HCIE-R&S Mock Exam 1 INTERNAL

HCIE-R&S Lab Mock Exam 1

2016-7-21 HUAWEI Confidential Page 1, Total 10

 HCIE-R&S Mock Exam 1 INTERNAL

2016-7-21 HUAWEI Confidential Page 2, Total 10

 HCIE-R&S Mock Exam 1 INTERNAL

Test Questions: (Y Represents the Rack Number, and X

Represents the Equipment Number)
1. Section 1: Layer 2 Technologies

1.1 VLAN
Create VLANs 3, 5, 18, 26, 41, 43 and 62 on switches SW1 and SW2. Create
VLAN 43 on switch SW3.
Apply VLANs to access interfaces according to the table below.

VLAN Switch Interfaces

3 SW1 Eth0/0/1

5 SW1 Eth0/0/5

18 SW2 Eth0/0/1, Eth0/0/3

26 SW1 Eth0/0/2, Eth0/0/6

41 SW1 Eth0/0/4

43 SW2 Eth0/0/4
SW3 Eth0/0/22

62 SW2 Eth0/0/6
SW1 Eth0/0/21

1.2 Link Aggregation

Combine Eth0/0/12 and Eth0/0/13 between switches SW3 and SW4 into a single
logical interface with LACP disabled. Both physical interfaces should be active,
load balancing should be based on destination MAC addresses.

1.3 Trunk
All links between switches SW1, SW2, SW3 and SW4 should be configured as
trunk links, allow VLANs 1 through to 4094 across all trunks.

1.4 GVRP
Enable GVRP on switches to enable SW3 and SW4 to learn statically configured
VLAN information from SW1 and SW2.

1.5 MSTP
Switches SW1, SW2, SW3 and SW4 run MSTP as follows.
VLANs 3, 5 and 18 are in instance 1 for which SW1 should be primary root and
SW2 the secondary root. VLANs 26, 41, 43 and 62 are in instance 2, for which

2016-7-21 HUAWEI Confidential Page 3, Total 10

 HCIE-R&S Mock Exam 1 INTERNAL

SW2 is the primary root and SW1 is the secondary root. The MSTP region name is
HW and revision level is 1.
Interface E0/0/20 on SW1 is directly connected to a PC. Ensure that E0/0/20 enters
the forwarding state as soon as the PC is connected and the link becomes active.
E0/0/20 should to be shut down automatically after receiving BPDUs and should
recover after 50s.

1.6 Frame Relay

R1, R2 and R3 use Frame Relay (FR) encapsulation and are connected in hub and
spoke mode with R2 as the hub. S1/0/0.2 on R2 and S1/0/0.1 on R3 may not use
static mapping, inverse ARP must be disabled on all devices.
R1, R4 and R5 use Frame Relay (FR) encapsulation and are connected in hub and
spoke mode with R1 as the hub. Inverse ARP must be disabled on all devices and
sub-interfaces may not be used.
R1 connects to R4 using DLCI 104 and R5 using DLCI 105, R4 connects to R1
using DLCI 401 and R5 connects to R1 using DLCI 501. Only the specified DLCIs
may be used. All these FR interfaces should be able to ping each other.
Perform the following configuration to ensure that R2 can communicate with R1
and R3:
Configure R1 to connect to R2 using DLCI 102.
Configure R2 to connect to R3 using DLCI 203.
Configure R2 to connect to R1 using DLCI 201.
Configure R3 to connect to R2 using DLCI 302.
Use only the specified DLCIs.

2. Section 2: IGP

2.1 Basic Configurations

When implementing IP addressing, replace Y with your rack number and replace X
with the device number. For example the device numbers of R1, R2, SW1 and
SW2 are 1, 2, 11 and 22. The IP addresses on all physical interfaces use 24-bit
masks. All routers have Loopback0 interfaces with an IP address of 10.Y.X.X and
a 24-bit mask.
Configure IP addresses on device interfaces as per the information in the IPv4
logical topology diagram.
SW1 VLAN interfaces 3, 62 and 41 should be assigned IP addresses 10.Y.33.11/24,
10.Y.62.11/24 and 10.Y.41.11/24, respectively. SW2 VLAN interfaces 62 and 18
should be assigned IP addresses 10.Y.62.22/24 and 10.Y.32.22/24, respectively.
The IP address of the interface that connects R6 to BB1 is 157.68.1.6/24.
The IP address of the interface that connects R6 to BB2 is 157.68.2.6/24.
The IP address of the interface that connects R4 to BB3 is 157.68.3.4/24.
2016-7-21 HUAWEI Confidential Page 4, Total 10
 HCIE-R&S Mock Exam 1 INTERNAL

Set the router ID of each router to the IP address of Loopback0.

Set the IP address of VLANIF 41 as the router ID of SW1.

