Beruflich Dokumente
Kultur Dokumente
Vlan ID
11 VLAN_11_BB1
22 VLAN_22_BB2
33 VLAN_33_BB3
42 VLAN_42_R2-SW4
44 VLAN_44_R4
55 VLAN_55_R5-SW2
123 VLAN_123_SWITCHES
999 VLAN_RSPAN
SW1
Or
SW1
spanning-tree mst 1 root primary
spanning-tree mst 2 root secondary
SW2
spanning-tree mst 2 root primary
spanning-tree mst 1 root secondary
5]- Each of the following sets of vlans must have one instance
per vlans
5]- Ensure that SW1 is the root switch, SW2 is backup switch for
odd vlans
5]- Ensure that SW2 is the root switch , SW2 is backup switch for
Even vlans
5]- Configure to 30 sec that time all switches wait before their
spanning-tree process attempt to reconverge if it didn’t receive any
spanning-tree configuration message.
5]- Configure instance per vlan and rapid transition for forwarding
SW1
Spanning-tree vlan 1,11,33,55,123,999 root primary
Spanning-tree vlan 22,42,44 root secondary
SW2
Spanning-tree vlan 22,42,44 root primary
Spanning-tree vlan 1,11,33,55,123,999 root secondary
Spanning-tree vlan 42 priority 12288 (12330 – 42 = 12288)
Note: Check all trunk ports on all whithes with “sh run” and interfaces
with “sh int status”. There are maybe err-disable or suspend ports.
SW1
interface range fa0/23-24
channel-protocol lacp
channel-group 12 mode active
SW2
interface range fa0/23-24
channel-protocol lacp
channel-group 12 mode passive
SW3
interface range fa0/23-24
channel-protocol pagp
channel-group 34 mode desirable
SW4
interface range fa0/23-24
channel-protocol pagp
channel-group 34 mode auto
SW1
interface fastethernet 0/19
spanning-tree mst 1 port-priority 240
SW2
interface fastethernet 0/19
spanning-tree mst 2 port-priority 240
SW2
Int fa0/19
Spanning-tree vlan 22,42,44 port-priority 240
1.6 RSPAN
Any traffic received from VLAN_BB1 and VLAN_BB2 must be
replicated to a traffic analyzer connected to SW4 Fa0/15 via VLAN
999
You need to monitor any future interfaces connecting to
VLAN_BB1 and VLAN_BB2
Any traffic flowing through the trunk between SW3 and SW4 must
be replicated to another traffic analyzer connected to SW4 Fa0/16
There should not be any configuration regarding this on SW3.
Don’t create any new VLAN while configuring this
SW1
vlan 999
remote-span
SW2
monitor session 1 source vlan 22 rx
monitor session 1 destination remote vlan 999
SW4
monitor session 1 source remote vlan 999
monitor session 1 destination interface fastEthernet 0/15
!
monitor session 2 source interface port-channel 34 both
monitor session 2 destination interface fastEthernet 0/16
!
int ra fa 0/15 - 16
no shut
R4
no service password-encr
aaa new-model
aaa authentication login default none **********line /* none
required at the end only if no line password is configured */
aaa authentication ppp default group radius local-case
!
radius host YY.YY.44.200 key CISCO
!
username <Hostname of R1> password 0 CCIE
username <Hostname of R2> password 0 CCIE
!
interface s0/0/0
encapsulation ppp
ppp authentication chap default
!
interface s0/0/1
encapsulation ppp
ppp authentication chap default
R1 & R2
no service password-encr
interface s0/0/0
encapsulation ppp
ppp chap password 0 CCIE
Note: If the question says to use AAA list name R1 and R2 for
authenticating R1 and R2 respectively, use the below configuration
R4
aaa new-model
aaa authentication login default line /* none required at the end
only if no line password is configured */
aaa authentication ppp R1 group radius local-case
aaa authentication ppp R2 group radius local-case
radius host YY.YY.44.200 key CISCO
!
username <Hostname of R1> password 0 CCIE
username <Hostname of R2> password 0 CCIE
!
interface s0/0/0
encapsulation ppp
ppp authentication chap R1
!
