You are on page 1of 120

iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol. 1)  

Table  of  Contents  
Lab  1:   Configure  and  troubleshoot  switch  port  modes  .........................................................................  3  
Lab  2:   Configure  and  troubleshoot  VTP  .......................................................................................................  4  
Lab  3:   Configure  and  troubleshoot  Portchannels  ....................................................................................  7  
Lab  4:   Configure  and  troubleshoot  Spanning-­‐tree  Protocol  ...............................................................  9  
Lab  5:   Configure  and  troubleshoot  Multi-­‐Instance  Spanning-­‐tree  Protocol  (MST)  ..............  11  
Lab  6:   Miscellaneous  Layer  2  Topics  .........................................................................................................  13  
Lab  7:   HDLC  and  PPP/PPPoE  ........................................................................................................................  16  
Lab  8:   Configure  and  troubleshoot  Basic  IP  routing  ...........................................................................  18  
Lab  9:   Configure  and  troubleshoot  Routing  Information  Protocol  (Part  1)  .............................  20  
Lab  10:   Configure  and  troubleshoot  Routing  Information  Protocol  (Part  2)  .............................  22  
Lab  11:   Configure  and  troubleshoot  EIGRP  (Part  1)  ..............................................................................  24  
Lab  12:   Configure  and  troubleshoot  EIGRP  (Part  2)  ..............................................................................  26  
Lab  13:   Configure  and  troubleshoot  EIGRP  (Part  3)  ..............................................................................  28  
Lab  14:   Configure  and  troubleshoot  OSPF  (Part  1)  ................................................................................  31  
Lab  15:   Configure  and  troubleshoot  OSPF  (Part  2)  ................................................................................  34  
Lab  16:   Configure  and  troubleshoot  OSPF  (Part  3)  ................................................................................  37  
Lab  17:   Configure  and  troubleshoot  OSPF  (Part  4)  ................................................................................  38  
Lab  18:   Configure  and  troubleshoot  BGP  (Part  1)  ..................................................................................  42  
Lab  19:   Configure  and  troubleshoot  BGP  (part  2)  ..................................................................................  44  
Lab  20:   Configure  and  troubleshoot  BGP  (part  3)  ..................................................................................  46  
Lab  21:   Configure  and  troubleshoot  BGP  (part  4)  ..................................................................................  49  
Lab  22:   Configure  and  troubleshoot  BGP  (part  5)  ..................................................................................  52  
Lab  23:   Configure  and  troubleshoot  Multiprotocol  Label  Switching  (Part  1)  ............................  54  
Lab  24:   Configure  and  troubleshoot  Multiprotocol  Label  Switching  (Part  2)  ............................  57  
Lab  25:   Configure  and  troubleshoot  Ipsec  Virtual  Private  Networks  ............................................  60  
Lab  26:   Configure  and  troubleshoot  IPsec  Virtual  Private  Networks  (Part  2)  ...........................  62  
Lab  27:   Configure  and  troubleshoot  Protocol  Independent  Multicast  Operations  (Part  1)  .  66  
Lab  28:   Configure  and  troubleshoot  Protocol  Independent  Multicast  Operations  (Part  2)  .  69  
Lab  29:   Configure  and  troubleshoot  Protocol  Independent  Multicast  Operations  (Part  3)  .  72  
Lab  30:   Configure  and  troubleshoot  Protocol  Independent  Multicast  Operations  (Part  4)  .  75  
Lab  31:   Configure  and  troubleshoot  IP  version  6  (Part  1)  ..................................................................  78  
Lab  32:   Configure  and  troubleshoot  IP  version  6  (Part  2)  ..................................................................  81  
Lab  33:   Configure  and  troubleshoot  IP  version  6  (Part  3)  ..................................................................  84  
Lab  34:   Configure  and  Troubleshoot  Quality  of  Service  Mechanisms  (Part  2)  ..........................  88  
Lab  35:   Configure  and  Troubleshoot  Quality  of  Service  Mechanisms  (Part  3)  ..........................  90  
Lab  36:   Security  Part  I  .........................................................................................................................................  93  
Lab  37:   Security  Part  II  .......................................................................................................................................  98  
Lab  38:   Security  Part  III  ...................................................................................................................................  102  
Lab  39:   Configure  and  Troubleshoot  IP/IOS  Services  (Part  1)  ......................................................  107  
Lab  40:   Configure  and  Troubleshoot  IP/IOS  Services  (Part  2)  ......................................................  109  
Lab  41:   Configure  and  Troubleshoot  IP/IOS  Services  (Part  3)  ......................................................  111  
Lab  42:   Configure  and  Troubleshoot  IP/IOS  Services  (Part  4)  ......................................................  113  
Lab  43:   Configure  and  Troubleshoot  IP/IOS  Services  (Part  5)  ......................................................  115  
Lab  44:   Configure  and  Troubleshoot  IP/IOS  Services  (Part  6)  ......................................................  117  
Lab  45:   Configure  and  Troubleshoot  IP/IOS  Services  (Part  7)  ......................................................  119  
 
   

2 ipexpert.com Copyright © by iPexpert. All rights reserved.

iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol. 1)  

Lab 1: Configure and troubleshoot switch port modes
Technologies covered
• CDP  
• Access  ports  
• VLAN  database  
• VLAN  
• Trunking  
• dot1Q  
• Native  VLAN  
• Manual  pruning  
• Layer  3  native  interfaces  
• SVIs  
• Router-­‐on-­‐a-­‐stick  

Overview
You  have  been  tasked  to  configure  the  layer  2  part  of  the  network  and  to  enable  the  routing  between  
2  VLANs  in  a  router-­‐on-­‐a-­‐stick  topology.  
 
The  topology  used  in  the  lab  will  be  the  following:  

 
Estimated  time  to  complete:      2  hours  
 
Pre-Lab Setup
Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below.  You  may  also  refer  
to  the  Diagram  located  within  your  configuration  files  for  topology  information.  
 
This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www.proctorlabs.com.  Connect  to  
the  terminal  server  for  the  online  rack,  and  complete  the  configuration  tasks  as  detailed  below.  

Prerequisites
3 ipexpert.com Copyright © by iPexpert. All rights reserved.

iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol. 1)  

Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks.  
 
Task 1.1: Disable  CDP  on  R2.  
Task 1.2: Disable  CDP  on  the  connection  between  R6  and  Cat2.  
Task 1.3: Between  Cat1  and  Cat2,  CDP  should  only  be  running  on  the  E3/1  and  E3/2  
interfaces.  The  updates  should  be  sent  every  20  seconds,  and  the  neighbor  
should  be  declared  lost  after  5  missing  updates.  
Task 1.4: Between  Cat1  and  Cat2,  the  broadcast  CDP  packets  should  not  report  
mismatched  native  VLAN  IDs.  
Task 1.5: Configure  VLAN  101,  102,  and  103  in  the  VLAN  local  database  of  Cat1  and  Cat2  
with  the  respective  name  of  VLAN101,  VLAN102,  and  VLAN103.  The  
configuration  of  the  VLANs  should  appear  in  the  running-­‐configuration  and  no  
VLAN  distribution  protocol  should  be  running.  
Task 1.6: Configure  interface  E3/0  in  access  mode  VLAN  101  on  Cat1  and  Cat2.  
Task 1.7: Configure  the  following  IP  addresses  under  the  following  interfaces:  

• Cat1  E0/2   • 10.1.0.1/24  
• R2  E0/0   • 10.1.0.2/24  
Make  sure  that  the  ping  is  working.  
Task 1.8: Configure  an  ISL  trunk  allowing  VLAN  102  on  E3/1.  Leave  it  to  DTP  to  negotiate,  
or  not,  a  trunk.  
Task 1.9: Configure  a  dot1q  trunk  allowing  VLAN  103  on  E3/2.  Disable  DTP  on  this  
connection.  VLAN  103  should  be  sent  untagged.  
Task 1.10: Configure  only  the  following  SVIs:  

• Cat1  Vlan  103   • 10.103.0.1/24  
• Cat2  Vlan  101   • 10.101.0.2/24  
 
Task 1.11: Configure  the  following  sub-­‐interfaces  on  E0/0  of  R6:  

• E0/0.101   • 10.101.0.6/24  
• E0/0.103   • 10.103.0.6/24  

Task 1.12: Ensure  that  you  can  ping  from  interface  VLAN  103  on  Cat1  to  the  interface  VLAN  
101  on  Cat2  by  using  R6  as  the  inter-­‐VLAN  routing  point.  Do  not  use  the  “ip  
route”  command.  

 

You have completed Lab 1
For  verification  of  your  work,  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions  
Guide.  If  you  need  assistance  with  any  of  this  book's  content,  please  visit  our  Member  Community  at  
http://community.ipexpert.com.  
 
 
 
 
 

Lab 2: Configure and troubleshoot VTP
 

4 ipexpert.com Copyright © by iPexpert. All rights reserved.

iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol. 1)  

Technologies covered
• VTPv1  
•  VTPv2  
•  VTPv3  
•  VTP  pruning    

Overview
You  have  been  tasked  to  automatically  distribute  the  VLANs  in  the  network  using  VTP.  You  have  to  
propagate  normal  VLANs  as  well  as  extended  VLANs.  Your  VTP  set-­‐up  should  be  secured  and  high  
available.  
 
The  topology  used  in  the  lab  will  be  the  following:  

 
Estimated  time  to  complete:    2  hours  
 

Pre-Lab Setup
Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below.  You  may  also  refer  
to  the  Diagram  located  within  your  configuration  files  for  topology  information.  
 
This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www.proctorlabs.com.  Connect  to  
the  terminal  server  for  the  online  rack,  and  complete  the  configuration  tasks  as  detailed  below.  

Prerequisites
Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks.  
Task 2.1: Configure  a  dot1q  trunk  allowing  all  VLANS  on  all  the  connections  between  Cat1  
and  Cat2,  between  Cat2  and  Cat3,  and  between  Cat3  and  Cat4.  
Task 2.2: Configure  Cat4  as  the  server  of  the  VTP  domain  iPexpert.  

5 ipexpert.com Copyright © by iPexpert. All rights reserved.

iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol. 1)  

Task 2.3: Configure  Cat3  not  to  update  its  VLAN  database.  VTP  packets  should  be  silently  
forwarded  by  Cat3.  
Task 2.4: Configure  Cat1  and  Cat2  as  client  of  Cat4.  
Task 2.5: Add  VLAN  150  and  151  on  Cat4,  and  check  that  those  VLANs  are  now  present  on  
Cat1  and  Cat2,  but  not  on  Cat3.  
Task 2.6: Add  VLAN  1500  on  Cat4,  and  make  sure  that  it  is  propagated  to  Cat1  and  Cat2,  
but  not  to  Cat3.  
Task 2.7: Configure  the  VTP  domain  with  a  password  of  "090909".  This  password  should  
be  stored  in  the  NVRAM  database.  
Task 2.8: Ensure  that  the  next  VLAN  created  will  not  be  propagated  to  switches  where  this  
VLAN  is  not  allowed  on  any  trunks.  
Task 2.9: Ensure  that  Cat2  will  take  over  the  server  role  in  the  case  of  a  failure  of  Cat4.  
Task 2.10: Configure  R2  in  VLAN  150  and  R5  in  VLAN  1500  as  client  ports.  As  Cat1  is  not  
having  any  client’s  port  in  VLAN  151,  make  sure  that  broadcast  packets  in  VLAN  
151  will  never  be  transmitted  to  Cat1.    

 

You have completed Lab 2
For  verification  of  your  work,  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions  
Guide.  If  you  need  assistance  with  any  of  this  book's  content,  please  visit  our  Member  Community  at  
http://community.ipexpert.com.  
 
 
   

6 ipexpert.com Copyright © by iPexpert. All rights reserved.

com.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol. All rights reserved.     7 ipexpert. .  you  should  traffic-­‐engineer  the   way  that  traffic  is  distributed  on  the  different  members  of  those  port-­‐channels.  You  may  also   refer  to  the  Diagram  located  within  your  configuration  files  for  topology  information.  In  addition.proctorlabs.     The  topology  used  in  the  lab  will  be  the  following:     Estimated  time  to  complete:    2-­‐3  hours     Pre-Lab Setup Logically  connect  and  configure  your  network  as  displayed  in  the  topology  drawing.     This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www.com Copyright © by iPexpert.  Connect  to   the  terminal  server  for  the  online  rack.  and  complete  the  configuration  tasks  as  detailed  below. 1)   Lab 3: Configure and troubleshoot Portchannels   Technologies covered • LACP  etherchannel   • PagP  etherchannel   • Manual  etherchannel   • L2  etherchannel   • L3  etherchannel   • Load-­‐balancing   • Etherchannel  misconfiguration  guard     Overview You  have  been  tasked  to  configure  seamless  redundancy  in  the  network  by  bundling  several  physical   connections  into  a  logical  connection  called  port-­‐channel.

 configure  a  PagP  port-­‐channel  Po13  with  the  following   IP  address:   • Cat1  Po13   • 10.   Task 3.2/24     Task 3.  configure  a  LACP  port-­‐channel  Po14  with  the  following   IP  address:   • Cat1  Po14   • 10. 1)   Prerequisites Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks.13.0.   8 ipexpert.3/24     Task 3.com.  The  Cat3  should  not  start  the  negotiation.  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide.  configure  a  static  port-­‐channel  Po12  with  the  following   IP  address:   • Cat1  Po12   • 10.  configure  a  LACP  port-­‐channel  Po24  trunking  in  the  port   in  VLAN  102. All rights reserved.  all  the  TCP  flows  from  a   source  MAC  address  to  the  same  destination  MAC  address  should  be  using  the   same  member  in  all  the  port-­‐channels  just  configured.0.  make  sure  that  all  the  flows   coming  from  a  MAC  address  are  using  the  same  PagP  member  when  the  packet   returns  to  this  MAC  address.0.   Task 3.0.14.4: Ensure  that  Cat4  is  leading  the  LACP  negotiation.com Copyright © by iPexpert.  Cat2  should  never  start  the  negotiation.12.   Task 3.13.1/24   • Cat4  Po14   • 10. .  Configure  PagP   in  a  way  that  the  port-­‐channel  is  protected  against  unidirectional  failure.3: Between  Cat2  and  Cat4.0.11: Configure  the  four  switches  with  a  mechanism  to  disable  the  port-­‐channel  in  the   case  of  a  mis-­‐configuration  that  is  leading  to  the  port-­‐channel  receiving   Spanning-­‐Tree  BPDUs  on  two  different  members.4/24     Task 3.1: Between  Cat2  and  Cat3.1/24   • Cat3  Po13   • 10.9: On  the  Port-­‐channel  between  the  Cat1  and  the  Cat2.10: On  the  Port-­‐channel  between  the  Cat3  and  the  Cat4.   You have completed Lab 3 For  verification  of  your  work.7: Between  Cat1  and  Cat3.2: Between  Cat3  and  Cat4.   Task 3.14.   Task 3.0.1/24   • Cat2  Po12   • 10.     Task 3.8: Between  Cat1  and  Cat4.   Task 3.  configure  a  PagP  port-­‐channel  Po34  trunking  in  an  ISL   packet  the  VLAN  101.12.5: Ensure  that  E5/0  will  be  used  as  LACP  failover  if  9  members  are  present  in  the   Port-­‐channel.  please  visit  our  Member  Community  at   http://community.  If  you  need  assistance  with  any  of  this  book's  content.ipexpert.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.   Task 3.  configure  a  static  port-­‐channel  Po23  trunking  in  a  dot1q   encapsulation  the  VLAN  101.6: Between  Cat1  and  Cat2.

    9 ipexpert.     Estimated  time  to  complete:    3-­‐4  hours     Pre-Lab Setup Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below.com Copyright © by iPexpert.  The  2  routers  R6   and  R9  will  be  considered  as  hosts  that  should  not  make  part  of  the  spanning-­‐tree  topology. All rights reserved. 1)   Lab 4: Configure and troubleshoot Spanning-tree Protocol   Technologies covered • PVST+   • Switch  priority   • Port  priority   • Path  cost   • STP  timers     • Port  fast   • BPDUguard.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.  Connect  to   the  terminal  server  for  the  online  rack.com.proctorlabs.  BPDUfilter   • Loopguard   • Rootguard   • Backbonefast   • Loopfast   • UDLD   Overview You  have  been  tasked  to  guarantee  in  a  redundant  L2  network  a  loop-­‐free  topology  by  configuring   the  Spanning  Tree  protocol.  You  may  also  refer   to  the  Diagram  located  within  your  configuration  files  for  topology  information.     This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www.  and  complete  the  configuration  tasks  as  detailed  below. .  Traffic  engineering  and  optimization  is  also  required.     Prerequisites Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks.

  Task 4.  Configure  the  secondary   root  bridge  on  Cat1  for  VLAN  22.  Optimize  the  timers  to  the  number  of  switches.15: Configure  R9  as  a  client  with  a  trunk  connection  allowing  VLAN  22.  Configure  the  port  to  re-­‐enable  itself   automatically  after  1  minute.   Task 4.14: Configure  R6  as  a  client  in  VLAN  21  in  access  mode.   Task 4.  Do  not  use  a  command  containing  “root”  in   order  to  achieve  this.2: Configure  all  the  inter-­‐switches  connection  as  trunk  dot1q  trunking  all  the   VLANs.19: The  link  between  Cat1  and  Cat3  should  be  protected  from  a  loop  caused  by  a   unidirectional  link.  VLAN  22   should  be  native  of  the  dot1q  trunk.   and  from  Cat3.  on  VLAN  21.7: On  VLAN  22. 1)     Task 4.     Task 4.   Task 4.6: In  VLAN  22.  Configure  the  secondary   root  bridge  on  Cat4  for  VLAN  21.     Task 4.  change  the  hello  timer  to  5s.   Task 4.   Task 4.1: Configure  the  4  Catalysts  to  run  PVST+  (and  not  rapid  PVST+).   Task 4.4: Configure  the  primary  root  bridge  on  Cat2  for  VLAN  21.   Task 4.   Task 4.  the  traffic  from  Cat3  and  Cat4  should  flow   over  the  E3/0  connection.    on  VLAN  21.     You have completed Lab 4 10 ipexpert.12: With  all  connections  up  on  VLAN  22.   When  a  failure  occurs  on  a  switch  with  Uplinkfast  feature  on.18: VLAN  R9  is  sending  BPDUs.10: All  connections  being  up  and  running.   Task 4.17: R6  could  be  sending  BPDUs  and  we  would  like  the  port  to  be  put  in  error-­‐ disabled  in  the  case  that  it  happens.  Configure  the   port  to  re-­‐enable  itself  automatically  after  5  minutes.  but  we  would  like  to  ignore  them  and  to  silently  drop   them. .20: The  link  between  Cat1  and  Cat4  should  be  removed  from  the  network  topology  if   an  unidirectional  link  is  detected.  and  Cat4  should  flow  over  the  E3/0  connections.5: Configure  the  primary  root  bridge  on  Cat3  for  VLAN  22.  The  port  on  Cat1  should  be  put  in  err-­‐disabled   when  an  unidirectional  event  happens  but  not  the  port  on  Cat4. All rights reserved.  on  VLAN  22.  the  traffic  from  R6  to  R9   should  be  forwarded  using  the  following  path:    Cat2-­‐Cat1-­‐Cat3-­‐Cat4.  on  VLAN  22.  a  maximum  of  100   dummy  multicast  packets  have  to  generated  every  second  in  order  to  update  the   rest  of  the  network  bridging  tables.  Do  not  use  a  command  containing  “priority”  in   order  to  achieve  this.   Task 4.3: Configure  Cat1  as  VTP  server  for  the  domain  iPexpert  and  configure  VLAN  21  and   22.11: All  the  connections  being  up  and  running.     Task 4.  the  traffic  from  Cat3  and   Cat4  should  flow  over  the  E3/0  connection.  make  sure  that  Cat2  and  Cat4  will  never  become  root  of  the   network.   Task 4.   Task 4.   Task 4.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.   Task 4.16: Allow  the  port  connected  to  the  routers  to  transition  immediately  from  blocked   to  forwarding.8: All  the  connections  being  up  and  running.  the  traffic  from    Cat1  to  Cat2.  the  traffic  from  R6  to  R9   should  be  forwarded  using  the  following  path:    Cat2-­‐Cat3-­‐Cat4.  the  max  aging  time  to  20s  and  the   forward  delay  to  15s.   Task 4.com Copyright © by iPexpert.   Task 4.13: Enable  the  Uplinkfast  feature  on  the  switches  where  it  cannot  create  loops.  Do  not  use  UDLD.12: Reduce  the  convergence  time  associated  with  indirect  failures  in  the  network.9: All  the  connections  being  up  and  running.

1)   For  verification  of  your  work.com. All rights reserved.  please  visit  our  Member  Community  at   http://community.  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide.  If  you  need  assistance  with  any  of  this  book's  content.     The  topology  used  in  the  lab  will  be  the  following:     Estimated  time  to  complete:    2  hours   11 ipexpert.com Copyright © by iPexpert.       Lab 5: Configure and troubleshoot Multi-Instance Spanning-tree Protocol (MST)   Technologies covered • MST   • MST  region   • CST   • RPVST+   Overview The  switches  will  run  very  CPU  intensive  processes.  Running  one  SPT  process   for  a  group  of  VLANs  is  made  possible  with  MST.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.  You  have  been  tasked  to  optimize  the  spanning-­‐ tree  protocol  in  order  to  create  fewer  burdens  on  the  CPU  of  the  switches. .ipexpert.

      You have completed Lab 5 For  verification  of  your  work.  Cat2.proctorlabs.  and  VLAN  200.ipexpert.11 Ensure  that  the  port  E3/0  on  the  Cat4  is  in  BLK  state.    Do  not  use  the  priority  command.  If  you  need  assistance  with  any  of  this  book's  content.   Cat2.  240.1w.   Task 5.  You  may  also  refer   to  the  Diagram  located  within  your  configuration  files  for  topology  information.  make  sure  that  the  blocked  path  is  on  the  E3/0  for   instance  10.6 For  instance  20.  please  visit  our  Member  Community  at   http://community.  and  210  on  Cat4.     This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www.   Task 5.10 Ensure  that  the  port  E4/0  on  Cat4  is  in  BLK  state.  and  250.   Task 5.   Task 5.   Task 5.com Copyright © by iPexpert.  Configure  VLAN  100.2 Instance  10  with  the  name  iPexpert10  will  encompass  the  VLAN  range  100-­‐150.  and  Cat3  Switches  to  run  the  MST  protocol  with  the   name  iPexpertRegion.   Task 5.   Task 5.  110.  210  on  the  Cat1.   Task 5.  configure  Cat2  to  be  the  root  primary  and  Cat3  to  be  the  root   secondary. All rights reserved.  and  Cat3  Switches.7 Between  Cat1  and  Cat2.12 Make  sure  that  the  spanning-­‐tree  reconfiguration  on  Cat4  occurs  in  less  than  one   second  with  802.com. .5 For  instance  10.1 Configure  the  Cat1.     Prerequisites Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks.  configure  Cat3  to  always  be  the  root  primary  and  Cat2  to  be  the   root  secondary.  110.     Task 5.  Connect  to   the  terminal  server  for  the  online  rack.3 Instance  20  with  the  name  iPexpert20  will  encompass  the  VLANs  200.   Task 5.  210.  220. 1)     Pre-Lab Setup Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below.9 Configure  the  MST  region  iPexpertRegion  to  always  be  the  root  of  the  CST.4 Configure  all  the  inter-­‐switches  connection  as  trunk  dot1q  trunking  all  the   VLANs.  and  complete  the  configuration  tasks  as  detailed  below.com.   230.   Task 5.   Task 5.     12 ipexpert.8 Configure  VLAN  100.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.  200.  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide.

    This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www.proctorlabs. All rights reserved.  the  dynamic  MAC-­‐address  table  entries  should  be  removed  from  the   table  when  they  are  not  re-­‐learned  after  10  seconds.  You  may  also  refer   to  the  Diagram  located  within  your  configuration  files  for  topology  information.  and  complete  the  configuration  tasks  as  detailed  below.  Connect  to   the  terminal  server  for  the  online  rack.     The  topology  used  in  the  lab  will  be  the  following:     Estimated  time  to  complete:    2  hours   Pre-Lab Setup Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below.  Configure  the  switch  to  send  SNMP  traps  to  server   13 ipexpert.  enable  the  MAC  address  change   notification  feature.com.com Copyright © by iPexpert.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.  you  will  be  asking  to  configure   those  ports  and  guarantee  voice  quality.2: On  Cat1.  As  Cisco  IP  phones  will  be  hooked  up  to  the  network.1: On  Cat1. .   Task 6.     Task 6.  You  have  been  tasked  to  troubleshoot  and   understand  the  performance  issues  by  sniffing  the  problematic  traffic  and  setting  up  a  SPAN  and   RSPAN  session. 1)   Lab 6: Miscellaneous Layer 2 Topics Technologies covered • Managing  MAC  address  table     • Protected  ports   • Stormcontrol   • SPAN   • RSPAN   • ERSPAN   • Voice  VLANs   • Smartports  Macros   • Private  VLAN   Overview There  are  some  application  problems  in  the  network.  for  troubleshooting  reasons.     Prerequisites Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks.

 Configure  this  port  with  dot1q  trunk  encapsulation  allowing  all  the   VLANs.21: On  Cat1  and  on  Cat4.com Copyright © by iPexpert.  there  will  be  a  Cisco  IP  phone  connected  to  the  port  E1/0.  there  will  be  an  additional  Cisco  IP  phone  connected  to  the  E1/1.   Task 6.  and  VLAN  140  as  the  community  VLAN.12: The  port  where  the  Sniffer  is  connected  should  accept  incoming  traffic  with  a   dot1q  encapsulation.  The  voice  traffic  on   E1/0  should  use  this  voice  VLAN. All rights reserved.   Task 6.  Do   not  use  port-­‐security.  Bundle  interface  E3/0   with  E3/1  on  both  sides.   Task 6.   14 ipexpert.   Task 6.  Voice  VLAN   has  to  be  VLAN  2  and  Data  VLAN  has  to  be  VLAN  1.3: On  Cat1  configure  interface  E1/1  as  an  access  port  in  VLAN  120.     Task 6.   Task 6.   Task 6.15: Configure  the  mirroring  of  the  sent  traffic  transiting  in  VLAN  122  on  Cat2  on  E1/2   to  the  port  where  the  sniffer  Laptop2  is  connected.  Use  session  number  61  and   VLAN  500  as  RSPAN  VLAN.11: Configure  the  Cat2  switch  to  mirror  all  the  traffic  transiting  in  VLAN  121  on  Cat2   on  E1/2  to  the  port  where  the  sniffer  Laptop1  is  connected.  ensure  that  a  server  connected  to  the  interface  E5/1  and  a  server   connected  to  the  interface  E1/2  cannot  send  traffic  to  each  other  at  layer  2.  and  interface  E3/0  Cat1  as  the   PVLAN  host  port  for  VLAN  140.99.  Use  storm-­‐ control.  Use  session  number   60.  and  VLAN  500.16: On  Cat3. .  VLAN  130  as  the   isolated  VLAN.     Task 6.   Task 6.   Task 6.18: The  incoming  Data  frames  coming  from  a  computer  connected  on  the  Cisco  IP   phone  should  be  tagged  by  the  switch  with  a  COS  of  2.2222.  Use  a  variable  called  $int. 1)   10.  configure  a  macro  called  “Bounce-­‐int”  to  bounce  (shut  followed  by  a  no   shut)  an  interface.  prevent  traffic  on  the  LAN  from  being  disrupted  from  a  broadcast  and   unicast  storm  on  the  interface  E2/1.   VLAN  122.  configure  VLAN  120  as  the  primary  VLAN.1.  Use   the  preconfigured  macro  called  “cisco-­‐phone”  to  configure  the  port.  Keep  up  to  500  entries  in  the  MAC  notification  table.6: On  Cat1.7: On  Cat4.20: On  Cat3.19: On  Cat3.4: On  Cat1.  Configure  this  port  with  an  access  port  in  VLAN  1.  interface  E5/1.17: Configure  a  VLAN  of  33  reserved  for  voice  traffic  on  Cat3.8: Multicast  packets  should  always  be  dropped  on  the  interface  E2/1.  Test  and  run  the  macro  for  E1/0.  disable  MAC  address  learning  in  VLAN  120  and  add  a  static  entry  that   indicates  the  MAC  address  of  the  interface  E0/0  of  R5  is  located  in  VLAN  120   behind  interface  E1/1.  This  port-­‐channel  is  a  dot1q  trunk  allowing  VLAN  121.   Task 6.14: A  laptop  called  Laptop2  with  a  Wireshark  sniffer  is  connected  on  Cat1  on  the   port  E0/3.  Default  ingress  VLAN  is  VLAN  121.  The  connection  between  Cat1  and  Cat4  has  to  be   configured  as  a  trunk  port  that  will  support  the  setup.   Task 6.13: Configure  a  LACP  port-­‐channel  between  Cat1  and  Cat2.   Task 6.   Task 6.   Task 6.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.   Task 6.   Task 6.  A  storm  is  considered  a  storm  when    more   than  50%  of  the  bandwidth  is  used  by  broadcast  packets  and  when  more  than   80%  of  the  bandwidth  is  used  by  unicast  packets.5: On  Cat1.  This  trunk  should  be  allowed  on   VLAN  121  and  VLAN  122.2222.10: A  laptop  called  Laptop1  with  a  Wireshark  sniffer  is  connected  on  Cat2  on  the   port  E1/3.  enable  unicast  MAC  address  filtering  in  VLAN  120  and  configure  the   switch  to  drop  packets  that  have  a  source  or  destination  address  of   cafe.99  with  the  community  iPexpert1  as  soon  as  a  MAC  address  is  removed   or  added  on  interface  E1/1.   Task 6.  Enable  QOS   on  the  Cat3  and  configure  the  port  E1/0  to  trust  COS.  Configure  E4/1  Cat4  as   the  PVLAN  promiscuous  port.9: Configure  a  dot1q  trunk  between  Cat2  and  R6.  Configure  interface  E4/0  and  int  E5/0  Cat1  as  the   PVLAN  host  port  for  VLAN  130.   Task 6.

1)   You  have  completed  Lab  6   For  verification  of  your  work.com Copyright © by iPexpert.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.  please  visit  our  Member  Community  at   http://community.  If  you  need  assistance  with  any  of  this  book's  content.ipexpert.com.             15 ipexpert. .  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide. All rights reserved.

