CCIE R&S LAB h2+ Updated

QUESTION / SOLUTION LAB 4.
Version 5
WWW.PASSRNSLABS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
!!!!! Important read the following guidelines before starting the section !!!!
 This section is comprised of set of configuration tasks to be completed within 5.30 hours.
 The final score of this section is combined with the troubleshooting section to comprise your final
pass or fail status on the ccie lab exam
 A candidate is required to pass both sections of cisco ccie certification.
1. Read all questions in each section before proceeding with any configuration.
2. Before starting the exam confirm that all devices in your rack are in working order. During the exam,
if any device is locked or inaccessible for any reason you must recover it. When you complete the
exam ensure that all devices are accessible to the grading proctor. A device that is not accessible for
grading cannot be marked and may cause you to lose substantial point.
3. Knowledge of implementation and troubleshooting techniques is part of skills tested in the
configuration section of the lab exam.
4. If you suspect that there may be hardware problem with your equipment contact the lab proctor
immediately
5. Points are awarded for working configuration only. Test the functionality of all of the requirements
before you complete your exam. As you configure one part of the exam you may break a previous
requirement or configuration.
6. No partial points can be granted for any question. All requirements needed to be fulfill in order to
receive the points for the question some requirements depend on other questions either before or after
the current question.
7. You will be presented with pre-configuration Routers and switches. Do not change the following
configuration on the device.
Hostname
Enable password ‘’cisco’’
Console line configuration
8. In any configuration where additional addressing may be necessary. Use only the major network as
displayed in diagram 1. Ensure that it does not conflict with a network that is already used in your
network.
WWW.PASSRNSLABS.COM 2 WWW.PASSRNS.COM
9. Unicast or multicast static and default routes are not permitted unless permission to use them is
directly stated in a specific question. This restricted includes floating static routes and those routes
that were generated by a routing protocol routes to null 0 that are generated as a result of a dynamic
routing protocol solution are permitted.
10. Save your configuration frequently.
11. Doc cd:- you have access to http://www.cisco.com/ciscoweb/pass . All configuration guides and
master indexes are there
12. Tools: notepad and calculator are available
Note : This ccie lab scenario is only for applicants, please do not publish it on the internet or
anywhere else.
Section 1 – Layer 2 Technologies

1.1 Jameson’s Datacenter: Access ports
Refer to “Diagram 1 : Jameson’s Layer 2 Connections” and “Table 1: Jameson’s VLAN to Port
Mapping”.
There has been pre-configured in Jameson’s datacenter. Do not modify this configuration.
Some other configuration was already started but it is your responsibility to verify and
complete them.
Configure all four switches in Jameson’s datacenter network (AS 65002) as per the following
requirements:
 All unused ports must be configured in VLAN 999 and administratively shutdown. Refer to
“Table 1 : Jameson’s VLAN to Port Mapping” to figure out which ports are used and unused.
Datacenter switches are in transparent mode and vtp version should be 2.
 Access-ports must immediately transition to the forwarding state upon link up, as long as they
do not receive a BPDU. Use a unique command per switch to enable this feature.
 If an accessport received a BPDU,it must automaticallyshutdown , generate a syslog and a SNMP

trap. Use a unique command per switch to enable this feature.
 Ports that were shutdown must always rely on a manual intervention to recover.
 VLAN 911 (10.2.100.x/24) will be used as the management VLAN in Jameson’s datacenter.
Ensure that all datacenter switches are able to ping each other IP address in the management
VLAN.
 SW5 and SW6 are low-end access switches and they do not have much processing power.
Ensure that their only Layer 3 interfaces are Loopback0 and VLAN 911.
 SW3 and SW4 are robust and powerful distribution switches. Ensure that they maintain a Layer
3 interface for all local VLANs as well as all access VLANs, as specified in “ Table 1: Jameson’s
VLAN to Port Mapping”.
Table 1 : Jameson's VLAN to Port Mapping

Sr.no VLAN SWITCH PORT SVI
1 100 SW1, E1/0-3 SW1,
SW2 SW2
2 100 SW3, - SW3,
SW4 SW4
3 100 SW5,SW6 E0/2-3 -
4 101 SW1 E0/0-1 SW1,

101 SW2 E0/0-1, SW2,
153 SW3 E0/2 SW3
5 156 SW3,SW4 E0/3 -
6 164 SW4 E0/2 SW4
7 173 SW3 - SW3
8 173 SW5 E0/1 -
9 184 SW4 - SW4
10 184 SW6 E1/0 -
11 911 SW3, - SW3,