interface s0/0/1
encapsulation ppp
ppp authentication chap R2
R1 & R2
interface s0/0/0
encapsulation ppp
ppp chap password 0 CCIE
R1
router ospf YY
router-id YY.YY.1.1
network YY.YY.1.1 0.0.0.0 area 142
network YY.YY.14.1 0.0.0.0 area 142
network YY.YY.17.1 0.0.0.0 area 142
R2
router ospf YY
router-id YY.YY.2.2
network YY.YY.24.2 0.0.0.0 area 142
network YY.YY.29.2 0.0.0.0 area 142
redistribute connected subnets route-map BB-TO-OSPF
!
route-map BB-TO-OSPF permit 10
match interface fastethernet 0/1
R3
router ospf YY
router-id YY.YY.3.3
network YY.YY.3.3 0.0.0.0 area 51
network YY.YY.35.3 0.0.0.0 area 51
redistribute connected subnets route-map BB-TO-OSPF
!
route-map BB-TO-OSPF permit 10
match interface fastethernet 0/0
R4
router ospf YY
router-id YY.YY.4.4
network YY.YY.4.4 0.0.0.0 area 142
network YY.YY.14.4 0.0.0.0 area 142
network YY.YY.24.4 0.0.0.0 area 142
network YY.YY.44.4 0.0.0.0 area 142
network YY.YY.144.4 0.0.0.0 area 142
R5
router ospf YY
router-id YY.YY.5.5
network YY.YY.5.5 0.0.0.0 area 51
network YY.YY.35.5 0.0.0.0 area 51
network YY.YY.55.5 0.0.0.0 area 51
SW1
ip routing
router ospf YY
router-id YY.YY.7.7
network YY.YY.7.7 0.0.0.0 area 0
network YY.YY.123.7 0.0.0.0 area 0
network YY.YY.17.7 0.0.0.0 area 142
!
interface vlan 123
ip ospf priority 255
SW2
ip routing
router ospf YY
router-id YY.YY.8.8
network YY.YY.8.8 0.0.0.0 area 0
network YY.YY.123.8 0.0.0.0 area 0
network YY.YY.55.8 0.0.0.0 area 51
redistribute connected subnets route-map BB-TO-OSPF
!
route-map BB-TO-OSPF permit 10
match interface vlan 33
!
interface vlan 123
ip ospf priority 254
SW3
ip routing
router ospf YY
router-id YY.YY.9.9
network YY.YY.9.9 0.0.0.0 area 0
network YY.YY.123.9 0.0.0.0 area 0
SW4
ip routing
router ospf YY
router-id YY.YY.10.10
network YY.YY.10.10 0.0.0.0 area 0
network YY.YY.123.10 0.0.0.0 area 0
network YY.YY.29.10 0.0.0.0 area 142
SW2
router eigrp 100
no auto-summary
network 150.3.YY.1 0.0.0.0
R3
router rip
version 2
no auto-summary
network 150.1.0.0
distribute-list 1 in fastethernet 0/0
!
Access-list 1 permit 199.172.5.0 0.0.10.255
R3
Route rip
Version 2
No auto-summary
Network 150.1.0.0
Distribute list 1 in
R3
access-list 2 permit 199.172.5.0 0.0.2.255
!
route-map RIP_TO_OSPF permit 10
match ip address 2
set metric-type type-1
route-map RIP_TO_OSPF permit 20
router ospf YY
redistribute rip subnets route-map RIP_TO_OSPF
area 51 nssa
R5
router ospf YY
area 51 nssa
SW2
router ospf YY
area 51 nssa
SW2
router ospf YY
redistribute eigrp YY subnets
area 51 nssa no-summary no-redistribution
Configure iBGP peering for R1, R2, SW2, R3 and R5 as per the
following requirement.
Where possible failure of a physical interface should not permanently
affect BGP peer connections
Minimize number of BGP peering sessions and all BGP speakers in AS
YY except SW2 must have only one iBGP peer
All BGP routes on all devices must be valid routes
Configure BGP as per diagram
BGP routes from BB1 must have community values 254 207 103 in AS
YY
BGP routes from BB2 must have community values 254 208 104 in AS
YY
Make sure that all BGP speakers in AS YY (even R2) are pointing all
BGP prefixes from AS 254 via BB1 only (their BGP next hop must be
the IP address of the backbone devices)
Note: I checket network which came from BB1 and BB2, there is 254
community and and use "additive" int route-map
R1 / R2 / R3 / R5
router bgp YY
Router bgp id YY.YY.R*.R* (R1,R2,R3,R5)
no auto-summary
no synchronization
neighbor YY.YY.8.8 remote-as YY
neighbor YY.YY.8.8 update-source loopback0
neighbor YY.YY.8.8 send-community
SW2
router bgp YY
no auto-summary
no synchronization
neighbor PEER peer-group
neighbor PEER remote-as YY
neighbor PEER update-source Loopback0
neighbor PEER route-reflector-clientip
neighbor PEER send-community
neighbor YY. YY.1.1 peer-group PEER
neighbor YY. YY.2.2 peer-group PEER
neighbor YY. YY.3.3 peer-group PEER
neighbor YY. YY.5.5 peer-group PEER
R2
neighbor 150.2.YY.254 remote-as 254
neighbor 150.2.YY.254 route-map SET-COMMUNITY in
!
