdown
!
interface serial 0/0/1
no ip address
encapsulation ppp
shutdown
CCIE LAB Routing & Switching (V4.0)
25 www.passccielab.com All rights reserved Created by lofrent - 25 -
R2
interface loopback 0
ip address YY.YY.2.2 255.255.255.255
!
interface fa0/1
no ip address
shutdown
!
interface fa0/0 no ip address shutdown !
interface serial 0/0/0
no ip address
shutdown
!
interface serial 0/0/0
no ip address
shutdown
R3
interface loopback 0
ip address YY.YY.3.3 255.255.255.255
!
interface fa0/1
ip address YY.YY.13.188
255.255.255.224
no shutdown
!
interface serial 0/0/0
ip address YY.YY.13.240 255.255.255.252
encapusulation ppp
no shutdown
!
R4
interface loopback 0
ip address YY.YY.4.4 255.255.255.255
!
interface fa0/0
ip address YY.YY.13.60 255.255.255.224
no shutdown
!
interface fa0/1
CCIE LAB Routing & Switching (V4.0)
26 www.passccielab.com All rights reserved Created by lofrent - 26 -
ip address YY.YY.13.28 255.255.255.224
no shutdown
!
R5
interface loopback 0
ip address YY.YY.5.5 255.255.255.255
!
interface fa0/1
ip address YY.YY.13.92 255.255.255.224
no shutdown
!
interface serial 0/0/0
ip address YY.YY.13.245 255.255.255.252
encapsulation ppp
no shutdown
!
interface serial 0/0/1
ip address YY.YY.13.241 255.255.255.252
encapsulation ppp
no shutdown
SW1
vtp domain CCIE
vtp mode server
vtp password cisco
!
vlan 4
name VLAN_BB2
!
vlan 5
name VLAN_BB3
!
vlan 13
name VLAN_A
!
vlan 15
name VLAN_B
!
vlan 17
name VLAN_BB1
!
CCIE LAB Routing & Switching (V4.0)
27 www.passccielab.com All rights reserved Created by lofrent - 27 -
vlan 24
name VLAN_C
!
vlan 26
name VLAN_H
!
vlan 46
name VLAN_F
!
vlan 47
name VLAN_G
!
interface loopback 0 ip address YY.YY.7.7
255.255.255.255
!
interface fa0/3
switchport access vlan 5
switchport mode access
!
interface fa0/4
switchport access vlan 46
switchport mode access
!
interface fa0/10
switchport access vlan17
!
interface fa0/19 -24
switchport trunk
encapsulation dot1q
switchport mode trunk
SW2
vtp mode client
vtp password cisco
!
interface loopback 0
ip address YY.YY.8.8 255.255.255.255
!
interface fa0/1
switchport access vlan 13
CCIE LAB Routing & Switching (V4.0)
28 www.passccielab.com All rights reserved Created by lofrent - 28 -
switchport mode access
!
interface fa0/3
switchport access vlan 15
switchport mode access
!
interface fa0/4
switchport access vlan 26
switchport mode access
!
interface fa0/5
switchport access vlan 47
switchport mode access
!
interface fa0/10 switchport access vlan 4
switchport mode access
!
interface fa0/19 -24
switchport trunk encapsulation dot1q switchport mode trunk
SW2
vtp mode client
vtp password cisco
!
interface loopback 0
ip address YY.YY.8.8 255.255.255.255
!
interface fa0/1
switchport access vlan 13
switchport mode access
!
interface fa0/3
switchport access vlan 15
switchport mode access
!
interface fa0/4
switchport access vlan 26
switchport mode access
!
interface fa0/5
CCIE LAB Routing & Switching (V4.0)
29 www.passccielab.com All rights reserved Created by lofrent - 29 -
switchport access vlan 47
switchport mode access
!
interface fa0/10
switchport access vlan 4
switchport mode access
!
interface fa0/19 -24
switchport trunk encapsulation dot1q
switchport mode trunk
SW3:
vtp mode client
vtp password cisco
!
interface loopback 0
vtp mode client
vtp password cisco
!
interface loopback 0
ip address YY.YY.9.9 255.255.255.255
!
interface fa0/10
switchport access vlan 5
switchport mode access
!
interface fa0/19 -24
switchport trunk encapsulation dot1q
switchport mode trunk
SW4:
vtp mode client
vtp password cisco
!
interface loopback 0
ip address YY.YY.10.10 255.255.255.255
!
interface fa0/19 -24
switchport trunk encapsulation dot1q
switchport mode trunk
CCIE LAB Routing & Switching (V4.0)
30 www.passccielab.com All rights reserved Created by lofrent - 30 -
BB1-BB2
BB1-BB2#s run
Building configuration...
Current configuration : 7507 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname BB1-BB2
!
!
ip subnet-zero
no ip domain-lookup
!
interface Loopback10
ip address 197.68.4.1 255.255.255.0 secondary
ip address 197.68.5.1 255.255.255.0 secondary
ip address 197.68.21.1 255.255.255.0 secondary
ip address 197.68.22.1 255.255.255.0 secondary
ip address 197.68.1.1 255.255.255.0
!
interface Ethernet0
ip address 150.1.2.254 255.255.255.0 secondary
ip address 150.1.3.254 255.255.255.0 secondary
ip address 150.1.4.254 255.255.255.0 secondary
ip address 150.1.13.254 255.255.255.0 secondary
ip address 150.1.1.254 255.255.255.0 secondary
ip address 150.1.11.254 255.255.255.0 secondary
ip address 150.1.10.254 255.255.255.0 secondary
ip address 150.1.9.254 255.255.255.0 secondary
ip address 150.1.7.254 255.255.255.0 secondary
ip address 150.1.8.254 255.255.255.0 secondary
ip address 150.1.29.254 255.255.255.0 secondary
ip address 150.1.30.254 255.255.255.0 secondary
ip address 150.1.31.254 255.255.255.0 secondary
ip address 150.1.12.254 255.255.255.0
!