SW4, SW4,
SW5, SW5,
SW6 SW6
12 999 SW1,SW2 E0/2-3, -
E2/0-3
13 999 SW3, E0/0-1 -
SW4 E2/0-3
14 999 SW5 E0/0 -

E1/0-1
E2/0-3
15 999 SW6 E0/0, -
E1/1
E2/0-3
Pre-Configurations :
1) SW1 and SW2 are configured with Vlan 100,101,999
Vlan 100 - Metro (PC), Vlan 911 - Management vlan, Vlan 999 - unused
2) SW3,SW4,SW5 & SW6 are configured with Vlan 34,100,153, 156,164,1732,184,911,999
3) Trunks are pre-configured on all switches. (Always check)
4) There are SVI Vlans configured, but may be in shutdown state.
5) In real exam port numbers may be different, so please refer to the physical topology and use “Show cdp neighbor
command. "
Solutions :
On SW1 & SW2
vlan 100,101,999
exit
On SW1 & SW2

int range e0/2-3 , e2/0-3 In the exam you may get additional and different port nos.
switchport mode access
switchport access vlan 999
shutdown
On SW3, SW4, SW5 and SW6

vtp domain CCIE
vtp version 2 In exam VTP version is 1 pre-configured
vtp password cisco
vtp mode transparent
On SW3
vlan 34,100,153,164,156,173,184,911,999
exit
int e0/2
int e0/3
int range e0/0-1 , e2/0-3 In the exam you may get additional and different port nos.
shutdown
On SW4
int e0/2
int e0/3
int range e0/0-1 , e2/0-3 In the exam you may get additional and different ports
shutdown
On SW5 & SW6

int range e0/0 , e1/0-1 , e2/0-3
shutdown
On SW5
int e0/1
int range e0/2-3
On SW6
int e1/0
int range e0/1-3
* Use “Show int status “command on all Switches to check the config.
On SW3 to SW6
spanning-tree portfast default
spanning-tree portfast bpduguard default
On SW3 to SW6
(config)#snmp-server enable traps syslog
Reference : http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-
2_53_se/command/reference/2960ComRef/cli3.html
1.2 Jameson’s Datacenter: Trunk ports

Refer to “Diagram 1: Jameson’s Layer 2 Connections "and “Table 1: Jameson’s VLAN to Port
Mapping”.
Configure Jameson’s datacenter network (AS 65002) as per the following requirements:
 All inter-switch links must be configured to use 4 byte tag encapsulation.
 Ensure that no switch attempt to negotiate the trunk parameters.
 Ensure that all four switches send and receive untagged frames on VLAN 1.
 All four switches must maintain a separate Spanning-tree instance for each VLAN.
 All Jameson's Switches Must run multiple spanning tree and the MST configuration as Follows
 Instance 1 VLANs :Odd Vlans
 Instance 2 VLANs: Even Vlans
 Switch 3 must be root bridge for instance 1 and Switch 4 root bridge for instance 2
 SW3 port e1/1 should be in forwarding state for VLAN 34 and no traffic should pass through
interface e1/0
Solutions :
On SW3 & SW4
(config)#int range e1/0-3
(config-if-range)#switchport trunk encapsulation dot1q
(config-if-range)#switchport mode trunk
(config-if-range)#switchport nonegotiate This command may not work in exam
On SW5 & SW6

(config-if-range)#switchport trunk encapsulation dot1q
(config-if-range)#switchport mode trunk
(config-if-range)#switchport nonegotiate This command may not work in exam
On SW3 to SW6
(config)#spanning-tree mode mst
(config)#spanning-tree mst configuration
(config-mst)#name CCIE
(config-mst)#revision 1
(config-mst)#instance 1 vlan 1,153,173,911,999
(config-mst)#instance 2 vlan 34,100,156,164,184
On SW3
(config)#spanning-tree mst 1 priority 0
On SW4

(config)#int e1/1
(config)#spanning-tree mst 2 port-priority 64 This will force SW3 to make e1/1 as root port for MST2
(config)#spanning-tree mst 1 cost 100 This will force SW4 to make e1/1 as root port for MST1
Verifications :
On Next page
On SW3
* Check on All Switches

End of this task you must be able to ping point-to-point interfaces.
For example R15 to R16
CRL_LAB4_R15#pi 10.2.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.0.2, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
CRL_LAB4_R17#pi 10.2.0.37
!!!!!
1.3 Jameson’s Datacenter: Link bundling

