Professional Documents
Culture Documents
CCIE SOLDIER
Section 1 : Layer 2 Technologies 1.1 Troubleshoot Layer 2 Switch A few faults have been injected the preconfigurations just described. These issues may impede a working solution for certain portions of this lab exam. And these issues can affect any lab section. You must verify that all of your configurations work as expected. If something is not working as expected. Then you must fix the underlying problem. Point will be awarded for solving each problem. However, if you fail to solve particular problem, and the injected fault prevents you from having a workings solution of this lab, then will lose points for the fault and the scenario that is not working.
1.2 VLAN and Access-Ports Configure all of the appropriate non-trunking switch ports on all switches according to the following requirements:
VTP Domain is set to "CCIE" and VTP password is set to "cisco" VTP mode on all switches should be configures to transparent mode. Configure the VLAN ID and Name according to the table below (case sensitive). Configure the access ports for each VLAN as per the diagram Vlan17 VLAN_17_R1-SW2
Vlan29 - VLAN_29_R2-SW4
Vlan34 - VLAN_34 Vlan38 - VLAN_38_R3-SW3 Vlan45 VLAN_45 Vlan56 - VLAN_56_R5-SW1 Vlan67 - VLAN_67_SW1-SW2 Vlan89 - VLAN_89_SW3-SW4 Vlan100 - VLAN_BB1 Vlan200 -VLAN_BB2 Vlan300 - VLAN_BB3 Vlan333 - VLAN_CUSTOMER Vlan500 - VLAN_USERS Vlan666 - VLAN_CARRIER Vlan999 - VLAN_NATIVE
1.3 Multiple Spanning Tree (MST) Configure the switches according to the following requirements Each of the following sets of VLAN must share a common spanning-tree topology: Spanning-tree topology 1: all odd VLANs used throughout your exam Spanning-tree topology 2: all even VLANs used throughout your exam Spanning-tree topology 3: all other VLANs must be explicitly put into instance 3 (Or)Spanning-tree topology 3: all other VLANs Use domain name as cisco o Ensure SW1 is root switch for Instance 1 and CIST VLANs and o backup root switch for instance 2 o Ensure SW2 isroot switch for instance 2 and o backup root switch for Instance 1 and CIST VLANs Configure native vlan to vlan 999. Ensure this vlan is tagged. o All unused ports should beadministratively shutdown and defined as access ports on VLAN 999. o Dont forget GigaEthernet ports (2 ports)
1.4 Switch Trunking and EtherChannel Refer to the diagram . Configure the dual trunk ports between all switches according to the following requirements Configure the trunk using dot1q as per the diagram (port 19 24) for SW1 SW4 Allow the native VLAN 999 and sure native VLAN tagged the frame. Use encapsulation 802.1q Disable DTP on the six distribution ports for each switch Configure an 802.3ad 200 Mbps Etherchannel between SW1 and SW2 SW2 should not actively start it Ether channel load balancing should be accomplished by source destination host MAC addresses If more channel members are added in the future, Fa0/24 must have the best chance to be the first active port in the channel. Configure EtherChannel (LACP) between 2 switches, SW2 shouldnt actively starts it. Load balance hash of src-dst mac-add
1.5 Implement 802.1Q Tunneling Configure your network as per the following requirements: - User connected to VLAN 333 on SW3 must be able to communicate with users connected to VLAN 333 on SW4 via their interfaces Fa0/19 (respectively connected to SW1 and SW2) - Configure theVLAN 333 interface onSW3 with the IP address YY.YY.33.8/24 - Configure the VLAN 333 interface on SW4 with the IP address YY.YY.33.9/24 - VLAN 333 must be allowed to flow only though SW3 and SW4's Fa0/19. No other trunks may carry this VLAN - SW1 and SW2 must carry the VLAN 333 data across the network using VLAN666 - VLAN 666 may exist only on SW1 and SW2 - SW1 and SW2 must not allow VLAN 333 on any trunks and must allow VLAN 666 only on the trunks between them. - No other port in any switch may carry VLAN 333 - Do not modify any spanning-tree cost or port priority to achieve this task - Referring to the exhibit below o SW3 must see SW4 as a CDP neighbor via interface Fa0/19 and o must be able to ping SW4's VLAN 333
1.6 PPP over Ethernet Configure PPPoE between R3 and R4 according to the following requirements: Configure R3 as a PPPoE Sever Configure R4 as a PPPoE Client Configure group name as CISCO R4 always gets the same IP address from R3 Do not use DHCP to receive the IP address Ensure no interleaving in PPPoE link.Or (Ensure that there is no unnecessary ppp fragmentation on the PPPoE link) IP address must be give to virtual Template R3 must require R4 to authenticate using CHAP but R4 must NOT require R3 to authenticate. o Use CISCO as CHAP password for R4. o Make sure that all CHAP passwords are shown in clear text in the configuration
1.7 Implement Frame-Relay Use the following requirements to configure R1 and R2 for Frame-Relay Use static frame relay maps with the broadcast capability Do not use dynamic ARP mapping Do not change anything in the frame-relay switch (R4) Use RFC1490/RFC2427 encapsulation Use the DLCI assignments from the table below Set the bandwidth administrative to 50000 Kb in the interfaces. R1 and R2 must be able to ping self interface R1 use DLCI 100 R2 uses DLCI 200
- Ensure that R4 can still reach all OSPF network via R3 in case R1 or R5 goes down. - Do not create additional OSPF areas. - Do not use any IP address not listed in Diagram 2.2 IPv4 EIGRP Configure Enhanced Interior Gateway Routing Protocol (EIGRP) 100 and EIGRP YY as per the IGP topology diagram 1. Backbone 3 the IP address 150.3.YY.254 and is using AS number 100. 2. EIGRP updates should be advertised only out to the interface per the IGP topology diagram. 3. On SW3, redistribute from EIGRP 100 into EIGRP YY. 4. Do NOT use automatic summarization for any EIGRP process. 2.3 IPv4 RIPv2 Configure RIP Version 2(RIPv2) per the IGP topology diagram. RIP updates must be advertised only out to the interface per the IGP topology diagram. Do NOT use auto summarization.