interface Ethernet1
ip address 150.2.2.254 255.255.255.0 secondary
ip address 150.2.3.254 255.255.255.0 secondary
ip address 150.2.4.254 255.255.255.0 secondary
ip address 150.2.12.254 255.255.255.0 secondary
CCIE LAB Routing & Switching (V4.0)
31 www.passccielab.com All rights reserved Created by lofrent - 31 -
ip address 150.2.13.254 255.255.255.0 secondary
ip address 150.2.9.254 255.255.255.0 secondary
ip address 150.2.10.254 255.255.255.0 secondary
ip address 150.2.11.254 255.255.255.0 secondary
ip address 150.2.7.254 255.255.255.0 secondary
ip address 150.2.8.254 255.255.255.0 secondary
ip address 150.2.29.254 255.255.255.0 secondary
ip address 150.2.30.254 255.255.255.0 secondary
ip address 150.2.31.254 255.255.255.0 secondary
ip address 150.2.1.254 255.255.255.0
!
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
shutdown
!
!
router bgp 254
no synchronization
bgp log-neighbor-changes
network 197.68.1.0
network 197.68.4.0
network 197.68.5.0
network 197.68.21.0
network 197.68.22.0
neighbor 150.1.1.1 remote-as 1
neighbor 150.1.1.1 prefix-list filter-bb out
neighbor 150.1.1.1 route-map addas out
neighbor 150.1.2.1 remote-as 2
neighbor 150.1.2.1 prefix-list filter-bb out
neighbor 150.1.2.1 route-map addas out
neighbor 150.1.3.1 remote-as 3
neighbor 150.1.3.1 prefix-list filter-bb out
neighbor 150.1.3.1 route-map addas out
neighbor 150.1.4.1 remote-as 4
neighbor 150.1.4.1 prefix-list filter-bb out
neighbor 150.1.4.1 route-map addas out
neighbor 150.1.7.1 remote-as 7
neighbor 150.1.7.1 prefix-list filter-bb out
neighbor 150.1.7.1 route-map addas out
neighbor 150.1.8.1 remote-as 8
CCIE LAB Routing & Switching (V4.0)
32 www.passccielab.com All rights reserved Created by lofrent - 32 -
neighbor 150.1.8.1 prefix-list filter-bb out
neighbor 150.1.8.1 route-map addas out
neighbor 150.1.9.1 remote-as 9
neighbor 150.1.9.1 prefix-list filter-bb out
neighbor 150.1.9.1 route-map addas out
neighbor 150.1.10.1 remote-as 10
neighbor 150.1.10.1 prefix-list filter-bb out
neighbor 150.1.10.1 route-map addas out
neighbor 150.1.11.1 remote-as 11
neighbor 150.1.11.1 prefix-list filter-bb out
neighbor 150.1.11.1 route-map addas out
neighbor 150.1.12.1 remote-as 12
neighbor 150.1.12.1 prefix-list filter-bb out
neighbor 150.1.12.1 route-map addas out
neighbor 150.1.13.1 remote-as 13
neighbor 150.1.13.1 prefix-list filter-bb out
neighbor 150.1.13.1 route-map addas out
neighbor 150.1.29.1 remote-as 29
neighbor 150.1.29.1 prefix-list filter-bb out
neighbor 150.1.29.1 route-map addas out
neighbor 150.1.30.1 remote-as 30
neighbor 150.1.30.1 prefix-list filter-bb out
neighbor 150.1.30.1 route-map addas out
neighbor 150.1.31.1 remote-as 31
neighbor 150.1.31.1 prefix-list filter-bb out
neighbor 150.1.31.1 route-map addas out
neighbor 150.2.1.1 remote-as 1
neighbor 150.2.1.1 prefix-list filter-bb out
neighbor 150.2.2.1 remote-as 2
neighbor 150.2.2.1 prefix-list filter-bb out
neighbor 150.2.3.1 remote-as 3
neighbor 150.2.3.1 prefix-list filter-bb out
neighbor 150.2.4.1 remote-as 4
neighbor 150.2.4.1 prefix-list filter-bb out
neighbor 150.2.7.1 remote-as 7
neighbor 150.2.7.1 prefix-list filter-bb out
neighbor 150.2.8.1 remote-as 8
neighbor 150.2.8.1 prefix-list filter-bb out
neighbor 150.2.9.1 remote-as 9
neighbor 150.2.9.1 prefix-list filter-bb out
neighbor 150.2.10.1 remote-as 10
neighbor 150.2.10.1 prefix-list filter-bb out
neighbor 150.2.11.1 remote-as 11
neighbor 150.2.11.1 prefix-list filter-bb out
CCIE LAB Routing & Switching (V4.0)
33 www.passccielab.com All rights reserved Created by lofrent - 33 -
neighbor 150.2.12.1 remote-as 12
neighbor 150.2.12.1 prefix-list filter-bb out
neighbor 150.2.13.1 remote-as 13
neighbor 150.2.13.1 prefix-list filter-bb out
neighbor 150.2.29.1 remote-as 29
neighbor 150.2.29.1 prefix-list filter-bb out
neighbor 150.2.30.1 remote-as 30
neighbor 150.2.30.1 prefix-list filter-bb out
neighbor 150.2.31.1 remote-as 31
neighbor 150.2.31.1 prefix-list filter-bb out
no auto-summary
!
ip classless
ip route 172.16.0.0 255.255.0.0 150.1.12.253
ip route 172.17.0.0 255.255.0.0 150.1.12.253
no ip http server
!
!
ip prefix-list filter-bb seq 5 permit 197.68.1.0/24
ip prefix-list filter-bb seq 10 permit 197.68.4.0/24
ip prefix-list filter-bb seq 15 permit 197.68.5.0/24
ip prefix-list filter-bb seq 20 permit 197.68.21.0/24
ip prefix-list filter-bb seq 25 permit 197.68.22.0/24
access-list 10 permit 150.100.1.0 0.0.0.255
access-list 10 deny 150.0.0.0 0.255.255.255
access-list 10 permit any
route-map addas permit 10
match ip address prefix-list filter-bb
set as-path prepend 253
!