Refer to “Diagram 1: Jameson’s Layer 2 Connections” and “Diagram 2: Initial Topology”.
Configure Jameson’s datacenter network as per the following requirements:
 Configure Cisco propriety protocol on pre configured port channel and insert trunk port
between SW3, SW5 and SW4, SW6.
 SW3 and SW4 must initiate the bundling.
 The distribution switches SW3 and SW4 must balance traffic between all members of the
bundle based on source and destination IP addresses
 The access switcher SW5 and SW6 must balance the incoming traffic (that is originated from
servers) between all members of the link bundle based on the server’s MAC address.
Solutions :
On SW3
(config-if-range)# channel-group 35 mode desirable
On SW4
(config-if-range)# channel-group 46 mode desirable
On SW5
(config-if-range)#channel-group 35 mode auto
On SW6
(config-if-range)#channel-group 46 mode auto
On SW3 and SW4

(config)#port-channel load-balance src-dst-ip
On SW5 and SW6

(config)#port-channel load-balance src-mac
(NOTE : CHANGE THE PORTS ACCORDING TO YOUR IOL IN EXAM)
Verification : On All Switches
On All Switches
1.4 Jameson’s Branch Offices

Configure interface Ethernet0/0 in Jameson’s branch routers R19, R20 and R21 as per the
following requirements:
 The Ethernet WAN links must rely on a Layer 2 protocol that supports link negotiation and
authentication.
 The service provider expects that the branch routers complete a three-way handshake by
providing the expected response of a challenge that is sent by R49.
 R19 must use the username “Jamesons-R19” and password “CCIE” (without quotes).
 The interface Eth0/0 of all three routers must receive an IP address from R49.
 Ensure that all three routers can ping the IP address of each other’s interface Eth0/0.
 You are not allowed to configure any static route in each branch router to achieve the previous
requirement.
Solutions :
On R19
interface Dialer10
mtu 1492
ip address negotiated
encapsulation ppp
dialer pool 1
ppp chap hostname Jamesons-R19
ppp chap password 0 CCIE
ppp ipcp route default
exit
interface Ethernet0/0
no ip address
no shut
pppoe enable group global
pppoe-client dial-pool-number 1
exit
On R20
interface Dialer10
mtu 1492
encapsulation ppp
dialer pool 1
exit
no ip address
no shut
exit
On R21
interface Dialer10
mtu 1492
encapsulation ppp
dialer pool 1
exit
no ip address
no shut
R17 is already configured with BGP and getting a default route from R49
R49 already has the PPPOE server config :
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/bbdsl/configuration/xe-3s/bba-pppoe-client.html#GUID-B1DB9A75-
76E3-4553-B3C3-A73046F5A505
Verification : Check your connectivity from R19,20 and 21 to R17's int e0/0 and each other's interfaces.
CRL_LAB4_R19#ping 192.0.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1
CRL_LAB4_R19#ping 192.0.20.2
!!!!!
CRL_LAB4_R19#ping 192.0.21.2
!!!!!
Verifications :
---------- output omitted -------
Section 2 – Layer 3 Technologies

2.1 Jameson’s IGP, part 1
Refer to “Diagram 2: Initial Topology”
The configuration was already started. It is your responsibility to complete and verify all
requirements.
Configure Jameson’s network (AS 65001 and 65002) according to following requirements:
 Ensure that all routers use their interface Lo0 as OSPF router-id.
 Ensure that OSPF is not running on any interface that is facing another BGP AS.
 Ensure that all routers will not propagate LSA 2 in the OSPF domain in all Jameson’s
network.
 SW5 and SW6 must not participate in OSPF at all.
 Do not use the “network” statement under the “router ospf” configuration anywhere in the
datacenter network (AS 65002).
 Use OSPF process-id 1 in all Jamesons network
 OSPF Type-2 LSAs must not appear in any link state database on the datacenter. (AS65001
may be required none OSPF Type’LSAs)
 Do not change the default OSPF cost of any interface anywhere.
 SW3 and SW4 must not establish neighborship on VLAN 100 ,911 ,101 but they should
advertise
them.
 Ensure that R1, SW1 and SW2 are elected the designated router on all their interfaces, and that
they have the best chances of maintaining that role as long as their interfaces are up.
 Ensure that R2 is elected the Backup Designated router on all of its interfaces, and that it has
the best chances of maintaining that role as long as its interfaces are up.
Note: R17 tunnel 0, loopback 0 and E0/1 is in vrf CORP
Solutions :
Jameson's Core Network 65001 OSPF AREA 0
On R1 to R10
router ospf 1
router-id x.x.x.x (Loopback 0 IP)
On R1
int range e0/0-3 ,e1/0 , lo0
ip ospf 1 area 0
int range e0/0-3 ,e1/0
ip ospf priority 255
On R2
int range e0/0-3 , e1/0 , lo0
ip ospf 1 area 0
int range e0/0-3 , e1/0
On R3
int range e0/0 , e0/2 , lo0
ip ospf 1 area 0
On R4
int range e0/0, e0/2 , lo0
ip ospf 1 area 0
int range e0/2
On R5
int range e0/0-1 , lo0
ip ospf 1 area 0
On R6
int range e0/0-1 , lo0
ip ospf 1 area 0
int range e0/1
On R7
int range e0/3 , lo0
ip ospf 1 area 0
On R8
ip ospf 1 area 0
int range e0/3
On R9 Required for Section 3.3