 Connect  to   the  terminal  server  for  the  online  rack.     This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www.  and  complete  the  configuration  tasks  as  detailed  below.     16 ipexpert. 1)   Lab 7: HDLC and PPP/PPPoE   Technologies covered • HDLC   • PPP  PAP.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol. .  PPP  connection  may  have  to  be  authenticated  or  aggregated  in  a  bundle.     Prerequisites Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks.       The  topology  used  in  the  lab  will  be  the  following:     Estimated  time  to  complete:    2  hours     Pre-Lab Setup Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below.  You  may  also  refer   to  the  Diagram  located  within  your  configuration  files  for  topology  information.com Copyright © by iPexpert.com. All rights reserved.proctorlabs.  CHAP   • PPPoE   • MLPPP   • PPP  inter-­‐leaving   • RTP  reserve   • Virtual-­‐assembly   Overview You  have  been  tasked  to  configure  the  serial  connections  of  your  network  with  HDLC  and  PPP   encapsulation.

  Task 7. .13: Reserve  1  Mbps  in  a  special  queue  for  real-­‐time  packet  flows  designated  to  the   UDP  port  starting  32768  and  ending  32867.2: The  link  between  R3  and  R5  should  be  using  the  PPP  encapsulation.  Use  a   group  ID  of  69.9: Bundle  with  PPP  multilink  the  two  serial  connections  between  R6  and  R9.5: Limit  the  number  of  sessions  established  (per  client  MAC  address)  to  3.  Check  that   you  can  ping  from  R3  to  R4.   Task 7.  use  the  id  26  for  both  the  dialer  interface  and  the  dialer-­‐pool-­‐ number  interface.com Copyright © by iPexpert.26.69.  Turn  on  the   CHAP  authentication  with  the  password  of  “Password35”.  a  BBA  is  called  “iPexpertgroup”.1.6/24  on  the  R6  PPP  multilink69.1.20.  On  the  server  side.ipexpert.  Ensure  that   a  small  voice  packet  is  delayed  a  maximum  of  20  ms  because  of  the  transmission   of  a  big  data  packet.  Check  that  you  can   ping  from  R3  to  R5.4: Configure  PPPoE  between  the  R6  and  the  R2  routers.1.6: On  the  client  side.  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide.   Task 7.  CHAP  authentication  has  to  kick  in  with  a   password  of  “Password362”.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.  The   virtual-­‐template  number  should  use  id  23  and  the  IP  address  configured  on  the   virtual  template  is  10.   Task 7.  If  you  need  assistance  with  any  of  this  book's  content.   Task 7.9/24  on  the  R9  PPP  multilink69.26.     You  have  completed  Lab  7   For  verification  of  your  work.com.8: The  client  R2  should  authenticate  when  connecting  on  the  server.10  to  10.0.   Task 7.   Task 7.  Create  a  local   account  username  called  R2  with  the  password  "Password26".  R6  is  the  server  side  and  R2   is  the  client  side. All rights reserved.  If  the  PAP   authentication  is  unsuccessful.   Task 7.   Task 7.  Check  that  you  can  ping   from  R6  to  R9. 1)   Task 7.11: Ensure  that  it  is  checked  on  the  PPP  multilink  interfaces  that  all  the  fragments  of   an  IP  datagram  are  received  on  the  virtual  interfaces  before  forwarding  them.  Turn  on  the   PAP  authentication  with  the  password  of  “Password361”.255.255.26.1: The  link  between  R3  and  R4  should  be  using  the  HDLC  encapsulation.  The  IP  pool   is  called  “iPexpertpool”  and  the  range  is  from  10.6  255.  Check  that  you  can  ping  from  R6  to  R2.   Task 7.69.  please  visit  our  Member  Community  at   http://community.  Configure  the   IP  address  of  10.             17 ipexpert.3: The  link  between  R3  and  R6  should  be  using  the  PPP  encapsulation.7: Make  sure  that  unnecessary  fragmentation  is  avoided.1.   Task 7.10: Configure  the  IP  address  10.1.   Task 7.12: There  will  be  voice  traffic  running  over  the  multilink  PPP  connection.  Check  that  you  can  ping  from  R3  to  R6.

1)   Lab 8: Configure and troubleshoot Basic IP routing   Technologies covered • Static  route   • Traffic  engineering   • Floating  static  route   • Object  tracking   • PBR   • GRE   Overview You  have  been  tasked  to  configure  the  routing  in  your  network.     18 ipexpert. All rights reserved.     This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www.   Prerequisites Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks.  Connect  to   the  terminal  server  for  the  online  rack.com Copyright © by iPexpert.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.proctorlabs.com.  and  complete  the  configuration  tasks  as  detailed  below. .       The  topology  used  in  the  lab  will  be  the  following:     Estimated  time  to  complete:    4  hours   Pre-Lab Setup Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below.  You  may  also  refer   to  the  Diagram  located  within  your  configuration  files  for  topology  information.

0.  The  tunnel0  interface  should  go  down  because   of  a  recursion  issue.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.3: On  R2  tunnel  interface.   Task 8.  configure  a   static  route  to  the  network  10.  configure  a  static  route  to  network  10.1: R1.  but   to  R5  as  a  next-­‐hop.14: On  R4.0.  Use  ip  address  36.1.  Create  a  static  arp  entry  to  achieve  this  task.  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide.0/24  pointing  to  the  next-­‐hop  on  R4.0.   Task 8.   You have completed Lab 8 For  verification  of  your  work. All rights reserved.   Task 8. 1)   Task 8.   Task 8.  If  you  need  assistance  with  any  of  this  book's  content.  Check  that  you  can  ping  the  loopback0  of  R3  with  a  ping   sourcing  on  the  tunnel  interface  of  R1.   Task 8.  Check   that  you  can  ping  the  loopback0  of  R2  and  R3.4: On  R1.  Ensure  that  you  can  ping  the  loopback0   of  R2  and  R3  with  a  ping  sourcing  from  the  E0/0  ip  address  of  R6.  ensure  that  you  can  ping  the  loopback0  of  R2  with  a  ping  sourcing  on  the   tunnel  interface  of  R1.15: The  default-­‐route  using  the  next-­‐hop  of  R5  should  be  used  when  the  loopback0   of  R1  has  become  unreachable.   Task 8.  When  CDP  detects   that  R5  to  R3  connectivity  is  down.  configure  a  static  route  to  the  loopback  network  of  the  router  R3  using   the  Tu0  as  egress  with  an  AD  of  5.  Use  object  tracking  and  IP  SLA.18: On  R6.0.  use  local-­‐policy  based  routing  to  route  to  the  loopback  interface  of  R6.  configure  a  floating  static  route  that  will  be  used  in  the  case  that  the   tunnel  interface  to  R1  goes  down.  disable  proxy-­‐arp. .   Task 8.6: On  R6.1/24  on  R1  and  16.  This  floating  route  should  not  point  to  R1.3/24  on  R3  and  36.  configure  a  static  route  to  the  loopback0  of  R3  using  the  tunnel  interface   on  R3  as  the  next-­‐hop.  please  visit  our  Member  Community  at   http://community.4.  configure  a  static  route  to  the  loopback0  of  R2  using  the  tunnel  interface   on  R2  as  the  egress  interface.ipexpert.7: Disable  proxy-­‐arp  on  E0/1  of  R2  and  R3.   Configure  default  routes  on  R6  and  R3  with  an  AD  of  250.0.  The  ping  should  follow  the  R6-­‐R3-­‐ R1  route  and  use  the  DMVPN  tunnel.  you  are  not  asked  to  configure  all  the  static   routing  that  will  make  the  backup  path  operational.1.17: On  R9.  At  this  point.0.10: Configure  static  routing  so  that  you  can  ping  the  loopback0  of  R1  with  a  ping   sourcing  from  the  loopback0  ip  address  of  R6.   Task 8.0/16  pointing  to  E0/0.com Copyright © by iPexpert.  R2.  Leave  this  tunnel0  down  as  it  is.  configure  a  default-­‐route  using  the  next-­‐hop  of  R5  with  an  AD  of  5.   You  should  be  able  to  ping  the  loopback0  of  R6  with  a  ping  sourcing  from  the   loopback0  of  R9.   Task 8.0.   Task 8.  Do  not   use  local  policy-­‐base  routing.   Multicast  support  has  to  be  configured.9: On  R6.2: On  R1.   Task 8.  This  default  routing   should  be  pointing  to  a  next-­‐hop  of  R3  IP  address  using  PBR.   Task 8.  use  local-­‐policy  based  routing  to  route  to  the  loopback  interface  of  R9.  configure  a  default-­‐route  using  the  next-­‐hop  of  R1.5: On  R1.  and  R3  are  in  a  hub  and  spoke  topology  where  R1  is  the  hub  and  R2  and   R3  are  the  spokes.  Configure  DMVPN  phase  2  as  the  underlying  technology.com.   Task 8.   Task 8.6/24  on  R6.0.  Use  ip  address  16.6/24  on  R6.  the  traffic  should  be  routed  over  R4.8: Configure  a  GRE  tunnel  interface  Tunnel0  between  the  loopback0  of  R6  and  the   loopback0  of  R3.     19 ipexpert.  configure  default  routing  using  policy-­‐based  routing.11: Configure  a  GRE  tunnel  interface  Tunnel16  between  the  loopback0  of  R6  and  the   loopback0  of  R1.   Task 8.   Task 8.16: On  R5.12: On  R3.   Task 8.13: On  R4.  On  R1.0.

1)   Lab 9: Configure and troubleshoot Routing Information Protocol (Part 1)   Technologies covered • RIP  version  2   • Split-­‐horizon   • Auto-­‐summarization   • Send  and  receive  version   • Manual  summarization   • Convergence  timers   • Offset-­‐list   • Distribute-­‐list   • Per  neighbor  AD  filtering   Overview You  have  been  tasked  to  configure  routing  in  your  network  using  the  RIP  version  2  protocol.com. .  You  may  also  refer   to  the  Diagram  located  within  your  configuration  files  for  topology  information.     Prerequisites Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks.  Connect  to   the  terminal  server  for  the  online  rack.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.     20 ipexpert.com Copyright © by iPexpert.     This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www.  and  complete  the  configuration  tasks  as  detailed  below.proctorlabs.     The  topology  used  in  the  lab  will  be  the  following:     Estimated  time  to  complete:    2  hours     Pre-Lab Setup Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below. All rights reserved.

  Task 9.0.  R2.  and  R3  to  20  second  updates.0.14: Configure  RIP  filtering  so  that  R3  does  not  learn  5.  Do  not  use  any   access-­‐list.   Task 9.  Do  not  use   manual  summarization.  the  network  23.  please  visit  our  Member  Community  at   http://community.   Task 9.  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide.1.  check  that  you   can  ping  the  loopback10  of  R3  sourcing  from  the  loopback10  of  R2.7: Enable  RIP  on  the  172.0/8  received  on  Ethernet0/0  should  be  rejected.   Task 9.  distribute-­‐list.   Task 9.  the  network  200.  R2.236.0/8  should  be  routed  via  the  tu23  and  the  network   24.  configure  Serial4/0  to  send  updates  every  6  seconds  towards  R5.0/8  should  be  routed  via  the  E0/1.0.10: Configure  RIP  MD5  authentication  on  the  11.  and  a  key-­‐string  of  “iPpassword”.  40  second   invalid.0.0. 1)   Task 9.   Task 9.236.  10  second  hold.   Task 9.  Configure  2   Prefix-­‐lists.0/24  is  advertised  to  the  router  R3.0. .  all  the  traffic  should  be  sent  to  R2  and  R3  should  never  be  considered  as  a   next  hop.   Task 9.16.  and  R3  in  the  RIP  process.0.ipexpert.  and  do  not  change  AD  values. All rights reserved.15: Configure  the  RIP  timers  on  R1.   Task 9.  Do  not  use  offset-­‐list  or  administrative  distance  poisoning.5: Ensure  that  there  is  a  single  10.12: On  R1.  DMVPN  is  the  underlying  used  technology.com Copyright © by iPexpert.   Task 9.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.  Use   manual  summarization.16: On  R3.  and  R3  are  in  a  hub  and  spoke  topology  where  R1  is  the  hub  and  R2  and   R3  are  the  spokes.   Task 9.16.  If  you  need  assistance  with  any  of  this  book's  content.13: On  R1.1: R1.0/24  network.   Task 9.  R6  is  running  version  1.   Task 9.0/8  received  on  Ethernet0/1  should  be  rejected.   Task 9.0.  R5  should  learn  all  RIP   subnets.  Do  not  use   distribute-­‐list  or  administrative  distance  poisoning.8: Advertise  the  loopbacks  0  and  1  of  R6  in  the  RIP  process.0.0.11: On  R2.3: Ensure  full  reachability  in  this  hub  and  spoke  technology.  a  key  number  1.  and   the  network  201.0/24  can  send  and   receive  either  version  1  or  version  2  packets.6: Ensure  that  the  network  200.0/24  network.2: Advertise  the  loopbacks  10  of  R1.  and  80  second  flush.9: Make  sure  that  the  interfaces  part  of  network  172.com.0.0/8  entry  in  the  routing  table  of  R5.0.  Advertise  the  loopbacks  of  R5  in  the   RIP  process.  On  R2.             21 ipexpert.   Task 9.0.  Use  administrative  distance  poisoning.  Configure  RIP   version  2  in  this  DMVPN  network.  R2.     You  have  completed  Lab  9   For  verification  of  your  work.4: Configure  RIP  version  2  between  R5  and  R3.  Use  a  key  chain   of  “iPexpertchain”.0/24.1.0.

iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.     The  topology  used  in  the  lab  will  be  the  following:     Estimated  time  to  complete:    2  hours     Pre-Lab Setup Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below.com Copyright © by iPexpert.  You  may  also  refer   to  the  Diagram  located  within  your  configuration  files  for  topology  information. All rights reserved. . 1)   Lab 10: Configure and troubleshoot Routing Information Protocol (Part 2)   Technologies covered • RIP  default  route   • RIP  update   • Unicast  update   • Broadcast  update   • Triggered  update   • Source  validation   Overview You  have  been  tasked  to  configure  routing  in  your  network  using  the  RIP  version  2  protocol.   22 ipexpert.

com.1.13: Configure  PPP  encapsulation  on  the  serial  connection  between  R6  and  R9.  R6  is  the  server  side  (IP  address   10.     Prerequisites Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks.  and  complete  the  configuration  tasks  as  detailed  below.10: Configure  RIP  version  2  on  the  serial  connection  between  R3  and  R5.  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide.   Task 10.4: Ensure  full  reachability  in  this  hub  and  spoke  technology.236.   Task 10.  Use   IPCP  for  address  allocation  with  PPP.  If  you  need  assistance  with  any  of  this  book's  content.     Task 10.com Copyright © by iPexpert.   Task 10.  Updates  should  be  sent   only  when  there  is  a  change  in  the  topology.  R2. 1)   This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www.  and  R3  are  in  a  hub  and  spoke  topology  where  R1  is  the  hub  and  R2  and   R3  are  the  spokes. All rights reserved.14: R5  should  advertise  a  default-­‐route  to  R3.1.  and  R6.   Task 10.  Advertise   the  loopback  of  R9  into  the  RIP  process.   Ensure  that  R6  is  getting  the  RIP  updates  from  R9  and  that  you  can  ping  the   loopback  of  R9  sourcing  from  the  loopback  of  R6.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.0/24.3: Advertise  the  loopbacks  0  of  R1.11: The  RIP  updates  between  R3  and  R5  should  stay  silent.1.1: R1.2/32  is  present  in  the  routing  table.69.   Task 10.  check  that  you   can  ping  the  loopback  of  R3  sourcing  from  the  loopback  of  R2.5: Configure  RIP  version  2  between  R1  and  R4.9: The  RIP  updates  should  be  broadcasted  on  the  LAN  10.6: R1  should  advertise  a  default  route  to  all  its  RIP  neighbors  with  the  exception  of   R4.   Task 10.69.  Configure  RIP   version  2  in  this  DMVPN  network.8: Configure  RIP  version  2  on  the  LAN  connecting  R2. .12: Configure  RIP  version  2  on  the  serial  connection  between  R6  and  R9.   Task 10.             23 ipexpert.2: The  RIP  updates  have  to  be  sent  as  unicast  packets  on  the  DMVPN  tunnels.  please  visit  our  Member  Community  at   http://community.  Advertise   the  loopback  0  of  R5  into  the  RIP  process.  This  default-­‐route  should  only  be   advertised  if  the  network  10.     You have completed Lab 10 For  verification  of  your  work.9/32  assigned  by  server).2.  R2.ipexpert.  DMVPN  is  the  underlying  used  technology.6/24)  and  R9  is  client  side  (IP  address  10.  Advertise  the  loopback  of  R4  into   the  RIP  process.proctorlabs.  R3.  and  R3  in  the  RIP  process.  Advertise  the   loopback  of  R6  into  the  RIP  process.   Task 10.   Task 10.   Task 10.  Connect  to   the  terminal  server  for  the  online  rack.  R1  will  stop  advertising  this  default  route.   Task 10.  On  R2.   Task 10.1.com.   Task 10.7: If  the  E0/0  interface  is  going  down.

.     The  topology  used  in  the  lab  will  be  the  following:     Estimated  time  to  complete:    2-­‐3  hours     Pre-Lab Setup Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below. 1)   Lab 11: Configure and troubleshoot EIGRP (Part 1)   Technologies covered • EIGRP  AS  mode   • EIGRP  named  mode   • Stub     • Summarization   • Authentication   • Key  chain  rotation   • Prefix  number  limiting     Overview You  have  been  tasked  to  configure  the  routing  reachability  in  your  network  using  the  EIGRP  protocol.     Prerequisites Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks.   24 ipexpert.com.  You  may  also  refer   to  the  Diagram  located  within  your  configuration  files  for  topology  information.     This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www.com Copyright © by iPexpert.  Connect  to   the  terminal  server  for  the  online  rack. All rights reserved.  and  complete  the  configuration  tasks  as  detailed  below.proctorlabs.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.

 please  visit  our  Member  Community  at   http://community.5: Make  sure  that  the  traffic  from  the  spoke  to  spoke  is  not  transiting  by  the  hub.10: Configure  EIGRP  HMAC-­‐SHA-­‐256  authentication  between  R6  and  R9.     You have completed Lab 11 For  verification  of  your  work.   Task 11.  DMVPN  is  the  underlying  used  technology.   On  R9.  If  you  need  assistance  with  any  of  this  book's  content.   Task 11.1.   Task 11.  R2.  Advertise  the  loopbacks  of  R6  and  R9  in  the  EIGRP  process.  but  can  be  used  since   03:00:00  Dec  15  2014. 1)   Task 11.   Task 11.   Task 11.8: On  R6  and  R9.com Copyright © by iPexpert.ipexpert.   Task 11.  generate  a  syslog  message  when  the  maximum  prefix  limit  of  10  has  been   accepted  from  the  neighbor  R9.com.4: Make  sure  that  there  is  full  connectivity  between  loopbacks  with  the  DMVPN   network.  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide.   Task 11.12: On  R6.  and  loopbacks  of   R2  should  stay  reachable.  Do  not  take  any  other  action  when  this  max  limit   of  10  is  exceeded.  and  generate  a  syslog  message  when  more  than   10  prefixes  have  been  accepted.  tear  down  the  EIGRP  neighborship  relations  when  more  than  20  prefixes   are  received  by  the  EIGRP  process.  Setup  EIGRP  routing  in   autonomous  configuration  mode  with  AS11  in  this  DMVPN  network. All rights reserved.11: On  R6.3: Redistribute  only  the  loopback0  on  R1  in  the  EIGRP  process.1.   Task 11.  setup  EIGRP  routing  in  named  configuration  mode  using  AS11  and   the  name  of  “iPexpert”.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.6: R2  should  advertise  the  12.7: R2  is  not  transiting  any  traffic.  Key  1  with  a  key-­‐string  of  “Password1”   is  used  since  03:00:00  Jan  1  2014  until  03:00:00  Jan  1  2015.   Task 11.x.1: R1.  Key  2  with  a  key-­‐string  of   “Password2”  will  be  used  from  03:00:00  Jan  1  2015  onwards.0/16  network  out  to  R1  with  a  metric  using  the   following  parameters:   • bandwidth   • 100  000  kilobits  per  s   • delay   • 5  tens  of  microsecond   • reliability     • 255   • load   • 20   • mtu     • 1500  bytes   Task 11.0.             25 ipexpert.  Use  a  key-­‐ string  of  “Password3”.  but  can  already  be   used  one  month  before  and  is  still  valid  one  month  after.9: Configure  the  only  possible  EIGRP  authentication  mode  between  R6  and  R3.x/24   networks  should  be  redistributed  from  connected  into  the  routing  protocol.   Task 11.  Only  the  12.  and  R3  are  in  a  hub  and  spoke  topology  where  R1  is  the  hub  and  R2  and  R3   are  the  spokes.  so  R2  should  not  receive  EIGRP  query  packets   anymore.2: Advertise  the  loopbacks  of  R2  and  R3  in  the  EIGRP  process.  ensure  that  you  can  ping  the  loopback1  of  R2  from  the  loopback0  of  R9.  Use  a   key  chain  called  “keyiPexpert1”  with  2  keys. .  Configuration  for  this  task  should  be  performed  on  R2.

. All rights reserved. 1)   Lab 12: Configure and troubleshoot EIGRP (Part 2)   Technologies covered • Summarization  with  default  routing   • Summarization  with  leak-­‐map   • Summarization  with  floating  default  routing   • EIGRP  metric  weights   • TE   • Unequal  cost  load  balancing   • EIGRP  timers   Overview You  have  been  tasked  to  configure  the  routing  reachability  in  your  network  using  the  EIGRP  protocol.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.com Copyright © by iPexpert.     The  topology  used  in  the  lab  will  be  the  following:     Estimated  time  to  complete:    2-­‐3  hours     26 ipexpert.

  Task 12.11: Setup  EIGRP  routing  between  R4  and  R5.   Task 12.  Setup  EIGRP  routing  in   autonomous  configuration  mode  with  AS4  in  this  DMVPN  network.   Task 12.  configure  a  NSF  during  5  minutes  when  the  R6  NSF-­‐capable  router  is   undertaking  a  switchover.  configure  summarization  in  a  way  that  R7  receives  from  R4  a  default-­‐route   and  the  loopback0  networks  of  R1.13: Configure  a  delay  of  512  on  the  link  between  R4  and  R5. .  and  complete  the  configuration  tasks  as  detailed  below.   Task 12.com.4.3: Setup  EIGRP  routing  between  R3  and  R5.  Advertise   the  loopback0  of  R4  and  R7  into  the  EIGRP  process.  a  delay  of  256  on  the  link  between  R1  and  R3.  and  between  the  R6  and  R9.  R2.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.  DMVPN  is  the  underlying  used  technology.2: Advertise  loopback0  on  R1.7: On  R6. 1)   Pre-Lab Setup Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below.  check  that  you  can  ping  the  loopback  of  R9  using  the  loopback  of  R3  as  a   source.  ensure  that  a  router  that  has  not  replied  to  an  EIGRP  Query   packets  for  2  minutes  is  declared  Stuck  in  Active.   K3=1.5: Setup  EIGRP  routing  between  R3  and  R6.  Advertise  the  loopback0  into  the  EIGRP   process.10: On  R4.  configure  summarization  in  a  way  that  R6  only  receives  a  default-­‐route   from  R3.     Task 12.     Task 12.6: On  R3.14: Configure  bidirectional  un-­‐equal  cost  load-­‐balancing  between  R4  and  R5.  Advertise   the  loopback0  of  R6  and  R9  into  the  EIGRP  process.  R2.   Task 12.     You have completed Lab 12 27 ipexpert.  K2=0.  On  R1.  Connect  to   the  terminal  server  for  the  online  rack.4: On  R3.15: Configure  R6  to  send  EIGRP  hello  packets  every  1  s  to  R9.   Task 12.  and  R3  in  the  EIGRP  process  using  network   statements.   Task 12.  and  between  the  R4  and  R7.  configure  summarization  in  a  way  that  R9  only  receives  a  default-­‐route   from  R6.  R2.  and  K5=0.     Prerequisites Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks.   Task 12.  configure  summarization  in  a  way  that  R5  only  receives  a  default-­‐route   from  R3.proctorlabs.  check  that  you  can  ping   the  loopback  of  R7  using  the  loopback  of  R1  as  a  source.9: Setup  EIGRP  routing  between  R1  and  R4.16: In  the  EIGRP  domain.   Task 12.1: R1.8: On  R3.  and  R3  are  in  a  hub  and  spoke  topology  where  R1  is  the  hub  and  R2  and  R3   are  the  spokes. All rights reserved.  On  R3.4.   Task 12.  check  that  you  can  ping   the  loopback  of  R9  using  the  loopback  of  R3  as  a  source.   Task 12.   Task 12.  configure  the  metric  calculation  to  use  K1=0.com Copyright © by iPexpert.17: On  R9.     This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www.  Leak  also  the  loopback  10.  You  may  also  refer   to  the  Diagram  located  within  your  configuration  files  for  topology  information.1.   Task 12.   Task 12.  a  delay  of  256  on  the  link   between  R4  and  R1.  Use  off-­‐ set  list  when  it  is  necessary.   Task 12.  K4=0.  Use  a  floating  route  summarization.  and  a  delay  of   128  on  the  link  between  R3  and  R5.  and  R3.12: In  the  whole  EIGRP  domain.

proctorlabs.  please  visit  our  Member  Community  at   http://community.     Lab 13: Configure and troubleshoot EIGRP (Part 3)   Technologies covered • Stub  routing  with  leak-­‐map   • Filtering  with  passive  interfaces   • Filtering  with  distribute-­‐list   • Filtering  with  offset-­‐list   • Filtering  with  AD   • Filtering  with  route-­‐maps   • Bandwidth  pacing   • Neighbor  logging   • Router-­‐id   • Maximum  hops   Overview You  have  been  tasked  to  configure  the  routing  reachability  in  your  network  using  the  EIGRP  protocol.  You  may  also  refer   to  the  Diagram  located  within  your  configuration  files  for  topology  information.  Connect  to   the  terminal  server  for  the  online  rack.  and  complete  the  configuration  tasks  as  detailed  below.ipexpert.  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide.     The  topology  used  in  the  lab  will  be  the  following:     Estimated  time  to  complete:    2-­‐3  hours   Pre-Lab Setup Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below.     28 ipexpert. All rights reserved.  If  you  need  assistance  with  any  of  this  book's  content.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.     This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www. .com Copyright © by iPexpert. 1)   For  verification  of  your  work.com.com.

 Use  a  standard  access-­‐list  to  achieve  this.  configure  the  EIGRP  process  to  reject  EIGRP  packets  that  have   transited  over  more  than  10  hops.  make  sure  that  the  traffic  is  load-­‐balanced  between  the  serial   interface  and  the  ethernet  interface.   Task 13.12: On  R4.  Advertise  the  loopbacks  of   R5  in  the  EIGRP  process.0/24. .23: On  R9.  create  a  filter  based  on  offset-­‐list.  Use  network  statements.5/32.4/32.8: Configure  EIGRP  on  the  LAN  between  R1  and  R4.  and  R3  in  the  EIGRP  process.  create  a  filter  based  on  offset-­‐list.6.6.   Task 13.16.0/24.  R4  should  use  the  serial  connection  to  reach   10.  make  sure  that  EIGRP  control  traffic   cannot  exceed  25%  of  the  bandwidth.9.0/24.   Manipulate  AD.  Redistribute  this   static  route  into  EIGRP  and  tag  this  route  with  a  tag  of  666.9.9.3: Configure  EIGRP  on  the  LAN  between  R3  and  R6.22.  configure  the  EIGRP  process  to  reject  the  10.   Task 13.5.9: Configure  a  distribute-­‐list  with  prefix-­‐list  to  prevent  R1  from  advertising  the   network  10.   Task 13.     Task 13.   Task 13.4.   Task 13.1.0/24.     Task 13.  there  is  a  preconfigured  static  route  to  172.5.  redistribute  all  the  preconfigured  loopbacks  in  the  EIGRP  process.0/24.0/24  network.   Task 13.   Task 13.   Task 13.   Task 13.  Use  network   statements.   Task 13.  DMVPN  is  the  underlying  used  technology.1: R1.  Use   network  statements.    Advertise  the   loopbacks  of  R9  in  the  EIGRP  process  except  loopback  3.6.  10.   Task 13.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.6: R3  should  still  advertise  towards  R1  the  network  10.  R2.   Task 13.18: Configure  R1  not  to  install  the  route  10.17: Configure  R1  not  to  install  the  route  10.   Task 13.  Use  an  extended  access-­‐list  to  achieve  this.   Task 13.0/24.33.0/24  when  received  from  R3.     Task 13.22.  R3  should  use  the  E0/1  connection  to   reach  10.  Use  a  network  statement.0/24  when  received  from  R3.com Copyright © by iPexpert.21: On  the  serial  connection  between  R4  and  R5.  and  R3  are  in  a  hub  and  spoke  topology  where  R1  is  the  hub  and  R2  and  R3   are  the  spokes.1.4: On  R6.  Make  sure  that  the  traffic  is   load-­‐balanced  on  the  2  connections.11: Configure  EIGRP  on  the  connection  between  R4  and  R5.6.25: On  R6  and  R9.  R4  should  use  the  Ethernet  connection  to   reach  10.  and   10.22: The  R4  and  R5  routers  should  log  EIGRP  neighbor  relationship  changes.6.13: On  R4.   Between  R3  and  R6.11. All rights reserved.   Task 13.24: On  R6.11.  Use  network  statements.  Setup  EIGRP  routing  in   autonomous  configuration  mode  with  AS33  in  this  DMVPN  network.   Manipulate  AD.  R2.   Task 13.1.  You  are   only  allowed  to  change  the  EIGRP  router-­‐id.  configure  an  EIGRP  router-­‐id  as  9.0/24.   Task 13.  Advertise  the  loopbacks  of  R4  in   the  EIGRP  process.1.9  and  redistribute  the  loopback3  into   EIGRP.  R3  should  use  the  serial  4/2  connection   to  reach  10.  create  filters  based  on  ACL.33.22.6.7: Configure  EIGRP  on  the  serial  connection  between  R3  and  R6.  create  a  filter  based  on  ACL.9.   Task 13.19: On  R9.   Task 13.2: Advertise  the  loopbacks  of  R1.5: Configure  R2  and  R3  as  stub  routers  that  advertise  connected  and  summary  routes. 1)   Prerequisites Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks.10: Configure  a  distribute-­‐list  with  prefix-­‐list  to  prevent  R1  from  learning  the  network   10.20: Filter  on  R6  this  route  out  based  on  the  tag  666.9.15: On  R6.11.   29 ipexpert.9/32.11.   Task 13.14: Configure  EIGRP  on  the  serial  connection  between  R6  and  R9.16: On  R6.   Task 13.

iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.com. All rights reserved.  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide.     30 ipexpert. .  If  you  need  assistance  with  any  of  this  book's  content.com Copyright © by iPexpert.  please  visit  our  Member  Community  at   http://community. 1)   You have completed Lab 13 For  verification  of  your  work.ipexpert.

proctorlabs. . 1)   Lab 14: Configure and troubleshoot OSPF (Part 1)   Technologies covered • DR/BDR   • OSPF  network  types   • OSPF  path  selection   • OSPF  per  neighbor  cost   • OSPF  auto-­‐cost  reference  bandwidth   • OSPF  version  3  address-­‐family  support   Overview You  have  been  tasked  to  configure  the  routing  in  a  network  using  OSPF.  and  complete  the  configuration  tasks  as  detailed  below.  You  may  also  refer   to  the  Diagram  located  within  your  configuration  files  for  topology  information. All rights reserved.     This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www.     31 ipexpert.com.com Copyright © by iPexpert.     The  topology  used  in  the  lab  will  be  the  following:     Estimated  time  to  complete:    3-­‐4  hours   Pre-Lab Setup Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.  Connect  to   the  terminal  server  for  the  online  rack.