!
!
line con 0
logging synchronous
login
line aux 0
line vty 0 4
login
!
end
BB3
BB3#s run
CCIE LAB Routing & Switching (V4.0)
34 www.passccielab.com All rights reserved Created by lofrent - 34 -
Building configuration...
Current configuration : 2871 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname BB3
!
!
!
!
!
!
ip subnet-zero
no ip domain-lookup
!
!
!
!
interface Loopback0
ip address 4.1.1.1 255.255.255.0 secondary
ip address 198.2.3.1 255.255.255.0 secondary
ip address 198.2.5.1 255.255.255.0 secondary
ip address 128.28.2.1 255.255.255.0 secondary
ip address 182.2.2.1 255.255.255.0 secondary
ip address 182.2.4.1 255.255.255.0 secondary
ip address 198.1.1.5 255.255.255.252 secondary
ip address 198.2.1.1 255.255.255.0
!
interface Loopback10
ip address 197.68.4.1 255.255.255.0 secondary
ip address 197.68.5.1 255.255.255.0 secondary
ip address 197.68.21.1 255.255.255.0 secondary
ip address 197.68.22.1 255.255.255.0 secondary
ip address 197.68.1.1 255.255.255.0
!
interface Ethernet0
description Connect to BBSW F0/5
CCIE LAB Routing & Switching (V4.0)
35 www.passccielab.com All rights reserved Created by lofrent - 35 -
ip address 150.3.8.254 255.255.255.0 secondary
ip address 150.3.12.254 255.255.255.0 secondary
ip address 150.3.7.254 255.255.255.0 secondary
ip address 150.3.11.254 255.255.255.0 secondary
ip address 150.3.9.254 255.255.255.0 secondary
ip address 150.3.10.254 255.255.255.0 secondary
ip address 150.3.0.254 255.255.255.0
no ip mroute-cache
!
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
shutdown
!
interface BRI0
no ip address
shutdown
!
router eigrp 100
network 4.1.1.0 0.0.0.255
network 128.28.2.0 0.0.0.255
network 150.3.0.0
network 182.2.2.0 0.0.0.255
network 182.2.4.0 0.0.0.255
network 198.1.1.0
network 198.2.1.0
network 198.2.3.0
network 198.2.5.0
no default-information in
no default-information out
no auto-summary
no eigrp log-neighbor-changes
no eigrp log-neighbor-warnings
!
!
ip classless
ip http server
!
privilege exec level 0 show ip route
!
line con 0
CCIE LAB Routing & Switching (V4.0)
36 www.passccielab.com All rights reserved Created by lofrent - 36 -
logging synchronous
line aux 0
line vty 0 4
logging synchronous
login
!
end
SECTION1:DataLinkLayer(L2 Technologies)
Pre-Configuration on your exam
VLAN Trunking Protocol VTP Domain CCIE + YY
PPP serial link R1 through R5 and R3 through R5
For example,the rack number of 3 would have a VTP domain of 802.1q trunk between all fout
switches
2.1 Layer 2 Troubleshoot
Errors in the initial config
SW1 vtp domain name is ccieroutingandswitchingyy and the others are
ccieroutingandswitching.
Solution :change SW1 vtp domain name to ccieroutingandswitching
SW1 VTP password is cisc0 and the others are cisco.
Solution :change SW1 vtp password to cisco
On SW2 fastethernet0/10 config “switchport backup f0/4”, this command will cause interface
fasterthernet 0/4 down.
Solution :remove it
2.1 Troubleshoot layer 2 switching
One-two(or four) faults have been injected into the pre-configurations. these issues may impede a
working solution for certain portions of this labs exam and affect any labs exam section. You
must verify that all of your configurations work as expected. If something is not working as
expected then you must fix the underlying problem
Point will be awarded for solving each problem. However, if you fail to solve a particular problem ,
and the injected fault prevents you from having a working solutions of this lab, then you will lose
points for the fault and the lab that is not working
CCIE LAB Routing & Switching (V4.0)
VLAN ID VLAN Name Interface
5 VLAN_BB3 R3 Fa0/0
13 VLAN_A R1 Fa0/1
15 VLAN_B R3 Fa0/1
17 VLAN_BB1 R5 Fa0/1
24 VLAN_C R2 Fa0/1
26 VLAN_H R2 Fa0/1, R4 Fa0/1
46 VLAN_F R4 Fa0/0
47 VLAN_G R5 Fa0/1
37 www.passccielab.com All rights reserved Created by lofrent - 37 -
SW1:
vtp domain CCIERoutingandSwitching
vtp password cisco
SW2:
interface f0/10
no switchport backup f0/4
R1:
Interface s0/0
ip add 5.5.15.249 255.255.255.252
no peer neighbor-route
R3:
Interface s0/1
ip add 5.5.15.245 255.255.255.252
no peer neighbor-route
R5:
Interface s0/0
ip add 5.5.15.250 255.255.255.252
no peer neighbor-route
Interface s0/1
ip add 5.5.15.246 255.255.255.252
no peer neighbor-route
2.2 Access-Switch Ports of Switched Network Configuration
4 VLAN_BB2 SW2 F0/10
CCIE LAB Routing & Switching (V4.0)
Note: The default timeout interval is 300 seconds and, by default, the timeout feature is disabled.
38 www.passccielab.com All rights reserved Created by lofrent - 38 -
As per on SW1,SW2,SW3 should configure all of the appropriate nontrunking access switch ports
according to the below requirements.
As per the VLAN tables configure the VLANs for the access switch ports
Also Include the ports to BB1,BB2,and BB3
Trunk between SW2-Fa0/2 and R2-Fa0/1 should be configured
In the access switch port avoid transmitting BPDUs. When BPDU is received in any of these
ports, the port should transmit back to the listening, learning and forward process.