int range e0/0 , l0
ip ospf 1 area 0
On R10 Required for Section 3.3

int range e0/0 , l0
ip ospf 1 area 0
int range e0/0
Verification : Check On all Routers
All Loopback interfaces in Routing table must be seen :
Jameson's Main Office Network 65002 OSPF AREA 0

On SW2
ip routing
router ospf 1
router-id 10.255.1.102
network 10.3.254.254 0.0.0.0 area 0
network 10.3.1.254 0.0.0.0 area 0
network 10.255.1.102 0.0.0.0 area 0
int vlan 101
On R13
router ospf 1
router-id 10.255.1.13
network 10.3.254.1 0.0.0.0 area 0
network 10.255.1.13 0.0.0.0 area 0
On R14
router ospf 1
router-id 10.255.1.14
network 10.3.254.2 0.0.0.0 area 0
network 10.255.1.14 0.0.0.0 area 0
Verifications :
CRL_LAB4_R13#sh ip route ospf

Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 8 subnets, 3 masks
O 10.3.1.0/24 [110/11] via 10.3.254.254, 00:10:59, Ethernet0/1
O 10.255.1.14/32 [110/11] via 10.3.254.2, 00:10:59, Ethernet0/1
O 10.255.1.102/32 [110/11] via 10.3.254.254, 00:10:59, Ethernet0/1
CRL_LAB4_R13#pi 10.255.1.14 so lo0
!!!!!
Jameson's Head Quarter Network 65002 OSPF AREA 0

On SW1
router ospf 1
router-id 10.255.1.101
network 10.1.1.254 0.0.0.0 area 0
network 10.1.254.254 0.0.0.0 area 0
network 10.255.1.101 0.0.0.0 area 0
int vlan 101

On R11
router ospf 1
router-id 10.255.1.11
network 10.1.254.1 0.0.0.0 area 0
network 10.255.1.11 0.0.0.0 area 0
On R12
router ospf 1
router-id 10.255.1.12
network 10.1.254.2 0.0.0.0 area 0
network 10.255.1.12 0.0.0.0 area 0
Verifications :
Jameson's Data Center Network 65002 OSPF AREA 0

On SW3 The network for vlan 100 is changed to 10.2.100.0/24 in exam.
router ospf 1
router-id 10.255.1.103
int range vlan 911,vlan 34,vlan 100,vlan 153,vlan 173
ip ospf 1 area 0
ip ospf network point-to-point
int loopback 0
ip ospf 1 area 0
On SW4
router ospf 1
router-id 10.255.1.104
int range vlan 911,vlan 34,vlan 100,vlan 164,vlan 184
ip ospf 1 area 0
int loopback 0
ip ospf 1 area 0
On R15
router ospf 1
router-id 10.255.1.15
int range e0/2,e0/0
ip ospf 1 area 0
int loopback 0
ip ospf 1 area 0
On R16
router ospf 1
router-id 10.255.1.16
int range e0/2,e0/0
ip ospf 1 area 0
int loopback 0
ip ospf 1 area 0
On R17
router ospf 1 vrf LOCALSP
router-id 10.255.1.17
int e0/1
ip ospf 1 area 0
int loopback 0
ip ospf 1 area 0
On R18
router ospf 1
router-id 10.255.1.18
int e0/1
ip ospf 1 area 0
int loopback 0
ip ospf 1 area 0
On SW3 & SW4

router ospf 1
passive-interface Vlan100
passive-interface Vlan911
passive-interface Vlan101  New Vlan introduced for users connecting on SW5 from 0/1-3 and attached to vlan
101
Verifications :
2.2 Jameson’s IGP, part 2

