Beruflich Dokumente
Kultur Dokumente
1.1 VLAN
Create VLANs 4, 5, 27, 42, 58 and 255 on switches SW1, SW2, SW3 and SW4.
SW1-SW4:
vlan batch 4 to 5 27 42 58 255
4 SW2 Eth0/0/4
5 SW1 Eth0/0/5
SW4 Gi0/0/1, Gi0/0/2
27 SW1 Eth0/0/2
SW3 Gi0/0/1
42 SW1 Eth0/0/4
SW2 Eth0/0/20
58 SW2 Eth0/0/5
1.3 Mirroring
Incoming and outgoing traffic on G0/0/2 of SW4 should be copied to G0/0/1 for
analysis.
1.5 Trunk
All links between switches SW1, SW2, SW3 and SW4 should be configured as
trunk interfaces. Only VLANs 2 to 4094 should be allowed to pass across these
links.
1.6 MSTP
Switches SW1, SW2, SW3 and SW4 run MSTP as follows.
VLANs 4, 5 and 27 are in instance 10, VLANs 42, 58 and 255 are in instance 20.
Set the MST region name to huawei and revision-level to 10.
Spanning tree path cost calculations, should use Huawei proprietary values.
Configure SW1 to be root for instance 10 and SW2 to be root for instance 20.
Unauthorized switches that connect to G0/0/1 of SW3 must be prevented from
taking over as root bridges.
1.7 Hub-and-Spoke
R1, R5 and R3 use Frame Relay (FR) encapsulation and are connected in hub and
spoke mode with R3 as the hub. Connect R3 to R1 and R5 using P2P
sub-interfaces.
Traffic between R1 and R5 must pass through R3.
Only the DLCIs and IP addresses shown in the topology may be used. Your
configuration should take into account that IS-IS will need to run over these links.
Automatic FR mapping between layer 2 and layer 3 must be disabled.
Spoke devices may not send any multicast traffic to the hub.
1.8 Point-to-Point
The link between R3 and R4 should be configured as FR point to point.
Static layer 3 to layer 2 mapping may not be used on R3 or R4.
Automatic FR mapping between layer 2 and layer 3 must be disabled. On R3 and
R4.
Only the interfaces, DLCIs and IP addresses shown in the topology can be used.
1.9 FR
Perform the necessary configuration on R6 to ensure the following output can be
displayed:
[R6]display fr map-info
Map Statistics for interface Serial1/0/1 (DTE)
DLCI = 116, IP 157.68.1.254, Serial1/0/1
create time = 2013/09/03 16:54:33, status = ACTIVE
2016-7-21 Huawei Confidential Page 5, Total 12
HCIE-R&S Mock Exam 2 INTERNAL
1.10 PPP
R4 and R5 are connected through a pair of serial links, which should be combined
using a suitable mechanism to make best use of the bandwidth.
Only the specified IP network may be used for this link.
2. Section 2: IGP
2.2 RIP
R4 should run RIPv2 on G0/0/0, summarization should be disabled.
Enable MD5 authentication for RIP update packets, use a password of HW, the
IETF defined format for authentication packets should be used.
3. Section 3: EGP
R6 should set the next hop address of learned routes to its own IP address.
4. Section 4: IP Multicast
4.1 PIM
Enable multicast routing on R1, R3, R4, and R5.
Enable PIM-SM on the Ethernet link between R1 and R3, the Frame Relay network
between R3 and R4, and interconnected interfaces between R4 and R5.
Enable PIM-SM on the loopback interfaces of R1, R3, R4, and R5.
4.2 RP Redundancy
Use the IP address of loopback 0 on R1 as a C-RP address to serve group addresses
232.0.0.0-235.255.255.255.
Use the IP address of loopback 0 on R3 as a C-BSR address.
Ensure that R5 can learn the RP address.
4.3 IGMP
Enable IGMP on G0/0/0 of R5 and statically bind the interface to group
235.10.10.10.
Change the RPT-to-SPT switchover threshold to ensure that an RPT-to-SPT
switchover will occur when the traffic rate exceeds 64 kbps.
Ensure that R5 can receive multicast traffic from the RP.
Ensure that R1 will be elected as the PIM DR in VLAN 255.
5.1 MPLS
Enable MPLS on R1, R3, and R4, and use the IP address of Loopback0 as the LSR
ID.
Enable label switching on the links between R1 and R3 and between R3 and R4.
Disable label switching on all other links.
5.2 VPN-Instance
On R1: create a VPN instance TEST_R1, and set both RD and RT to 100:11.
Create Loopback1 and set its address to 192.168.100.11/32. Loopback1 belongs to
TEST_R1.
On R3: create a VPN instance TEST_HUB, and set both RD and export RT to
100:33. Create Loopback1 and set its address to 192.168.100.33/32. Loopback1
belongs to TEST_HUB.
On R4: create a VPN instance TEST_R4, and set both RD and export RT to
100:44. Create Loopback1 and set its address to 192.168.100.44/32. Loopback1
belongs to TEST_R4.
5.3 MP-BGP
Use the VPNv4 address family for BGP connections among R1, R3, and R4.
Set the import RT for each VPN instance on R1, R3, and R4 to ensure that
TEST_HUB on R3 can communicate with TEST_R1 on R1 and TEST_R4
on R4 while TEST_R1 on R1 and TEST_R4 on R4 remain isolated from
each other.
The VPN connection between R1 and R3 is not interrupted so long as there
is a reachable route between them.
6. Section 6: QoS
7. Section 7: Security
7.2 DHCP
Configure SW1 to allocate IP addresses to clients connected to VLANIF 27. The
address of the network segment is 10.1.22.0/24; addresses 10.1.22.2 and 10.1.22.11
are reserved. The DNS server is 10.1.22.254 and the lease is 2 days.
The DHCP server should probe an IP address before allocating it to a client, the
maximum number of probe packets sent by the DHCP server should be 10 and the
waiting time to 100ms.
Enable DHCP snooping in VLAN 27 on SW3 to prevent unauthorized DHCP
servers disrupting the network.
7.4 IPSG
Configure defense against source address spoofing attacks from VLAN 27 of SW3.
SW3 should discard IP packets with the same source and destination IP addresses.
8. Section 8: IP Feature
8.2 VRRP
Add R1 and R3 to a VRRP group with IP address 157.68.3.102. Set R1 to master
and preemption delay to 10 seconds. To lessen fault impact on services, configure
ICMP on R1 to monitor packets on R5's S1/0/1 and set the detection interval to 20
seconds. When the packet rate reaches 80%, an active/standby switchover occurs in
the VRRP group.
8.4 SSH
Set up secure login for users to VTY 0-4 of R6 through R3. The listening port of
R6 is port 1025. Ensure that SFTP and SCP are supported. Use password
authentication and set user name to R3, password to Hellow, and update interval to
24 hours. Give the R3 administrator all configuration rights on R6.
8.5 NTP
R6 has synchronized with the standard clock. Configure the R3 clock to
synchronize with R6. Set the clock stratum to 5, encrypt NTP broadcast traffic on
the LAN with hmac-sha256, set key ID to 16, and set the password to Hello.