In the routers including trunk configuration should add any special
Layer2 commands which are required
For These access switch ports, by passing the listening and learning states ,the spanning
tree enters the forward state immediately and ensure this.
SW1
interface fa0/3
switchport access vlan 5
switchport mode access
!
interface fa0/4
switchport access vlan 46
switchport mode access
!
interface fa0/5
switchport access vlan 17
switchport mode access
!
interface fa0/10
switchport access vlan17
!
interface vlan 13
ip address YY.YY.13.157 255.255.255.224
no shutdown
!
interface vlan 15
ip address YY.YY.13.189 255.255.255.224
no shutdown
SW3 ~ SW3
spanning-tree portfast default
spanning-tree portfast bpduguard default
errdisable recovery cause bpduguard
errdisable recovery interval 300
CCIE LAB Routing & Switching (V4.0)
39 www.passccielab.com All rights reserved Created by lofrent - 39 -
SW2
interface fa0/1
switchport access vlan 13
switchport mode access
!
interface fa0/2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 22,24
switchport mode trunk
!
interface fa0/3
switchport access vlan 15
switchport mode access
!
interface fa0/4
switchport access vlan 26
switchport mode access
!
interface fa0/5
switchport access vlan 47
switchport mode access
!
interface fa0/10
switchport access vlan 4
switchport mode access
!
interface vlan 4
ip address 150.2.YY.1 255.255.255.0
!
interface vlan 24
ip address YY.YY.13.125 255.255.255.224
no shutdown
SW3
interface fa0/10
switchport access vlan 5
switchport mode access
SW4
interface vlan 46
ip address YY.YY.13.61 255.255.255.224
no shutdown
!
CCIE LAB Routing & Switching (V4.0)
40 www.passccielab.com All rights reserved Created by lofrent - 40 -
interface vlan 47
ip address YY.YY.13.93 255.255.255.224
no shutdown
R2
interface fa0/1
no shutdown
!
interface fa0/1.24
encapsulation dot1q 24
ip address YY.YY.13.124 255.255.255.224
!
interface fa0/1.26
encapsulation dot1q 26
ip address YY.YY.13.29 255.255.255.224
R3
interface fa0/0
ip address 150.3.YY.1 255.255.255.0
no shutdown
R5
interface fa0/0
ip address 150.1.YY.1 255.255.255.0
no shutdown
!
2.3 Frame Relay Configuration
Consider the points to configure R1 and R2 for frame relay and R4 as the frame relay switch Use
auto-sensing on R1 & R2 and ANSI LMI on Frame Relay switch Avoid any static Inverse Address
Resolutions Protocol or Frame Relay maps. For encapsulation use RFC1490/RFC2427
The below table should used for data-link connection identifier(DLCI)
assignments.
Frame Relay DLCI details
R1 Frame Relay interface 101
R2 Frame Relay interface 201
R1
interface serial 0/0/0
encapsulation frame-relay IETF
no fram-relay inverse-arp
no shutdown
CCIE LAB Routing & Switching (V4.0)
41 www.passccielab.com All rights reserved Created by lofrent - 41 -
ip address YY.YY.13.237 255.255.255.252
frame-relay map ip YY.YY.13.236 100 broadcast
frame-relay map ip YY.YY.15.242 100
clock rate 256000
no shutdown
!
interface serial 0/0/0/101
point-to-point
ip address YY.YY.13.237 255.255.255.252
!
R2
interface serial 0/0/0
encapsularion frame-relay IETF
no fram-relay inverse-arp
no shutdown
!
interface serial 0/0/0/201
point-to-point
ip address YY.YY.13.236 255.255.255.252
R4
frame-relay switching
!
interface serial 0/0/0
encapsularion frame-relay
clock rate 256000
frame-relay lmi-type ansi
frame-relay intf-type dce
frame-relay route 101
interface serial 0/1/0 201
no shutdown
!
interface serial 0/0/1
encapsulation frame-relay
clock rate 256000
frame-relay lmi-type ansi
frame-relay intf-type dce
frame-relay route 201
interface serial 0/0/0 101
no shutdown
CCIE LAB Routing & Switching (V4.0)
42 www.passccielab.com All rights reserved Created by lofrent - 42 -
2.4 Backbones Traffic
Your network should be protected from broadband storm by configuring traffic control on three
backbone links. This should be effective where broadcast traffic is 50% available bandwidth.
During this time the port should remain functioning . Answer:
SW1 ~ SW3
interface Fa0/10
strom-control broadcast level 50
2.5 Manipulation Trunking
Dual trunk port should be configured between Sw1, Sw2, Sw3 and Sw4 according to below needs.
For each switch on the six distribution ports DTP should be disabled. Allow the particular VLANs
5, 13, 15, 46, 47 only can receive and send traffic on these interfaces in tagged format to be set
SW1/SW2/SW3/SW4:
interface FastEthernet0/19
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 3,11,13,44,45
switchport mode trunk
switchport nonegotiate
interface FastEthernet0/20
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 3,11,13,44,45
switchport mode trunk
switchport nonegotiate
interface FastEthernet0/21
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 3,11,13,44,45
switchport mode trunk
switchport nonegotiate
interface FastEthernet0/22
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 3,11,13,44,45
switchport mode trunk
switchport nonegotiate
interface FastEthernet0/23
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 3,11,13,44,45
switchport mode trunk
switchport nonegotiate
CCIE LAB Routing & Switching (V4.0)
Notes:
After completion of configuration,please checking client is synchronized with the server,and
you can find vlan has been configed
Use command: do show inter trunk, checking vlan relay is correct and checking f0/19 -24
OSPF:
R3:
Interface 10
Ip address 11.11.3.3 255.255.255.255
router ospf 11
43 www.passccielab.com All rights reserved Created by lofrent - 43 -
interface FastEthernet0/24
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 3,11,13,44,45
switchport mode trunk
switchport nonegotiate
State is UP
SECTION 2 : Network Layer ( L3 Technologies)
2.1 Implement IPV4 OSPF
Configure open shortest path first ( OSPF)
Updates should be advertised only out of the interfaces that are indicated in the IGP
topology diagram
Don’t manually change the router ID
Don’t create additional ospf areas
Configure ospf area 2 such that there are no TYPE5 Advertisements (LSA) in the area, R1
should generate a default route.