Configure Jameson’s branch network according to the following requirements:
 R17 must propagate a default route in its OSPF domain, but only if already has a default route
in its routing table.
 Do not redistribute BGP into OSPF and vice versa on R17.
 Each branch router must establish an OSPF adjacency with R17 and must receive a default
route via OSPF. They may receive LSA type 3 from the ABR. R17 must generate a summary
route of 10.2.0.0/16 for branch router.
 Each branch router must advertise their interfaces Lo0 and Eth0/1 into OSPF.
 None of the branch routers may attempt to elect a Designated Router on their Tunnel0
interface.
Note: In R17 e0/1, tunnel 0, loopback 0 are in vrf LOCALSP. On R19, R20 and R21, loopback 0, e0/1 and tunnel 0 are in vrf
LOCALSP
Solutions :
In exam the tunnel 0 is preconfigured, but you need to modify few things for the DMVPN tunnel to work. It is in
Section 3.1. Use the below configuration:
On R17
interface Tunnel0
ip vrf forwarding LOCALSP
ip address 10.100.0.1 255.255.255.0
no ip redirects
ip nhrp authentication 65002key
ip nhrp map multicast dynamic
ip nhrp network-id 51
ip nhrp holdtime 300
ip ospf network point-to-multipoint
ip ospf 1 area 51
delay 100
tunnel source Ethernet0/0
tunnel mode gre multipoint
tunnel key 65002
exit
On R19, R20, & R21

interface Tunnel0

ip address 10.100.0.x 255.255.255.0
no ip redirects
ip nhrp map multicast 192.0.2.2
ip nhrp map 10.100.0.1 192.0.2.2
ip nhrp holdtime 300
ip nhrp nhs 10.100.0.1
delay 100
tunnel source Dialer10
tunnel key 65002
exit
On R17
capability vrf-lite
default-information originate
network 10.100.0.1 0.0.0.0 area 51
area 0 range 10.2.0.0 255.255.0.0
!
int tunnel 0
ip route vrf LOCALSP 0.0.0.0 0.0.0.0 192.0.2.1 global > This will put the default route from global routing table
into VRF table
On R19
router-id 10.255.1.19
capability vrf-lite
network 10.16.1.1 0.0.0.0 area 51
network 10.100.0.19 0.0.0.0 area 51
network 10.255.1.19 0.0.0.0 area 51
!
int tunnel 0
On R20
router-id 10.255.1.20
capability vrf-lite
network 10.16.2.1 0.0.0.0 area 51
network 10.100.0.20 0.0.0.0 area 51
network 10.255.1.20 0.0.0.0 area 51
!
int tunnel 0
On R21
router-id 10.255.1.21
capability vrf-lite
network 10.16.3.1 0.0.0.0 area 51
network 10.100.0.21 0.0.0.0 area 51
network 10.255.1.21 0.0.0.0 area 51
!
int tunnel 0
Verifications :
2.3 Jacob’s IGP

Refer to “Diagram 2: Initial Topology”.
Jacob’s network is partly preconfigured. It is your responsibility to verify and complete them.
Configure EIGRP for IPv4 in Jacob’s core network (AS65006) according to the following requirements:
 All EIGRP router must support 64-bit metric calculations and Routing Information Base
(RIB) scaling in EIGRP topologies.
 The interface Lo0 of each router must be seen as an internal EIGRP prefix by all other routers
in their local domain.
 Ensure that EIGRP is not running on any interface that is facing another AS. Use any method
to accomplish this requirement.
 Jacob’s core network must use the EIGRP autonomous system number 1.
 R52 must inject its interface Lo52 into EIGRP as an external prefix.
 Do not change the preconfigured bandwidth on interface loopback 52.
 The following output must be seen on R50:
Solutions :
On R50
router eigrp CCIE
address-family ipv4 unicast autonomous-system 1
eigrp router-id 172.30.1.50
network 172.30.1.50 0.0.0.0
network 172.30.100.1 0.0.0.0
metric rib-scale 153
On R51
router eigrp CCIE
network 172.30.1.51 0.0.0.0
network 172.30.100.2 0.0.0.0
On R52
router eigrp CCIE
network 172.30.1.52 0.0.0.0
network 172.30.100.3 0.0.0.0
On R53
router eigrp CCIE
network 172.30.1.53 0.0.0.0
network 172.30.100.4 0.0.0.0
On R54
router eigrp CCIE
network 172.30.1.54 0.0.0.0
network 172.30.100.5 0.0.0.0
On R52
create loopback 52
int lo52
ip add 52.52.52.52 255.255.255.255
route-map LO52 permit 10

match interface lo52
router eigrp CCIE

topology base
redistribute connected route-map LO52
2.4 Jameson’s Pre-merge Part 1