  Task 14.7: We  are  going  to  have  links  faster  than  100M  in  the  network.  Multicast  is  not  enabled  on   the  DMVPN  tunnels.  On  routers  R2   and  R3.1: R1.  and  R5.  The  DR  should  always  be  on  the  hub  router.   Task 14.     Task 14.  configure  loopbacks  0  as  the  OSPF  router-­‐ids  and   advertise  loopback0  of  the  routers  into  OSPF  in  the  following  areas:   • R1   • Area  1   • R2   • Area  2   • R3   • Area  3   • R4   • Area  4   • R5   • Area  5   Check  that  you  have  full  reachability  between  the  loopbacks.  The  election  of  a  DR  should  not  take  place.  and  R1  are  also  in  a  hub  and  spoke  topology  where  R4  is  the  hub  and  R1   and  R5  are  the  spokes.  and  R6.  Do  not  configure  anything  under  the  interfaces.  The  election  of  a  DR  should  take  place  in  this   network.  use  the  IPv6  following  address  for  loopback0:   32 ipexpert.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.1.3: On  R1.  a  gigaethernet  link  should  have  a  cost  of  1  and  a  fast  ethernet  link  should   have  a  10.  R2.6/32   • R9   • 20.8: Manipulate  the  OSPF  cost  so  that  R1  prefers  R2  over  R3  to  reach  the  loopback  of   R6.   Task 14.     Task 14.   Task 14.6.  Configure  OSPF   process  1  area  0  in  this  network. 1)   Prerequisites Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks.  On  R5. All rights reserved.  especially  on  R2.6: Advertise  only  the  loopback  0  of  R6  into  OSPF  area  236. .  check  that  you  can  ping  the  loopback  of  R6  sourcing  from  the   loopback  of  R5.11: Advertise  the  IPv4  address  loopback1  of  R6  and  R9  into  area  0  of  the  OSPF  version   3  processes.     Task 14.1.  In  the  whole  OSPF   network.         If  necessary.9/32   Task 14.  you  are  not  allowed  to  change  the  default  network  type  and  not  allowed   to  modify  the  timers.com Copyright © by iPexpert.   Task 14.9: Configure  OSPF  version  3  area  0  for  IPv4  between  R6  and  R9.   Task 14.  R4.   check  that  you  can  ping  the  loopback  of  R5  sourcing  from  the  loopback  of  R2.1.10: Create  the  following  IPv4  address  loopback1:   • R6   • 20.4: Configure  the  network  10.2: R4.  Do  not  use  a  network   statement.9.0/24  into  area  236  on  R2.  DMVPN  is  the  underlying  used  technology.236.5: The  R2  should  always  be  elected  as  the  DR.  R3.  R3.  R2.  Configure  OSPF  process   1  area  0  in  this  network.  R5.  DMVPN  is  the  underlying  used  technology.       Use  the  following  global  unicast  addresses:   • R6  s3/0   • 2001:  :6/64   • R9  s3/0   • 2001:  :9/64   Task 14.  and  R3  should  always  be  elected  as  the   BDR.  and  R3  are  in  a  hub  and  spoke  topology  where  R1  is  the  hub  and  R2  and  R3   are  the  spokes.

com Copyright © by iPexpert. All rights reserved.12: On  R6.  make  sure  that  you  can  ping  the  loopback  of  R9  sourcing  from  the  loopback   of  R6. .  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide.  If  you  need  assistance  with  any  of  this  book's  content.com.  please  visit  our  Member  Community  at   http://community.             33 ipexpert.ipexpert.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.   You have completed Lab 14 For  verification  of  your  work. 1)   • R6   • 2001:bd8:  :6/64   • R9   • 2001:bd8:  :9/64   Task 14.

iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol. 1)  

Lab 15: Configure and troubleshoot OSPF (Part 2)
 

Technologies covered
• Discontiguous  area  
• Virtual-­‐links  
• GRE  tunnels  
• Non-­‐backbone  transit  area  
• OSPF  authentication  
• Flood  reduction  
• Demand  circuit  
• Summarization  
• Discard-­‐route  
• Flood  reduction  

Overview
You  have  been  tasked  to  configure  OSPF  as  the  routing  protocol  of  your  network.    
 
The  topology  used  in  the  lab  will  be  the  following:  

 
Estimated  time  to  complete:    4  hours  
 

34 ipexpert.com Copyright © by iPexpert. All rights reserved.

iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol. 1)  

Pre-Lab Setup
Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below.  You  may  also  refer  
to  the  Diagram  located  within  your  configuration  files  for  topology  information.  
 
This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www.proctorlabs.com.  Connect  to  
the  terminal  server  for  the  online  rack,  and  complete  the  configuration  tasks  as  detailed  below.  
 

Prerequisites
Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks.  
 
Task 15.1: R1,  R2,  and  R3  are  in  a  hub  and  spoke  topology  where  R1  is  the  hub  and  R2  and  R3  
are  the  spokes.  DMVPN  is  the  underlying  used  technology.  Configure  OSPF  process  
1  area  0  in  this  network.  The  election  of  a  DR  should  take  place  in  this  network.  The  
DR  should  always  be  on  the  hub  router.  
Task 15.2: The  loopback0  networks  of  R1,  R2,  and  R3  should  present  in  the  OSPF  database  of  
R1  as  LSAs  type  1.  
Task 15.3: Configure  the  network  10.1.236.0/24  into  area  236  on  R2,  R3,  and  R6.  Redistribute  
only  the  loopback0  of  R6  into  the  area  236.  
Task 15.4: Configure  the  network  10.1.69.0/24  into  area  69  on  R6  and  R9.  Add  the  loopback0  
of  R9  into  the  area  69  process  as  a  network  statement.  
Task 15.5: Configure  area  236  as  a  stub  area.  
Task 15.6: Ensure  that  there  is  IP  connectivity  between  loopback0  of  R9  and  the  loopback0  of  
R1.  Do  not  use  a  virtual-­‐link,  as  the  transit  area  is  a  stub  area.  The  path  through  R3  
should  be  used.  Use  an  IP  address    of  36.0.0.3/24  and  36.0.0.6/24  when  necessary.  
Task 15.7: Configure  the  network  10.1.14.0/24  into  area  14  on  R1  and  R4.  Add  the  loopback0  
of  R4  into  the  area  14  process  as  a  network  statement.  
Task 15.8: Configure  the  network  10.1.47.0/24  into  area  47  on  R4  and  R7.  Add  the  loopback0  
of  R7  into  the  area  47  process  as  a  network  statement.  
Task 15.9: Ensure  that  there  is  IP  connectivity  between  loopback0  of  R7  and  the  loopback0  of  
R2.    
Task 15.10: Configure  the  network  10.1.35.0/24  to  be  part  of  area  0.  
Task 15.11: Configure  the  network  10.1.45.0/24  and  the  network  10.1.5.5/32  to  be  part  of  area  
45.  
Task 15.12: Configure  an  OSPF  cost  of  60000  on  the  interfaces  belonging  to  the  network  
10.1.14.0/24.  
Task 15.13: On  R7,  when  performing  a  trace  route  from  the  loopback  of  R7  to  the  loopback  of  
R3,  we  can  observe  that  the  trace  route  is  following  the  path  R7,  R4,  R5,  and  R3.  
The  routing  is  using  a  non-­‐backbone  area,  that  is  to  say  area  45,  as  a  transit.  
Without  modifying  any  OSPF  costs,  ensure  that  the  trace  route  is  using  the  R7,  R4,  
R1,  and  R3  path.  
Task 15.14: OSPF  should  not  exchange  periodic  hellos  and  periodic  refreshes  of  LSAs  over  the  
point-­‐to-­‐point  connection  between  R6  and  R9.  Configuration  can  only  be  applied  
on  R9.  
Task 15.15: Configure  plain-­‐text  authentication  on  the  connection  between  R6  and  R9.  The  key  
value  should  be  set  to  “iPexpert”.  Make  sure  that  this  authentication  is  enforced  
even  if  this  is  an  on-­‐demand  circuit.  
Task 15.16: Configure  MD5  authentication  on  the  connection  between  R5  and  R3.  The  key  
value  should  be  set  to  2  and  the  password  to  “iPexpert2015”.  On  R5,  configure  
authentication  under  the  routing  process.  
Task 15.17:  Protect  the  connection  between  R5  and  R4  with  the  Null  authentication.    
Task 15.18: OSPF  process  is  reflooding  by  default  every  LSAs  every  30  minutes.  This  should  not  
be  necessary  for  LSAs  sent  out  of  the  two  serial  interfaces  on  R5.  

35 ipexpert.com Copyright © by iPexpert. All rights reserved.

iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol. 1)  

Task 15.19: Configure  the  following  loopbacks  on  R9:  

• Loopback8   • 10.8.9.9/16  
• Loopback9   • 10.9.9.9/16  
• Loopback10   • 10.10.9.9/16  

Task 15.20: Those  3  loopbacks  should  be  seen  in  the  area  0  routing  table  as  a  single  summary  
network.  Use  internal  summary.  
Task 15.21: On  R6,  ensure  that  the  summary  route  created  in  Task  15.20  is  not  present  in  the  
routing  table  pointing  to  Null0.  
Task 15.22: On  R9,  redistribute  the  pre-­‐configured  routes  into  OSPF  and  make  sure  that  they  
appear  as  one  routing  entry  in  the  routing  table  in  all  other  OSPF  routers.  
Task 15.23: Configure  area  45  in  a  way  that  LSAs  never  age  out  in  this  area.  

 

You have completed Lab 15
For  verification  of  your  work,  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions  
Guide.  If  you  need  assistance  with  any  of  this  book's  content,  please  visit  our  Member  Community  at  
http://community.ipexpert.com.  
 
 
 
 
 

36 ipexpert.com Copyright © by iPexpert. All rights reserved.

com Copyright © by iPexpert.  Connect  to   the  terminal  server  for  the  online  rack.       The  topology  used  in  the  lab  will  be  the  following:     Estimated  time  to  complete:      4  hours     Pre-Lab Setup Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below. 1)   Lab 16: Configure and troubleshoot OSPF (Part 3)   Technologies covered • Stub  area   • Totally  not  so  stubby  area   • NSSA   • NSSA  type  5  to  type  7  translation   • LSA  filtering   • FA  Suppression   • Reliable  conditional  default  routing   Overview You  have  been  tasked  to  configure  OSPF  as  the  routing  protocol  of  your  network.   This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www.proctorlabs.com.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol. .  and  complete  the  configuration  tasks  as  detailed  below.   37 ipexpert. All rights reserved.  You  may  also  refer   to  the  Diagram  located  within  your  configuration  files  for  topology  information.

13: Filter  the  forwarding  address  for  the  type-­‐5  LSAs  originated  at  R5  using  the  area  35   range  no-­‐advertise  in  command  on  the  ABR.9: Configure  Area  14  in  a  way  that  it  does  not  receive  any  LSA  5  updates.  10.   Task 16.  Use  IP  SLA  to  track.0/24  using  a  summary-­‐ address  command.14: Instruct  R3  to  become  the  forwarding  address  itself  and  check  that  the  IP  address   reachability  is  restored.  Inject  the  loopback0  of  R5  into  the  area  35  process  as  a   network  statement.1.  Do  not  modify  any  OSPF  timers.1: R1.  Make  sure  that  on  R5.2: Add  the  loopback0  of  R1.   Task 16.  The  election  of  a  DR   should  not  take  place  in  this  network.   Task 16.  ensure  that  the  default  route  in  the  R6  routing  table  is  using  R3  as  a   next  hop.35. All rights reserved.1.     Task 16.5: On  R6  and  R9.  and  R3  into  the  area  0  process  as  network   statements.11: Redistribute  loopback1.     Task 16.  On  R3  and  R5.com.   You have completed Lab 16 For  verification  of  your  work.  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide.9.5  (except  loopback2)   into  OSPF.ipexpert.21.     Task 16.  and  loopback4  of  R5  into  the  area   35  each  as  a  N2  route  and  each  with  a  metric  of  55.  R2.   Lab 17: Configure and troubleshoot OSPF (Part 4)   38 ipexpert.0/24  as  part  of  OSPF  area  14.   Task 16.0/24  should  show  as  E2.5.1.8: On  R1  and  R4.   Task 16.11.  configure  the  network  10.  In  the  routing-­‐table  of  R1.   Task 16.5.  that  is  to  say  check  that  you  can  ping  to  the  loopback0  of   R9  with  the  ping  using  as  a  source  the  loopback4  of  R5.  The  cost  of  the  default  route  to  R2  should  be  modified  and  this  cost   should  be  the  default  cost  +1.9.4: In  the  R6  routing-­‐table.11.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.  By  manipulating   OSPF  cost.  loopback2.   Task 16.  R2. .   Task 16.     Task 16.6: On  R6.   Task 16.0/24   as  part  of  OSPF  area  35.  loopback3.   Task 16.  configure  static  routing  to  ensure  the  reachability  of  the  loopback0.  ensure  that  you  can  ping  the  loopback0   and  loopback1  of  R9  from  the  loopback0  of  R1  as  a  source.  and  R3  are  in  a  hub  and  spoke  topology  where  R1  is  the  hub  and  R2  and  R3   are  the  spokes.15: On  R1.10: Area  35  is  a  totally  NSSA  area.  the  only  IA  OSPF-­‐learned  route  should  be  a  default  route   with  the  ABRs  as  the  next-­‐hop.12: Block  the  LSA  7  to  LSA  5  translation  for  the  network  10.0/24  is  present  in  the  routing   table  of  R1.0/24  as  part  of  OSPF  area  236.  Ensure  full   reachability  and  test  that  you  can  ping  from  R4  the  loopback  0  of  R9  from  the   loopback0  of  R4  as  a  source.  On  R1.  this  network.236.  If  you  need  assistance  with  any  of  this  book's  content.1.  and  R6.  in  a  reliable  way.  you  can   ping  to  the  loopback0  of  R9  with  the  ping  sourcing  from  loopback  4  of  R5.  Add   loopback0  of  R4  into  the  area  14  process  as  a  network  statement.7: Area  236  is  a  totally  Not-­‐so-­‐stub  area  having  two  ABRs  to  area  0.14.  and  loopback2  network  of  R9.   Task 16.  redistribute  the  static  routes  configured  in  Task  16.  there  is  a  default  route  pre-­‐configured.com Copyright © by iPexpert.  R3.0/24  should  show  as  E1  and   10.  This  default  route  should  be   redistributed  into  OSPF  only  if  the  network  10.  please  visit  our  Member  Community  at   http://community.  configure  the  network  10. 1)   Prerequisites Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks.  configure  the  network  10.  Get  OSPF  routing  up   and  routing  with  process  1  area  0  in  this  DMVPN  network.3: On  R2.   Add  the  loopback0  of  R6  into  the  area  236  process  as  a  network  statement.   loopback1.  DMVPN  is  the  underlying  used  technology.

  39 ipexpert.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.       The  topology  used  in  the  lab  will  be  the  following:     Estimated  time  to  complete:    4  hours   Pre-Lab Setup Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below.com.  and  complete  the  configuration  tasks  as  detailed  below.     This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www. .proctorlabs.  You  may  also  refer   to  the  Diagram  located  within  your  configuration  files  for  topology  information.    Connect   to  the  terminal  server  for  the  online  rack. 1)   Technologies covered • Filtering  with  distribute-­‐lists   • Filtering  with  discard-­‐route   • Filtering  with  administrative  distance   • Filtering  with  route-­‐maps   • NSSA  ABR  external  prefix  filtering   • Database  filtering   • Stub  router  advertisement   • OSPF  timers  optimization   • Resource  limiting   Overview You  have  been  tasked  to  configure  OSPF  as  the  routing  protocol  of  your  network.com Copyright © by iPexpert. All rights reserved.

 Because  of  the  presence  of  a   10.4.9/32  should  be  present  in  the  OSPF  database  but  not   in  the  routing  table.1.36.  Use  network   statement  to  advertise  loopback0.2.  Use  prefix-­‐list  and   area  filter-­‐list.1   • R2   • 2.0/16  is  suppressed.1.     Task 17.   Task 17.9.  DMVPN  is  the  underlying  used  technology.18: On  R9.9: On  R3.4: On  R1.9.com Copyright © by iPexpert.5.  the  network  10.  set  the  following  rate-­‐limit  values  for  LSA  advertisement:   40 ipexpert.   and  loopback4  of  R9  into  the  area  69  process  as  E2  type.   Task 17.15: Configure  a  NSSA  area  14  between  R1  and  R4.  redistribute  all  connected   interfaces  into  OSPF.0.  configure  the  minimum  interval  for  accepting  the  same  LSA  to  80  ms.3.1.  configure  the  area  0  to  advertise  a  summary  network  of   10.  loopback3.0/24  into  area  0  on  R3  and  R6.6.10: Redistribute  this  default  route  into  OSPF  area  0.  and  R6  should  present  in  the  OSPF   database  of  R1  as  LSAs  type  1.  configure  a  default  route   pointing  to  R3.19: On  R9.  configure  a  default  route  pointing  to  R5.4/32  out  and  let  the  other  networks   coming  from  area  14  advertise  to  the  area  0.9   Task 17.2.8: On  R9.5: Configure  the  network  10.   Task 17.5   from  the  loopback  0  of  R3.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.0/16  within  the  area  69.13: On  R1.   Task 17.   Task 17.1.0.6   • R9   • 9.11.   Use  distribute-­‐list  and  access-­‐list.3.  the  default  route  is  not  being  used  and  the  ping  is   failing.69.1.9.6. .  Configure  OSPF   process  1  area  0  in  this  network.  R3.  Make  sure  that  R2  is   still  having  full  reachability.   Task 17.41.0.9.9/32  prefix.  R2.     Task 17.  filter  the  10.  Distribute  loopback1.  Manipulate  the  administrative  distance  to  achieve  this.  Ensure  that  this  10.12: Try  to  ping  loopback0  of  R5  from  loopback0  of  R9.1: R1.  Check  that  IP  reachability  is  still  working  between  the   OSPF  advertised  prefixes  once  this  feature  is  enabled.1.3   • R6   • 6.16: On  R1.   Task 17.   Task 17.   Task 17.  prevent  the  flooding  of  link-­‐state  advertisements  to  R2  by  using  the   “database-­‐filter  all  out”  command  applied  to  a  neighbor.9/32  should  be  filtered  out  and  not  be  propagated.   Task 17.  Use  prefix-­‐list  and  distribute-­‐list.4.1.  On  R5.22.2   • R3   • 3.  the  network  10.  R2.  Use  point-­‐to-­‐multipoint  network  type  on  the   hub  and  the  2  spokes.   Task 17.1.   • R1   • 1.3: The  loopback  0  networks  of  R1.0/16  route  on  the  ABR.17: Configure  on  all  the  routers  the  feature  that  will  remove  the  transit  networks   from  the  OSPF  database.9.  Use  summary-­‐address  command. 1)   Prerequisites Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks.  loopback2.  and  R3  are  in  a  hub  and  spoke  topology  where  R1  is  the  hub  and  R2  and   R3  are  the  spokes.11: On  the  ABR  R6.   Task 17.1.0/24  into  area  69  on  R6  and  R9.2: Configure  the  network  10.21.  On  R4.  Confirm  that  you  can  ping  from  R3  the  loopback0  of  R5  10.   Task 17.   Task 17.4/32  and  10.7: Ensure  that  the  loopback0  network  of  R1  is  not  included  by  the  OSPF  process  in   the  routing  table  of  R9.     Task 17. All rights reserved.   Task 17.6: Configure  the  following  router-­‐ids  and  make  sure  that  they  are  in  use  by  the   process.14: Configure  R6  so  that  R1  doesn’t  receive  the  10.

  Task 17. 1)   • Start-­‐interval   • 10  ms   • Hold-­‐interval   • 100  ms   • Max-­‐interval   • 5000  ms   Task 17.23: R9  should  fire  up  a  syslog  message  when  more  than  3  prefixes  are  redistributed.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.   First  warning  should  be  sent  when  80%  of  the  threshold  is  reached.24: On  R9. .  in  order  to  improve  convergence.  enable  incremental  SPF.22: On  R9.  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide.com.             41 ipexpert.  configure  OSPF  Update  flood  packet-­‐pacing  to  5  ms.     You have completed Lab 17 For  verification  of  your  work.  please  visit  our  Member  Community  at   http://community.ipexpert.   Task 17.  limit  to  1000  the  number  of  nonself-­‐generated  LSAs  the  OSPF  routing   process  can  keep  in  the  OSPF  database.  If  you  need  assistance  with  any  of  this  book's  content. All rights reserved.20: On  R9.21: On  R9.com Copyright © by iPexpert.  configure  OSPF  throttling  timers:   • Spf-­‐start   • 10  ms   • Spf-­‐hold   • 4800  ms   • Spf-­‐max-­‐wait   • 90000  ms   Task 17.   Task 17.

 EIGRP.  Loopback0   reachability  has  to  be  achieved  thanks  to  this  protocol.  do  not  use  the  ebgp  multihop  command.  iBGP  and  eBGP.     Task 18. 1)   Lab 18: Configure and troubleshoot BGP (Part 1)   Technologies covered • EBGP  peering   • EBGP  multihop   • EBGP  Disable-­‐connected-­‐check   • Update  source   • iBGP  peering   • Route  Reflector   Overview You  have  been  tasked  to  configure  the  routing  in  your  network  using  OSPF.   42 ipexpert.  You  may  also  refer   to  the  Diagram  located  within  your  configuration  files  for  topology  information.proctorlabs.3 On  the  peering  between  R1  and  R5.     Task 18.  static   route. . All rights reserved.   Task 18.1 Routing  between  R1  and  R5  should  be  configured  with  RIP  version  2.     Task 18.  and  complete  the  configuration  tasks  as  detailed  below.  and  RIP.2 Configure  an  eBGP  peering  between  R1  in  AS  1  and  R5  in  AS  65001.com.com Copyright © by iPexpert.  This  peering   should  be  established  between  the  loopback0  of  each  router.   Prerequisites Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks.     This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www.4 Advertise  the  loopback0  of  R1  in  BGP  using  a  network  statement.  Connect  to   the  terminal  server  for  the  online  rack.     The  topology  used  in  the  lab  will  be  the  following:     Estimated  time  to  complete:    4  hours     Pre-Lab Setup Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.

iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol. 1)  

Task 18.5 Routing  between  R3  and  R5  should  be  configured  with  static  routes.  Loopback0  
reachability  has  to  be  achieved  thanks  to  this  protocol.  
Task 18.6 Configure  an  eBGP  peering  between  R3  in  AS  3  and  R5  in  AS  65001.  This  peering  
should  be  established  between  the  loopback0  of  each  router.  On  the  peering  
between  R3  and  R5,  use  the  ebgp  multihop  command.  
Task 18.7 Advertise  the  loopback0  of  R3  in  BGP  using  a  network  statement.    
Task 18.8 Routing  between  R2  and  R7  should  be  configured  with  EIGRP.  Loopback0  
reachability  has  to  be  achieved  thanks  to  this  protocol.    
Task 18.9 Configure  an  eBGP  peering  between  R2  in  AS  65001  and  R7  in  AS  7.  This  peering  
should  be  established  between  the  loopback0  of  each  router.  Use  the  minimum  
number  of  hops  necessary  in  the  ebg-­‐multihop  command.  
Task 18.10 Advertise  the  loopback1  of  R7  in  BGP  using  a  network  statement.  Check  that  you  
can  ping  from  R1  to  the  loopback1  of  R7.  Use  of  static  routes  on  R8  is  required.  
Task 18.11 Configure  OSPF  area  0  on  the  R2  to  R5  connection.  Advertise  the  loopback0  of  
R2,  R5,  and  into  OSPF.  
Task 18.12 Configure  iBGP  peering  between  R2  and  R5.  This  peering  should  be  established  
between  the  loopback0  of  each  router.  Make  sure  that  the  ping  from  R3  to  R7  is  
up  and  running.  Do  not  use  the  redistribute  command  into  BGP  at  this  point  of  
the  lab.  
Task 18.13 Enable  synchronization  on  R5.  Using  a  route-­‐map  and  a  prefix-­‐list,  redistribute  
BGP  into  OSPF  on  R2.  The  full  IP  reachability  should  be  established  between  the  
loopback0  of  R1,  R3,  and  R7.  
Task 18.14 Configure  OSPF  area  0  on  the  R5  to  R4  connection.  Advertise  the  loopback0  of  R4  
into  OSPF.  
Task 18.15 Routing  between  R4  and  R9  should  be  configured  with  static  routes.  Loopback0  
reachability  has  to  be  achieved  thanks  to  this  protocol.  
Task 18.16 Configure  an  eBGP  peering  between  R4  in  AS  65001  and  R9  in  AS  9.  This  peering  
should  be  established  between  the  loopback0  of  each  router.  
Task 18.17 Advertise  the  loopback0  of  R9  in  BGP  using  a  network  statement.  
Task 18.18 Configure  iBGP  peering  between  R4  and  R2.  This  peering  should  be  established  
between  the  loopback0  of  each  router.  Configure  R2  as  a  route-­‐reflector  for  R4  
and  R5.  
Task 18.19 On  R7,  make  sure  that  you  can  ping  from  the  loopback1  of  R7  to  the  loopback0  
of  R1,  R3,  and  R9.    
Task 18.20 Configure  OSPF  area  0  on  the  R2  to  R6  connection  and  on  the  R4  to  R6  
connection.  Advertise  the  loopback0  of  R6  into  OSPF.  
Task 18.21 For  redundancy,  configure  R2  and  R6  as  part  of  a  RR  cluster  with  cluster-­‐id  1.  
 

You have completed Lab 18
For  verification  of  your  work,  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions  
Guide.  If  you  need  assistance  with  any  of  this  book's  content,  please  visit  our  Member  Community  at  
http://community.ipexpert.com.  
 
 
 
 
 

43 ipexpert.com Copyright © by iPexpert. All rights reserved.

iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol. 1)  

Lab 19: Configure and troubleshoot BGP (part 2)
 

Technologies covered
• Next-­‐hop-­‐self  
• BGP  next-­‐hop  with  route-­‐map  
• BGP  Confederation    
• GRE  tunnels  

Overview
You  have  been  tasked  to  configure  the  routing  in  your  network  using  OSPF,  EIGRP,  RIP,  static  route,  
iBGP,  and  eBGP.  
 
The  topology  used  in  the  lab  will  be  the  following:  

 
Estimated  time  to  complete:    4  hours  
 

Pre-Lab Setup
Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below.  You  may  also  refer  
to  the  Diagram  located  within  your  configuration  files  for  topology  information.  
 
This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www.proctorlabs.com.  Connect  to  
the  terminal  server  for  the  online  rack,  and  complete  the  configuration  tasks  as  detailed  below.  

Prerequisites
Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks.  
 
Task 19.1 Routing  between  R4  and  R7  should  be  configured  with  EIGRP.  Loopback0  
reachability  has  to  be  achieved  thanks  to  this  protocol.    
Task 19.2 Configure  an  eBGP  peering  between  R4  in  AS  65019  and  R7  in  AS  7.  This  peering  
should  be  established  between  the  loopback0  of  each  router.    
Task 19.3 Advertise  loopback0  of  R7  in  BGP  using  a  network  statement.  
Task 19.4 Routing  between  R6  and  R9  should  be  configured  with  static  routes.  Loopback0  
reachability  has  to  be  achieved  thanks  to  this  protocol.    
Task 19.5 Configure  an  eBGP  peering  between  R6  in  AS  65019  and  R9  in  AS  9.  This  peering  
should  be  established  between  loopback0  of  each  router.  
Task 19.6 Advertise  loopback0  of  R9  in  BGP  using  a  network  statement.  
44 ipexpert.com Copyright © by iPexpert. All rights reserved.

iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol. 1)  

Task 19.7 Configure  OSPF  area  0  only  between  R4  and  R6.  Advertise  the  loopback0  of  R4  
and  R6  into  OSPF  using  a  network  statement.  Do  not  advertise  anything  else  into  
OSPF.  
Task 19.8 Configure  iBGP  between  R4  and  R6.  
Task 19.9 Use  next-­‐hop-­‐self  to  enable  IP  connectivity  between  loopback0  of  R7  and  the  
loopback0  of  R9.    
Task 19.10 Routing  between  R5  and  R1  should  be  configured  with  RIP.  Loopback0  
reachability  has  to  be  achieved  thanks  to  this  protocol.    
Task 19.11 Configure  eBGP  peering  between  R1  in  AS  1  and  R5  in  AS  65019.  This  peering  
should  be  established  between  the  loopback0  of  each  router.  
Task 19.12 Advertise  loopback0  of  R1  in  BGP  using  a  network  statement.  
Task 19.13 Routing  between  R8  and  R2  should  be  configured  with  EIGRP.  Loopback0  
reachability  has  to  be  achieved  thanks  to  this  protocol.    
Task 19.14 Configure  eBGP  peering  between  R2  in  AS  65019  and  R8  in  AS  8.  This  peering  
should  be  established  between  the  loopback0  of  each  router.  
Task 19.15 Advertise  loopback0  of  R8  in  BGP  using  a  network  statement.  
Task 19.16 Configure  OSPF  area  0  only  between  R5  and  R2.  Advertise  the  loopback0  of  R5  
and  R2  into  OSPF  using  a  network  statement.  Do  not  advertise  anything  else  into  
OSPF.  
Task 19.17 Configure  an  OSPF  cost  of  10  on  this  link.  
Task 19.18 Configure  iBGP  between  R5  and  R2.  
Task 19.19 Use  a  route-­‐map  to  enable  the  IP  connectivity  between  loopback0  of  R1  and  the  
loopback0  of  R8.    
Task 19.20 Configure  OSPF  area  0  between  R5  and  R4.    
Task 19.21 R2  and  R5  are  part  of  confederation  with  ID  25,  R6,  and  R4  are  part  of  
confederation  with  ID  46.  
Task 19.22 Configure  the  confederation  ID  25  and  46  to  be  part  of  AS  65019.  Ensure  full  
reachability  between  R1,  R7,  R8,  and  R9.  As  an  example,  you  should  be  able  to  
ping  from  R8  to  loopback0  of  R7with  the  ping  sourced  from  the  loopback0  of  R8.  
Use  of  2  static  routes  is  allowed.  
Task 19.23 Configure  OSPF  area  0  on  the  connection  between  R5  and  R3  with  an  OSPF  cost  
of  1.  
Task 19.24 Configure  OSPF  area  0  on  the  connection  between  R2  and  R3  with  an  OSPF  cost  
of  1.  
Task 19.25 Restore  the  IP  connectivity  between  R8  and  R1,  R8  and  R7,  R8  and  R7,  and  R8  
and  R9.  You  are  not  allowed  to  redistribute  BGP  routes  into  OSPF.  Use  the  
network  10.1.145.0/24  for  the  tunnel  interfaces.  Check  that  you  are  again  able  to  
ping  from  R8  to  loopback0  of  R1  with  the  ping  sourced  from  the  loopback0  of  R8.  