Configure OSPF over frame relay between R1 and R2 choosing a network type that requires
designate router(DR) and backup designate router(BDR) negotiations and has the fatest
recover times
R1:
interface Serial0/0.12 point-to-point
ip ospf network broadcast
ip ospf dead-interval minimal hello-multiplier 5
router ospf 5
area 2 nssa default-information-originate
network 11.11.15.161 0.0.0.0 area 0
network 11.11.15.242 0.0.0.0 area 2
CCIE LAB Routing & Switching (V4.0)
44 www.passccielab.com All rights reserved Created by lofrent - 44 -
network 11.11.15.193 0.0.0.0 area 0
SW1:
Ip routing
Interface 10
Ip address 11.11.7.7 255.255.255.255
router ospf 11
network 11.11.7.7 0.0.0.0 area 0
network 11.11.15.162 0.0.0.0 area 0
network 11.11.15.194 0.0.0.0 area 0
R1
interface 10
Ip address 11.11.11.11 255.255.255.255
router ospf11
network 11.11.15.161 0.0.0.0 area 0
network 11.11.15.242 0.0.0.0 area 2
area 2 nssa
int s0/0.1
ip ospf network broadcast
ip ospf dead-interval minimal hello-multiplier 5
R2
int l0
ip add 11.11.2.2 255.255.255.255
router ospf 11
network 11.11.15.241 0.0.0.0 area 2
network 11.11.15.129 0.0.0.0 area 2
network 11.11.2.2 0.0.0.0 area 2
area 2 nssa
int s0/0.2
ip ospf network broadcast
ip ospf dead-interval minimal hello-multiplier 5
SW2:
Ip routing
Interface loopback0
ip add 11.11.8.8 255.255.255.255
router ospf 11
area 2 nssa
network 11.11.8.8 0.0.0.0 area 2
network 11.11.15.111 0.0.0.0 area 2
area 2 nssa
CCIE LAB Routing & Switching (V4.0)
45 www.passccielab.com All rights reserved Created by lofrent - 45 -
Notes: All loopback address has been configured in real lab exam
2.2 Implement IPV4 EIGRP
Configure EIGRP 100 and EIGRP YY per the IGP topology diagram
Eigrp updates should be advertise only out to the interface per the IGP topology diagram
On R1 , redistribute between ospf and eigrp YY. However all of the routes that are indicated below
from backone3 (EIGRP100) should not be redistributed between both protocols
Use route maps to accomplish this requirement. All route-maps should utilize the same access
lists
On R3, redistrubte from EIGRP 100 into OSPF
On R3, redistribute from EIGRP 100 into eigrp YY. However three networks 198.2.1.0/24,
198.2.3.0/24, 198.2.5.0/24 should be aggregated into a single address with the most specific mask
possible
eigrp 11: R1:
interface s0/1
router eigrp 11
network 11.11.1.1 0.0.0.0
network 11.11.15.249 0.0.0.0
no auto-summary
R3:
interface s0/1
router eigrp 11
network 11.11.15.245 0.0.0.0
network 11.11.3.3 0.0.0.0
no auto-summary
R5:
Interface loopback0
ip add 11.11.11.11 255.255.255.255 router eigrp 11
no auto-summary
network 11.11.11.11 0.0.0.0
network 11.11.15.97 0.0.0.0
network 11.11.15.246 0.0.0.0
network 11.11.15.250 0.0.0.0
SW4:
Ip routing
CCIE LAB Routing & Switching (V4.0)
46 www.passccielab.com All rights reserved Created by lofrent - 46 -
Interface loopback0
ip add 11.11.10.10 255.255.255.255
router eigrp 11
no auto-summary
network 11.11.10.10 0.0.0.0
network 11.11.15.98 0.0.0.0
EIGRP 100
R3:
router eigrp 100
network 150.3.11.1 0.0.0.0
no auto-summary
Redistribution :
router eigrp 11
Redistribution eigrp 100 metric 10000 100 255 1 1500
int s0/0
ip summay eigrp 11 198.2.0.0 255.255.248.0
router ospf 11
redistribute eigrp 100 metric-type 1 subnets
R1:
ip access-list extra 127
permit ip host 198.1.1.4 host 255.255.255.252
permit ip host 198.2.1.0 host 255.255.255.0
permit ip host 198.2.3.0 host 255.255.255.0
permit ip host 198.2.5.0 host 255.255.255.0
permit ip host 198.2.4.0 host 255.255.255.0
permit ip host 198.2.2.0 host 255.255.255.0
permit ip host 128.28.2.0 host 255.255.255.0
permit ip host 4.1.1.0 host 255.255.255.0
permit ip host 198.2.0.0 host 255.255.248.0
permit ip host 150.3.5.0 host 255.255.255.0
route-map filter deny 10
match ip add 127
route-map filter per 20
router ospf 11
redistribute eigrp 11 metric 50 metric-t 1 s route-map filter
area 2 nssa default-information-originate
router eigrp 11
redistribute ospf 11 metric 10000 100 255 1 1500 route-map filter
2.3 Implement RIP Version 2
CCIE LAB Routing & Switching (V4.0)
47 www.passccielab.com All rights reserved Created by lofrent - 47 -
Configure RIP version 2 (RIP V2) per the IGP topology diagram
RIP updates should be advertise only out the interface per the IGP topology diagram
All rip updates should be unicast
All rip updates must be able to receive and process RIPV1 packets
Mutually resditribute between RIP and ospf on R2 and sw4, R4 learned routes should be preferred
EIGRP
R2:
interface Ethernet0/1.24
ip rip receive version 1 2
router rip
version 2
no auto-summary
network 11.0.0.0
passive-interface default
neighbor 11.11.15.33
R4:
interface loopback0
ip add 11.11.4.4 255.255.255.255
router rip
version 2
no auto-summary
network 11.0.0.0
passive-interface default
neighbor 11.11.15.34