Refer to the “Overall Scenario”, “Diagram 2: Initial Topology” and “Diagram 4: Pre-merge
Topology”.
Jameson’s decided to enable MPLS VPN in their network.
Configure Jameson’s network as per the following requirements:
 R11, R12, R13 and R14 must redistribute OSPF into BGP and they must advertise a default route
into their respective OSPF domain. They may not redistribute BGP into OSPF.
 R15 and R16 must mutually redistribute OSPF and BGP.
 R11, R12, R13 and R14 must advertise only four prefixes via eBGP to Jameson’s core network as
follows:
 R11 and R12 must advertise 10.1.0.0/16, 10.255.1.11/32, 10.255.1.12/32 and 10.255.1.101/32;
 R13 and R14 must advertise 10.3.0.0/16, 10.255.1.13/32, 10.255.1.14/32 and 10.255.1.102/32;
 R1 must reflect IPv4 BGP prefixes to all core routers except R2. ALL internal BGP peerings must be
established using interface Lo0.
 Ensure that each Jameson’s site receives BGP prefixes from other sites.
 A very similar output as the one shown below must be seen on R11, R12, R13 and R14 (only the
next-hop, version and update-group may differ).
The Above output can be seen after you complete Section 3.2 & 3.3
Solutions :
On R11,12,13 & 14
router bgp 65002
redistribute ospf 1 match internal external
!
router ospf 1
default-information originate always
On R11
router bgp 65002
aggregate-address 10.1.0.0 255.255.0.0 summary-only
neighbor 10.255.1.12 remote 65002
neighbor 10.255.1.12 update-source Loopback0
neighbor 10.255.1.12 next-hop-self
neighbor 10.254.0.53 allowas-in
On R12
router bgp 65002
neighbor 10.254.0.57 allowas-in
On R13
router bgp 65002
On R14
router bgp 65002
On R15
router bgp 65002
!
!
Router ospf 1
redistribute bgp 65002 subnets
distance 255 10.255.1.16 0.0.0.0 10
access-list 10 permit 10.0.0.0 0.0.0.255
On R16
router bgp 65002
!
!
Router ospf 1
redistribute bgp 65002 subnets
distance 255 10.255.1.15 0.0.0.0 10
Explanation :
Distance command used on R15 and R16 because 10.0.0.0 route need to be sent aggregated to R3 and R4
increased the AD for network 10.0.0.0 so that R15 n R16 will not learn it via ospf
but it will learn through BGP.
On R1
router bgp 65001
bgp router-id 10.255.1.1
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor IBGP peer-group
neighbor IBGP remote-as 65001
neighbor IBGP update-source Loopback0
neighbor 10.255.1.3 peer-group IBGP
!
address-family ipv4
neighbor IBGP route-reflector-client
neighbor 10.255.1.3 activate

On R3,R4,R5,R6,R7,R8
router bgp 65001
bgp router-id 10.255.1.X (Lo0 Address)
neighbor 10.255.1.1 remote-as 65001
!
address-family ipv4
Verifications :
2.5 Jameson’s Pre-merge Part 2

Configure Jameson’s network
 Ensure that any prefix that originated in any of these main sites will not advertise back to
same site via redundant gateway.
 The configuration must equally apply to any future prefixes that may be advertised by any
site.
 R15 and R16 must advertise their OSPF default route to their PE.
Solutions :
On R15
router bgp 65002
neighbor 10.254.0.73 default- originate
On R16
router bgp 65002
neighbor 10.254.0.77 default- originate
Completed In Section 3.3 for VRF

http://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t11/htbgpsoo.html#wp1054900
2.6 Merge Phase 1: BGP

Refer to the “Overall Scenario” and “Diagram 5: Merge Phase 1”.
Jameson’s and Jacob’s started the first phase of their merge and added a new border router
in their respective main site (R18 and R57).
Configure the network as per the following requirements:
 Interface Lo0 of both R18 and R57 must be added into their respective IGP domain.
 Interface Eth0/1 of both R18 and R57 must peer with its connected IGP neighbor.
 Both R18 and R57 must advertise a summary prefix via eBGP to each other as follows:
 R18 advertises 10.0.0.0/8
 R57 advertises 172.0.0.0/8
 Both R18 and R57 must propagate the received summary prefix into their respective IGP domain
and must use summary-only keyword in BGP.
Solutions :
EIGRP 10 is pre-configured in Jacob's HQ. You may get named mode EIGRP pre-configured.
On R57
router eigrp 10
network 172.18.2.1 0.0.0.0