 

You have completed Lab 19
For  verification  of  your  work,  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions  
Guide.  If  you  need  assistance  with  any  of  this  book's  content,  please  visit  our  Member  Community  at  
http://community.ipexpert.com.  
 
 
 
 
 

45 ipexpert.com Copyright © by iPexpert. All rights reserved.

 and  complete  the  configuration  tasks  as  detailed  below.proctorlabs.com.  and  eBGP.com Copyright © by iPexpert.  RIP.   iBGP. All rights reserved.  Connect  to   the  terminal  server  for  the  online  rack.     This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www.  EIGRP.   Prerequisites 46 ipexpert.  static  route.     The  topology  used  in  the  lab  will  be  the  following:     Estimated  time  to  complete:    4  hours     Pre-Lab Setup Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol. . 1)   Lab 20: Configure and troubleshoot BGP (part 3)   Technologies covered • Weight   • Local  Preference   • As-­‐path  prepending   • Origin   • MED   • Always  compare  MED   • AS-­‐path  ignore   • Maximum  AS  Limit   Overview You  have  been  tasked  to  configure  the  routing  in  your  network  using  OSPF.  You  may  also  refer   to  the  Diagram  located  within  your  configuration  files  for  topology  information.

16 Advertise  loopback0  and  loopback1  of  R3  using  network  statements.6/32  loopback.   Task 20.  advertise  the  network  10.6.   Task 20.  Redistribute  the  EBGP   next-­‐hop  in  OSPF  area  0.3 Configure  an  eBGP  peering  between  R6  in  AS  65002  and  R8  in  AS  8.  Configure  R3   and  use  the  prefix-­‐list  called  MED_PL  2  and  a  route-­‐map  called  MED_RM2.   Task 20.22 This  network  should  be  advertised  to  the  router  R4  using  the  MED  500  and   prepending  one  more  AS  in  the  AS-­‐path.20 On  R3.10 Configure  R8  so  that  the  traffic  originated  on  R6  is  going  through  AS  65001  to   reach  the  network  10.   Task 20.0/24  network  and  that  the  network  10.6 On  R8.  Use  a   MED  value  of  200.46.  manipulate  the  weight  attribute  so  that  the  route  to  10.    Use  a  prefix-­‐list  called   ALWAYSCOMPMED_PL  and  a  route-­‐map  called  ALWAYSCOMPMED_RM.  modify  the  origin  of  route  10.1.   Task 20.15 Configure  an  eBGP  connection  between  R2  and  R3  in  AS  3.1.   Task 20.   Task 20.  Redistribute  the  EBGP   next-­‐hop  in  OSPF  area  0.1.   Task 20.4/32  is   pointing  towards  R6.3.     Task 20.14 Configure  an  eBGP  connection  between  R6  and  R3  in  AS  3.18 Ensure  that  the  traffic  is  routed  via  R6  to  reach  network  10.11 Configure  OSPF  area  0  between  R6  and  R2.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.1.1.4.0/24  is  carried  in  the  BGP   updates  with  an  origin  of  i.   Task 20.  Change  the  configuration  in  R7  and  use  a  route-­‐ map  called  LOCALPRF_RM. All rights reserved.5 The  loopback0  of  R4  should  be  present  in  the  BGP  database  with  an  origin   attribute  of  incomplete.  The  loopback0  of  R7  should  be  present  in  the  BGP   database  with  an  origin  attribute  of  internal.11.26.9 The  loopback0  of  R8  should  be  present  in  the  BGP  database  with  an  origin   attribute  of  IGP.   Task 20.   Task 20.3.0/24  with  a  network  statement.com Copyright © by iPexpert.3.   Task 20.  Make  sure  that  the   10.   that  is  to  say  the  route  to  R6  is  pointing  to  R7  on  R4.  10.0/24  using  a  network  statement.13 The  loopback0  of  R2  should  be  present  in  the  BGP  database  with  an  origin   attribute  of  incomplete.6.   Task 20.  Use  a  prefix-­‐list  called  ORIGIN_PL  and  a  route-­‐map   called  ORIGIN_RM.1.  advertise  the  network  10.3.   47 ipexpert.21 On  R6.  the  routers  in  AS  65001  should  route   the  traffic  over  R8  through  AS  8.1.   Task 20.17 Ensure  that  the  traffic  is  routed  via  R2  to  reach  network  10.12 Configure  iBGP  connection  between  R6  and  R2.23 Configure  R4  and  ensure  that  R4  always  prefers  the  route  with  the  lowest  MED.8  should  have  the  following  AS-­‐pat   attribute  8  8  8  8  i.  Use  a  prefix-­‐list  called  WEIGHT_PL  and  a  route-­‐map  called   WEIGHT_RM.8/32.   Task 20.8 In  order  to  reach  the  10.0/24  and  ensure  that  this  route  is   reached  primarily  through  R6.1.4 Configure  an  eBGP  peering  between  R8  in  AS  8  and  R7  in  AS65001.26.   Task 20.2 Configure  an  eBGP  peering  between  R4  in  AS  65001  and  R6  in  AS  65002.   Task 20. .   Task 20.7 The  loopback0  of  R6  should  be  present  in  the  BGP  database  with  an  origin   attribute  of  incomplete.78.   Task 20.19 In  R2  and  R6.   Task 20.  Use  a   MED  value  of  300.8. 1)   Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks.  Configure  R3   and  use  the  prefix-­‐list  called  MED_PL  6  and  a  route-­‐map  called  MED_RM6.1 Configure  an  iBGP  peering  between  R4  and  R7  in  AS  65001.22.  On  R6.     Task 20.1.  Use  a  prefix-­‐list  called  PREPEND_PL  and  a  route-­‐map  called   PREPEND_RM.8.     Task 20.

24 Configure  an  eBGP  connection  between  R2  and  R5  in  AS  5  and  between  R4  and   R5  in  AS  5.  please  visit  our  Member  Community  at   http://community.   Task 20.  shut  down  the  peering  if  more  than  50  BGP   updates  are  advertised  from  R5  to  R2.27 On  the  peering  between  R2  and  R5.26 On  R5.  the  AS-­‐path  attribute  should  be  ignored  and  the  route  to  the  10.7/32   network  has  to  point  towards  R4  and  not  transit  through  AS  65002  anymore.  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide.     You have completed Lab 20 For  verification  of  your  work.com.   Task 20.   Task 20.7.1.25 On  R4. 1)   Task 20.  The  route  from  R5  to  the  loopback0  should  now  be  transiting  through  AS   65002.  Use   MED  to  achieve  this.7.  If  you  need  assistance  with  any  of  this  book's  content.1. .  A  syslog  message  should  be  sent  when   more  than  40  BGP  updates  are  advertised  from  R5  to  R2.7/32   to  R5.  Advertise  the  loopback  of  R5  into  BGP  with  an  origin  of  “?”.ipexpert.             48 ipexpert. All rights reserved.  prepend  the  AS  65001  4  times  when  advertising  the  network  10.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.com Copyright © by iPexpert.

 Connect  to   the  terminal  server  for  the  online  rack. . All rights reserved.  static   route.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.  EIGRP.   Prerequisites 49 ipexpert.  and  complete  the  configuration  tasks  as  detailed  below.  iBGP  and  eBGP.     The  topology  used  in  the  lab  will  be  the  following:     Estimated  time  to  complete:    4  hours     Pre-Lab Setup Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below.  You  may  also  refer   to  the  Diagram  located  within  your  configuration  files  for  topology  information.proctorlabs.com Copyright © by iPexpert.  and  RIP. 1)   Lab 21: Configure and troubleshoot BGP (part 4)   Technologies covered • Aggregation   • Summary-­‐only   • Suppress-­‐map   • Unsuppress-­‐map   • AS-­‐set   • Attribute-­‐map   • Advertise-­‐map   • Community  no-­‐export   • Community  local-­‐AS   • Community  no-­‐advertise   Overview You  have  been  tasked  to  configure  the  routing  in  your  network  using  OSPF.     This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www.com.

0/8  will  be  advertised  to  R7  and  R6.   Task 21.4.11 Configure  an  eBGP  peering  between  R4  in  AS  4  and  R7  in  AS  7.0/24  into  BGP  using  a  network  statement.  loopback2.13 On  R4.14 On  R3.0/24  and  153.12 Configure  an  eBGP  peering  between  R4  in  AS  4  and  R5  in  AS  5.   Task 21.  configure  an  aggregate  for  the  network  153.1.     50 ipexpert.  and  loopback24  addresses  of  R3.   Task 21.22 On  R4.153.152.  Advertise  the   network  200.     Task 21.   Task 21.0.8 In  the  addition  to  the  summary  route.   Task 21.18 On  R5.16 On  R6.1.   Task 21.6 R3  has  to  advertise  a  summary  route  representing  loopback21.2.  advertise  the  networks  153.   Task 21.3 Configure  an  eBGP  peering  between  R3  in  AS  3  and  R2.153.  Use  a  route-­‐map  called   ATTRIBUTEMAP_RM.  Use  a  route-­‐map   called  ADVERTISEMAP_RM.19 When  advertising  out  the  network  200.com Copyright © by iPexpert.  The  aggregate  address  command   cannot  be  used.0  will  be  advertised  to  R6  with  a  community   that  will  prevent  it  to  be  advertised  to  other  eBGP  peers.0.153.  configure  the  aggregate  200.   Task 21.0/16  to  R4.0/8  with  the  summary-­‐ only  and  with  the  AS-­‐SET  option  on.  loopback22.  Use  a  route-­‐map  called  NOEXPORT_RM.4.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.15 On  the  peerings  with  R2  and  R6.0.   Task 21.154.10 Configure  an  eBGP  peering  between  R4  in  AS  4  and  R6  in  AS  65001.200.   Task 21.  Use  a  suppress-­‐map.9 In  the  addition  to  the  summary  route.     Task 21.17 Ensure  that  this  aggregate  is  advertised  to  R4.153.0/22  with  the   summary-­‐only  and  with  the  AS-­‐SET  option  on.  Use  network  statements.  configure  an  aggregate  for  the  network  200. All rights reserved. .   Task 21.0/24  into  BGP  using  a  network  statement.1 Configure  an  iBGP  peering  between  R2  and  R6  in  AS  65001.  and  the  loopback14  addresses  of  R3.  advertise  the  network  10.22. 1)   Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks.  loopback14  network  should  be  the  only   specific  network  advertised  towards  R2.0.201.0/24  has  to  be  sent   with  the  No-­‐Export  community.0.  You  are  not   allowed  to  use  an  attribute-­‐map  to  remove  the  community.0/24  into  BGP  using  a  network  statement.  Specific  subnets  should  not  be   advertised.  advertise  the  networks  200.2 Configure  an  eBGP  peering  between  R3  in  AS  3  and  R6.20 On  R4.0/16  and  200.  Use  an  unsuppress-­‐map.   Task 21.  loopback22  network  should  be  the  only   specific  network  advertised  towards  R6.  the  network  153.   Task 21.   Task 21.   loopback3  and  the  loopback4  addresses  of  R3.22.  The  more  specific  networks  should   not  be  advertised  to  R6.200.  This  aggregate  should  have  in  its  AS-­‐path  attribute  all   the  ASs  that  were  contained  in  the  AS-­‐path  attribute  of  the  more  specific   networks.   Task 21.  configure  the   community  of  no-­‐advertise.0.4 R3  has  to  advertise  a  summary  route  representing  the  loopback1.23 Ensure  that  the  network  10.153.   Task 21.0/14.   Task 21.   Task 21.0/24  into  BGP   using  network  statements.  loopback12.0/16  into  BGP   using  network  statements.   Task 21.  Use  redistribution  and  a  prefix-­‐list  with  one  single  line.  Use  an  unsuppress-­‐map.0.   loopback23.  More  specific  networks  should   also  be  advertised.0.21 Ensure  that  the  network  200.   loopback13.1.   Task 21.   Task 21.7 In  the  addition  to  the  summary  route.153.0.  Advertise  the   network  200.5 R3  has  to  advertise  a  summary  route  representing  the  loopback11.  loopback21  network  should  be  the  only   specific  network  advertised  towards  R2.

com Copyright © by iPexpert. 1)   You have completed Lab 21 For  verification  of  your  work. .             51 ipexpert.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide.  please  visit  our  Member  Community  at   http://community.com. All rights reserved.ipexpert.  If  you  need  assistance  with  any  of  this  book's  content.

iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.  static  route.     52 ipexpert.  Connect  to   the  terminal  server  for  the  online  rack. 1)   Lab 22: Configure and troubleshoot BGP (part 5)   Technologies covered • Local  AS   • Replace  AS   • Dual  AS   • Remove  Private  AS   • Dampening   • ORF   • BGP  allowas-­‐in   Overview You  have  been  tasked  to  configure  the  routing  in  your  network  using  OSPF.  RIP.     The  topology  used  in  the  lab  will  be  the  following:     Estimated  time  to  complete:    4  hours     Pre-Lab Setup Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below.proctorlabs.     This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www.  EIGRP. . All rights reserved.   iBGP.  and  eBGP.  You  may  also  refer   to  the  Diagram  located  within  your  configuration  files  for  topology  information.com Copyright © by iPexpert.  and  complete  the  configuration  tasks  as  detailed  below.com.

 filter  in  the  network  10.0/24  network  to  use  the  following  dampening   parameters:   • Max-­‐Suppress=60  minutes   • Suppress=2000  points   • Reuse=800  points   • Half-­‐Time=15  minutes   Task 22.  the  route  153.153.  Regarding  the  routes  advertised  from  R5   to  R2.1 Configure  an  iBGP  peering  in  AS  65001  between  R2  and  R6. 1)   Prerequisites Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks.   Task 22.22 On  R8.  advertise  the  loopback0  into  BGP  using  a  network  statement.8 Regarding  the  routes  advertised  from  R3  to  R2.0/24  and  the  network   153.20 Make  sure  that  the  two  routers  exchange  information  via  the  ORF  capability  and   that  R4  will  be  filtering  the  network  10.3 Configure  an  eBGP  peering  between  R2  and  R3  in  AS  3.0/24  network  to  use  the  following  dampening   parameters:   • Max-­‐Suppress=50  minutes   • Suppress=2500  points   • Reuse=600  points   • Half-­‐Time=10  minutes   Task 22. All rights reserved.  filter  out  153.   Task 22.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.15 On  R3.   Task 22.0/24  and  not  sending  updates  for   networks  that  are  filtered  when  arriving  on  R6.   Task 22.   Task 22.  the  private  AS  numbers  have  to  be   stripped  off  from  the  AS-­‐path  before  being  sent.com Copyright © by iPexpert.153.5 On  R3.   Task 22.2 Configure  an  eBGP  peering  between  R6  and  R3  in  AS  3.  the  AS  65003  should  not  appear   in  the  AS-­‐path.  advertise  the  loopbacks  in  BGP  using  network  statements.  in  all  advertisements  sent  toward  R4.0/24  on  the  peering  towards  R4.   Task 22.18 On  R4.   Task 22.11.     Task 22.153.19 On  R6.   Task 22.     Task 22.   Task 22.4.0/24.154. .153.17 Between  R6  and  R4.154.  the  AS  65005  should  not  appear  in  the  AS-­‐path.   Task 22.  configure  the  BGP  peering  to  use  fast  session  deactivation.153.  Use   access-­‐list.153.11.154.6 On  R3.11 Advertise  the  loopback0  of  R5  into  BGP.   Task 22.153.4 On  R3.  configure  the  153.153.0/24  using  network  statements.  filter  out  153.0/24  should  not  contain  the  AS  3  as  well  as    the  AS   65003  in  the  AS-­‐path.   Task 22.  on  the  peering  between  R3  and  R6.   Task 22.4.   Task 22.153.16 On  R3.  Use   prefix-­‐list.0/24.  configure  the  153.   Task 22.   Task 22.7 R3  should  appear  to  R2  and  R6  as  if  it  is  using  AS  65003  but  R3  should  still  be  in   AS  3.154.  on  the  peering  between  R3  and  R2.   Task 22.153.14 On  R6.9 Configure  an  eBGP  peering  between  R2  and  R5  in  AS  5.12 On  R5.   Task 22.21 Configure  an  eBGP  peering  between  R6  and  R8  in  AS  4.     53 ipexpert.23 Make  sure  that  you  can  ping  from  loopback0  of  R8  which  is  originated  in  AS  4  to   the  loopback0  of  R4  which  is  always  originated  in  AS  4.  redistribute  the  network  153.13 Configure  an  eBGP  peering  between  R6  and  R4  in  AS  4.  Use  the  allowas-­‐in   command.10 R5  should  appear  to  R2  and  R6  as  if  it  is  using  AS  65005  but  R5  should  still  be  in   AS  5.

com.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.  If  you  need  assistance  with  any  of  this  book's  content. All rights reserved.       Lab 23: Configure and troubleshoot Multiprotocol Label Switching (Part 1)   Technologies covered • IPv4  VPN  address-­‐family   • LSP   • LDP   • L3VPN   • CE   • PE   • P   • Export  map   Overview You  have  been  tasked  to  configure  a  MPLS  L3  VPN  service  on  an  existing  MPLS  backbone. 1)   You have completed Lab 22 For  verification  of  your  work.     This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www.     The  topology  used  in  the  lab  will  be  the  following:     Estimated  time  to  complete:    3-­‐4  hours     Pre-Lab Setup Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below.  please  visit  our  Member  Community  at   http://community.proctorlabs.  You  may  also  refer   to  the  Diagram  located  within  your  configuration  files  for  topology  information.  Connect  to   the  terminal  server  for  the  online  rack.  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide.  The  CEs  are   managed  by  the  Service  Provider  and  the  loopbacks  of  the  CEs  should  be  leaked  from  the  VRF  of  the   customer  into  the  management  VRF  of  the  Service  provider.   54 ipexpert.  and  complete  the  configuration  tasks  as  detailed  below. .com Copyright © by iPexpert.com.ipexpert.

7 Customer_  A  and  Customer  _B  companies  are  merging.5/32   • Customer_B   • R6   • Loopback10   • 10.  In  order  to  optimize  the  building  of  the  MPLS  forwarding-­‐table.com Copyright © by iPexpert.5/32   • Customer_A   • R5   • Loopback20   • 10.6/32   • Customer_B   Task 23.  Create  the  management  VRF  on  the   router  R2.   make  sure  that  only  LSPs  for  the  loopback  interfaces  will  be  built.   Task 23.3/32   Task 23.1.1.  The  management  CE  of   the  Service  provider  is  the  router  called  BB2. All rights reserved.6.   • AS   • VPN  name   • rd   • rt  export   • rt  import   • 1   • SP_Management  • 100   • 1000   • 1000.1.     Task 23.     • R5   • Loopback10   • 10.  Use  BGP  AS  1.1.4 Configure  the  BGP  routing  sessions  that  will  permit  to  exchange  the  VPNv4   information  between  the  PEs.9 Configure  R1  and  R9  to  be  part  of  VRF  Customer_A  and  R3  to  be  part  of  VRF   Customer_B.     Task 23.1/32   • R9  loopback0   • 10.   Task 23.10.   Task 23.5.   Task 23.9.3  in  their  respective  VPNs  and   check  that  you  can  ping  from  loopback  to  loopback  within  the  same  VPN.  R4.1001   55 ipexpert.10 Route  the  loopback0  interfaces  of  the  CEs  statically  and  make  sure  that  those   loopbacks  are  routed  in  their  respective  VRF.   Task 23. .10.2 Configure  the  following  L3  MPLS  VPN  routing  tables  on  the  R5  and  on  the  R6:   • AS   • VPN  name   • rd   • rt  export   • rt  import   • 1   • Customer_A   • 1   • 10   • 10   • 1   • Customer_B   • 2   • 20   • 20   Task 23.6.5.     Task 23.11 The  service  provider  is  offering  a  service  where  the  CEs  are  managed.  Verify  that  R1  loopback0  can  ping   R9  loopback0.6/32   • Customer_A   • R6   • Loopback20   • 10.   Customer_A  has  chosen  a  managed  service  for  its  CEs.   and  R2  routers. iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.6 Make  sure  that  the  loopbacks  redistributed  at  PE  router  R5  has  a  known  origin.  R6.1 The  network  is  pre-­‐configured  with  OSPF  and  LDP  and  the  PEs  are  the  R5.9/32   • R3  loopback0     • 10.   Configure  the  following  loopbacks:   • R1  loopback0   • 10. 1)   Prerequisites Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks.8 The  engineer  was  too  quick  and  the  merge  between  Customer_A  and   Customer_B  is  not  going  ahead.20.3 Configure  the  following  loopbacks  for  the  VPN  Customer_A  and  Customer_B.5 Redistribute  the  loopbacks  created  in  the  Task  23.20.3.

 and  R6.12 The  management  network  is  using  the  network  192.  we  create  a  full-­‐mesh  peering  topology   between  R2.  As  we  are  using  iBGP.129/25  and  route  it   statically  into  the  SP_Management  VPN.  and  make  sure  that  the  management  network  can  only  see  the   loopback  of  R1  and  R9.     You have completed Lab 23 For  verification  of  your  work.  R5.  please  visit  our  Member  Community  at   http://community.  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide.128/25. . 1)   Task 23.  Use  an  export  map  called  CE_Loopback_Export   on  R5  and  on  R6.   Task 23.14 The  R1  CE  and  the  R9  CE  from  Customer  A  has  to  be  reachable  from  the  service   provider  management  network.  If  you  need  assistance  with  any  of  this  book's  content.   Task 23.  Create  on  BB2   a  loopback  100  with  the  following  IP  address:    192.ipexpert.168.com.168.13 Configure  the  multi-­‐protocol  BGP  environment  to  enable  the  exchange  of  the  RT   information.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.com Copyright © by iPexpert. All rights reserved.1.1.             56 ipexpert.

    This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www. .com Copyright © by iPexpert.     The  topology  used  in  the  lab  will  be  the  following:     Estimated  time  to  complete:    3-­‐4  hours     Pre-Lab Setup Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below.  You  will   have  to  configure  the  routing  between  the  CEs  and  the  PEs  for  two  customer  L3  VPNs.com.proctorlabs.  Connect  to   the  terminal  server  for  the  online  rack. All rights reserved.   Prerequisites Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol. 1)   Lab 24: Configure and troubleshoot Multiprotocol Label Switching (Part 2)   Technologies covered • PE-­‐CE  static  routing   • PE-­‐CE  RIP  routing   • PE-­‐CE  OSPF  routing   • OSPF  Domain-­‐ID   • OSPF  sham-­‐link   • PE-­‐CE  EIGRP  routing   • EIGRP  SoO   Overview You  have  been  tasked  to  configure  a  MPLS  L3  VPN  service  on  an  existing  MPLS  backbone.     57 ipexpert.  and  complete  the  configuration  tasks  as  detailed  below.  You  may  also  refer   to  the  Diagram  located  within  your  configuration  files  for  topology  information.

7 R9  is  a  CE  in  VRF  Customer_B.20. 1)   Task 24.10.4/32   • Customer_A   • R4   • Loopback14   • 10.8 R7  is  a  CE  connected  to  PE  R6  in  VRF  Customer_A.0/24  should  be  present  in  the  OSPF  database  as  a  LSA   type  3.5/32   • Customer_B   • R6   • Loopback16   • 10.   Establish  MP-­‐BGP  sessions  between  the  PEs.20.     Task 24.4/32   • Customer_B   Task 24.2.  Lo16.3 Configure  the  following  loopbacks  for  the  VPN  Customer_A  and  Customer_B.  The  loopback  of  the  router  R8   should  be  routed  using  OSPF  process  ID  8  in  area  0  within  the  VPN  Customer_A.1 Configure  R5.     Task 24.  Do  not  redistribute  BGP  into  RIP.   • AS   • VPN  name   • rd   • rt  export   • rt  import   • 1   • Customer_A   • 10   • 10   • 10   • 1   • Customer_B   • 20   • 20   • 20   Task 24.  the  network  10.  Use  the  loopback22  with  IP  address  2.  If  necessary.5.  The  loopback  of  the  router  R7   should  be  routed  using  OSPF  process  ID  7  in  area  0  within  the  VPN  Customer_A.  The  MPLS  cloud  is  using  BGP  AS  1.  R6.10.5.       58 ipexpert. .  use  a  domainID  of  78.6.5 Make  sure  that  you  have  full  reachability  between  Lo25.     Task 24.     Task 24.  The  loopback  of  the  router  R9  should  be  routed   using  RIP  version  2  within  the  VPN  Customer_B.   Ensure  that  you  have  IP  reachability  between  lo0  of  R7.10.4.6.10.2 Create  the  following  L3  VPNs  on  all  PEs. iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.com Copyright © by iPexpert.  Use   the  loopback66  with  IP  address  6.2/32  on  R2.7.     Task 24.   Ensure  that  you  have  IP  reachability  between  lo0  of  R1  and  lo0  of  R7.4.10 On  R8.20.9 R8  is  a  CE  connected  to  PE  R2  in  VRF  Customer_A.   Task 24.   Make  sure  that  the  loopbacks  are  routed  in  the  VPN  MPLS  cloud  using  network   statements.  R8.  Use  R4  as  a  route-­‐reflector  for  all  the  PEs.1.   • R5   • Loopback15   • 10.     Task 24.6/32   • Customer_A   • R6   • Loopback26   • 10.  and  R2  as  PE  routers.12 Make  sure  that  the  path  over  the  MPLS  backbone  is  the  preferred  path  for  traffic   going  from  R7  to  R8.2. All rights reserved.  Use  the  loopbacks  0  for  the  source   of  the  peerings.2/32   • Customer_B   • R4   • Loopback14   • 10.6/32   • Customer_B   • R2   • Loopback12   • 10.6 R1  is  a  CE  in  VRF  Customer_A.2.2/32   • Customer_A   • R2   • Loopback12   • 10.  Lo22.  Lo26.6.11 Configure  the  connection  between  R7  and  R8  in  OSPF  area  0  with  an  IP  ospf  cost   of  4000.2.     Task 24.5/32   • Customer_A   • R5   • Loopback25   • 10.     Task 24.  Lo12.4 Make  sure  that  you  have  full  reachability  between  Lo15.  The  loopback  of  the  router  R1  should  be  routed   statistically  within  the  VPN  Customer_A.  and  R1.20.6/32  on  R6.  R4.6.  and  Lo24  in   VPN  Customer_B.  and  Lo14  in   VPN  Customer_A.

 please  visit  our  Member  Community  at   http://community.   You have completed Lab 24 For  verification  of  your  work.  and  vice-­‐versa.  Use   metric  1  1  1  1  1  when  redistributing  BGP  into  EIGRP  on  the  PE.  Routing  between  R3  and  R6  is   using  EIGRP  ID  1  with  AS  200. .13 R3  is  a  CE  connected  to  PE  R2  in  VRF  Customer_B.  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide.  The  loopback  of  the  router  R3   should  be  routed  using  EIGRP  ID  1  with  AS  200  within  the  VPN  Customer_B.com.  ensure  that  it  is  not  allowed   that  an  EIGRP  route  that  has  been  distributed  into  BGP  on  R2  cannot  be  learnt   via  R6  when  BGP  is  redistributed  into  EIGRP  on  R6.  Ensure  that  you   have  IP  reachability  between  lo0  of  R9  and  lo0  of  R3.  Use  metric  1  1  1  1  1  when  redistributing  BGP  into   EIGRP  on  the  PE.15 By  using  the  extended  community  1:11  and  1:12. All rights reserved.  If  you  need  assistance  with  any  of  this  book's  content.   Task 24.14 R3  is  a  CE  connected  to  PE  R6  in  VRF  Customer_B.ipexpert.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.   Task 24.com Copyright © by iPexpert. 1)   Task 24.             59 ipexpert.