route-map SET-COMMUNITY permit 10
set community 103,207 additive
R3
neighbor 150.1.YY.254 remote-as 254
neighbor 150.1.YY.254 route-map SET-COMMUNITY in
!
route-map SET-COMMUNITY permit 10
set local-preference 200
set community 104,208 additive
R1
ipv6 unicast-routing
ipv6 cef
!
ipv6 router ospf YY
router-id YY.YY.1.1
!
interface Serial 0/1
ipv6 address FEC1:CC1E:14::1/64
ipv6 ospf YY area 142
!
interface fastethernet 0/0
ipv6 address FEC1:CC1E:17::1/64
ipv6 ospf YY area 142
R2
ipv6 unicast-routing
ipv6 cef
!
ipv6 router ospf YY
router-id YY.YY.2.2
!
interface Serial 0/1
ipv6 address FEC1:CC1E:24::2/64
ipv6 ospf YY area 142
!
interface FastEthernet 0/0
ipv6 address FEC1:CC1E:42::2/64
ipv6 ospf YY area 142
R3
ipv6 unicast-routing
ipv6 cef
!
ipv6 router ospf YY
router id YY.YY.3.3
!
interface Serial 0/0/0
ipv6 address FEC1:CC1E:35::3/64
ipv6 ospr YY area 51
R4
ipv6 unicast-routing
ipv6 cef
!
ipv6 router ospf YY
router-id YY.YY.4.4
!
interface fastethernet 0/0
ipv6 address FEC1:CC1E:44::4/64
ipv6 ospf YY area 142
!
interface Serial 0/0/0
ipv6 address FEC1:CC1E:14::4/64
ipv6 ospf YY area 142
!
interface serial 0/0/1
ipv6 address FEC1:CC1E:12::4/64
ipv6 ospf YY area 142
R5
ipv6 unicast-routing
ipv6 cef
!
ipv6 router ospf YY
router-id YY.YY.5.5
!
interface Serial 0/0/1
ipv6 address FEC1:CC1E:35::5/64
ipv6 ospf YY area 51
!
interface FastEthernet 0/0
ipv6 address FEC1:CC1E:52::5/64
ipv6 ospf YY area 51
Note: Shoul be carefuly before reload switches and sure to write config
SW1
ipv6 unicast-routing
ipv6 cef dis
!
ipv6 router ospf YY
router-id YY.YY.7.7
!
interface fastethernet 0/1
ipv6 address FEC1:CC1E:17::7/64
ipv6 ospf YY area 142
!
interface vlan 123
ipv6 address FEC1:CC1E:123::7/64
ipv6 ospf YY area 0
ipv6 ospf priority 255
SW2
ipv6 unicast-routing
ipv6 cef dis
!
interface loopback 8
ipv6 address 2011:cc1e:88:88:88::88/128
!
route-map loopback8 permit 10
match interface loopback8
!
ipv6 router ospf YY
router-id YY.YY.8.8
redistribute connected route-map loopback8
!
interface vlan 55
ipv6 address FEC1:CC1E:52::8/64
ipv6 ospf YY area 51
!
interface vlan 123
ipv6 address FEC1:CC1E:123::8/64
ipv6 ospf YY area 0
ipv6 ospf priority 254
SW3
ipv6 unicast-routing
ipv6 cef dis
!
ipv6 router ospf YY
router-id YY.YY.9.9
!
interface vlan 123
ipv6 address FEC1:CC1E:123::9/64
ipv6 ospf YY area 0
ipv6 ospf priority 0
SW4
ipv6 unicast-routing
ipv6 cef dis
!
ipv6 router ospf YY
router-id YY.YY.10.10
!
interface vlan 42
ipv6 address FEC1:CC1E:42::10/64
ipv6 ospf YY area 142
!