network 172.30.1.57 0.0.0.0
redistribute bgp 65005 metric 10000 100 255 1 1500
!
router bgp 65005
network 172.18.1.0 mask 255.255.255.0
On R18
router ospf 1
router-id 10.255.1.18
redistribute bgp 65002 metric-type 1 subnets
network 10.2.0.42 0.0.0.0 area 0
network 10.255.1.18 0.0.0.0 area 0
router bgp 65002

network 10.2.1.0 mask 255.255.255.0
2.7 Merge Phase 2 : IGP

Refer to “Diagram 2: Initial Topology” and “Diagram 6: Merge Phase 2”.
Jameson’s and Jacob’s are entering in the second phase of merge and have deployed two new
border routers in their respective core network.
Configure the core networks as per the following requirements:
 R9 and R10 must run OSPF on their interfaces Eth0/0 and Lo0.
 R9 and R10 must run EIGRP on their interface Eth0/1.
 R53 and R54 must run EIGRP on all of their interfaces.
 Mutually redistribute EIGRP and OSPF on both R9 and R10.
Avoid routing loops and ensure that all current and future prefixes are routed via their optimal. Don’t
use any access-map, prefix-list or route-map in order to achieve this requirement.
Solutions :
On R9 & R10
router ospf 1 ( Already configured in Section 2.1 )
router-id 10.255.1.X
ip ospf 1 area 0
On R53
router eigrp CCIE

network 10.254.0.62 0.0.0.0
On R54
router eigrp CCIE
network 10.254.0.66 0.0.0.0
On R9
router eigrp CCIE
address-family ipv4 autonomous-system 1
network 10.254.0.61 0.0.0.0
On R10
router eigrp CCIE
network 10.254.0.65 0.0.0.0
On R9 & R10
router ospf 1
redistribute eigrp 1 subnets
distance ospf external 255
!
router eigrp CCIE
topology base
redistribute ospf 1 metric 10000 100 255 1 1500
Verifications :
2.8 Merge Phase 2 : Routing Policies

Refer to the “Overall Scenario”, “Diagram 2: Initial Topology” and “Diagram 6: Merge Phase 2”.
 Network managers have decided that the primary path for all traffic between Jameson’s
10.2.1.0/24 and Jacob’s 172.18.1.0/24 must be routed preferably via the BGP backdoor link
between R18 and R57. If this link should fail then traffic should fall back over the MPLS core
network.
 All other traffic must be routed preferably via the MPLS network.
 Do not configure any route-map nor access-list in order to achieve this requirement.
 Ensure that the following test reveals the same path as shown below.
METRO_PC#trac 172.18.1.254 so e0/0 pr 1
Tracing the route to 172.18.1.254
VRF info: (vrf in name/id, vrf out name/id)
1 10.2.1.253 0 msec
2 10.2.0.14 0 msec
3 10.2.0.42 1 msec
4 10.2.0.46 0 msec
5 172.18.2.254 1 msec
METRO_PC#trac 172.18.2.254 so e0/0 pr 1

Tracing the route to 172.18.2.254
VRF info: (vrf in name/id, vrf out name/id)
1 10.2.1.253 1 msec
2 10.2.0.5 0 msec
3 10.254.0.73 1 msec
4 10.254.0.13 [MPLS: Labels 55/51 Exp 0] 1 msec
7 172.18.253.5 [MPLS: Label 51 Exp 0] 1 msec
8 172.18.253.6 1 msec
9 172.18.254.254 1 msec
The Trace to 172.18.2.254 will work only after completion of section 3.3 & 3.4
Solutions :
On R18
ip prefix-list LEAK permit 10.2.1.0/24 (10.2.100.0/24) In Section 2.1
route-map LEAK permit 10

match ip address prefix-list LEAK
router bgp 65002

neighbor 10.2.0.46 unsuppress-map LEAK
On R57
ip prefix-list LEAK permit 172.18.1.0/24
route-map LEAK permit 10

match ip address prefix-list LEAK
neighbor 10.2.0.45 unsuppress-map LEAK
On R15 & R16

router bgp 65002
network 10.0.0.0 mask 255.0.0.0 backdoor
On R51
router bgp 65006
bgp default local-preference 110
On R55 & R56

router bgp 65005
aggregate 172.18.0.0 255.255.0.0 summary-only
network 172.0.0.0 mask 255.0.0.0 backdoor
Pre-configuration on R55 and R56 :
On R55/R56
ip prefix-list EIGRP permit 172.18.0.0/16 le 32
route-map EIGRP permit 10
match ip address prefix-list EIGRP
!
router eigrp 10
redistribute bgp 65005 metric 1000 100 255 1 1500
!
router bgp 65005
redistribute eigrp 10 route-map EIGRP
You must check the pre-config on R55/R56. If any of the above is missing then add it. R55, R56 and SW10 may be
configured with EIGRP named mode, so according to the name mode apply the commands.
Update : Wrong prefix list on R55 & R56