neighbor 11.11.15.66
int e0/1
ip rip receive version 1 2
int e0/0
ip rip receive version 1 2
Mutually redistribute between Rip and ospf YY on R2 Mutually redistribute between Rip and
EIGRP YY on SW4 ,EIGRP learned routes preferred over ospf within RIP area
R2:
router ospf 11
redistribute eigrp 11 metric 50 metric-t 1 s route-map filter
ip prefix-list nssa per 0.0.0.0/0
route-map filter deny 10
match ip add filter nssa
route-map filter per 20
access-list 10 deny 11.11.2.2
CCIE LAB Routing & Switching (V4.0)
R2-s0/0.Z and R1-s0/0.Z FC01:DB8:74:A::/64 eui-64
R1-G0/1 and SW1 –SVI 11 FC01:DB8:74:B::/64 eui-64
Configure ospfv3 per the IPV6 topology Ensure that R4 can ping sw1 using IPV6
R4:
Ipv6 unicast-routing
ipv6 router ospf 11
router-id 11.11.4.4
interface Ethernet0/1
ipv6 address FC01:DB8:74:9::/64 eui-64
48 www.passccielab.com All rights reserved Created by lofrent - 48 -
access-list 10 per any
router rip
redi ospf 11 metric 3 route-map filter
offset-list 10 out 3 e0/1.24
access-list 20 per 11.11.4.4
access-list 20 per 11.11.10.10
access-list 20 per 11.11.15.64
router ospf 11
distance 125 11.11.1.1 0.0.0.0 20
SW4:
access-list 10 deny 11.11.4.4
access-list 10 deny 11.11.2.2
access-list 10 deny 11.11.15.32
access-list 10 per any
router rip
redi ospf 11 metric 2
distance 175 11.11.15.65 0.0.0.0 10
ip prefix-list rip per 11.11.2.2/32
ip prefix-list rip per 11.11.4.4/32
ip prefix-list rip per 11.11.15.32/27
ip prefix-list rip per 11.11.15.64/27
route-map perrip permit 10
match ip add prefix rip
router eigrp 11
redi rip metric 10000 100 255 1 1500 route-map perrip
3.4 Implement IPV6
Internte protocol version 6 ( IPV6) to configure IPV6 unique local unicast address using the eui-64
interface identifier
R4-G0/1 and R2-G0/1.Z(vlan 24) FC01:DB8:74:9::/64 eui-64
CCIE LAB Routing & Switching (V4.0)
49 www.passccielab.com All rights reserved Created by lofrent - 49 -
ipv6 ospf 11 area 0
R2:
Ipv6 unicast-routing
ipv6 router ospf 11
router-id 11.11.2.2
interface Ethernet 0/1.24
ipv6 address FC01:DB8:74:9::/64 eui-64
ipv6 ospf 11 area 0
interface serial0/0.2
ipv6 address FC01:DB8:74:b::/64 eui-64
ipv6 ospf 11 area 1
R1:
Ipv6 unicast-routing
ipv6 router ospf 11
router-id 11.11.1.1
interface Ethernet0/1
ipv6 address FC01:DB8:74:a::/64 eui-64
ipv6 ospf 11 area 0
SW1:
Sdm prefer dual-ipv4-and-ipv6 default
Ipv6 unicast-routing
ipv6 router ospf 11
router-id 11.11.7.7
interface vlan 11
ipv6 address FC01:DB8:74:a::/64 eui-64
ipv6 ospf 11 area 1
3.5 Implement IPV4 BGP
Refer to the BGP routing diagram ,configure BGP with these parameters:
Configure two bgp confederations R1 R3 R5 and SW4(ASYY1)and R2 and SW2(ASYY2)
The confederation peers should neighbor between R1 and R2 and between SW4 and R2
EBGP :SW2 EBGP peer with the router 150.2.YY.254 on backone 2 in AS 254 .This router
advertise five routes with format 197.68.X.0/24 and AS path 254
EBGP:R5 EBGP peer with the router 150.2.YY.254 on backone 1 in AS 254 , This router advertise
five routes with format 197.68.X.0/24 and AS path 254 253
The BGP devices should all prefer the path through R5 (150.1.YY.254) for network
197.68.21.0/24 and 197.68.22.0/24 .The internal board gateway protocol (IBGP) devices should
CCIE LAB Routing & Switching (V4.0)
50 www.passccielab.com All rights reserved Created by lofrent - 50 -
all prefer the path through SW2(150.2.YY.254)for network 197.68.1.0/24 197.68.4.0/24 and
197.68.5.0/24 .This manipulationshould be accomplished only on one router suing
route-map that refer to a single access-list
Configure only the loopback0 ip address to propagate BGP route information
R1:
router bgp 111
bgp router-id 11.11.1.1
bgp log-neighbor-changes
bgp confederation identifier 11
bgp confederation peers 112
neighbor 11.11.2.2 remote-as 112
neighbor 11.11.2.2 update-source Loopback0
neighbor 11.11.11.11 remote-as 52
neighbor 11.11.1.1 ebgp-multihop 255
neighbor 11.11.11.11 remote-as 111
neighbor 11.11.11.11 update-source Loopback0
no auto-summary
R3:
router bgp 11
no synchronization
bgp router-id 11.11.3.3
neighbor 11.11.1.1 remote-as 111
neighbor 11.11.1.1 update-source Loopback0
no auto-summary
sw4:
router bgp 11
bgp confederation peers 112
bgp confederation identifier11
bgp router-id 11.11.10.10
neighbor 11.11.2.2 remote-as 112
eighbor 11.11.2.2 ebgp-multihop 10
neighbor 11.11.11.11 update-source Loopback0
no auto-summary
R5:
router bgp 11
no synchronization
bgp router-id 11.11.11.11
bgp log-neighbor-changes
bgp confederation identifier 11
neighbor ibgp peer-group
neighbor ibgp remote-as 111
CCIE LAB Routing & Switching (V4.0)
51 www.passccielab.com All rights reserved Created by lofrent - 51 -
neighbor ibgp Loopback0
neighbor as52 route-reflector-client
neighbor as52 next-hop-self
neighbor 11.11.1.1 peer-group ibgp
neighbor 11.11.3.3 peer-group ibgp
neighbor 11.11.10.10 peer-group ibgp