  60 ipexpert.com Copyright © by iPexpert. All rights reserved. .  You  may  also  refer   to  the  Diagram  located  within  your  configuration  files  for  topology  information.     The  topology  used  in  the  lab  will  be  the  following:       Estimated  time  to  complete:    3-­‐4  hours     Pre-Lab Setup Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol. 1)   Lab 25: Configure and troubleshoot Ipsec Virtual Private Networks   Technologies covered • GRE  tunnels   • IPsec  tunnels   • GRE  over  IPsec   • IPsec  VTIs   Overview You  have  been  tasked  to  configure  an  IPsec  encryption  on  different  connections  of  your  network.

 and  complete  the  configuration  tasks  as  detailed  below.8/24.  please  visit  our  Member  Community  at   http://community.ipexpert.  IP  address  on  R5  is  192.  use  esp-­‐3des  encryption  and  an  esp-­‐sha-­‐hmac  authentication   during  the  phase  2  negotiation.8 Between  R2  and  R9.  The  web  server  is  sending   IP  packets  with  a  size  of  1500  bytes  and  the  DF-­‐bit  set.     You have completed Lab 25 For  verification  of  your  work.168.   Use  a  hash  of  MD5  and  pre-­‐shared  key  of  “iPexpert”  during  the  phase  1  negotiation.   Task 25.  The  client  cannot  communicate  with  the  server.  Configure  the  tunnel  to   restore  connectivity  between  the  server  and  the  client.     Task 25.12 Traffic  going  from  loopback0  of  R5  to  loopback0  from  R8  should  be  encrypted  in  both   directions.  Connect  to   the  terminal  server  for  the  online  rack.4 Configure  a  GRE  tunnel  on  the  serial  connection  between  R2  and  R9.   Use  a  hash  of  MD5  and  pre-­‐shared  key  of  “iPexpert”  during  the  phase  1  negotiation.29.  You  are  not  allowed  to  use  a  dynamic  routing  protocol  or  a  default  route.     Task 25.  You  are  not  allowed  to  configure  anything  on  the  R6  router.     Task 25.168.6 There  is  a  Web  server  which  is  connected  to  a  client  and  the  traffic  is  running  over   Tunnel  1.  You  are  not  allowed  to  clear   the  DF-­‐bit  or  to  intervene  in  the  TCP  negotiation.com. 1)   This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www.   Prerequisites Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks.5/24  and  IP  address  on  R8   is  192.  use  esp-­‐des  encryption  and  an  esp-­‐md5-­‐hmac  authentication   during  the  phase  2  negotiation.  Make  sure  that  the  IP  connectivity  between  the   loopback0  of  R2  and  the  loopback0  of  R9  is  still  up  and  running.  If  you  need  assistance  with  any  of  this  book's  content.proctorlabs.     Task 25.58.1 Configure  a  LAN-­‐to-­‐LAN  IPsec  tunnel  on  the  serial  connection  between  R4  and  R3.  Use  a  GRE  over  IPsec  tunneling.     Task 25.  You  are  not  allowed  to  use  a  dynamic  routing  protocol  or  a  default  route.58.168.9/24  on  R9.10 Between  R5  and  R8.     Task 25.  Use  the  E0/1  of  R2  and  S3/0  of  R9  as  source/destination  of   the  tunnel.  a  DH  group  number  2  ans  pre-­‐shared  key  of  “  iPexpert”  during  the   phase  1  negotiation.     Task 25.2 Between  R4  and  R3.     Task 25.  use  esp-­‐3des  encryption  and  an  esp-­‐md5-­‐hmac  authentication   during  the  phase  2  negotiation.     Task 25.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.11 Create  a  VTI  on  both  ends.  Use  an   encryption  of  AES.     Task 25.7 Encrypt  the  GRE  traffic  tunnel  between  R2  and  R9.2/24  on  R2  and  an  IP  address  of   192.168.       61 ipexpert.com Copyright © by iPexpert.com.  Traffic   going  from  loopback0  of  R2  to  loopback0  of  R9  should  transit  through  this  GRE   tunnel.5 You  are  not  allowed  to  use  a  dynamic  routing  protocol  or  a  default  route. All rights reserved.  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide.29. .  The  tunnel1   interface  has  an  IP  address  of  192.     Task 25.3 Traffic  going  from  loopback0  of  R4  to  loopback0  of  R5  should  be  encrypted  in  both   directions.9 Configure  IPsec  encryption  on  the  ethernet  connection  between  R5  and  R8.

    62 ipexpert.com Copyright © by iPexpert.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol. All rights reserved.  You  may  also  refer   to  the  Diagram  located  within  your  configuration  files  for  topology  information.     The  topology  used  in  the  lab  will  be  the  following:       Estimated  time  to  complete:    3-­‐4  hours   Pre-Lab Setup Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below. 1)   Lab 26: Configure and troubleshoot IPsec Virtual Private Networks (Part 2)   Technologies covered • DMVPN  phase  1  EIGRP     • DMVPN  phase  1  OSPF   • DMVPN  phase  2  EIGRP   • DMVPN  phase  2  OSPF   • DMVPN  phase  1  with  IPSec   • DMVPN  phase  2  with  IPSec   Overview You  have  been  tasked  to  configure  an  IPsec  encryption  on  different  connections  of  your  network. .

  Make  sure  that  there  is  IP  reachability  between  the  loopback11  of  R2.0.  and  R3.6/32   Task 26.  R3.  The  tunnels  number  22  are   sourced  from  the  loopback0.  and  R6. All rights reserved.3.  and   R6.  R3.  The  tunnels  number  11  is   sourced  from  the  loopback0.4 Configure  the  following  loopbacks:   • R2   • Loopback11   • 10.3/24   • Spoke   Task 26.   Task 26.  R2.  EIGRP  should   enable  the  IP  connectivity  between  the  loopback0  of  R2.0.0.  Use  the  following  IP  addresses:   • R1   • 22.2 Configure  DMVPN  phase  1  between  R2.  Use  a  tunnel  key  of  11.0.1/24   • Hub   • R2   • 22.3 A  new  registration  request  should  be  sent  every  10  seconds.2/24   • Spoke   • R3   • 11.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.8 Configure  DMVPN  phase  1  between  R1.11.  R2.  A  registration   request  sent  by  the  spokes  to  the  NHS  should  be  kept  for  60  seconds  if  no  new   update  for  this  entry  is  received.6.  R3.  The  network-­‐ID  of  the   NHRP  network  is  11.6/24   • Hub   Task 26.0.0.2/24   • Spoke   • R3   • 22.   Prerequisites Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks.6 Secure  the  traffic  with  IPSec  on  the  DMVPN  tunnels. 1)   This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www.  The  network-­‐ID  of  the  NHRP  network  is  22.5 Configure  EIGRP  AS  11  on  the  DMVPN  tunnels.0.   Task 26.11.0.9 Authenticate  the  NHRP  network  with  an  ID  of  22  with  the  key  “iPexpert”.11.   Task 26.  and  R6.  Connect  to   the  terminal  server  for  the  online  rack.  and  R3.     Task 26.  Use  a  hash  of  MD5.   Task 26.0.  a  DH   group  number  2  and  a  wild-­‐card  pre-­‐shared  key  of  “iPexpert”  during  the  phase  1   negotiation.  and  R6.2/32   • R3   • Loopback11   • 10.  Use  the  following  IP  addresses:   • R2   • 11.  R2.0.     Task 26.com.  R3.3/32   • R6   • Loopback11   • 10.  Use   dynamic  mapping.  Use  a  tunnel  key  of  22.  configure  the  spokes  as  EIGRP   stub  and  advertise  the  loopback  11  of  each  router  with  a  network  statement.  OSPF   should  enable  the  IP  connectivity  between  the  loopback0  of  R1.1 Configure  EIGRP  AS  1  on  the  network  between  R2. .0.   Task 26.7 Configure  OSPF  process  2  area  0  on  the  network  between  R1.3/24   • Spoke   • R6   • 11.proctorlabs.  The  Hub  has  to  act  as  a  NHS.com Copyright © by iPexpert.  and  R3.2.10 Configure  the  following  loopbacks:       63 ipexpert.  and  complete  the  configuration  tasks  as  detailed  below.0.  Use  esp-­‐des  encryption  and  an  esp-­‐md5-­‐hmac  authentication  during   the  phase  2  negotiation.

17 Secure  the  traffic  with  IPSec  on  the  DMVPN  tunnels.0.com Copyright © by iPexpert.2.33. 1)   • R1   • Loopback22   • 10.1/32   • R2   • Loopback22   • 10.0.  Use  an  encryption  of  3-­‐DES   and  a  wild-­‐card  pre-­‐shared  key  of  “iPexpert”  during  the  phase  1  negotiation.3/32   Task 26.   Task 26.1/32   • R4   • Loopback33   • 10.12 Secure  the  traffic  with  IPSec  on  the  DMVPN  tunnels.  Use   esp-­‐des  encryption  and  an  esp-­‐md5-­‐hmac  authentication  during  the  phase  2   negotiation.  R3.2/32   • R3   • Loopback22   • 10.5/32   Task 26.  Make  sure  that  a  ping  from  the   loopback  33  of  R1  to  the  loopback  33  of  R5  is  always  going  through  the  hub.0.  R4.  Make  sure  that  there  is  IP  reachability  between  the  loopback22  of   R2.22.0.  Use  a  tunnel  key  of  44.5/24   • Spoke   Task 26.   Task 26.0.0.  The  tunnels  numbers  44  are   sourced  from  the  loopback0.  The  network-­‐ID  of  the  NHRP  network  is  44.0.33.  R4.  Use  the   following  IP  addresses:   • R5   • 44.0.0.7/24   • Spoke   • R8   • 44.0.16 Configure  EIGRP  process  33  on  the  DMVPN  tunnels  and  advertise  the  loopback   33  of  each  router  with  a  network  statement.  Use   esp-­‐aes  encryption  and  an  esp-­‐sha-­‐hmac  authentication  during  the  phase  2   negotiation.4/24   • Hub   • R5   • 33.  Do  not   use  dynamic  mapping.18 On  the  LAN  between  R5.1.  and  R8.  and  R8.  The  tunnels  numbers  33  are   sourced  from  the  loopback0.19 Configure  DMVPN  phase  2  between  R5.3.  OSPF  should   enable  the  IP  connectivity  between  the  loopback0  of  R5.   Task 26.  EIGRP  should  enable  the  IP   connectivity  between  the  loopback0  of  R1.   Task 26.11 Configure  OSPF  process  22  area  0  on  the  DMVPN  tunnels  and  advertise  the   loopback  22  of  each  router  with  a  network  statement.1/24   • Spoke   • R4   • 33.22.   Task 26.  and  R5.  R7.5/24   • Spoke   • R7   • 44. All rights reserved.  setup  OSPF  process  4  area  0.13 On  the  LAN  between  R1.  R4.4. .  There  should  not  be  any   DR  elected.14 Configure  DMVPN  phase  2  between  R1.1.8/24   • Hub   64 ipexpert.  and  R8.  setup  EIGRP  routing  in  named  configuration   mode  using  AS3  and  the  name  of  iPexpert.  Use  a  tunnel  key  of  33.   Task 26.  and  R6.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.  R7.  R7.  The  network-­‐ID  of  the  NHRP  network  is  33.22.  No   NHRP  configuration  should  be  done  on  the  hub.4/32   • R5   • Loopback33   • 10.  Use  an  encryption  of  AES   and  a  wild-­‐card  pre-­‐shared  key  of  “iPexpert”  during  the  phase  1  negotiation.0.0.  and  R5.15 Configure  the  following  loopbacks:   • R1   • Loopback33   • 10.  Use  the  following  IP  addresses:   • R1   • 33.  and  R5.5.33.

 The  election  of  a  DR   should  take  place  in  this  network.             65 ipexpert.   Task 26.7/32   • R8   • Loopback44   • 10.  Make  sure  that  a  ping  from  the  loopback  44  of  R7  to  the  loopback  44   of  R5  is  going  directly  from  R7  to  R5. .7.8/32   Task 26. All rights reserved.8. 1)   Task 26.       You have completed Lab 26 For  Verification  of  your  work.  If  you  need  assistance  with  any  of  this  book's  content.com Copyright © by iPexpert.  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide.com.  Use  an  encryption  of  AES.  please  visit  our  Member  Community  at   http://community.5/32   • R7   • Loopback44   • 10.  Do  not  use  OSPF  type   broadcast.44.21 Configure  OSPF  process  44  area  0  on  the  DMVPN  tunnels  and  advertise  the   loopback  44  of  each  router  with  a  network  statement.  Use  esp-­‐aes  encryption  and  an  esp-­‐sha-­‐hmac   authentication  during  the  phase  2  negotiation.   Multicast  should  be  enabled  on  the  DMVPN  tunnels.  a   DH  group  number  1  and  a  wild-­‐card  pre-­‐shared  key  of  “iPexpert”  during  the   phase  1  negotiation.20 Configure  the  following  loopbacks:   • R5   • Loopback44   • 10.  The  DR  should  always  be  on  the  hub  router.22 Secure  the  traffic  with  IPSec  on  the  DMVPN  tunnels.ipexpert.44.5.44.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.

    The  topology  used  in  the  lab  will  be  the  following:     Estimated  time  to  complete:    3  hours     Pre-Lab Setup Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below. 1)   Lab 27: Configure and troubleshoot Protocol Independent Multicast Operations (Part 1)   Technologies covered • PIM  dense  mode   • PIM  sparse-­‐dense  mode   • PIM  sparse  mode   • RPF  failure   • Accept  RP   • Accept  Register   • DR  election     • NMBA  mode   Overview You  have  been  tasked  to  configure  the  multicast  routing  reachability  in  your  network.     66 ipexpert. All rights reserved. .  You  may  also  refer   to  the  Diagram  located  within  your  configuration  files  for  topology  information.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.com Copyright © by iPexpert.

15 Ensure  that  R2  and  R3  send  registers  (*.   Task 27.   Prerequisites Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks.  Configure  the   router  R3  so  that  when  he  becomes  the  RP  for  this  multicast  group.   Configure  the  network  to  route  this  multicast  stream  from  the  source  to  the   listeners  without  the  use  of  any  RP.1.  Configure  the  OSPF   network  type  as  NBMA. .236.     Task 27.5  and  make  sure  that  you  can  ping  this   multicast  group  from  R5.9.  R6.9.  Use  network   statements.7.  Connect  to   the  terminal  server  for  the  online  rack.9 There  is  a  multicast  server  connected  on  R9  that  is  sending  a  stream  with  the  IP   address  229.  R1  is   the  ABR.3.12 Configure  R5  E0/1  to  join  229.  R2.45.1.   Task 27.  The  multicast  group  will  be   227.   Task 27.  R3   is  the  ABR.7 There  is  a  multicast  server  connected  on  R5  that  is  sending  a  stream  with  the  IP   address  225.   Task 27.  Setup  OSPF  in  area  0  in  this  DMVPN  network.1.1.7  and  the  source  is  going  to  be  the  server  10.3.  and  R3  are  in  a  hub  and  spoke  topology  where  R1  is  the  hub  and  R2  and   R3  are  the  spokes.  R4.  Use  network   statements.5.5.3.0/24  network.0/24  with  an  OSPF  cost  of  2000.  Use  the  loopback0   interface  for  the  RP  IP  address.   Task 27.7.145.0/24  network.   Task 27.  the  use  of  mroute  is  allowed.10 Make  sure  that  R1  is  the  RP  only  for  the  group  229.3.  Configure  the  network  to  route  this  multicast  stream  from  the   source  to  the  listeners  with  the  use  of  a  static  RP.   Task 27.  Use  network   statements.9.5.   Task 27. 1)   This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www.  Cost  out  the  network  10.45.com.5.16 Make  sure  that  you  can  ping  multicast  group  233.  The  use  of  mroute  is  allowed.     Task 27.  The  listeners  for  this  group  are  located  on  R5  on  network   10.     Task 27.  The  listeners  for  this  group  are  located  on  R2.  R2.  Do  not  enable  multicast  on  the   10.1. All rights reserved.163.  and  complete  the  configuration  tasks  as  detailed  below.  R3.   Task 27.3.6 Advertise  the  loopbacks  of  R6  and  R9  in  the  OSPF  process.14 Make  sure  that  R1  is  allowed  to  be  the  RP  for  the  group  233.  Shut  down  the   interface  e0/1  on  R2.0/24  network.  If  necessary.13 There  is  a  multicast  server  connected  on  R3  that  is  sending  a  stream  with  the  IP   address  233.   Task 27.9.3  from  R3.  and  R3  in  the  OSPF  process.  Cost  out  the  network  10.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.3.   Task 27.200.3 Configure  OSPF  in  area  55  on  all  the  connections  between  R1.9.  Configure  the  network  to  route  this  multicast  stream  from   the  source  to  the  listeners  with  the  use  of  a  static  RP.9.0/24.236.3.proctorlabs.     Task 27.1 R1.  Use  the   loopback0  interface  for  the  RP  IP  address.1.  Do  not  enable  multicast  on  the   10.3.3.2 Advertise  the  loopbacks  of  R1.3  only  to   the  router  R1.5 Configure  OSPF  in  area  99  on  all  the  connections  between  R2.5.9  and  make  sure  that  you  can  ping  this   multicast  group  from  R9.G)  entries  for  the  group  233.   Task 27.0/24  with  an  OSPF  cost  of  2000.  Make  sure  that  you  can  ping  from  the  loopback0  of  R2  to  the   loopback0  of  R3.17 There  is  a  plan  to  add  a  new  multicast  datastream.1.63.3.  the  only   67 ipexpert.  and  R9.4 Advertise  the  loopbacks  of  R4  and  R5  in  the  OSPF  process.   Task 27.  and  R5.8 Configure  R1  E0/0  to  join  225.9.  DMVPN  phase  2  without  IPSec  is  the  underlying  used   technology.com Copyright © by iPexpert.11 Configure  R3  to  send  the  PIM  join  message  to  the  RP  on  behalf  of  the   10.  The  listeners  for  this  group  are  located  on  R1  and  R4  only.9.

 All  other  servers  trying  to  register   this  group  should  be  denied   You have completed Lab 27 For  verification  of  your  work.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.com Copyright © by iPexpert.63.  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide.ipexpert.com.             68 ipexpert.  please  visit  our  Member  Community  at   http://community.1.200. All rights reserved.  If  you  need  assistance  with  any  of  this  book's  content. . 1)   allowed  source  is  the  IP  address  10.

.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.   Prerequisites Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks. 1)   Lab 28: Configure and troubleshoot Protocol Independent Multicast Operations (Part 2)   Technologies covered • Auto-­‐RP   • Auto-­‐RP  filtering   • Auto-­‐RP  listener   • Multiple  RP  candidates   • Multicast  boundary   • BSR   • BSR  Propagation  filtering   Overview You  have  been  tasked  to  configure  the  multicast  routing  reachability  in  your  network.     This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www.     69 ipexpert.  and  complete  the  configuration  tasks  as  detailed  below.com.com Copyright © by iPexpert. All rights reserved.     The  topology  used  in  the  lab  will  be  the  following:     Estimated  time  to  complete:    3  hours     Pre-Lab Setup Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below.  You  may  also  refer   to  the  Diagram  located  within  your  configuration  files  for  topology  information.  Connect  to   the  terminal  server  for  the  online  rack.proctorlabs.

  Task 28.1.   Task 28.169.  Auto-­‐RP  will  be  used  on  these  networks.  and  R3  in  the  EIGRP  process.3.  the  network   10.63.0/24.3.12 Configure  R1  so  that  it  never  does  send  and  receive  on  interface  E0/1  multicast   traffic  from  group  228.17 Configure  the  interface  S3/0  on  R9  to  join  the  group  229.14.  Advertise  the  loopbacks  of  R7.  Ensure  that   R6  doesn’t  receive  information  about  RPs  elected  by  PIM  bootstrap  router  process.1.69.  R2.   Task 28.3.16 R9  should  not  become  the  RP  for  routers  that  are  more  than  1  hop  away.  Make  sure  that  the   auto-­‐RP  advertisements  regarding  those  groups  are  also  filtered.1.1.2.   Task 28.   Task 28.10 Create  a  “rp-­‐announce-­‐filter”  that  makes  sure  that  R7  will  never  become  a  RP.3.228.1.229.1. 1)   Task 28.6 Enable  R1.   Task 28.   Task 28.   Task 28.13 Configure  E0/1  on  R5  to  join  the  group  228.2.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.  R2.5 Configure  PIM  on  the  networks  10.45.   and  R5  in  the  EIGRP  process  using  network  statements.4 Extend  the  EIGRP  routing  domain  to  include  the  networks  10.  and  that  R8  has  been  chosen  to  be  the  PIM  DR.1.1.   Task 28.228.  R5.0/24.2. All rights reserved.2.1.  228.1.1.  228.0/24.   Task 28.  and  check  that   you  can  ping  this  multicast  group  from  R6.   Task 28.11 Create  2  “rp-­‐announce-­‐filters”  that  make  sure  that  R8  will  only  become  the  RP  for   multicast  group    228.1.  R7.  and  R4  don’t  receive  information  about  RPs  elected  by  the  PIM   bootstrap  router  process.9 Configure  E0/1  on  R5  to  join  the  group  228.228.  Their  loopback0  should  be  used  in  the   advertisements.   Task 28.145.22.  and  R8  don’t  fall  back  to  PIM  dense  mode  for  unknown   multicast  addresses.1.  R9  has  to  be  configured  as  an  auto-­‐RP  candidate  for  all   multicast  groups.  and  that  R1  will  only  become  the  RP  for  multicast   groups    228.  R8.0/24.  and  that  R1  has  been  chosen  to  be  the  RP  for  228.1.   Task 28.0/24  and  10.  and  R8.0/24.  R4.  and  check  that  you  can  ping  this   multicast  group  from  R7.  R7.   Task 28.22 Ensure  that  R7.  and  the  network  10.1 R1.0/24.  and  228.36.3.   Task 28.     Task 28. .228.  Use  the  interfaces  that  are  always  up   on  a  router.  R7.1.1.0/24.0/24.  and  that  R9  has  been  chosen  to  be  the  RP.0/24.1.  the  network   10.com Copyright © by iPexpert.229.145.   Task 28.20 Configure  R1  as  the  primary  RP  and  configure  R3  as  a  backup  RP.   Task 28.0/24.45.63.   Task 28.  the  network  10.0/24.  and  R3  are  in  a  hub  and  spoke  topology  where  R1  is  the  hub  and  R2  and  R3   are  the  spokes.  and  R8  as  auto-­‐RP  candidates  for  the  following  multicast  groups:   228.0/24.228.  You  are  not  allowed   to  use  “ip  pim  auto-­‐rp  listener”  command.   Task 28.  and  the   network  10.229.3 Extend  the  EIGRP  routing  domain  to  include  the  network  10.   70 ipexpert.  DMVPN  phase  1  without  IPsec  is  the  underlying  used  technology.  Advertise  the  loopbacks  of  R6  and  R9  in  the  EIGRP  process   using  network  statements.1.14 Ensure  that  R1.  Make  sure  that  you  can  ping  from  the  loopback0  of  R2  to  loopback0  of   R3.1.8 R4  should  be  configured  as  the  mapping  agent.   Setup  EIGRP  AS  10  in  this  DMVPN  network.  The  loopback0  has  to  be  used  in  the   advertisements.1.0/24.21 Enable  PIM  sparse  mode  on  the  network  10.  One  of  the  two   should  be  configured  with  the  default  priority.  the  network  10.2.2.1.228.2.18 Enable  PIM  sparse  mode  on  all  interfaces  on  the  network  11.1.  R4.  Use  network   statements.2 Advertise  the  loopbacks  of  R1.228  and  check  that  you  can  ping  this   multicast  group  from  R7.2.14.  and  the   network  10.228.   Task 28.3.19 Configure  R2  as  the  BSR.1.  the  network  10.36.  and  R6  has  to  be  configured  as  the  mapping  agent.228.  R8.  Use  the  interface  that  is  always  up  on  a  router.7 Auto-­‐RP  advertisements  should  be  sent  every  5  seconds  to  R1.228.228  and  228.228.1.1.15 The  2  connections  between  R9  and  R6  have  to  be  configured  with  PIM  sparse-­‐mode   (no  PIM  sparse-­‐dense  mode).  and  228.

225.     You have completed Lab 28 For  verification  of  your  work.  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide. .  If  you  need  assistance  with  any  of  this  book's  content.           71 ipexpert.com. All rights reserved.com Copyright © by iPexpert.  please  visit  our  Member  Community  at   http://community.23 Configure  E0/1  on  R2  to  join  the  group  225.225  and  check  that  you  can  ping   this  multicast  group  from  R1. 1)   Task 28.225.ipexpert.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.

 and  complete  the  configuration  tasks  as  detailed  below. 1)   Lab 29: Configure and troubleshoot Protocol Independent Multicast Operations (Part 3)   Technologies covered • Multicast  stub  routing   • IP  IGMP  helper-­‐address   • SSM   • IGMP  filtering   • IGMP  timers   • Multicast  helper  map   • PIM  bidirectional   • Multicast  rate  limiting   Overview You  have  been  tasked  to  configure  the  multicast  routing  reachability  in  your  network.     This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www.proctorlabs. All rights reserved.  Connect  to   the  terminal  server  for  the  online  rack.     The  topology  used  in  the  lab  will  be  the  following:     Estimated  time  to  complete:    4  hours     Pre-Lab Setup Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below.com Copyright © by iPexpert.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.   Prerequisites Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks.   72 ipexpert.com.  You  may  also  refer   to  the  Diagram  located  within  your  configuration  files  for  topology  information. .

0/24  and  10.2.1.  allow   the  maximum  number  of  IGMP  states  to  be  25.1 R1.  Use  the  point-­‐to-­‐multipoint  OSPF  on  the   2  two  spokes.2.2.  R5. 1)     Task 29.com Copyright © by iPexpert.   Check  on  R6  that  the  filtering  configured  in  the  previous  question  is  working.   Task 29.   Task 29.148.  You  are  not  allowed  to  remove  the  filter   configured  in  the  previous  question.   Setup  OSPF  area  0  in  this  DMVPN  network.0/24.1.0/24.2  is  located  on  VLAN  77.2 Advertise  the  loopbacks  of  R1.  and  R3  in  the  OSPF  process.  and  consequently  not  allowed  to  build  a  PIM   adjacency  over  the  connection  between  R4  and  R7.  there  is  only  one  client  receiving  several  multicast   streams.2.13 Configure  interface  E0/1  of  R9  to  join  multicast  groups  225.  Enable  multicast  connectivity   between  this  source  and  this  receiver.  Make  sure  that  no  OSPF  neighborships  will  never  be  formed  on   those  networks.0.1.1.   Task 29.  and  R8.   Task 29.  and  R9  into  the  OSPF  area  0.2.3  only  if   it  is  sourced  from  loopback0  of  R1.   Task 29.47.  R8.99.0/24  in  the  OSPF  process.  The   backup  querier  should  become  the  querier  for  this  LAN  if  it  hasn’t  seen  a  query   packet  within  1  minute.0/24.6 Configure  IP  PIM  dense  mode  on  10.  On  R1.  Advertise  the  loopbacks  of   R4.   Task 29.  configure   statically  the  loopback0  of  R1  as  the  RP  for  all  multicast  groups.14 On  the  network  10.0.2.2  and  226.  R2.  Make  sure  that  you  can  ping  from  the  loopback0  of  R2  to  the  loopback0   of  R3.  R6.       Task 29.77.  Make  sure   that  you  can  ping  from  the  loopback0  of  R7  to  the  loopback0  of  R9.   Task 29.  As  soon  as  this  client  is  sending  an  IGMP  leave  group  message.11 R9  has  to  be  protected  from  an  IGMP  DOS  attack.3.  R4.  DMVPN  phase  1  without  IPsec  is  the  underlying  used  technology.  Use  network   statements.1.0/24.  and  R3  are  in  a  hub  and  spoke  topology  where  R1  is  the  hub  and  R2  and  R3   are  the  spokes.   Task 29.  Use  the  command  “ip  pim  neighbor-­‐filter”  on  R4.  No  PIM  adjacency  should  be  formed   over  this  connection.69.  the  router   should  immediately  stop  forwarding  this  multicast  stream  on  the  LAN  and  not  try  to   send  a  group-­‐specific  query  for  this  multicast  group.  R6.0/8.1.8 Configure  E0/1  on  R7  to  join  the  group  224.3.  and  10.0/24.  Use   network  statements.  The  receiver  of   this  multicast  stream  is  on  VLAN  10.3 Introduce  R4.1.12 R6  should  only  accept  on  the  interface  E0/1  multicast  clients  that  want  to  join  a   group  in  the  range  225.0.3.1.  Use  network  statements.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.10 Verify  that  you  can  ping  this  multicast  group  224.148.  configure  IGMP  to  send  membership  queries  every  30  seconds.0/24.236.     Task 29.7 The  source  of  the  multicast  stream  224.  R7.3  from  R1  only  when  the  ping  is   sourced  from  the  loopback0  of  R1.  R8.1.2  and  check  that  you  can  ping  this   multicast  group  from  R8.  and  R9  in  the  OSPF  process.  R5.2.3.2.4 Advertise  the  networks  10.9 Make  sure  that  E0/1  on  R5  can  receive  traffic  multicast  for  the  group  224.  10.  On  the  interface  E0/0  of  R9. All rights reserved.   73 ipexpert.5 Configure  PIM  sparse  mode  on  the  networks  10. .   Task 29.1.  R7.   Task 29.   Task 29.  R2.   Task 29.2.  R7.15 On  VLAN  136.   11.99.  Do  not  enable  PIM  on  this  interface.

22.148.17 There  is  a  server  that  is  connected  to  the  network  10.1.21 Configure  R1  to  limit  to  5M  the  bandwidth  that  the  multicast  stream  with  a   destination  of  224.0/24.1.   Task 29.0/24.0/24.7.  please  visit  our  Member  Community  at   http://community.1.22. All rights reserved.ipexpert.148.22.0/24  and  10.19 Configure  bidirectional  PIM  for  a  multicast  stream  of  224.136.22  on  the  network   11.1.  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide.1.148.7  when  crossing  the  connection  between  R2  and  R1.  The  Loopback0  of  the  R1  has  to  be  configured  as  the   RP  and  the  mapping  agent  in  this  PIM  bidirectional  setup.com Copyright © by iPexpert.     Task 29.1.   Task 29.22  can  use  out  of  the  tunnel  interface.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.     You have completed Lab 29 For  verification  of  your  work.20 Configure  R6  to  limit  to  total  bandwidth  for  multicast  traffic  to  20  M  on  all  its   interfaces  in  the  egress  direction.com.   Task 29.  IGMP  protocol  should  communicate  to  the  multicast  clients  that  they  should   report  their  group’s  membership  in  a  maximum  of  30  seconds  after  receiving  a   query.  and  the  connection   between  R3  and  R1.  If  you  need  assistance  with  any  of  this  book's  content. 1)   Task 29.22.18 The  multicast  traffic  should  be  converted  back  to  a  broadcast  when  reaching  the   network  10.7.   Task 29.  This  server  is   sending  broadcast  UDP  traffic  to  port  2500  to  a  client  connected  to  the  network   10.16 On  R9.  This  broadcast  traffic  should  be  transported  by  the  multicast  group   227.0/24.             74 ipexpert. .

com Copyright © by iPexpert.  Connect  to   the  terminal  server  for  the  online  rack.     Task 30.     This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www.proctorlabs.  You  may  also  refer   to  the  Diagram  located  within  your  configuration  files  for  topology  information.  and  R6  in  the  OSPF  process.  R4.  and  on  the  serial  connection  between  R3  and  R6.   75 ipexpert.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.   Prerequisites Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks. All rights reserved.  and  complete  the  configuration  tasks  as  detailed  below. .     The  topology  used  in  the  lab  will  be  the  following:     Estimated  time  to  complete:    3  hours     Pre-Lab Setup Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below. 1)   Lab 30: Configure and troubleshoot Protocol Independent Multicast Operations (Part 4)   Technologies covered • RPF  failure   • Multicast  BGP  extension   • BSR  propagation  filtering   • MSDP   • Catalyst  IGMP  snooping   Overview You  have  been  tasked  to  configure  the  multicast  routing  reachability  in  your  network.   R4  and  R3.com.  Advertise  the   loopbacks  of  R5.  R3.  Use  network  statements.1 Configure  OSPF  area  0  routing  on  the  ethernet  connections  between  R5  and  R4.