2.2 Basic IS-IS

IS-IS runs on the connected interfaces between R1, R2 and R3 as well as their
loopback interfaces. IS-IS also runs on the interfaces between R6 and R2, the
loopback interface of R6 and VLANIF 18 on SW2. All devices belong to area
49.0001 and all routers are Level 1 routers. Set the system ID to 0000.0000.000X
and the IS-IS process ID to Y.
On R6, import BB2 network segment 157.68.2.0/24 into IS-IS and set the cost of
imported routes to 200 and tag to 200.

2.3 IS-IS Optimization

Where equal-cost routes exist on R1 and R3, the route over FR network should be
preferred. The standby command may not be used.
When IS-IS neighbor relationships change state, the change should be logged.
Establish a reliable neighbor relationship without DIS between R2 and R6.

2.4 IS-IS Verification

Hello packets sent from FR interfaces on R1, R2 and R3 should be authenticated.
Use a password of HuaWei, which should be transmitted in plain text and be
displayed in plain text in the display current-configuration command output.

2.5 Base OSPF

All OSPF routers should use a process ID Y.
Advertise network segments where both Loopback 0 on R4 and R5 and E2/0/0 on
R5 reside into Area 0.
OSPF should run in area 0 on the FR links between R1, R4 and R5. The network
command may not be used within the OSPF process configuration of R1. Change
the network type of Area 0 to broadcast, and ensure that R1, R4, and R5 can learn
routes from each other after restarting these devices or OSPF processes.Ensure the
Loopback interface addresses of R4 and R5 are shown with the full 24bit mask in
the OSPF routing tables.

2.6 OSPF Area Partition

Use the network command to add the PPP link between R4 and R5 to OSPF area
2.
Advertise network segments where both E2/0/0 on R4 and VLANIF41 on SW1
reside into Area 1.
Advertise network segments where VLANIF 62 on SW1 and SW2 resides into
Area 3.

2016-7-21 HUAWEI Confidential Page 5, Total 10

 HCIE-R&S Mock Exam 1 INTERNAL

Import the route to the network segment 10.1.33.0/24 where VLANIF 3 on SW1
resides into OSPF, and set the route tag to 200.
Run OSPF between R4 and BB3, add them to Area 4, and set Area 4 as an NSSA.
Add Loopback 40 on R4 and assign it a 10.1.40.4/24 IP address. Import the
network segment where it resides into OSPF and prevent its import into Area 3 and
Area 4.

2.7 Traffic Optimization

Traffic between VLAN 3 on SW1 and E2/0/0 on R5 should use the direct PPP link
as the primary path, the FR network should be the backup path.

2.8 OSPF Authentication

Configure MD5 authentication in area 0 and set the authentication password to
HuaWei. The password must be displayed in plain text in the display
current-configuration command output. The authentication-mode command in
ospf area configuration mode cannot be used.

2.9 RIP
Run RIPv2 on R6 and ensure that only BB1-connected S1/0/1 can send and receive
packets.
On R6, configure RIP and IS-IS to import routes from each other. Configure IS-IS
to summarize imported RIP routes so that other IS-IS routers can only view the
summarized route 212.18.0.0/22.
Configure R6 to set the cost of routes imported by IS-IS to 200 and tag to 200.
Disable RIP automatic summarization and use manual summarization on R6 so that
it sends only one route 10.1.0.0/16 to BB1.

2.10 IGP Import

On R1 and SW2, configure full mutual route import between IS-IS and OSPF.
Only one route covering the loopback networks of R4 and R5 should exist in the
IS-IS domain, consider loop prevention in your solution.
Fully consider routing loop prevention and sub-optimal route issues.
R3 should use the direct PPP link as the primary path to OSPF Area.

3. Section 3: EGP

3.1 BGP Neighbor

Configure BGP neighbors as shown in the table below, AS numbers are shown in
the IPv4 BGP topology diagram.
All IBGP neighbor relationships are established using loopback interface addresses,
except SW2, which uses a directly connected address. All EBGP neighbor
relationships use directly connected addresses.
R1 and R6 are clients of R2.
2016-7-21 HUAWEI Confidential Page 6, Total 10
 HCIE-R&S Mock Exam 1 INTERNAL

Device Device
1 2
R4 BB3
R4 R5
R5 R1
R1 R3
R1 R2
R3 SW2
R3 R2
R2 R6
R6 BB2

3.2 BGP Control

When the serial link between R4 and R5 is interrupted, perform configuration on
R1 to ensure that routers in AS 200 can access AS 33 as usual.

3.3 BGP BFD

When a network fault interrupts the BGP connection between R3 and SW2, detect
this connection failure within 1 second.

3.4 BGP Summarization

R1 G0/0/0 network should be advertised in BGP.
Ensure that AS 33 reaches other ASs through only one route, which cannot be sent
back to R1.
R6 receives BGP routes from BB2with the community attribute 1:254. Summarize
these routes into a summarized route and prevent the summarized route from being
advertised outside AS 200 without using the route filtering method.