interface vlan 123
ipv6 address FEC1:CC1E:123::10/64
ipv6 ospf YY area 0
ipv6 ospf priority 0
R1 R2 R4 SW1 SW4
ipv6 router ospf YY
area 142 nssa
R1
ipv6 cef
!
ipv6 flow-export source Loopback0
!
ipv6 flow-aggregation cache protocol-port
cache entries 20000
cache timeout inactive 180
export template timeout-rate 120
export version 9
export destination YY.YY.44.100 9876
enabled
interface fastethernet0/0
ipv6 flow egress
R1, R2,R4
Ipv6 cef
R4
Ipv6 unicast-routing
Int s0/0/0
Ipv6 address fec1:cc1e:14::4/64
Ipv6 ospf YY area 142
Int s0/0/1
Ipv6 address fec1:cc1e:24::4/64
Ipv6 ospf YY area 142
Int fa0/0
Ipv6 address fec1:cc1e:44:4/64
Ipv6 ospf YY area 142
R2
Ipv6 router ospf YY
Router-id YY.YY.2.2
Ipv6 unicast-routing
Int s0/0/0
Ipv6 address fec1:cc1e:24::2/64
Ipv6 ospf YY 142
Int fa0/0
Ipv6 address fec1:cc1e:17::1/64
Ipv6 mld join-group ff15:4000:4000
Ipv6 ospf YY area 142
R1
Ipv6 router ospf YY
Router-id YY.YY.1.1
Ipv6 unicast-routing
Int s0/0/0
Ipv6 address fec1:cc1e:14::1/64
Ipv6 ospf YY 142
Int fa0/0
Ipv6 address fec1:cc1e:17::1/64
Ipv6 mld join-group ff15:4000:4000
Ipv6 ospf YY area 142
R1
ip multicast-routing
interface loopback0
ip pim sparse-mode
interface serial 0/0/0
ip pim sparse-mode
interface fastethernet 0/0
ip pim sparse-mode
ip pim rp-candidate loopback0 priority 1
K6++ R1
Ip multicast-routing
Ip pim autorp-listener
Int lo0
Ip pim sparse-mode
Int s0/0/0
Ip pim sparse-mode
Int fa0/0
Ip pim sparse-mode
R2
ip multicast-routing
interface loopback0
ip pim sparse-mode
interface serial 0/0/0
ip pim sparse-mode
interface fastethernet 0/0
ip pim sparse-mode
ip pim rp-candidate loopback0 priority 2
K6++ R2
Ip multicast-routing
Ip pim autorp-listener
Int lo0
Ip pim sparse-mode
Int s0/0/0
Ip pim sparse-mode
Int fa0/0
Ip pim sparse-mode
Ip pim send-rp announce lo0 scope 16 group-list LIST
Ip access-list standard LIST
R4
ip multicast-routing
int fa 0/0
ip pim sparse-mode
int se 0/0
ip pim sparse-mode
int se 0/1
ip pim sparse-mode
int lo 0
ip pim sparse-mode
ip pim bsr-candidate lo 0
K6++ R4
Ip multicast-routing
Int lo0
Ip pim spare-mode
Int s0/0/0
Ip pim spare-mode
Int s0/0/1
Ip pim spare-mode
Int fa0/0
Ip pim spare-mode
Int fa0/1
Ip pim spare-mode
SW1
ip multicast-routing
int vlan 123
ip pim sparse-mode
int fa 1/1
ip pim sparse-mode
K6++ SW1
Ip multicast-routing distributed
Int lo0
Ip pim sparse-mode
Int fa0/1
Ip pim sparse-mode
K6++ SW2
Ip multicast-routing distributed
Int lo0
Ip pim sparse-mode
Ip pim sparse-mode
Int vlan 33
Ip pim sparse-mode
SW3
ip multicast-routing
interface vlan 123
ip pim sparse-mode
K6++ SW3
Ip multicast-routing distributed
Ip pim autorp listener
Int lo0
Ip pim sparse-mode
Ip pim sparse-mode
SW4
ip multicast-routing
interface vlan 42
ip pim sparse-mode
interface vlan 123
ip pim sparse-mode
K6++ SW4
Ip multicast-routing distributed
Ip pim autorp listener
Int lo0
Ip pim sparse-mode
Int vlan 123
Ip pim sparse-mode
Int vlan 42
Ip pim sparse-mode
SW4
interface vlan 123
ip pim dr-priority <(max-value) - 1>
SW1
interface vlan 123
ip pim dr-priority <max-value>
SW4
interface vlan 123
ip pim dr-priority <(max-value) - 1>
SW2
Access-list 33 deny 224.0.0.39
Access-list 33 deny 224.0.0.40
Access-list 33 permit any
Int vlan 33
Ip multicast boundary 33 filter-autorp
Section 4 – Advanced Services
R4
show ip nat translations
SW1
interface loopback100
ip address 100.100.17.7 255.255.255.255
ip route 100.100.42.0 255.255.255.0 YY.YY.17.1
R1
ip route 100.100.42.0 255.255.255.0 YY.YY.14.4
SW4
interface loopback100
ip address 100.100.42.10 255.255.255.255
ip route 100.100.17.0 255.255.255.0 YY.YY.42.2
R2
ip route 100.100.17.0 255.255.255.0 YY.YY.24.4
R4
ip nat inside source static YY.YY.17.7 100.100.17.7
ip nat inside source static YY.YY.42.10 100.100.42.10
!