 Use  the  loopback  0  of  R3   as  the  RP  IP  address.10 Configure  an  iBGP  peering  between  R3  and  R6  in  AS10.   Task 30.7.6 Manipulate  this  OSPF  cost  to  ensure  that  the  direct  link  between  R5  and  R3  is  the   preferred  path  for  OSPF.   Task 30.7.7.  Do   not  enable  PIM  on  this  link.7.21 On  R1.13 Advertise  The  RP  IP  address  into  the  address-­‐family  used  for  multicast.  configure  on  the  interface  E0/0  an  IGMP  join  for  the  group  228.7.   Task 30.  Enable  OSPF  process  2  on  the  R3.   Make  sure  that  when  you  ping  from  R4  to  the  group  228.16 Configure  OSPF  area  0  routing  on  the  connection  between  R5  and  R8.   Task 30.  To  solve  the  RPF  failure.7.  the  router  R6  is   replying.17 Configure  PIM  in  sparse  mode  on  the  connection  between  R5  and  R8.2 Configure  PIM  sparse-­‐mode  on  the  ethernet  connections  between  R5  and  R4.7 Verify  that  you  cannot  ping  from  R6  to  the  multicast  group  225.  you  are  not  allowed  to  configure  ip   mroutes.7.   Verify  that  you  can  ping  from  R6  to  the  multicast  group  225.   Task 30.7.7.     Task 30.   Task 30.   Task 30.   Task 30.7.7.     Task 30.  Use  the  Physical  IP   addresses  for  the  peering’s.7.19 Separate  the  two  BSR  domains  and  make  sure  that  the  propagation  of  the  BSR   packets  is  filtered  on  the  connection  between  R5  and  R8.  and  on  the  connection  between  R1  and  R2.7.  configure  on  the  interface  E0/0  an  IGMP  join  for  the  group  228.  Use  the  Physical  IP   addresses  for  the  peering’s. .   Task 30. All rights reserved.  configure  on  the  interface  E0/0  an  IGMP  join  for  the  group  225.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.  Advertise  all   the  circuits  where  there  is  a  PIM  neighborship  into  BGP  with  network   statements.com Copyright © by iPexpert.7.   Task 30.  R4   and  R3.  and  R3  and  R6.14 Verify  that  the  feed  from  R6  to  the  multicast  group  225.18 R2  should  be  configured  as  the  BSR  and  the  RP  for  the  all  multicast  groups.  and  R5  path. 1)   Task 30.7.7.7.   Task 30.   Task 30.15 On  Cat1.  the  router  R6  and   R1  are  replying.7.7  is  again  reaching  R5   after  the  migration  from  OSPF  to  BGP.5 Configure  OSPF  area  0  routing  on  the  serial  connection  between  R5  and  R3.  Use   the  PIM  bootstrap  router  solution  to  advertise  the  RP.   Task 30.7.7  because  of   a  RPF  failure.  Use  the  loopback  0  of  R2   as  the  RP  IP  address.  R4.   Make  sure  that  when  you  ping  from  R4  to  the  group  228.4 On  R5.7.11 Configure  an  eBGP  peering  between  R4  and  R3.8 We  are  going  to  use  multicast  BGP.   Task 30.   Task 30.7.  Use  MSDP.   76 ipexpert.  Use   the  PIM  bootstrap  router  solution  to  advertise  the  RP.9 Configure  an  iBGP  peering  between  R5  and  R4  in  AS20.20 On  R6.  Remove  OSPF  from  all  the  routers  where  it  is   running  and  shut  down  the  direct  connection  between  R5  and  R3.  on  the   connection  between  R8  and  R2.3 R3  should  be  configured  as  the  BSR  and  the  RP  for  the  all  multicast  groups.  configure  the  E0/1  and  the  E0/2  interfaces  into  VLAN  12.7.12 Configure  on  each  BGP  router  an  “address-­‐family  ipv4  multicast”.  and  on  the  connection  between  R1  and  R2.   Task 30.  Use  the  Physical  IP  addresses  for   the  peering’s.  on  the   connection  between  R8  and  R2.     Task 30.

  Task 30.7.  configure  on  the  interface  E0/0  an  IGMP  join  for  the  group  229.7.179.  configure  on  the  interface  E0/0  an  IGMP  join  for  the  group  229.23 On  Cat2.7.24 Configure  R3  as  the  PIM  DR  for  the  network  10.7. .com Copyright © by iPexpert.  On   Cat2.ipexpert.     You have completed Lab 30 For  verification  of  your  work.22 As  soon  as  there  is  one  receiver  for  a  multicast  group  on  VLAN  12  connected  to   Cat1.   Task 30.       77 ipexpert.   Task 30.  and  the  E2/1  interfaces  into  VLAN  99.7.  E1/3. All rights reserved. 1)   Task 30.  this  multicast  group  stream  should  be  replicated  on  all  the  ports  in  VLAN  12   even  if  the  servers  connected  to  those  ports  are  not  multicast  listeners.  If  you  need  assistance  with  any  of  this  book's  content.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.0/24.  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide.  On   R9.7.7.25 Configure  IGMP  on  Cat2  to  prevent  R7  to  join  group  229.  please  visit  our  Member  Community  at   http://community.  verify  that  the  IGMP  filtering  configured  in  the  previous  question  is   working.  configure  the  E0/3.7.7.1.26 On  R7.   Task 30.com.

      The  topology  used  in  the  lab  will  be  the  following:     Estimated  time  to  complete:    4  hours     Pre-Lab Setup Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below.com Copyright © by iPexpert.   Prerequisites Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks. 1)   Lab 31: Configure and troubleshoot IP version 6 (Part 1)   Technologies covered • IPv6  addressing   • DMVPN  for  IPv6   • RIPng   • RIPng  prefix  filtering   • RIPng  summarization   • RIPng  offset-­‐list   • RIPng  default  route   Overview You  have  been  tasked  to  configure  the  IPv6  routing  in  your  network.proctorlabs.     78 ipexpert. All rights reserved. .  Connect  to   the  terminal  server  for  the  online  rack.com.  You  may  also  refer   to  the  Diagram  located  within  your  configuration  files  for  topology  information.  and  complete  the  configuration  tasks  as  detailed  below.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.     This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www.

1.1.  create  an  IP  host  mapping  called  R1LAN  for  the  IPv6  global  address  of  the   E0/0  of  R1.2/24   • R3   • E0/0   • 10.3/24     •   • Link  Local  Unicast   • Global  Unicast   • R1  interface  Tunnel23   • FE80:  :1   • 2001:DB8:AAAA:1:  :1/64   • R2  interface  Tunnel23   • FE80:  :2   • 2001:DB8:AAAA:1:  :2/64   • R3  interface  Tunnel23   • FE80:  :3   • 2001:DB8:AAAA:1:  :3/64   Task 31.123.  create  an  IP  host  mapping  called  R2LAN  for  the  IPv6  global  address  of  the   E0/1  of  R2.  R2. All rights reserved.123.  Check  that  you  can  ping  R2LAN  from  R1.   Task 31.  Use  the  following  addresses:   • R1   • E0/1   • 10.   Task 31.6 Configure  the  following  interfaces  to  automatically  assigned  IPv6  addresses  to   their  interfaces:   • R6   • E0/1   • R8   • E0/1   • R9   • E0/1   Task 31.2 Configure  the  following  IPv6  addresses:   •   • Link  Local  Unicast   • Global  Unicast   • R1  interface  E0/0   • EUI-­‐64  format   • 2001:DB8:BBBB:1:  :/64  EUI-­‐ 64  format   • R2  interface  E0/1   • EUI-­‐64  format   • 2001:DB8:CCCC:1:  :/64  EUI-­‐ 64  format   Task 31.5 On  R2.  Check  that  you  can  ping  R1LAN  from  R2.1.7 Enable  RIPng  with  the  identifier  “iPexpert”  on  R6.123.1 R1.com Copyright © by iPexpert.  and  R3  are  in  a  hub  and  spoke  topology  where  R1  is  the  hub  and  R2  and   R3  are  the  spokes.  R8. .   Do  not  implement  encryption. 1)   Task 31.1/24   • R2   • E0/0   • 10.   Task 31.   Task 31.4 On  R1.  Configure  the  DMVPN  phase  3  tunnel  infrastructure  for  IPv6.  Check  that  R8  can   reach  the  IPv6  global  address  that  has  been  previously  assigned  to  the  E0/1  of  R6   and  to  the  E0/1  of  R9.8 Configure  the  following  IPv6  address  on  the  connection  between  R6  and  R7:   •   • Link  Local  Unicast   • Global  Unicast   • R6  interface  E0/0   • FE80:  :1   • 2001:DB8:DDDD:1:  :6/64   • R7  interface  E0/0   • FE80:  :2   • 2001:DB8:DDDD:1:  :7/64             79 ipexpert.3 Use  RIPng  with  the  identifier  of  “iPexpert”  to  enable  IP  routing  between  the   interface  E0/0  of  R1  and  the  interface  E0/1  of  R2.  and  R9. iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.

 The  connection  R4-­‐R3  should  only  be  used  in  case  the   connection  R5-­‐R3  is  going  down.   Task 31.15 Configure  the  following  IPv6  address  on  the  connection  between  R4  and  R5:   •   • Link  Local  Unicast   • Global  Unicast   • R4  interface  E0/0   • FE80:  :1   • 2001:DB8:FFFF:1:  :4/64   • R5  interface  E0/0   • FE80:  :2   • 2001:DB8:FFFF:1:  :5/64   Task 31.     80 ipexpert.13 Configure  the  following  IPv6  address  on  the  connection  between  R3  and  R4:   •   • Link  Local  Unicast   • Global  Unicast   • R3  interface  S4/3   • FE80:  :1   • 2001:DB8:1111:1:  :3/64   • R4  interface  S4/0   • FE80:  :2   • 2001:DB8:1111:1:  :4/64   Task 31. iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.  iPexpert  and  345.9 On  R7.com Copyright © by iPexpert.12 Enable  RIPng  on  the  tunnel  interface  of  the  routerR3.  Use  an  IPv6  prefix-­‐list  called  “SUMMARYR7”.   Task 31.   Configure  R3  to  achieve  this  task. 1)   Task 31.  and  on  the  4  loopbacks  on  R7.18 Ensure  that  R4  and  R5  have  a  default  route  pointing  towards  R3.10 Enable  RIPng  with  the  identifier  of  “iPexpert”  on  the  connection  between  R6  and   R7.  You  have  to   configure  R3  only  to  complete  this  task  and  you  are  not  allowed  to  configure   static  routes.   Task 31.   on  the  connection  between  R3  and  R5.19 The  default  route  and  the  summarized  route  for  the  loopbacks  of  R7  should  be   the  2  only  RIP  process  iPexpert  entries  in  the  IPv6  routing  table  of  R4  and  R5.17 Enable  full  IPv6  connectivity  between  the  2  RIPng  domains.   Task 31.16 Enable  RIPng  with  the  identifier  of  345  on  the  connections  between  R3  and  R4. .  Ensure  that  R3  is  able  to   ping  the  IPv6  address  of  loopback4  of  R7.  and  on  the  connection  between  R4  and   R5.  configure  the  following  IPv6  loopback  addresses:   •   • Global  Unicast   • R7  interface  Loopback4   • 2001:DB8:EEEE:4:  :7/64   • R7  interface  Loopback5   • 2001:DB8:EEEE:5:  :7/64   • R7  interface  Loopback6   • 2001:DB8:EEEE:6:  :7/64   • R7  interface  Loopback7   • 2001:DB8:EEEE:7:  :7/64   Task 31.14 Configure  the  following  IPv6  address  on  the  connection  between  R3  and  R5:   •   • Link  Local  Unicast   • Global  Unicast   • R3  interface  S4/0   • FE80:  :1   • 2001:DB8:2222:1:  :3/64   • R5  interface  S4/0   • FE80:  :2   • 2001:DB8:2222:1:  :5/64   Task 31. All rights reserved.   Task 31.   Task 31.11 Ensure  that  R6  receives  from  R7  a  summary  route  encompassing  all  the   loopbacks.   Task 31.20 The  clients  on  the  VLAN  2001:DB8:FFFF:1:  :/64  should  always  be  routed  over  the   connection  R5-­‐R3.

com. All rights reserved.ipexpert.  You  may  also  refer   to  the  Diagram  located  within  your  configuration  files  for  topology  information.  and  complete  the  configuration  tasks  as  detailed  below.     This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www. .iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol. 1)   You have completed Lab 31 For  verification  of  your  work.  please  visit  our  Member  Community  at   http://community.  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide.com Copyright © by iPexpert.  If  you  need  assistance  with  any  of  this  book's  content.com.       The  topology  used  in  the  lab  will  be  the  following:     Estimated  time  to  complete:    4  hours     Pre-Lab Setup Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below.   Lab 32: Configure and troubleshoot IP version 6 (Part 2)   Technologies covered • EIGRPv6   • EIGRPv6  summarization   • EIGRPv6  default  route   • EIGRPv6  authentication   • EIGRPv6  unequal  load  balancing   Overview You  have  been  tasked  to  configure  the  IPv6  routing  in  your  network.proctorlabs.  Connect  to   the  terminal  server  for  the  online  rack.   Prerequisites 81 ipexpert.

 and  R3.123.  Check  that  you  can  ping  the  loopback0  of  R3  and  the  loopback0   of  R2  from  R8.3 Configure  the  following  loopback  IPv6  addresses:   •   • Global  Unicast   • R1  interface  lo0   • 2001:DB8:A:A:  :1/128     • R2  interface  lo0   • 2001:DB8:A:A:  :2/128   • R3  interface  lo0   • 2001:DB8:A:A:  :3/128   Task 32.  Check   that  you  can  ping  the  loopback0  of  R3  from  R6  and  R9.   Task 32.     Task 32.  Use  the  following  addresses:   • R1   • E0/1   • 10.1.  R2.   Task 32.1.123.  and  a  key-­‐string  of  “iPexpert”.   Task 32.  R2.  R2.   Task 32.4 Enable  EIGRPv6  with  an  AS  of  123  on  the  DMVPN  network  between  R1.8 On  R2.11 Configure  EIGRPv6  authentication  between  R1  and  R8.   Task 32.  Check  that  you  can  ping  the  loopback0  of   R3  from  R6  and  R9.1.  Use  a  key  chain  called   “iPexpertchain”. iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.2 Configure  an  IPv6  NHRP  authentication  of  iPexpert  and  a  NHRP  network-­‐id  of   123.  R2.  Only  a  default   route  should  be  advertised.3/24     •   • Link  Local  Unicast   • Global  Unicast   • R1  interface  Tunnel23   • FE80:  :1   • 2001:DB8:AAAA:1:  :1/64   • R2  interface  Tunnel23   • FE80:  :2   • 2001:DB8:AAAA:1:  :2/64   • R3  interface  Tunnel23   • FE80:  :3   • 2001:DB8:AAAA:1:  :3/64   Task 32.1 R1.     Task 32.5 Make  sure  that  there  is  IPv6  connectivity  between  the  loopbacks  of  R1.9 Configure  EIGRPv6  with  an  AS  of  123  on  the  LAN  2001:DB8:BBBB:1:  :/64.  and  R3  are  in  a  hub  and  spoke  topology  where  R1  is  the  hub  and  R2  and   R3  are  the  spokes.  there  should  be  no  specific  entries  for  the   loopbacks  of  R1.  Configure  the  DMVPN  phase  3  tunnel  infrastructure  for  IPv6.   Do  not  implement  encryption.  There  should  only  be  a  routing  entry  to  reach  the   summary  route  2001:DB8:A:A:  :/126.6 Configure  EIGRPv6  with  an  AS  of  123  on  the  LAN  2001:DB8:CCCC:1:  :/64.7 In  the  routing  table  of  R6  and  R9.com Copyright © by iPexpert.2/24   • R3   • E0/0   • 10.   Task 32. 1)   Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks.12 Configure  the  following  IPv6  address  on  the  connection  between  R3  and  R4:   82 ipexpert.1/24   • R2   • E0/0   • 10.   Task 32. .         Task 32.  a  key  number  of  2.  and   R3.  create  an  IPv6  static  default  route  pointing  to  Null0  and  make  sure  that   R2  will  be  the  default  router  for  all  packets  with  an  unknown  IPv6  addresses  in   the  EIGRP  domain  AS  123.  Use  the  “ipv6  summary-­‐address  eigrp”  on  R1  to   resolve  this  task.  and   R3. All rights reserved.10 The  router  R1  should  not  advertise  any  specific  networks  to  R8.123.

            83 ipexpert.14 Configure  the  following  IPv6  address  on  the  connection  between  R4  and  R5:   •   • Link  Local  Unicast   • Global  Unicast   • R4  interface  E0/0   • FE80:  :1   • 2001:DB8:FFFF:1:  :4/64   • R5  interface  E0/0   • FE80:  :2   • 2001:DB8:FFFF:1:  :5/64   Task 32.  Use  the  variance  command.16 Configure  the  following  loopback  IPv6  addresses:   •   • Global  Unicast   • R4  interface  lo0   • 2001:DB8:A:A:  :4/128     • R5  interface  lo0   • 2001:DB8:A:A:  :5/128   Task 32.  and  between  R4  and  R5. 1)   •   • Link  Local  Unicast   • Global  Unicast   • R3  interface  S4/3   • FE80:  :1   • 2001:DB8:1111:1:  :3/64   • R4  interface  S4/0   • FE80:  :2   • 2001:DB8:1111:1:  :4/64   Task 32.  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide.  the  routing  entry  towards  the  loopback  of  R5  should   contain  2  next-­‐hops.   Task 32.  one  next-­‐hop  being  R4  and  the  other  being  R5  directly.   between  R3  and  R5.17 Make  sure  that  there  is  IPv6  connectivity  between  the  loopbacks  of  R2  and  R4.  The   cost  of  the  direct  path  should  not  be  made  equal  to  the  cost  of  the  indirect  path   (via  R3).  please  visit  our  Member  Community  at   http://community.13 Configure  the  following  IPv6  address  on  the  connection  between  R3  and  R5:   •   • Link  Local  Unicast   • Global  Unicast   • R3  interface  S4/0   • FE80:  :1   • 2001:DB8:2222:1:  :3/64   • R5  interface  S4/0   • FE80:  :2   • 2001:DB8:2222:1:  :5/64   Task 32.   Task 32.com.  If  you  need  assistance  with  any  of  this  book's  content. iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.15 Configure  EIGRPv6  with  an  AS  of  345  on  the  connections  between  R3  and  R4.ipexpert. .com Copyright © by iPexpert.18 In  the  routing  table  of  R3.     You have completed Lab 32 For  verification  of  your  work. All rights reserved.

com.  Use  the  following  addresses:   84 ipexpert.proctorlabs.     This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www.  Configure  the  DMVPN  phase  1  tunnel  infrastructure  for  IPv6.     Task 33.  Do  not   implement  encryption. 1)   Lab 33: Configure and troubleshoot IP version 6 (Part 3)   Technologies covered • OSPPFv3   • OSPFv3  traffic  engineering   • OSFPv3  virtual  link   • OSPFv3  summarization   • IPv6  NAT-­‐PT   • Protocol  redistribution   Overview You  have  been  tasked  to  configure  the  IPv6  routing  in  your  network. All rights reserved.1 R1.  You  may  also  refer   to  the  Diagram  located  within  your  configuration  files  for  topology  information.       The  topology  used  in  the  lab  will  be  the  following:     Estimated  time  to  complete:    4  hours     Pre-Lab Setup Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below.   Prerequisites Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks.  and  complete  the  configuration  tasks  as  detailed  below.  and  R3  are  in  a  hub  and  spoke  topology  where  R1  is  the  hub  and  R2  and  R3   are  the  spokes. .iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.  R2.com Copyright © by iPexpert.  Connect  to   the  terminal  server  for  the  online  rack.

4.1/32   R2   lo10   2.1.3.2.  R2.1.  and  R3  use  the  loopback10  IPv4   address  as  the  OSPF  router-­‐ID.123. iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.4/32   R5   lo10   5.3/32   R4   lo10   4.5.9 Configure  the  following  IPv6  address  on  the  connection  between  R3  and  R5:   •   • Link  Local  Unicast   • Global  Unicast   • R3  interface  S4/0   • FE80:  :1   • 2001:DB8:2222:1:  :3/64   • R5  interface  S4/0   • FE80:  :2   • 2001:DB8:2222:1:  :5/64   Task 33.  and  R3.  On  R1.5.   Task 33.5 Make  sure  that  there  is  IPv6  connectivity  between  the  loopbacks  of  R1.  R2.1/24   • R2   • E0/0   • 10. All rights reserved. 1)     • R1   • E0/1   • 10. .4.   DR  election  should  not  be  taking  place.  R2.10 Configure  the  following  IPv6  address  on  the  connection  between  R5  and  R4:   85 ipexpert.5/32     •   • Link  Local  Unicast   • Global  Unicast   • R1  interface  Tunnel23   • FE80:  :1   • 2001:DB8:AAAA:1:  :1/64   • R2  interface  Tunnel23   • FE80:  :2   • 2001:DB8:AAAA:1:  :2/64   • R3  interface  Tunnel23   • FE80:  :3   • 2001:DB8:AAAA:1:  :3/64   Task 33.  Only  in  case   of  a  failure  of  the  connectivity  between  R1  and  R2.123.8 R1  should  always  route  via  R2  to  reach  network  2001:DB8:CCCC:1:  :/64.3/24   R1   lo10   1.6 Configure  the  following  IPv6  address  on  the  connection  between  R3  and  R2:   •   • Link  Local  Unicast   • Global  Unicast   • R2  interface  E0/1   • FE80:  :1   • 2001:DB8:CCCC:1:  :2/64   • R3  interface  E0/1   • FE80:  :2   • 2001:DB8:CCCC:1:  :3/64   Task 33.2.2 Configure  an  IPv6  NHRP  authentication  of  “iPexpert”  and  a  NHRP  network-­‐id  of  123.   Task 33.   Task 33.       Task 33.1.2/32   R3   lo10   3.123.   Task 33.4 Enable  OSPFv3  process  99  in  area  0  on  the  DMVPN  network  between  R1.7 Enable  OSPFv3  process  99  in  area  0  on  the  network  2001:DB8:CCCC:1:  :/64.   You  have  to  configure  R1  to  achieve  this  task.  should  the  path  via  R3  be  chosen.2/24   • R3   • E0/0   • 10.com Copyright © by iPexpert.3 Configure  the  following  loopback  IPv6  addresses:   •   • Global  Unicast   • R1  interface  lo0   • 2001:DB8:A:A:  :1/128     • R2  interface  lo0   • 2001:DB8:A:A:  :2/128   • R3  interface  lo0   • 2001:DB8:A:A:  :3/128   Task 33.  and  R3.1.1.3.

.  configure  RIPng  with  an  ID  of  48  on  the  connection  between  R4   and  R8. iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.  R2.   Task 33.11 Configure  the  following  loopback  IPv6  addresses:   •   • Global  Unicast   • R5  interface  lo0   • 2001:DB8:A:A:  :5/128     • R4  interface  lo0   • 2001:DB8:A:A:  :4/128   Task 33.15 Configure  the  following  IPv6  address  on  the  connection  between  R1  and  R8:   •   • Link  Local  Unicast   • Global  Unicast   • R1  interface  E0/0   • FE80:  :1   • 2001:DB8:BBBB:1:  :1/64   • R8  interface  E0/1   • FE80:  :2   • 2001:DB8:BBBB:1:  :8/64   Task 33. 1)     •   • Link  Local  Unicast   • Global  Unicast   • R5  interface  E0/1   • FE80:  :1   • 2001:DB8:FFFF:1:  :5/64   • R4  interface  E0/0   • FE80:  :2   • 2001:DB8:FFFF:1:  :4/64       Task 33.  and   on  R1  advertise  a  single  summary  network  encompassing  all  the  4  loopbacks.   Task 33.  loopback9.  R3.  configure  EIGRPv6  in  AS  78  on  the  connection  between  R8  and  R7.   Task 33.  R4.   Task 33.20 On  R4  and  on  R8.   Task 33.17 On  R8.   and  R5.18 On  R8.     Task 33.13 Enable  OSPFv3  process  99  in  area  44  on  the  network  2001:DB8:FFFF:1:  :/64.  and  loopback11.  loopback10.  configure  the  following  loopback  IPv6  addresses:   •   • Global  Unicast   • R8  interface  lo8   • 2001:DB8:F:F:8000:  :8  /80   • R8  interface  lo9   • 2001:DB8:F:F:9000:  :8/80   • R8  interface  lo10   • 2001:DB8:F:F:A000:  :8/80   • R8  interface  lo11   • 2001:DB8:F:F:B000:  :8/80   Task 33.com Copyright © by iPexpert.14 Make  sure  that  there  is  IPv6  connectivity  between  the  loopbacks  of  R1.12 Enable  OSPFv3  process  99  in  area  55  on  the  network  2001:DB8:2222:1:  :/64. All rights reserved.19 Configure  the  following  IPv6  addresses:   •   • Link  Local  Unicast   • Global  Unicast   • R8  interface  E0/0   • FE80:  :1   • 2001:DB8:4444:1:  :8/64   • R8  interface  S3/0   • FE80:  :1   • 2001:DB8:5555:1:  :8/64   • R7  interface  S3/0   • FE80:  :2   • 2001:DB8:5555:1:  :7/64   • R7  interface  E0/1   • FE80:  :1   • 2001:DB8:7777:1:  :7/64   • R4  interface  E0/1   • FE80:  :2   • 2001:DB8:4444:1:  :4/64   Task 33.   86 ipexpert.16 Enable  OSPFv3  area  88  on  the  connection  between  R1  and  R8.21 On  R8  and  on  R7.  enable  OSPFv3  on  loopback8.

      You have completed Lab 33 For  verification  of  your  work.  Configure  the  following   IP  addresses:   • R5  E0/0   • 10.  you  should  be  able  to  IPv6   ping  lo0  of  R2  from  the  router  R7.com Copyright © by iPexpert.  the  OSPFv3  routing   domain.   Task 33.24 The  IPv4  protocol  is  running  on  the  LAN  between  R5  and  R6.56.  and  the  EIGRPv6  routing  domain.1. iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.  The  rest  of  the  configuration   should  be  performed  on  R5.5/24   • R6  E0/0   • 10.   You  are  allowed  to  configure  a  static  route  on  R3.56. .56.  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide.1. 1)   Task 33.1.26 Make  sure  that  you  can  ping  IPv6  2001:DB8:6666:1:  :6  from  all  the  loopbacks  0  in  the   routing  domain.6  by  using  the  IPv6  address  2001:DB8:6666:1:  :6.   Task 33.  please  visit  our  Member  Community  at   http://community.  you  should  be  able  to  ping  the  IP  address   2001:DB8:4444:1:  :8/64  from  the  router  R3.   Task 33.com.  and  you  should  be  able  to  ping  the  IP   address  2001:DB8:4444:1:  :8/64  from  the  router  R7.ipexpert.6/24     Task 33.22 EIGRPv6  in  AS  78  should  also  running  on  the  interface  E0/1  of  R7.  If  you  need  assistance  with  any  of  this  book's  content.25 R3  should  be  able  to  ping  10.         87 ipexpert. All rights reserved.23 Ensure  IPv6  connectivity  between  the  RIPng  routing  domain.  In  particular.

  Prerequisites Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks. All rights reserved.     The  topology  used  in  the  lab  will  be  the  following:       Estimated  time  to  complete:    2  hours     Pre-Lab Setup Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below.  Connect  to   the  terminal  server  for  the  online  rack.   88 ipexpert. .  You  may  also  refer   to  the  Diagram  located  within  your  configuration  files  for  topology  information.  and  complete  the  configuration  tasks  as  detailed  below.proctorlabs.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.com Copyright © by iPexpert. 1)   Lab 34: Configure and Troubleshoot Quality of Service Mechanisms (Part 2)   Technologies covered • Classification  and  marking   • Bandwidth  percent   • LLQ   • WRED   • Dynamic  flows   • ECNs   Overview Voice  over  IP  will  be  deployed  in  your  network  and  you  have  been  tasked  to  configure  QOS  in  your   network.com.     This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www.