3.5 BGP Default Settings

SW2 does not need to learn routes from other ASs. SW2 must use R3 to access all
other ASs.
Configure R3 to ensure that SW2 does not learn unnecessary BGP prefixes.

3.6 BGP Filtering

Traffic from AS 300 may not traverse AS 200. You may only configure AS 200 to
achieve this.
Configure the preferred-value attribute to ensure that R3 learns routes from R2 in
preference to R1.

4. Section 4: IP Multicast

4.1 PIM
Enable multicast routing on R1, R2, R4 and SW1.

2016-7-21 HUAWEI Confidential Page 7, Total 10

 HCIE-R&S Mock Exam 1 INTERNAL

Enable PIM sparse mode on FR links from R1 to R2 and from R1 to R4.

Enable PIM sparse mode on R4 E2/0/0, R1 G0/0/0, SW1 VLAN 3 and SW1 VLAN
41.

4.2 RP
The IP address of Loopback 0 on R1 is used as RP for the following multicast
ranges.
225.10.0.0 - 225.10.255.255
225.26.0.0 - 225.26.255.255
225.42.0.0 - 225.42.255.255
225.58.0.0 - 225.58.255.255
The IP address of Loopback 0 on R4 is used as RP for the following multicast
ranges.
226.37.0.0 - 226.37.255.255
226.45.0.0 - 226.45.255.255
227.37.0.0- 227.37.255.255
227.45.0.0 - 227.45.255.255
Configure minimum number of ACL rules to achieve this.

4.3 IGMP
Configure R1 G0/0/0 to send IGMP General Query messages at 5 second intervals.
The maximum response time for IGMP Query messages should be 3s on R1
G0/0/0.
Use an ACL to prevent users on R1 G0/0/0 segment from joining the multicast
group 226.37.1.1.

5. Section 5: IPv6

5.1 Basic IPv6 Configuration

Configure IPv6 on R1, R3 and SW2.
IPV6 addresses on the PPP link between R1 and R3 are 2001:10:Y:13::X/64.
IPV6 addresses on the Ethernet link between R3 E2/0/1 and SW2 VLANIF 18 are
2001:10:Y:32::X/64.

5.2 RIPng
Enable RIPng on the PPP link between R1 and R3.
Enable RIPng on the Ethernet link between R3 and SW2.

2016-7-21 HUAWEI Confidential Page 8, Total 10

 HCIE-R&S Mock Exam 1 INTERNAL

6. Section 6: QoS

6.1 QoS Configuration

Configure SW2 to police received traffic with an 802.1p priority of 1, set the CIR
to 1000 kbit/s. The police should allow green and yellow packets to pass through,
re-mark the 802.1p priorities of green and yellow packets to 4 and 7 respectively,
red packets should be discarded.
Configure inbound traffic policing on R3 S1/0/1 and set the CIR to 2000 kbit/s.
Set the DSCP priority of voice packets to EF. The voice packets are received by
G0/0/2 on SW2 and contain source address 10.1.26.201 and destination address
10.1.33.201.
The three types of packets NMS control, video, and data packets received by
R1 are marked with different DSCP priorities. The DSCP priorities are cs6, af21,
and af11 respectively. NMS control, video, and data packets sent from R1 to R3
must occupy 5%, 30%, and 45% of bandwidth respectively. Configure congestion
avoidance and set the following parameters. For data packets, set the upper drop
threshold to 85, lower drop threshold to 70, and maximum drop probability to 6.
For video packets, set the upper drop threshold to 95, lower drop threshold to 80,
and maximum drop probability to 60.

7. Section 7: Security

7.1 Header Configuration

When a user connects to R3, the message "Please do not attempt to log in to this
system if you are not authorized!"should be displayed on the terminal.

7.2 Port Security

SW1 E0/0/20 should accept a maximum of 2 secure dynamic MAC addresses. Any
frames from MAC addresses which are not one of the secure dynamic entries on
SW1 E0/0/20 should be discarded. A trap should be generated on SW1 when
E0/0/20 learns more than two secure dynamic MAC address entries. If SW1 is
restarted, the learned MAC addresses should not be lost.

7.3 uRPF
DoS attacks with forged source IP addresses occur on E2/0/1 of R3. To solve this
problem, use URPF for IPV4 packets on E2/0/1 of R3.
Configure uRPF for IPv6 packets on R3 E2/0/1. Packets with a source addresses in
the FIB may be forwarded. It is not necessary for the outbound interface in the FIB
to match the inbound interface of the packets.

2016-7-21 HUAWEI Confidential Page 9, Total 10

 HCIE-R&S Mock Exam 1 INTERNAL

Section 8: IP feature

8.1 NetStream
NMS personnel require key information in packets received by G0/0/0 on R6
through NetStream. Set the packet sampling interval to 100 ms and configure
aggregation using Protocol-Port to collect exported packets. The address of the
NetStream server is 10.1.26.200 and the port number is 6000. The exported packets
must carry BGP next hop information and MPLS information.

2016-7-21 HUAWEI Confidential Page 10, Total 10