interface serial0/0/0
ip nat outside
!
interface serial0/0/1
ip nat outside
SW1
Mls qos
interface range fastethernet 0/1 – 5
mls qos cos 1
mls qos trust cos
class-map BB
match input-interface fastethernet0/1
policy-map BB
class BB2
bandwidth 10000
interface fastethernet0/0
service-policy output BB
R3
class-map BB
match input-interface fastethernet0/0
policy-map BB
class BB1
bandwidth 1000
interface serial0/0
service-policy output BB
R4 (preconfigured)
!
ip dhcp pool 44
network YY.YY.44.0 255.255.255.0
default-router YY.YY.44.4
dns-server YY.YY.55.50.YY.YY.55.51
domain-name cisco.com
lease 10 <-------------------------------remove
R4
ip dhcp excluded-address YY.YY.44.4
ip dhcp excluded-address YY.YY.44.100
ip dhcp excluded-address YY.YY.44.200
SW1
ip dhcp snooping
ip dhcp snooping vlan 44
ip dhcp snooping verify mac-address /* Default - Wont show in
show run */
ip dhcp snooping database flash:CCIE.TXT
no ip dhcp snooping information option
!
ip arp inspection vlan 44
!
interface fastethernet0/4
ip dhcp snooping trust
ip arp inspection trust
!
interface fastethernet0/14
switchport mode access
switchport access vlan 44
switchport port-security
switchport port-security maximum 3
switchport port-security violation shutdown /* Shutdown the port
when violation occurred */
switchport port-security mac-address sticky
ip dhcp snooping limit rate 150 /* Prevents Resource Exhaustion */
ip verify source /* enable ip source guard - for protection against
spoofed IP packets */
no shutdown /* dont forget this */
end
!
ip dhcp snooping binding abcd.abcd.abcd vlan 44 YY.YY.44.100
interface fastEthernet 0/14 expiry 4294967295 /* exec level
command*/
*
4.7 Web Caching Communication Protocol (WCCP)
++WCCP
Configure WCCP on R4 according to the following requirement
There will be a WAAS appliance connected to interface of Fa0/1
Any traffic from any client connected toi Fa0/0 going out of the 2
serial interfaces must be redirected to the WAAS server on Fa0/1
Traffic redirected from the server to the clients must use WCCP
service 61
Traffic redirected from the clients to the server must use WCCP
service 62
++Traffic that is being send from R1 to R2 and from R2 to R1
is not allowed to be redirected.
R4
ip wccp ver 2
ip wccp check services all /* check all configured services for a
match and perform redirection for those services */
!
ip wccp 61 redirect-list S_TO_C
ip wccp 62 redirect-list C_TO_S
!
ip access-list extended S_TO_C
permit ip any YY.YY.44.0 0.0.0.255
!
ip access-list extended C_TO_S
permit ip YY.YY.44.0 0.0.0.255 any
!
interface fastethernet 0/0
Ip wccp 62 redirect in
!
interface serial 0/0/0
ip wccp 61 redirect in
!
interface serial 0/0/1
ip wccp 61 redirect in
!
interface fastethernet 0/1
ip wccp redirect exclude in
!
R5
snmp-server community CiscoWorks RW 10
snmp-server enable traps bgp
snmp-server host YY.YY.55.240 CiscoWorks bgp
!
access-list 10 permit YY.YY.55.240
5.2 Embedded Event Manager
R3
logging on
logging console informational