 128  should  be  allowed  to  be  created  and  WRED  should  begin  to  random-­‐drop   in  a  flow  when  the  queue  of  this  flow  contains  more  than  8  packets.6 On  the  interface  S3/0  of  R6.  configure  the  minimum  possible  queue  size.  The  goal  of  this  marking  is  to  trigger  the  receiver   to  suggest  the  source  to  decrease  the  TCP  window  size.  Instead  of   randomly  beginning  to  drop  packets.     Task 34.5 In  order  to  slow-­‐down  TCP  traffic  in  case  of  congestion.  some  packets  in  the  default   queue  should  be  randomly  dropped  before  the  queue  is  getting  full  and  tail-­‐ dropping.  a  class  called  SQL  should  be  created   for  traffic  with  destination  ports  in  the  TCP  range  1433  1434  and  a  class  called   OFFICE_BOSS  should  be  created  for  traffic  originated  from  the  LAN  10.  WRED  should  be  configured  to  mark  the  packet   that  was  supposed  to  be  dropped.  Enable  WRED  to  take  into  account  the  DSCP  field.  configure  a  hold  queue  of  200  packets.10 The  TCP  hosts  that  are  transiting  on  the  connection  between  R3  and  R4  are   supporting  ECN.  configure  a  policy-­‐map  called  TRAFFIC_COLOURING.  1  out  of  5   packets  should  be  randomly  dropped.       You have completed Lab 34 For  verification  of  your  work.  the  SQL  traffic  should  have  30%  of  the  bandwidth  reserved  and   the  OFFICE_BOSS  traffic  should  have  20%  of  the  bandwidth  reserved.11 On  the  connection  between  R6  and  R9. All rights reserved.  and  the   OFFICE_BOSS  with  the  DSCP  AF21.   Task 34.  A  class  called  VOICE  should  be  created  for  traffic  with   destination  ports  in  the  RTP    range  32512  32768.  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide.  This  policy-­‐map  should   mark  the  VOICE  traffic  with  the  DSCP  EF.  10%  of  the   bandwidth  is  allocated  to  VOICE  traffic.  enable  WRED  to  begin  to  randomly  drop  packets  with   the  IP  precedence  of  3  when  the  queue  contains  20  packets  and  to  tail-­‐drop  when   the  number  of  packets  in  the  queue  reaches  more  than  30  packets.   Task 34.com Copyright © by iPexpert.   Task 34.       89 ipexpert.0/24.  The  remaining  unclassified  traffic  should  have  the   DSCP  field  reset  to  0.7 On  the  interface  S3/0  of  R6.  configure  WRED  to  create  a  queue  for  each   flow.   Task 34.   Task 34.  ensure  that  packets  with  a  DSCP  of  AF21  begin  to  be   randomly  dropped  when  the  queue  contains  100  packets  and  to  tail-­‐drop  when  the   number  of  packets  in  the  queue  reach  more  than  200  packets.4 In  case  of  congestion.222.ipexpert.  The  Voice  traffic   should  be  prioritized  before  any  other  traffic  in  case  of  congestion.   Task 34.     Task 34.8 On    the  interface  S4/0  of  R4. .2 On  R6.     Task 34.3 On  the  WAN  link  between  R3  and  R6. 1)     Task 34.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.com.  please  visit  our  Member  Community  at   http://community.   Task 34.  the  SQL  traffic  with  the  DSCP  AF31.9 On  the  interface  S4/0  of  R3.1.  If  you  need  assistance  with  any  of  this  book's  content.1 R2  is  a  customer  managed  CE  and  R6  is  the  entry  point  to  the  service  provider.  1  out  of  10  packets   should  be  randomly  dropped.  a  QOS  policy  will  be  enforced.  The   traffic  received  on  the  E0/0  is  untrusted  and  should  be  re-­‐marked  when  entering  the   service  provider  network.

proctorlabs.   Prerequisites Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks.  Connect  to   the  terminal  server  for  the  online  rack.     90 ipexpert. All rights reserved. .iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.com.     The  topology  used  in  the  lab  will  be  the  following:       Estimated  time  to  complete:    2  hours     Pre-Lab Setup Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below.  You  may  also  refer   to  the  Diagram  located  within  your  configuration  files  for  topology  information.  and  complete  the  configuration  tasks  as  detailed  below. 1)   Lab 35: Configure and Troubleshoot Quality of Service Mechanisms (Part 3) Technologies covered • Traffic  shaping   • Policing   • Hierarchical  policers     • Percent-­‐based  policers   • Header  compression   • NBAR   Overview You  have  been  tasked  to  configure  QOS  in  your  network.     This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www.com Copyright © by iPexpert.

 Traffic  not  matching  any  access-­‐list  should  be  shaped  to  100  kbps.  Make  sure  that  R9  reflects  back  to  R6  the  FECNs  that  he   received.  CLASS1  should  be  policed  to  20  kbps   and  CLASS  2  should  be  policed  to  50  kbps.  and  packets  that  violate  are  dropped.   Task 35.  The  service-­‐policy   Serial_Policy_Child  has  two  classes  called  CLASS1  and  CLASS2.  When  a  BECN  is  received  on  this  interface.3 Class  BRONZE  can  obtain  throughput  up  to  a  peak  of  512  kbps  if  enough  bandwidth  is   available.6 On  R3  and  R6.  in  the  policy-­‐map  called  Serial_policy1.  Enable  RTP   header  compression  on  this  connection.  Packets  that  belong  to  neither  AF32  nor  AF33  are   re-­‐marked  with  a  DSCP  of  AF12.   Task 35.13 Consider  that  the  connection  between  R3  and  R4  is  a  satellite  link.101  of  R2.8 On  R3  and  R6.     Task 35.5 On  the  interface  E0/1.12 On  the  WAN  link  between  R3  and  R5.  This  policy-­‐map  is   used  to  police  the  traffic  to  100  kbps.  Under  congestion.   Task 35.10 Create  a  policy-­‐map  called  Serial_Policy_Child  and  enforce  this  QOS  policy  on  the   traffic  that  has  already  been  policed  in  the  previous  question.  add  the  following  classes:    the   class  called  CUSTOMER1  is  matching  IP  DSCP    CS4  and  the  class  called  CUSTOMER2  is   matching  IP  traffic  with  a  destination  TCP  port  of  69.  CLASS1  is  matching   UDP  traffic  and  CLASS2  is  matching  TCP  traffic.1 On  the  WAN  link  between  R3  and  R6.  configure  traffic-­‐shaping.  This  policy-­‐map   is  used  to  police  the  traffic  to  a  CIR  of  60%  of  the  available  bandwidth  and  to  a  PIR  of   90%  of  the  available  bandwidth.  a  class  called  SILVER   matching  DSCP  AF31  has  256  kbits/s  reserved.  Packets  that   conform  are  sent. .  and   packets  that  violate  are  dropped.  Limit  the  egress  TCP  traffic   for  destination  port  80  to  1  kbps  and  the  egress  TCP  traffic  for  destination  port  443   to  300  kbps.  configure  PPP  encapsulation  and  enable  RTP   enhanced  header  compression.  in  the  class  called  CUSTOMER1.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.  This  QOS  policy  has  only  the  class  default.   Task 35.  This  QOS  policy  has  3  classes  of  service.   Task 35.  enforce  a  QOS  policy  using  a  policy-­‐map  called   Serial_Policy_Percentage.  and  a  class  called  GOLD  matching   DSCP  EF  has  512  kbits/s  reserved.  a  class   called  BRONZE  matching  DSCP  AF21  has  256  Kbits/s  reserved.  This  QOS  policy  has  only  the  class  default.  packets  that  exceed  are  re-­‐marked  with  a  COS  of  0  and   transmitted.  in  the  class  called  CUSTOMER2.9 On  the  WAN  link  between  R3  and  R4.  Packets   marked  with  a  DSCP  of  AF32  and  AF33  that  conform  are  sent.7 On  R3  and  R6.  Create  a  class-­‐map  called  AF3233. 1)   Task 35.2 Class  SILVER  has  to  be  shaped  to  512  kbits/s  with  a  normal  burst  size  of  2048  bits.11 On  the  WAN  link  between  R3  and  R5.   Task 35.com Copyright © by iPexpert.     91 ipexpert.   Task 35.  packets  with  a  DSCP  of   AF32  and  AF33  that  exceed  are  re-­‐marked  with  DSCP  of  AF11  and  transmitted.  police  the  traffic  to  a  CIR  of  128  kbps   with  a  Bc  of  1500  bytes  and  a  PIR  of  256  kbps  with  a  Be  of  4500  bytes.  Limit  the  egress  traffic  to  512   kbps.   Task 35.  the  traffic  should  be  shaped  to  a   minimum  of  32  kbps.  enforce  a  QOS  policy  using  a  policy-­‐map  called   Serial_Policy_Parent.   Task 35.   Task 35.  police  the  traffic  to  a  CIR  of  64  kbps   with  a  Bc  of  1500  bytes  and  a  PIR  of  128  kbps  with  a  Be  of  3000  bytes.  configure  traffic-­‐shaping.   Task 35. All rights reserved.  enforce  a  QOS  policy  using  a  policy-­‐map  called   Serial_Policy1.4 On  the  interface  S3/0  of  R6.

 URL  class  is   matching  HTTP  traffic  that  contains  a  URL  of  /iPexpert  is  policed  to  512  kbps. 1)   Task 35.  enforce  a  QOS  policy  using  a  policy-­‐map  called   Serial_Policy_NBAR  on  R6. .com Copyright © by iPexpert.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.com.     You have completed Lab 35 For  verification  of  your  work.                                         92 ipexpert.  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide.  If  you  need  assistance  with  any  of  this  book's  content.  This  QOS  policy  has  2  classes  called  LOTUS  and  URL.  please  visit  our  Member  Community  at   http://community.   LOTUS  class  is  matching  Lotus  notes  traffic  and  is  shaped  to  512  kbps.ipexpert.14 On  the  link  between  R6  and  R2. All rights reserved.

2.     Estimated  Time  to  Complete:    3-­‐4  hours   Pre-Lab Setup Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below.   General Rules You  will  need  to  pre-­‐configure  the  network  with  the  base  configuration  files.115.proctorlabs.     NOTE:    Static/default  routes  are  NOT  allowed  unless  otherwise  stated  in  the  task.   making   it   much  easier  when  you  step  into  the  real  lab.2.   NOTE:    You  can  use  “cisco”  for  any  password  if  other  password  was  not  explicitly  mentioned  in  the   question.     It   is   recommended   to   create   your   own   diagram   at   the   beginning   of   each   lab   so   any   potential   information   you   find   useful   during   your   preparations   can   be   reflected   on   this   drawing.2/24   •   • 2010:0:117::2/64   • Loop0   • 2.  You  may  also  refer   to  the  Diagram  located  within  your  configuration  files  for  topology  information.  Connect  to   the  terminal  server  for  the  online  rack.3. All rights reserved.0. 1)   Lab 36: Security Part I Overview Please   look   at   the   provided   diagrams   and   read   through   the   whole   lab   before   you   start.1.com Copyright © by iPexpert.1/24   • 1::1/64   • R3   • F0/1   • 115   • 10.2/24   • 2::2/64   93 ipexpert.3/24   •   • 2010:0:115::3/64   • Loop0   • 3.     Multiple  topology  drawings  are  available  for  this  chapter.117.3.2/24   •   •   • 2010:70:70::2/64   • F0/1   • 117   • 10.41. .  and  complete  the  configuration  tasks  as  detailed  below.41.com.1.1/24   •   • 2172:41:41::1/64   • Loop0   • 1.     This   concept   is   very   important  when  you  take  the  CCIE  lab  administered  by  Cisco.   Prerequisites Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks.     • Device   • Port   • VLAN   • IP  Address   • R1   • G0/0   • 41   • 172.     Read   the   directions   very   carefully   to   make   sure   you   are   doing   what   is   being   asked   of   you.70.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.70.0.     This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www.3/24   • 3::3/64   • R2   • F0/0   • 70   • 10.

All rights reserved.10.1 AAA   • Configure  R1  for  AAA. 1)   • R9   • F0/1   • 41   • 172.11.10.90).115   • 115   • 10.11.9/24   •   •   • 2010:10:11::9/64   • Loop0   •   • 9.0.115.117.10.8/24   •   • 2010:0:117::8/64   • Loop0   • 8.   • Protect  RADIUS  communication  using  key  “iPexpert”.9.70.41.8/24   •   •   • 2010:10:11::8/64   • G0/0.  RADIUS  traffic  should  be   sent  using  new  port  numbers.8/24   •   •   • 2010:0:115::8/64   • G0/0.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.   • Users  who  telnet  to  this  device  should  be  authenticated  by  the  default  method   list  using  a  line  password  (“iPexpert”).   94 ipexpert.8. .  Console  line  should  not  be  affected.com Copyright © by iPexpert.11.0.70.9/24   •   •   • 2172:41:41::9/64   • F0/0   • 101   • 10.9/24   •   •   • 9::9/64   • R8   • G0/1   • 101   • 10.41.9.8/24   •   • 8::8/64   • CAT4   • SVI70   • 70   • 10.117   • 117   • 10.   • PPP  authentication  requests  should  be  authenticated  using  RADIUS  server   (10.8.140/24           Task 36.

  respectively.   • Create  a  local  user  account  “netops”  who  should  be  able  to  do  the  following:   o Access  all  “show”  commands  except  for  any  “show  crypto”  command. .   • When  “secops”  issues  the  “enable”  command  he  should  be  automatically  given   Privilege  Level  access  without  prompting  for  password.   • Create  a  local  user  account  “secops”  who  should  be  able  to  do  the  following:   o Access  all  “show  crypto”  commands.com”.   o Configure  any  “crypto”  command  in  the  global  config  mode.   • Use  “iPexpert”  as  a  password  for  all  views.5 Traffic  Filtering  –  Standard  ACLs   • R8  is  configured  with  the  following  loopback  networks:   95 ipexpert.   • Enable  accounting  for  network  traffic  –  records  should  be  kept  for  when  a  session   initiates  and  when  it  terminates.     Task 36.2 Local  Authentication  &  Authorization   • Enable  SSH  on  R3.   • Users  “admin”  and  “secops”  should  be  still  assigned  to  privilege  levels  15  and  8.   • User  “secops”  should  be  able  to  access  the  following  commands:     o show  running-­‐config   o configure  terminal   o ip  routing   o ip  route   • User  “admin”  should  have  access  to  all  commands.     Task 36.3 AAA  EXEC  Authorization   • Remove  local  authentication  on  R3.   • Create  another  user  account  -­‐  “ops”.   • Create  a  local  user  account  “administrator”  who  should  be  given  access  to  all   commands.  Enable  AAA.   o Issue  “ping”  and  “telnet”.   • When  someone  authenticates  as  “secops”  he/she  should  be  placed  at  level  8.  This  person  should  be  always  able  to  do   what  “netops”  and  “secops”  can  do.   • Make  sure  that  enable  password  is  MD5-­‐encrypted.   • Anyone  who  knows  enable  password  (“cisco”)  should  be  able  to  access  Privilege   Level.  Use  domain-­‐name  “ipexpert.   • Don’t  use  AAA  to  accomplish  this  task. 1)   • Network  access  should  be  authorized  –  if  RADIUS  is  down  authorization  should   succeed  for  authenticated  users.com Copyright © by iPexpert.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.   • When  “admin”  connects  to  R3  remotely  via  SSH  it  should  be  automatically  placed   at  level  15  after  successful  authentication. All rights reserved.   • Create  two  local  user  accounts  –  “admin”  and  “secops”.     Task 36.  after  successful  authentication.   o Configure  any  dynamic  routing  protocol.   • Don’t  use  any  default  method  lists  in  this  task.     Task 36.4 AAA  with  CLI  Views   • Configure  R2  for  CLI  Views  using  AAA.

.9 Traffic  Filtering  –  Reflexive  Access-­‐Lists   96 ipexpert.   o R1  acts  as  a  Telnet.6/32   • R1  should  be  configured  to  drop  &  log  packets  sourced  from  those  addresses   using  a  Standard  ACL.   o UDP-­‐based  traceroute  (IOS)  to  any  destination  –  use  a  single  ACL  line.   • Permit  and  log  all  IPv4  DNS  traffic  (TCP  and  UDP)  to  R8’s  Loopback0  and  12.111.   • All  routers  should  be  able  to  reach  R3  only  from  interfaces  configured  with  odd   IPv4  addresses.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.   • November  11.  same  as  all  ICMPv6  packets.   • All  other  traffic  should  not  be  affected.   o Deny  all  IPv6  packets  with  a  missing  or  unknown  L4  information.   o Routers  R2.  Allow  the  following  traffic:   o OSPFv2  –  be  very  specific  here.  Ensure  that  no  traffic  is   allowed  to  the  above  mentioned  loopbacks  for  the  entire  day.  This  Includes  encrypted  traffic.  Make  sure  you  see  a  log  message  for   every  packet  dropped  by  this  entry.14.  and  R8  should  be  able  to  ping  all  interfaces  of  R1  (regardless   of  the  TTL  in  the  packets).     Task 36.   Include  source  MAC  address  in  the  logs.7 Traffic  Filtering  –  Time  Ranges  &  Object-­‐Groups   • All  web  traffic  destined  to  R8’s  Loopback  12.   Task 36.   o All  TCP  segments  destined  to  R1’s  Loopback  44  but  only  with  SYN  and  ACK  bits   set  and  FIN  bit  being  not  set.  Web  and  SQLNET  (TCP  1521)  server  –  permit  this  traffic   only  to  its  loopback0  in  a  single  ACL  line.  This  ACL  should  have  as  few  entries  as  possible  with  a   minimum  overlap.  R9.     Task 36.111. All rights reserved.2/32   o 111.111.   o Make  sure  OSPFv3  adjacencies  are  not  affected.  Use  a  single  ACL  entry  to  configure  this. 1)   o 111.111.   • Block  all  IPv4  and  IPv6  fragments  coming  to  F0/1  on  R2  –  don’t  use  an  access-­‐list   to  accomplish  that.     Task 36.   o All  IP  packets  with  any  source  and  destination  with  a  TTL  0-­‐253  and  255  (in  a   single  ACL  line).111.111.  R1  should  be  able  to  ping  all  routers  except  R3  as   well.  and  16  interfaces  should  be   denied  during  business  hours  Mon-­‐Fri  9am-­‐5pm.8 Traffic  Filtering  –  IP  Fragments   • Modify  an  ACL  from  the  previous  task  to  block  all  IPv4  fragments  regardless  of  the   time/date.4/32   o 111.   • Traffic  sourced  from  other  IPv4  addresses  should  be  dropped.com Copyright © by iPexpert.   • Implement  this  using  a  Standard  ACL  with  a  single  “deny”  entry.6 Traffic  Filtering  –  Extended  ACLs   • Configure  an  IPv4  ACL  on  R9’s  F0/0  inbound.   • Deny  and  log  all  other  IPv4  &  IPv6  traffic.  2014  has  been  declared  a  no-­‐work  day.   • Configure  an  IPv6  ACL  on  R9’s  F0/0  inbound  in  the  following  way:   o Allow  Telnet  to  R1’s  Loopback  0.   o Deny  all  IPv6  packets  with  Routing  Extension  Header.

 If  you  need  assistance  with  any  of  this  book's  content.12 Unicast  Reverse  Path  Forwarding  (URPF)   • Enable  Loose  Mode  uRPF  on  R8.2.  please  visit  our  Member  Community  at   http://community. .       Task 36.3.         97 ipexpert.com Copyright © by iPexpert.168.   You have completed Lab 36 For  verification  of  your  work.   • Sessions  longer  than  30  minutes  require  re-­‐authentication.   • Don’t  use  a  default  route  when  uRPF  decisions  are  made.  and  SSH.     Task 36.2.   • Use  Reflexive  Access-­‐Lists.  ICMP.   • Packets  received  with  unknown  sources  should  be  dropped.   • Only  allow  OSPF.   • Use  PBR  to  accomplish  that.   • An  exception  to  this  policy  is  packets  coming  from  192.  and  Telnet  inbound  on  F0/1.11 Policy-­‐Based  Routing   • Telnet  traffic  sourced  from  R2’s  loopback0  destined  to  3.   • Users  will  be  authenticating  using  Telnet  to  2.   • AAA  should  be  already  enabled  on  this  device  (from  one  of  the  previous  tasks).0/24  –  they  should   be  allowed  and  logged.   • Sessions  should  not  be  idle  for  more  than  2  minutes.1.ipexpert. 1)   • Users  at  VLAN  70  should  be  allowed  through  R2  to  any  destination  when  using   WWW.  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide.   • A  valid  local  user  account  for  this  task  is  “intuser”  with  password  “cisco”.3  should  be   blackholed  on  R8.3.com.   • Return  traffic  should  be  allowed  dynamically.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.  Dynamic  entries  should  timeout   after  a  minute. All rights reserved.     Task 36.10 Dynamic  (Lock  &  Key)  Access-­‐Lists   • You  decided  that  traffic  originating  in  VLAN  70  should  be  allowed  through  R2  only   for  authenticated  users.2  over  port  3023.  Telnet.

41.     This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  our  partner  Proctor  Labs   (www. .2/24   •   •   • 2010:70:70::2/64   • F0/1   • 117   • 10.70. 1)   Lab 37: Security Part II   Overview Please   look   at   the   provided   diagrams   and   read   through   the   whole   lab   before   you   start.117.1.     Multiple  topology  drawings  are  available  for  this  chapter.41.     It   is   recommended   to   create   your   own   diagram   at   the   beginning   of   each   lab   so   any   potential   information   you   find   useful   during   your   preparations   can   be   reflected   on   this   drawing.1/24   •   • 2172:41:41::1/64   • Loop0   • 1.3.2/24   98 ipexpert.  Use  IP  Addressing  Table.     NOTE:    Static/default  routes  are  NOT  allowed  unless  otherwise  stated  in  the  task.0.com Copyright © by iPexpert.com).2.1.2/24   •   • 2010:0:117::2/64   • Loop0   • 2.proctorlabs.     General Rules You  will  need  to  pre-­‐configure  the  network  with  the  base  configuration  files.  Lab  Diagram.     This   concept   is   very   important  when  you  take  the  CCIE  lab  administered  by  Cisco.3/24   •   • 2010:0:115::3/64   • Loop0   • 3.3.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.     NOTE:    You  can  use  “cisco”  for  any  password  if  other  password  was  not  explicitly  mentioned  in  the   question.com  and  load  the  initial  Configuration. All rights reserved.       Estimated  Time  to  Complete:    2-­‐3  hours     Pre-Lab Setup Please  login  to  your  Security  vRack  at  ProctorLabs.  and  the  Physical  Topology.  Connect  to  the  terminal  server  and  complete  the  configuration  tasks  as   detailed  below   Prerequisites Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks     • Device   • Port   • VLAN   • IP  Address   • R1   • G0/0   • 41   • 172.3/24   • 3::3/64   • R2   • F0/0   • 70   • 10.115.1/24   • 1::1/64   • R3   • F0/1   • 115   • 10.   making   it   much  easier  when  you  step  into  the  real  lab.     Verify  basic  L2/L3  connectivity.0.70.2.     Read   the   directions   very   carefully   to   make   sure   you   are   doing   what   is   being   asked   of   you.

8.11.8.   • The  Slammer  worm  propagates  over  UDP  port  1434  and  its  packets  are  exactly   404B  long.8  (R8).41.115.9.     99 ipexpert.9. 1)   •   • 2::2/64   • R9   • F0/1   • 41   • 172.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.41.10.117   • 117   • 10.com Copyright © by iPexpert.8/24   •   • 8::8/64   • CAT4   • SVI70   • 70   • 10.0.140/24     Task 37.0.   • In  the  same  policy  all  HTTP  packets  with  string  “attack”  in  the  URL  should  be   dropped  but  only  when  traffic  is  going  to  a  WWW  server  8.70.1 NBAR   • Using  NBAR  create  and  apply  a  policy  outbound  on  R2’s  F0/1  to  drop  the   Slammer  worm  traffic.8.9/24   •   •   • 2010:10:11::9/64   • Loop0   •   • 9.8.70.9/24   •   •   • 9::9/64   • R8   • G0/1   • 101   • 10.8/24   •   •   • 2010:0:115::8/64   • E0/0.117.115   • 115   • 10.8/24   •   •   • 2010:10:8::8/64   • G0/0.   • The  string  should  be  case  insensitive. All rights reserved.8/24   •   • 2010:0:117::8/64   • Loop0   • 8. .11.9/24   •   •   • 2172:41:41::9/64   • F0/0   • 101   • 10.10.

  • Several  DoS  attacks  took  place  recently  targeted  at  those  devices. 1)   Task 37.  or  when  a   total  number  of  half-­‐open  sessions  exceed  300.  and  the   time  of  day.     Task 37.100.70.   • Use  a  technology  that  examines  IPv4  and  IPv6  packets.     Task 37.   • If  a  number  of  connection  attempts  within  the  last  minute  exceed  100.6 Packet  Logging   • Configure  R1  to  send  all  logged  messages  to  a  Syslog  server  located  at   10.  R2  should  start   randomly  dropping  them.  the  sessions  should  be  reset   faster  -­‐  after  10  seconds.     Task 37.5 TCP  Intercept  Passive  Mode   • There  are  some  other  TCP  servers  that  were  recently  attacked  with  large  amount   of  spoofed  SYN  requests  (3. .   • Make  sure  router  stops  managing  the  sessions  after  40  minutes  of  inactivity. All rights reserved.4 TCP  Intercept   • There  are  multiple  servers  in  VLAN  70  hosting  various  TCP-­‐based  applications.   • Also  implement  a  policy  for  peer-­‐to-­‐peer  traffic  :     o All  clear-­‐text  packets  should  be  rate-­‐limited  to  200kbps.   • If  the  total  number  of  half-­‐open  connections  reaches  400.   • Enable  classification  of  IPv6  traffic  that  is  carried  over  Teredo  tunnels.   • Use  facility  type  local1.3 NBAR  Protocol  Discovery   • Enable  NBAR  Protocol  Discovery  on  R9’s  F0/0.     Task 37.   o All  encrypted  traffic  should  be  dropped.1  and  they  should  be  rate-­‐ limited  to  200  per  second  except  for  Sev  1  messages.7 VLAN  Filtering   100 ipexpert.   • Use  detailed  time  stamps  for  log  and  debugs  including  local  time  zone.     Task 37.com Copyright © by iPexpert.   • If  a  FIN  exchange  or  RST  packet  was  seen  for  a  session  it  should  be  dropped  after   7  seconds.0/24  segment).   • Apply  the  policy  outbound  on  G0/1.   • R3  should  be  configured  to  send  a  reset  to  the  server  under  attack  but  it  should   not  participate  in  the  handshake.   • Make  sure  statistics  are  obtained  for  IPv4  and  IPv6  traffic.   • This  should  cease  if  the  number  of  half-­‐open  sessions  falls  below  200.3.70.   • The  reset  segment  should  be  sent  if  a  session  does  not  establish  within  20   seconds.   • Log  messages  should  be  sent  with  source  of  1.3.1.   • Configure  R2  to  intercept  TCP  connection  requests  to  this  segment.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.   • Logs  should  be  also  sent  to  a  buffer  –  allocate  16384B  of  memory  for  this   purpose.1.2 NBAR  Next-­‐Gen  (NBAR2)   • Configure  R8  to  drop  all  terminal-­‐related  traffic  except  PCANYWHERE.

 If  you  need  assistance  with  any  of  this  book's  content.  but  don’t   configure  address  statically.  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide.3333.2222.com.  please  visit  our  Member  Community  at   http://community.2.2.   • If  a  violation  occurs  frames  should  be  dropped.com Copyright © by iPexpert.   • Ensure  that  a  log  message  is  seen  for  every  dropped  packet.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.   • Anytime  the  switch  reboots  it  should  not  affect  the  Port  Security  table.   • Make  sure  that  port  connected  to  R1  will  accept  frames  with  R1’s  MAC.   o Non-­‐IP  frames  destined  to  00:04:cc:1e:12:34.8 Port  Security   • Enable  Port  Security  on  CAT2.   • Log  dropped  IP  packets  –  set  the  log  table  size  to  300  flows.   • On  the  same  interface  also  allow  frames  coming  from  0000.     You have completed Lab 37 For  verification  of  your  work.     Task 37.ipexpert.   o All  DNS  traffic.2  over  port  3023.  and  a  Syslog  and  SNMP  traps   should  be  generated. All rights reserved. . 1)   •Configure  a  VACL  on  CAT4  to  deny  the  following  traffic  within  VLAN  117  :   o TCP  packets  destined  to  2.  The  switch  should  try  to  automatically  recover  from  a   violation  every  50  seconds.         101 ipexpert.

1)   Lab 38: Security Part III   Overview Please   look   at   the   provided   diagrams   and   read   through   the   whole   lab   before   you   start.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.     Verify  basic  L2/L3  connectivity.   NOTE:    You  can  use  “cisco”  for  any  password  if  other  password  was  not  explicitly  mentioned  in  the   question.  Lab  Diagram.  and  the  Physical  Topology.       102 ipexpert.     This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  our  partner  Proctor  Labs   (www. All rights reserved.  Use  IP  Addressing  Table. .   General Rules You  will  need  to  pre-­‐configure  the  network  with  the  base  configuration  files.proctorlabs.     This   concept   is   very   important  when  you  take  the  CCIE  lab  administered  by  Cisco.com Copyright © by iPexpert.     It   is   recommended   to   create   your   own   diagram   at   the   beginning   of   each   lab   so   any   potential   information   you   find   useful   during   your   preparations   can   be   reflected   on   this   drawing.   making   it   much  easier  when  you  step  into  the  real  lab.com  and  load  the  initial  Configuration.     Estimated  Time  to  Complete:    2-­‐3  hours   Pre-Lab Setup Please  login  to  your  Security  vRack  at  ProctorLabs.     Multiple  topology  drawings  are  available  for  this  chapter.  Connect  to  the  terminal  server  and  complete  the  configuration  tasks  as   detailed  below.   Prerequisites Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks.     Read   the   directions   very   carefully   to   make   sure   you   are   doing   what   is   being   asked   of   you.     NOTE:    Static/default  routes  are  NOT  allowed  unless  otherwise  stated  in  the  task.com).

70.115.10.0.9/24       2010:10:11::9/64   Loop0     9.1/24   1::1/64   R3   F0/1   115   10.1/24     2010:10:11::1/64   Loop0   1.8.9/24       9::9/64   R8   G0/1   101   10.10.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol. All rights reserved.8/24     2010:0:117::8/64   Loop0   8.0.117.0.117.2/24     2010:0:117::2/64   Loop0   2.11.1.0.2.70.70.117   117   10.115   115   10.3.10.8/24       2010:10:11::8/64   G0/0.2.9.8/24       2010:0:115::8/64   G0/0.8.1.com Copyright © by iPexpert.2/24       2010:70:70::2/64   F0/1   117   10. 1)     Device Port VLAN IP Address R1   G0/0   101   10.9.8/24     8::8/64   CAT4   SVI70   70   10.3.3/24     2010:0:115::3/64   Loop0   3.3/24   3::3/64   R2   F0/0   70   10.115.11.11. .140/24       103 ipexpert.2/24   2::2/64   R9     F0/0   101   10.70.

    Task 38.   • Rate-­‐limit  ARP  traffic  on  port  connected  to  R1  to  10  pps.3 IP  Source  Guard   • Configure  Cat2  to  prevent  against  IPv4  spoofing  attacks  in  VLAN101.   • Ensure  that  snooping  bindings  don’t  disappear  after  a  reload.   • Also  configure  a  static  source  binding  for  R9.   • Enable  IP  Source  Guard  on  F0/1  and  F0/8.com Copyright © by iPexpert. 1)       Task 38.1 DHCP  Snooping   • Secure  DHCP  communication  in  VLAN  101  using  DHCP  Snooping. All rights reserved.   • ICMP  Echos  and  Telnet  packets  received  on  Fa0/8  should  be  dropped  and  logged.   • Not  only  IP  addresses  should  be  validated  but  also  MACs. .   • Make  sure  R1  and  R8  obtain  their  address  dynamically.   • Enable  source  and  destination  MAC  address  validation.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.   • You  are  not  allowed  to  modify  the  DHCP  Snooping  database  in  this  task.   • ARP  packets  generated  by  those  devices  should  be  logged.   104 ipexpert.   • Disable  ARP  Inspection  on  trunks  to  other  switches.     Task 38.  Set  the  burst  interval  to   3  seconds.4  Catalyst  Ingress  Access-­‐lists   • Configure  Port  ACLs  on  CAT4.  and  R8  should  be  able  to  successfully  communicate.   • Routers  R1.  R9.     Task 38.   • Configure  R9  to  act  as  a  DHCP  Server  in  this  VLAN.2 Dynamic  ARP  Inspection   • Prevent  ARP  Man-­‐in-­‐the-­‐Middle  attacks  in  VLAN  101.  The  lease  times   should  be  accurate  -­‐  configure  &  use  R9  as  a  NTP  server.   • Rate-­‐limit  client  DHCP  traffic  to  15pps.