neighbor 150.111.254 remote-as ibgp
neighbor 150.1.11.254 route-map loc in
no auto-summary
ip access-list extra 127
access-list 5 permit 197.68.21.0 0.0.0.255
access-list 5 permit 197.68.22.0 0.0.0.255
route-map loc permit 10
match ip address 127
set local-preference 200
SW2:
router bgp 112
no synchronization
bgp router-id 11.11.8.8
bgp confederation identifier 11
neighbor 11.11.2.2 remote-as 112
neighbor 11.11.2.2 update-source Loopback0
neighbor 11.11.2.2 next-hop-self
neighbor 150.2.5.254 remote-as 254
no auto-summary
R2:
router bgp112
no synchronization
bgp router-id 11.11.2.2
bgp log-neighbor-changes
bgp confederation identifier 11
bgp confederation peers 111
neighbor ebgp peer-grup
neighbor ebgp remote-as 111
neighbor ebgp update-source Loopback0
eighbor 11.11.2.2 ebgp-multihop 10
no auto-summary
neighbor 11.11.1.1 peer-group ebgp
neighbor 11.11.10.10 peer-group ebgp
CCIE LAB Routing & Switching (V4.0)
52 www.passccielab.com All rights reserved Created by lofrent - 52 -
neighbor 11.11.8.8 r remote-as 112
neighbor ebgp update-source Loopback0
SECTION 3 : Services
4.1 secure HTTP access
Enable secure HTTP access for R5 , Enalbe authentication using the list “HTTP”
which utilizes local user authentication . Configure two different users for access to
R5 ,the user cisco (password cisco) ,who only has privilege 1 access to R5 ; and the
user ADMIN(password CISCO) who has privilege 15 access to R5 .
Dno’t change console and vty password
NO ip http server
ip http secure-server
aaa authentication login default line
aaa authentication login HTTP local none
aaa authorization exec HTTP local
ip http authentication aaa login-authentication HTTP
ip http authentication aaa exec-authorization HTTP
username ADMIN privilege 15 pass ADMIN
username cisco privilege 1 pass cisco
4.2 secure the WAN PPP LINKS
Configure challenge handshake atuthentication protocol(CHAP)on R5 for the link to R1 and R3,
according to the following requirements
An authentication, authorization, and according (AAA) list named R1 and R3 for R1 and R3
respectively
Authentication for R1 should first try the radius server 198.2.3.128 using a key of cisco and fall
back to local login in the event of a failure to connect to the radius server
R1 should present itself to R5 as RACKYYR1 with a shared password cisco,
Authentication for R3 should first try the TACAS server 198.2.3.129 using a key of cisco and fall
back to local login in the event of a failure to connect to the TACAS server
R3 should present itself to R5 as BACKUP with a shared password of CISCO
R5:
aaa new-model
aaa authentication ppp R1 group radius local-case
aaa authentication ppp R3 group tacacs+ local-case
username RackYYR1 password cisco
username BACKUP password CISCO
CCIE LAB Routing & Switching (V4.0)
53 www.passccielab.com All rights reserved Created by lofrent - 53 -
radius-server host 198.2.5.128 key cisco
tacacs-server host 198.2.5.129 key cisco
interface s0/0
ppp authentication chap R1
interface s0/1
ppp authentication chap R3
R1:
interface s0/0
ppp chap hostname RackYYR1
ppp chap password cisco
R3:
interface s0/1
ppp chap hostname BACKUP
ppp chap password CISCO
4.3 MQC-Based FRTS
Configure parent class-default committed information (CIR ) as 64KB (when no backward explicit
congestion notification are present and 32KB.
• Differentiate between voice & data packet
• Guaranteed bandwidth 40% voice
• Guaranteed bandwidth 35% data
• Voice packets are marked EF
• Class 1 and 2 ( E11or E12) enable CBWFQ for SUB class-default
R2:
class-map match-all D1
match ip dscp af11
class-map match-all D2
match ip dscp af21
class-map match-all D
match class-map D1
match class-map D2
class-map match-all VOICE
match ip precedence 5
match ip dscp ef
policy-map CBWFQ
class D
bandwidth percent 35
class VOICE
bandwidth percent 40
CCIE LAB Routing & Switching (V4.0)
54 www.passccielab.com All rights reserved Created by lofrent - 54 -
class class-default
fair-queue
!
map-class frame-relay FRTS
frame-relay cir 64000
frame-relay mincir 32000
frame-relay adaptive-shaping becn
service-policy output CBWFQ
Interface s0/0
Frame-relay traffic-shaping
Interface s0/0.2
fram int 200
class FRTS
4.4 AutoQOS over PPP
To 4.3 continue to address voip quality of service (QOS) by configuring cisco autoQOS over PPP
link between R1 and R5
R1:
Interface s0/0/1
auto discovery qos
auto qos voip
R5:
Interface s0/0
auto discovery qos
auto qos voip
4.5 First Hop Redundancy
To facilitate load balancing and backup for hosts off of VLAN_H, configure GLBP on VLAN_H, Use
any group number. R4 should have the higher priority with the ability for R2 to assume control if
the priority of R4 decreases. Use MD5 authentication to protect the GLBP group. Use the
key-string 'cisco'. Configure the IP yy.yy.35.35 as your GLBP virtual address.