Configure EBGP on R1, R2 according to the following requirements: R1 should be eBGP peers with the router Backbone 1 AS 254. R2 should be eBGP peers with the router Backbone 2 AS 254. Ensure that R1 & R2 have capability to signalize end of RIB remark. You are NOT allowed to use BGP next-hop anywhere. Router (R1) should generate a warning message, if it receives more than 5 prefixes from Backbone (BB1).
Ensure that all routers and switches can ping each other using IPv6. The process ID is 2001. OSPFv3 router IDs must be stable and identical to the OSPFv2 router IDs. Ensure that periodic router advertisements should be disabled on the IPv6 enabled interfaces. Make sure IPV6 domain use Cisco Proprietary Forwarding Mechanism. Authenticate the OSPFv3 between R1 and R5 according to the following requirement: Use the
You are not allowed to use any commands under the router configuration mode to accomplish this
task.
Do not create additional OSPFv3 areas. Ensure that all IPv6 networks on all routers and switches can ping each other using IPv6. Configure IPv6 Address Number as follow.
(YY- Rack number, HH- Interface ipv4 3rd octet, ZZ- Interface ip4 4th octet) Interface2001:YY:HH::ZZ/64, Loopback- 2001:YY:HH::ZZ/128
Configure Multicast Routing between R3-S0/0/0 and R5-S0/0/1 according to following requirements: Do NOT use any RP Interface loopback0 of R3video server is simulated in R5client. Multicast is sourced from on loopback0 R3 and receiver was R5Fa 0/0 (225.1.1.1) Ensure that unnecessary flooding /pruning does not occur
In near future, other users in R5 are planning to join 225.1.1.2and 225.1.1.3 The users will use IGMPv2. Ensure that these users can only access the two multicast streams. Routers should not use DNS query for mapping the source.
Do not reconfigure on R4
Note: The key chain pre-configured can be found using "show key chain RIP" on R4
SW1 Fa0/9 as promiscuous port or (All of the above ports (Fa0/6, Fa0/7 from SW1 and SW2)must
be allowed to communicate with a device connected to port Fa0/9 of SW1 ) Use only odd VLAN number(s) (between 334 and 998) if you need to create any new VLAN(s)
Configure HSRP between SW1 and SW2 under VLAN 500 - Define user gateway for VLAN 500 as YY.YY.100.254: - The IP YY.YY.100.1 should be assigned to the primary HSRP gateway and YY.YY.100.2 should be assigned to the secondary HSRP gateway. - Active group gateway assignment should comply with active root of spanning tree of VLAN 500.
- Active Gateway Priority 120 and the Standby is left at the default. - Define track object for group, which is the reachability of one network 150.1.YY.0/24 - Standby will take up active role in a second if 5 hello packets not received - Authentication between both switches - md5 password CISCO - The primary gateway should have the ability to resume the Primary role once the tracked object is reachable - Make sure IGP is not running in this subnet
Section 5 : Optimize the Network 5.1 Simple Network Management Protocol (SNMP)
Configure SNMPv3 for group "admin" on R3 as per following requirements Use location San Jose, USA Use contact ccie@cisco.com Use R3 loopback0 interface for SNMP trap as source A SNMPv3 group admin has a user with a view privilege adminview and must view only ISO mib. A SNMPv3 group admin has a user with a view privilege adminwrite and must write only system
mib. Ensure that group admin should be set with strongest security mechanism. A user ccie should be from group admin and use md5 password of cisco (case sensitive) Ensure that admin group only allow users access from YY.YY.17.0/24 Use a SNMP v2c instance for NMS in YY.YY.67.0/24 to accomplish this task. Note: All view name, group, username and community should be case-sensitive
5.2 NetFlow
Configure NetFlow on R1 according to the following requirements Enable NetFlow on R1 to monitor the traffic entering and leaving Area 0 from BB1 Generate NetFlow sample one out-of-every 1000 packets Export the flows to the server YY.YY.56.100 port 2222
In case the export to server fails, use backup server YY.YY.56.101 with the same port number. Use R1 Loopback as source address for the exports Use NetFlow version 9 with reliable transfer Do not use policy-map