 Log   messages  should  be  generated  every  2  seconds  and  they  should  include  TTL  and   length  of  dropped  packets.3.   • R9  should  only  allow  SSH  access  (user:  cisco.5 Controlling  Terminal  Line  Access   • Secure  VTY  lines  on  R9  and  R1.9 Flexible  Packet  Matching   • Use  Flexible  Packet  Matching  to  drop  &  log  malicious  traffic  going  through  R2.1  should  be  dropped  and  logged.cc1e.cc1e.  pw:  cisco).   • No  more  than  100  BGP  and  4  SSH  packets  should  be  queued.     Task 38.     Task 38.8 Control  Plane  Protection  –  Logging     • All  malformed  &  allowed  packets  received  on  Host  subinterface  should  be  logged.115.0/24   o 10.     Task 38.3  should  be  dropped.   • Rate-­‐limit  all  ICMPv6  packets  to  70000bps.   • All  HTTP  packets  originating  from  3.0/24   o 2010:0:117::/64   • R1  should  only  accept  Telnet.0. 1)   • On  the  same  interface  block  AppleTalk  and  ARP  frames  coming  from   0000. .   • Allowed  and  over  the  Input  Queue  limit  SSH  traffic  should  be  logged  as  well.   • You  will  have  to  disable  IP  Source  Guard  to  test  this  configuration.6 Control  Plane  Policing   • R8  should  be  configured  to  protect  its  CPU  using  CoPP.1.   • Other  traffic  flowing  over  the  same  port  number  should  not  be  affected.   • Those  packets  are  destined  to  TCP  port  8013.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.   • Packets  destined  to  non-­‐listening  ports  should  be  silently  dropped.   • Rate-­‐limit  all  ICMP  packets  to  15  per  second.   • Other  traffic  should  not  be  affected.117.3.0.   • OSPFv2  and  OSPFv3  packets  should  not  be  affected  by  this  configuration.com Copyright © by iPexpert.   • Outbound  telnet  packets  destined  to  1.   • Rate-­‐limit  those  log  messages  to  one  every  5  seconds. All rights reserved.   • Input  queue  of  R9  should  not  be  overwhelmed  by  any  single  protocol  traffic.   • The  offending  packets  are  sourced  in  VLAN  101  and  they  contain  string  “xExe”   within  the  first  200B  from  the  beginning  of  TCP  Payload.   • Telnet  connections  over  port  3020  should  be  unaffected.   • No  more  than  30  packets  for  all  other  TCP/UDP  protocols  enabled  on  the  router   should  be  seen  in  the  queue.     Task 38.     105 ipexpert.   • Log  all  dropped  Transit  packets  that  entered  R9  through  interface  F0/0.7 Control  Plane  Protection   • Enable  Control  Plane  Protection  on  R9.     Task 38.   • All  IPv4  transit  traffic  punted  to  the  CPU  should  be  policed  to  512kbps.1.   • Management  traffic  should  be  allowed  from  the  following  subnets:   o 10.

com Copyright © by iPexpert. .  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.com. All rights reserved.  please  visit  our  Member  Community  at   http://community.ipexpert.  If  you  need  assistance  with  any  of  this  book's  content.         106 ipexpert. 1)   You have completed Lab 38 For  verification  of  your  work.

 alerts.com Copyright © by iPexpert.2.proctorlabs.     Task 39.com.2.   107 ipexpert. All rights reserved.1 Configure  R2  to  log  system  messages  to  a  syslog  server  with  the  IP  address  10.2.  and  critical  messages. 1)   Lab 39: Configure and Troubleshoot IP/IOS Services (Part 1)   Technologies covered • Syslog  logging   • Logging  timestamps   • Logging  to  flash   • Configuration  change  notification   • Configuration  archive  and  rollback   • Conditional  debugging   Overview You  have  been  tasked  to  configure  management  services  in  your  network.   Send  only  emergencies.  and  complete  the  configuration  tasks  as  detailed  below.     The  topology  used  in  the  lab  will  be  the  following:       Estimated  time  to  complete:    2  hours     Pre-Lab Setup Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below.  You  may  also  refer   to  the  Diagram  located  within  your  configuration  files  for  topology  information. .iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.     Prerequisites Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks.  Connect  to   the  terminal  server  for  the  online  rack.     This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www.

8 On  R6.  Log.  Once  the  size  of  the  sum  of  all  the  logging  files  is  reaching  64000  bytes.7 Limit  the  rate  of  logging  messages  to  70  per  second  for  all  logging  messages. 1)   Task 39.  enable  the  archive  feature  to  store  the  configuration  files  on  the  flash.11 Save  the  configuration  on  R3.   Task 39.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.  Make  sure  that  the  passwords  and  SNMP  community   strings  are  replaced  by  ****asterisks****.6 Ensure  that  the  router  does  keep  a  history  file  of  10  logged  messages  prepared  to  be   sent  as  SNMP  traps.  and  error  messages  to  the   console.     Task 39.  Each  file  should  have  a  maximum  size  of  10000  bytes.4 If  two  system  messages  arrive  with  the  same  timestamps.   Task 39.         108 ipexpert.  except   for  those  with  a  severity  level  between  5  and  7.3 Make  sure  that  any  type  of  log  messages  has  the  exact  date  and  time  stamp  (and  not   the  uptime).ipexpert.     You have completed Lab 39 For  verification  of  your  work.  The   size  of  this  buffer  should  be  20000.  write  the  syslog  messages  into  a  file  on  the  flash  memory  in  a  directory  called   “syslog”.   Task 39.  also  the  configuration  command   messages  on  a  syslog  server.  Change  the  hostname  of  R3  to  R3-­‐TEST.  If  you  need  assistance  with  any  of  this  book's  content.5 Configure  R2  to  log  only  emergencies.  please  visit  our  Member  Community  at   http://community.  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide.9 Log  every  configuration  command  entered  on  R9.com Copyright © by iPexpert.com.     Task 39.  The   maximum  number  of  archive  saved  should  be  10.   Task 39.  the   oldest  file  is  deleted.  critical.  don’t  confirm   and  make  sure  that  the  configuration  is  automatically  rolled  back  to  the  hostname  R3   after  1  minute.  alerts.   Task 39.  Log  the  last  500  configuration   command  messages  locally.   Task 39.   Task 39.10 On  R3.  make  sure  (with  sequence   numbers)  that  you  still  know  which  one  was  generated  first. .2 Configure  R2  to  log  all  messages  with  a  severity  from  1  to  7  in  an  internal  buffer. All rights reserved.

4  using  SNMPv2c. 1)   Lab 40: Configure and Troubleshoot IP/IOS Services (Part 2)   Technologies covered • SNMP  v2   • SNMP  v3   • NTP   Overview You  have  been  tasked  to  configure  management  services  in  your  network.     The  topology  used  in  the  lab  will  be  the  following:       Estimated  time  to  complete:    2  hours     Pre-Lab Setup Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below.4. All rights reserved.  Connect  to   the  terminal  server  for  the  online  rack.proctorlabs.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol. .  and  complete  the  configuration  tasks  as  detailed  below.  permit  any  SNMP  server  to  poll  the  router  with  read-­‐only  permission   using  the  community  string  iPexpert.     This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www.   109 ipexpert.4.1 On  R2.2 R2  should  send  IPSEC  traps  to  the  server  10.     Task 40.com Copyright © by iPexpert.   Prerequisites Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks.  You  may  also  refer   to  the  Diagram  located  within  your  configuration  files  for  topology  information.   Task 40.  The   community  iPexpert  is  included  in  the  traps.com.

4  and  10.1.     You have completed Lab 40 For  verification  of  your  work.   Task 40.  The  community  iPexpert   is  included  in  the  traps.4.5.3 On  R6.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.com.  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide.4   using  SNMPv2c.5  whenever  the  switch  learns  or  time-­‐outs  a  MAC  address.     Task 40.  Store  the  MAC  address   notification  traps  and  send  them  to  the  NMS  every  30  seconds.5.5.5  can  be  the  NTP  server  for  R3.   Task 40.13 Configure  R3  as  client  from  NTP  server  R5.5.  define  a  RW  group  called  RWGROUP.5.8 On  R3.5.3.  Associate  to  this  group  the   following  user:     • username:  Username2   • password:  Password2   • encryption  password:  iPexpert   • Use  the  MD5  authentication  method  and  the  AES-­‐256  encryption  method.11 Configure  R5  as  a  stratum  5  NTP  master.  Use  access-­‐list  number  6.ipexpert.  define  a  RO  group  called  ROGROUP.5 R3  is  going  to  be  polled  by  a  NMS  with  an  IP  address  of  10.   The  user  Username1  generates  the  traps  and  informs. .7 On  R3.  Associate  to  this  group  the  following   user:     • username:  Username1   • password:  Password1   • encryption  password:  iPexpert   • Use  the  SHA  authentication  method  and  the  3-­‐DES  encryption  method.5  using  payload  encryption.   Task 40.  Configure  NTP  authentication   between  R3  and  R5  with  a  key  number  of  1  and  a  password  of  “  iPexpert”.  Use  an  access-­‐list  called  NTPCLIENT.4.6 On  R3.  enable  the  MAC  address  notification  feature.  This  polling   should  be  configured  according  to  the  AuthPriv  security  model.   Task 40.   Task 40.14 On  R5.   Task 40.4.3  to  poll  the  router  with  read-­‐only   permission  using  the  community  string  iPexpert. 1)   Task 40.  Create  two   views.1.  please  visit  our  Member  Community  at   http://community. All rights reserved.15 Make  sure  that  only  10.35.10 On  Cat1.     Task 40.  permit  only  hosts  10.  a  RO  view  called  ROVIEW  and  a  RW  view  called  RWVIEW.  enable  traps  and  informs  to  be  sent  to  10.   Task 40.12 NTP  server  on  R5  should  source  from  interface  S4/0.  Configure  on  R3  an   access-­‐list  called  NTPSERVER.5.  make  sure  that  the  only  NTP  client  that  can  synchronized  with  R5  is  the   client  with  the  IP  address  10.  Keep  a  historical   table  of  the  10  last  MAC  address  notification  messages  locally  on  the  switches.  If  you  need  assistance  with  any  of  this  book's  content.4.  ACKed  trap  means  that  an  ACK  packets  should  be  sent  by  the   server  back  to  R2  to  confirm  that  he  received  the  trap.       110 ipexpert.4.com Copyright © by iPexpert.9 Configure  Cat1  to  send  an  SNMP  version  2C  trap  with  a  community  of  “iPexpert”   to  the  NMS  10.  Make  the  MIB-­‐2   objects  accessible  for  both  views.   Task 40.   Task 40.4.   Task 40.4 R2  should  send  all  syslog  messages  as  SNMP  ACKed  traps  to  the  server  10.35.

    Prerequisites Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks.  You  may  also  refer   to  the  Diagram  located  within  your  configuration  files  for  topology  information.     The  topology  used  in  the  lab  will  be  the  following:       Estimated  time  to  complete:    2  hours     Pre-Lab Setup Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.1 On  R2.  when  the  interface  E0/1  is  going  down  and  the  router  is  generating  a   syslog  message  regarding  this  event.com.proctorlabs.  Connect  to   the  terminal  server  for  the  online  rack. .com  the  output  of  the   111 ipexpert.  create  an  EEM  applet  that  will  perform  a   show  int  E0/1  and  send  to  the  email  noc@ipexpert. 1)   Lab 41: Configure and Troubleshoot IP/IOS Services (Part 3)   Technologies covered • EEM   • Proxy  ARP   • Local  Proxy  ARP   • DHCP   Overview You  have  been  tasked  to  configure  management  services  in  your  network.     This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www.  and  complete  the  configuration  tasks  as  detailed  below. All rights reserved.     Task 41.com Copyright © by iPexpert.

8 The  IP  address  range  10.3.  Exclude  10.2.1.2.1  respectively.1.79.35.0  on  the  interface  E0/1   of  R6.1.0.1.”   Task 41.  Use  2  EEM  applets  to  achieve  this.   Task 41.6.  disable  the  mechanism  that  makes  this  IP   connectivity  possible.4 On  R6.ipexpert.1-­‐11  from  the   DHCP  range.  The  mail  server  is  10.  generate  a  syslog  message  stating   “Configuration  saved  by  EEM  applet.   Task 41.com Copyright © by iPexpert.1.cccc.1.  Do  not  modify  this  mask  on  the  other  side  of  the  connection  between  R6   and  R3.26.com.  On  the  interfaces  of  R3. .  configure  AAA  and  Radius  for  DHCP  accounting.  When  E0/1  is   in  a  down  state.1.1  and  10.79.2.100  should  always  be  assigned  to  the  server  with  the  mac   address  aaaa.36.35.  The  DNS  server  IP  address  is  10.5  with  the  ping  sourced  from  IP  address   10.  S3/0  has  to  be  administratively  shut  down.    In  the  routing  table  of  R6.  the  reload  command  should   have  no  effect.36.  It  should  trigger  an  EEM  applet  to  check  who  is  currently  logged   in  and  store  the  output  of  this  command  in  the  system  flash  in  a  file  called   reload_user.       112 ipexpert.  The  DNS  server  IP  address  is  10.0/24.  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide.36.36.6 On  R2.1.   Task 41.  If  you  need  assistance  with  any  of  this  book's  content.2.  when  someone  is  trying  to  reload  the  router.79.35.35.  there  are  only  the  connected  networks.  Default  gateway  is   10.0/24.12 Configure  R9  as  a  DHCP  server  for  the  network  10.0/24.255.  Each  time  the  script  is  run.36.2. All rights reserved.1.3.1.   Task 41.2 On  R2.2.  The  RADIUS  server  has  IP   address  10.2.1.   Task 41.1-­‐10.35.1.  R6  is  able  to  ping  10.3 On  R6.11  should  be  excluded  from  the  IP   addresses  allocated  to  the  clients  by  the  server.14 On  R9.3.bbbb.1.com.  The  DNS  server  IP   address  is  10.   Default  gateways  are  10.  the  originator  of   the  mail  is  R2@ipexpert.2.2.26.   Task 41.13 The  interface  EG0/0  of  R7  should  retrieve  an  IP  address  from  the  DHCP  pool   configured  earlier.1.35.     You have completed Lab 41 For  verification  of  your  work.   Task 41.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.10 R3  will  also  be  DHCP  servers  for  the  network  10.   However.   Task 41.  make  sure  that  the  interface  E0/1  is  replying  to  all  the  ARP  requests  sent   on  the  network  10.11 The  IP  address  10.1.2.     Task 41.1.1.1.     Task 41.11  should  be  excluded  from  the  IP   addresses  allocated  to  the  clients  by  the  server.2.1.  Default  gateway  is   10.5 Configure  the  IP  address  10.  the  subject  of  the  mail  is  ALERT_R2_E0_1_DOWN.1-­‐10.1.0/24.  S3/0  has  to  be  enabled.  The  EEM  applet  should  also  send  the  following  syslog  message:     “Someone  tried  to  reload  the  router  R2”.7 Configure  R3  as  a  DHCP  server  for  the  network  10.     Task 41.  when  E0/1  is  up.  please  visit  our  Member  Community  at   http://community.  configure  an  EEM  applet  that  is  saving  the  configuration  to  NVRAM  every   hour.9 The  IP  address  range  10.0/24  and  10.26.36. 1)   command  in  the  body  of  the  mail.2.  Use  static  routing  in  order  to   enable  routing  between  R2  and  R3.6  with  a  mask  255.   Task 41.

1)   Lab 42: Configure and Troubleshoot IP/IOS Services (Part 4)   Technologies covered • IP  SLA   • HSRP   • VRRP   • GLBP   Overview You  have  been  tasked  to  configure  management  services  in  your  network.  and  complete  the  configuration  tasks  as  detailed  below.     Prerequisites Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks. .     This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www.     The  topology  used  in  the  lab  will  be  the  following:       Estimated  time  to  complete:    2  hours     Pre-Lab Setup Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below.     113 ipexpert.  You  may  also  refer   to  the  Diagram  located  within  your  configuration  files  for  topology  information.com Copyright © by iPexpert.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol. All rights reserved.proctorlabs.com.  Connect  to   the  terminal  server  for  the  online  rack.

  Task 42.  the  priority  should  be  decreased  the   minimum  in  such  a  way  that  R2  takes  over  the  primary  role.1 On  the  connection  between  R7  and  R9.         114 ipexpert.   Task 42.  R7  will  send  a  trap  and  trigger  a   ping  10.   Task 42.108.7 Configure  R8  to  perform  every  30  seconds  a  DNS  lookup  on  the  DNS  server   10.0/24.68.10 Configure  VRRP  between  R2  and  R1  on  the  network  10.1.  Virtual  IP   address  is  10.  This  measurement  should  run  indefinitely.9 Authenticate  the  GLBP  routers  with  a  MD5  hashed  password  of  “iPexpert133”.  configure  IP  SLA  on  R7  to  measure  the  UDP   jitter.com.     Task 42.         You have completed Lab 42 For  verification  of  your  work. 1)   Task 42.  a  second  trap  will  again  be  sent.79.2  on  port  80  that   requires  R2  to  be  configured  as  a  responder.11 Authenticate  the  VRRP  routers  with  a  password  of  “iPexpert”. .  configure  an  IP  SLA  job  on  R6  that  will  generate  an  ICMP  echo   with  a  packet  size  of  1000  bytes  every  10  seconds.144.ipexpert.  please  visit  our  Member  Community  at   http://community.200  with  the  community   “iPexpert”.222  for  the  website  www.   Task 42.  R2.222.9  every  3  seconds  during  60  seconds.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.108.6 Between  R8  and  R2.com.   Task 42.com Copyright © by iPexpert.108.  As  long  as  R8  is  up  and  running.     Task 42.1.  When  R2  is  up  and  running.79.   Task 42.108.  it  should  always  be  the  master.  If  you  need  assistance  with  any  of  this  book's  content.108.  it  should  recover  this  role  1  minute  after  coming  back  online.   Task 42.0/24.9.3 Between  R6  and  R9.  configure  on  R6  a  TCP  operation  to  10.1.12 Configure  HSRP  between  R8  and  R2  on  the  network  10.  10%  of  the  traffic  should  use  R2  as  a  gateway  and  10%  of   the  traffic  should  use  R11  as  a  gateway.2 When  the  connection  between  R7  and  R9  is  lost.1.222.1.  it  should  stay  the  master  and  when   an  outage  occurs.1.133.8 Configure  GLBP  between  R8.9  port  3200  every  10  seconds  with  a   DSCP  marking  of  EF.  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide.  configure  on  R8  a  TCP  operation  to  10.  Enable  R7  to  send   CISCO-­‐SYSLOG-­‐MIB  traps  to  the  SNMP  server  10.14 Authenticate  the  HSRP  routers  with  a  clear  text  password  of  “iPexpert”.  Virtual  IP  address   is  10.155.69.ipexpert.  and  R1  on  the  network  10.1.  Those  packets  have  to  be  sent  to   10.5 Between  R6  and  R8.108.13 When  the  ICMP  echo  from  R8  to  R6  fails.   Task 42. All rights reserved.0/24.1.     Task 42.1.4 The  IP  SLA  control  messages  between  R6  and  R9  have  to  be  authenticated  using  a   key-­‐chain  called  “iPexpert”.  UDP  packets  should  be  sent  to  10.1.108.1.   Task 42.  If  connectivity  is  not  re-­‐ established  after  60  seconds.     Task 42.  This  key-­‐chain  should  use  key  number  3  and  a  key  string   of  “iPexpert”.  Virtual  IP  address   is  10.8  on  port  443  that   doesn’t  require  R8  to  be  configured  as  a  responder.1.1.

    The  topology  used  in  the  lab  will  be  the  following:     Estimated  time  to  complete:    2  hours     115 ipexpert. All rights reserved.com Copyright © by iPexpert.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol. . 1)   Lab 43: Configure and Troubleshoot IP/IOS Services (Part 5)   Technologies covered • NAT    Overload   • NAT  Route-­‐maps   • Static  NAT   • Static  PAT   • NAT  no  alias   • NAT  no  payload   • Policy  NAT   Overview You  have  been  tasked  to  configure  management  services  in  your  network.

9.1.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.0/24  is  the  inside  network.69.  a  new  connection  will  use  a  mapping  of  an  already  mapped   public  IP  address  with  a  different  TCP  port  number.9.com.    100.68.   You have completed Lab 43 For  verification  of  your  work.1.9.6.ipexpert.  configure  a  default  route  towards  R9.    11.0/24  is  the   inside  network.  Traffic  coming  from  R2  should  be   statically  NATed  to  the  IP  address  100.1.   Task 43.69.9.68.1.1.   Task 43.20.   Verify  that  you  can  ping  from  R2  to  100.6   is  successful  using  a  static  NAT  between  100.9   is  unsuccessful  and  that  the  telnet  100.5 On  R9.79.  100.1.108.   100.68.9  on  port  4000  will  return  the  daytime   information.1.1.  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide.    10.9.   Task 43.12 Ensure  that  you  can  telnet  from  R1  to  10.9/24.7  and  10.69.68.  configure  a  dynamic  NAT  that  maps  the  internal  range  10.0/24  is  the  outside  network.  Make  sure   that  the  ping  from  R1  to  100.1.9 On  R9.255.69.    10.  100.20.69.1.10 On  R8.   Task 43.   Task 43.1.1.     Task 43.     This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www.1. 1)   Pre-Lab Setup Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below.7.6  is  successful  without  configuring  a  default  route   pointing  to  R8  on  R1.0/24  is  the  outside  network.0/24  is  the  outside  network.9.   Task 43.0/24  to  the   public  address  range  100.com Copyright © by iPexpert.  please  visit  our  Member  Community  at   http://community.  Make  sure  that  the  ping  from  R8  to  100.6  is  again  successful  by  configuring  a  static   ARP  entry  on  the  router  R6.13 On  R2.1.  and  complete  the  configuration  tasks  as  detailed  below.  Use  a  route-­‐map  to  achieve  this  task.1.   Task 43. .68.  configure  a  default  route  towards  R8.proctorlabs.69.     100.69.  You  may  also  refer   to  the  Diagram  located  within  your  configuration  files  for  topology  information.0/24  to  the   interface  E0/0.0/24  is  the  outside  network.0/24  is  the  inside  network.69.   Task 43.1.  configure  loopback1  with  an  IP  address  of  11.1.0/24  is  the   inside  network.  You  have  to  use  the  ip  nat  outside  command  on  R8.  Clear  the  ARP   cache  and  verify  that  the  ping  from  R7  to  100. All rights reserved.0/24  is  the  outside  network.  If  you  need  assistance  with  any  of  this  book's  content.8 On  R9.4 Ensure  that  the  payload  will  not  be  modified  by  the  static  NAT  entry  configured  on   R9.   Task 43.  Make  sure  that  the  ping  from  R7  to  100.6 On  R9.  configure  a  dynamic  PAT  that  maps  the  internal  range  11.1.1.1.1.com.0/24  is  the  inside  network.   Task 43.   116 ipexpert.1.1.3 Ensure  that  the  ping  from  R7  to  100.1.   Task 43.1.69.69.2 We  don’t  want  R9  to  respond  to  the  ARP  request  for  100.69.11 10.  enable  the  TCP  small  server  service  on  TCP  port  13  called  “datetime”.69.  configure  a  default  route  towards  R6.6  is  unsuccessful.  Connect  to   the  terminal  server  for  the  online  rack.  When  no  more  address  is  available   in  the  public  range.241-­‐100.9/24.1.69.  100.79.68.6  by  using  the  add-­‐route  keyword  in  a   command.   Task 43.7 On  R9.1.     Prerequisites Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks.1 On  R7.  configure  loopback0  with  an  IP  address  of  10.1.

    This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www.  You  may  also  refer   to  the  Diagram  located  within  your  configuration  files  for  topology  information. 1)   Lab 44: Configure and Troubleshoot IP/IOS Services (Part 6)   Technologies covered • IP  precedence  accounting   • IP  output  packet  accounting   • IP  access  violation  accounting   • MAC  address  accounting   • TCP  optimization     Overview You  have  been  tasked  to  configure  management  services  in  your  network.proctorlabs. All rights reserved.com Copyright © by iPexpert.     117 ipexpert. .  Connect  to   the  terminal  server  for  the  online  rack.  and  complete  the  configuration  tasks  as  detailed  below.com.     The  topology  used  in  the  lab  will  be  the  following:       Estimated  time  to  complete:    1  hour     Pre-Lab Setup Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.

  Task 44.   Task 44.11 Make  sure  that  R8  will  not  be  affected  by  the  “TCP  silly  window  syndrome”.6 On  the  interface    E0/1  of  R6. 1)   Prerequisites Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks. All rights reserved.1 On  R7.1.  collect  statistics  about  traffic  per  MAC  address  in  the   egress  and  ingress  direction.9 On  R2.9/32   Task 44.1.   Task 44.2 Configure  the  following  loopbacks:   • R8  loopback0   • 10.     You have completed Lab 44 For  verification  of  your  work.8 On  R2.5 Apply  this  access-­‐list  on  the  interface  E0/0  and  ensure  that  IP  accounting  displays  the   number  of  packets  blocked  by  this  access-­‐list.9.   Task 44.4 On  R6.com Copyright © by iPexpert.  If  you  need  assistance  with  any  of  this  book's  content.  activate  high  performance  TCP  options  as  described  in  RFC  1323.             118 ipexpert.ipexpert. .  please  visit  our  Member  Community  at   http://community.  configure  the  outgoing  TCP  queue  to  contain  a  maximum  of  10  packets.com.  perform  on  the    E0/1  accounting  based  on  IP  precedence  on  received  packets.3 Enable  OSPF  area  0  on  the  path  between  R8  and  R9.   Task 44.   Task 44.     Task 44.8/32   • R9  loopback0   • 10.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide.  create  an  access-­‐list  to  block  traffic  going  from  loopback0  of  R8  to  the   loopback0  of  R9.10 R8  should  wait  for  a  maximum  of  10  seconds  to  receive  a  TCP  SYN.7 On  R8.   Task 44.8.  activate  the  TCP  connection  to  discover  of  the  minimum  MTU  size  along  the   path  of  the  TCP  connection  and  therefore  avoid  fragmentation.  and  advertise  the  loopback0  of   R8  and  R9  using  network  statements.     Task 44.   Task 44.

1)   Lab 45: Configure and Troubleshoot IP/IOS Services (Part 7)   Technologies covered • Netflow  ingress  and  egress   • Netflow  top  talkers   • Netflow  aggregation  cache   • Netflow  random  sampling   • Netflow  input  filters   Overview You  have  been  tasked  to  configure  management  services  in  your  network.  Connect  to   the  terminal  server  for  the  online  rack. .  and  complete  the  configuration  tasks  as  detailed  below.       The  topology  used  in  the  lab  will  be  the  following:       Estimated  time  to  complete:    1  hour     Pre-Lab Setup Logically  connect  and  configure  your  network  as  displayed  in  the  drawing  below.com.com Copyright © by iPexpert.  You  may  also  refer   to  the  Diagram  located  within  your  configuration  files  for  topology  information.     This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  www.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol. All rights reserved.   119 ipexpert.proctorlabs.

1.  and  to  send  them   to  server  10.9 On  R2  interface  E0/0.  configure  Flexible  Netflow  to  collect  the  source  and  destination  IP  address.  Only  1  out  of  2  packets  from  this  flow  should  be   captured.9.1.55.11 On  R7.44.  The  Netflow  template  should  be  sent  every  minute  in   version  9  to  server  10.  configure  Netflow  on  interface  E0/1  and  interface  E0/0  to  only  capture  traffic   between  10.1.  please  visit  our  Member  Community  at   http://community.33  on  port  2333  in  version  5  format.1.  Only  1  out  of  50  packets   should  be  captured  by  Netflow.5 On  R6.com.  Make  sure  that  the  flows  information  is   not  duplicated.   Task 45.   Task 45.44.33.  configure  Netflow  to  capture  the  statistics  for  IPv6  packets.1. 1)       Prerequisites Load  the  initial  configuration  files  before  starting  to  work  on  the  tasks.8  and  10.  Make  sure  that  the  flows  information  is  not   duplicated.  aggregate  flow  based  of  destination   prefix  present  in  the  routing  table.  If  you  need  assistance  with  any  of  this  book's  content.   the  flow  direction.1.  the  peer  AS   should  be  included  in  exports.10 On  R7.  please  refer  to  this  Workbook's  accompanying  Detailed  Solutions   Guide.   Task 45.33.8 On  R2.   Task 45.   Task 45.   Task 45.   Task 45.   Task 45.     Task 45.  Sort  the  top  speaker  by  bytes.  Use  a  class-­‐map  called  “NETFLOWCLASS”  and  a  policy-­‐map  called   “NETFLOWPOLICY”.12 Apply  a  flow  monitor  called  “IPEXPERTMONITOR”  in  the  ingress  and  egress  direction   on  interface  E0/1.9.3 On  R8.55  on  port   3444  every  30  seconds  using  a  flow  exporter  called  “IPEXPERTEXPORTER”.   Task 45.7 On  R1.  the  next-­‐hop  IP  address  using  a  flow  record  called   “IPEXPERTRECORD”.1 Setup  R8  to  collect  Netflow  version  9  statistics  on  E0/0  and  E0/1.  ensure  that  a  flow  in  the  cache  that  was  not  refreshed  during  10  seconds   expires.   Task 45.  on  the  Netflow  running  on  the  E0/0.  setup  Netflow  to  display  in  the  command  line  the  20  top  speakers  going   through  interface  E0/0.ipexpert. All rights reserved.     You have completed Lab 45 For  verification  of  your  work.iPexpert's Cisco CCIE Routing & Switching Technology Workbook (Vol.8.  If  R8  uses  BGP.  and  to  send  them   to  server  10.  Never  aggregate  with  a  mask  number  lower  than   /24.4 Setup  R9  to  collect  Netflow  version  9  statistics  on  E0/0  and  E0/1.2 Configure  R8  to  export  flow  records  every  2  minutes.       120 ipexpert.  configure  Netflow  version  9  on  interface  E0/0  to  capture  Netflow  statistics  in   egress  and  ingress  directions. .33  on  port  2333  in  version  5  format.  Ensure  that  it  is  not  1  every  50  packets  which  is   captured  but  randomly  1  out  of  50  packets.   Task 45.6 On  R1.com Copyright © by iPexpert.  configure  Flexible  Netflow  to  export  statistics  to  the  server  10.