R2:
interface Ethernet0/0.24
glbp 1 ip 11.11.15.35
glbp 1 preempt
CCIE LAB Routing & Switching (V4.0)
55 www.passccielab.com All rights reserved Created by lofrent - 55 -
glbp 1 authentication md5 key-string cisco
R4:
interface Ethernet0/1
glbp 1 ip 11.11.35.35
glbp 1 priority 105
glbp 1 preempt
glbp 1 authentication md5 key-string cisco
4.6 polled and broadcast NTP
Enable network time protocol (NTP) on R2,R3 and R4 according to the following requirement
R2 should act as an NTP server to R3
R4 should provide broadcast NTP updates only to VLAN_H
The hardware clocks on R2,R3 and R4 should be updated by the sofeware clock
R4 should use loopback 0 as the source address
Absent an external time server, R4 should use its own system clock to synchronize R2 and R3
Set the clock on R4 as 8:00 am (08:00),January 1 2000
Ultimately, the clocks on R2,R3 and R4 should be in synchronized
R4:
Clock set 8:00:00 1 jan 2000
Conf t
ntp master 3
ntp source loopback 0
ntp update-calendar
interface e0/1
ntp broadcast
R2:
ntp server 11.11.4.4
ntp update-calendar
interface e0/1.24
ntp broadcast client
R3:
ntp server 11.11.2.2
ntp update-calendar
4.7 SYSLOG
Configure SYSLOG on R3 to according to the following requirement
Enable SYSLOG on R3 to log emergencies , alarms and critical to host 150.3.YY.10 with facility 6
CCIE LAB Routing & Switching (V4.0)
Notes:
Need to explain here, the normal 128-mask can not be configured, because we have been to find,
we use minimum with 127- mask, and we got a perfect score
R1:
ipv6 cef
ipv6 multicast-routing
ipv6 pim rp-address name multicast
ipv6 access-list multicast
permit ipv6 host FF08::4000:4000/127
R2:
ipv6 cef
ipv6 multicast-routing
56 www.passccielab.com All rights reserved Created by lofrent - 56 -
R3 should use Loopback0 address
Answer:
R3
logging on
logging host 150.3.YY.10
logging trap critical logging facility local6
logging source-interface loopback 0
SECTION 4 : IP Multicast
4.1 PIM Spares Mode for IPv6 Multicast
implement PIM spares mode for IPV6 multicast
Enable pim sparse mode ( pim-sm) on the lan between R4-fa0/1 and R2-Gi0/1, R1 G0/1 and SW1
Svi, and on the WAN link between R2 and R1, Using these criteria
Configure R4-fa0/1 to be the redezvous point (RP) for the FF08::4000:4000 multicast group no
other groups should be permited
CCIE LAB Routing & Switching (V4.0)
57 www.passccielab.com All rights reserved Created by lofrent - 57 -
ipv6 pim rp-address name multicast
ipv6 access-list multicast
permit ipv6 host FF08::4000:4000/127
R4:
ipv6 cef
ipv6 multicast-routing
ipv6 pim rp-address name multicast
ipv6 access-list multicast
permit ipv6 host FF08::4000:4000/127
SW1:
ipv6 mld snooping
5.2 multicast joins
Configure R2 s0/0/0.Z as an ipv6 receiver for the multicast group FF08::4000:4000
R2 should be able to ping the multicast group FF08::4000:4000
R2:
Interface s0/0/0.Z
ipv6 mld join-group FF08::4000:4000
Section V. optimize the network
5.1 Netflow data export
Configure netflow on R4 to according to the following requirement
source should be VLAN_H
Export all data to 198.2.5.10
Use UDP port 9991 for exporting
Use netflow version 9 only
R4:
ip flow-export source loopback 0
CCIE LAB Routing & Switching (V4.0)
Exit criteria are optional. If exit criteria are not specified, event monitoring will be reenabled
58 www.passccielab.com All rights reserved Created by lofrent - 58 -
ip flow-export destination 198.2.5.10 9991
ip flow-export version 9
ip multicast netflow rpf
ip multicast netflow out
interface e0/0
ip flow ingress
ip flow egress
5.2 Embedded event manager monitor of cpu
Configure three different event manager applets on R3 acconding to the following requirements:
If the 5 min CPU value(cpmCPUTotal5minRev) goes above 60 percent, the first 10 lines of the
show processes cpu command output should be emailed to engineer@cisco.com from
EEM@cisco.com with a subject of "CPUAlert5min" using the mail server 198.2.5.10 Polling
should be every 60 seconds
R3
snmp-server community XXX ro
//[no] snmp-server community string [view view-name] [ro | rw][access-list number]
event manger applet CPU
event snmp oid 1.3.6.1.4.1.9.9.109.1.1.1.1.8 get-type exact entry-op ge entry-val 60
poll-interval 60
monitoring is not reenabled until the criteria are met.
act 1.0 cli command enable
act 2.0 cli command "show process cpu | include CPU|PID|^_ [1-9]|^_10"
act 3.0 mail server 198.2.5.10 to engineer@cisco.com from EEM@cisco.com subject
CPUAlert5min body $_cli_result
5.3 TFTP SERVER
Configure R3 as a TFTP server with the following requirements
R4 should be able to copy the file TEST from the flash memory of R3
No other files should be aviable from R3
No other devices should be able to copy the files TEST from R3
Note: You do not need to create the TEST file on R3 or attempt to make a actual copy
R3:
Access-list 4 permit 11.11.4.4
Access-list 4 permit 11.11.15.65
Access-list 4 permit 11.11.15.33
immediately. If exit criteria are specified—on the basis of values or time periods—event
CCIE LAB Routing & Switching (V4.0)
59 www.passccielab.com All rights reserved Created by lofrent - 59 -
tftp-server flash:TEST 4