Change it to :
Verifications :
2.9 IPv6 Routing, part 1

Jameson’s started deploying IPv6 in dual-stack mode in the datacenter.
Configure Jameson’s datacenter network as per following requirements:
 Establish OSPFv3 adjacencies in Area 0 between SW3, SW4, R15 and R16.
 Do not use the command “ipv6 ospf” anywhere in order to accomplish the previous
requirement.
 Interface VLAN 100 of SW3 must be configured with default router preference set to “medium”.
 Interface VLAN 100 of SW4 must be configured with default router preference set to “high”.
 The interval between Router Advertisement transmissions on VLAN 100 must be set to 10
seconds on both SW3 and SW4.
Solutions :
Check the IPv6 address configurations on all devices.
Check the IPv6 address configurations on all devices.
Update :
1) Loopback are not configured on R15, SW3, SW4 and R16
2) IPv6 address was configured on above devices in the following way:

ipv6 address fe80:db80::N/64 link-local
ipv6 address 2001:db80::VLanID:N/64
Example:
int vlan 34
ipv6 address 2001:db80::34:N/64
On SW3 &SW4
ipv6 unicast-routing
ipv6 cef
router ospfv3 10
router-id 10.255.1.X (Loopback 0)
On SW3
int range vlan 100,vlan 153,vlan 34 , lo0
ospfv3 10 ipv6 area 0
On SW4
int range vlan 100, vlan 164, vlan 34 , lo0
On SW3 &SW4
router ospfv3 10
passive-interface vlan 100
On R15
router ospfv3 10
router-id 10.255.1.15
int range e0/0, e0/2 , lo0
On R16
router ospfv3 10
router-id 10.255.1.16
int range e0/0,e0/2,lo0
On SW3
int vlan 100
ipv6 nd router-preference medium
ipv6 nd ra interval 10
On SW4
int vlan 100
ipv6 nd router-preference high
ipv6 nd ra interval 10
On Metro_PC
int e0/0
ipv6 address autoconfig
Verifications :
2.10 IPv6 Routing, part 2

Configure Jameson’s datacenter network as per the following requirements:
 SW3 and SW4 must provide first-hop redundancy for hosts in VLAN 100 by sharing the virtual
link-local address FE80:100::1.

 SW3 must be elected as the active router and SW4 must be elected as the standby router.
 In case SW3 is down, SW4 must take over the active role. If SW3 come back online, it must
automatically recover role from SW4.
 Ensure that HSRP hello packets are exchanged every 10 second and that the standby takes over
the active role if three consecutive Hello packets were missed from the active.
Solutions :
On SW3
interface Vlan100
standby use-bia
standby version 2
standby 34 ipv6 FE80:100::1
standby 34 timers 10 30
standby 34 priority 105
standby 34 preempt
On SW4
interface Vlan100
standby use-bia
standby version 2
standby 34 ipv6 FE80:100::1
standby 34 preempt
Verifications :
2.11 Multicast in Jameson's

An application running on server R101 (which is located in Jameson’s datacenter) uses
multicast to deliver specific traffic to users located in Jameson’s branch network.

 The interface Lo0 of R17 must be elected as the Rendezvous point for the whole multicast
domain
 R17 must announce its candidacy to advertise the group-to-RP mapping set to the router link
local address.
 For interoperability reasons, the selection of R17 as the RP must adhere to Cisco proprietary
protocol and must use the default priority value as per the standard.
 The streaming server is located at R19’s E0/1 and uses the group address 239.1.1.1 to send
traffic to interested receivers.
 Receivers are located in the branch network and they are connected to datacenter via DMVPN.
 Ensure that the following test is successful:
CRL_LAB4_SW3#pi 239.1.1.1 source vlan 173
Reply to request 0 from 10.16.3.1, 2 ms

Solutions :
* Do not configure multicast commands on SW3 and SW5
On R17
ip multicast-routing
ip multicast-routing vrf LOCALSP
int range lo0,e0/1,tunn0
ip pim sparse-mode
!
ip pim vrf LOCALSP bsr-candidate Loopback0
ip pim vrf LOCALSP rp-candidate Loopback0
On R19, R20 & R21

ip multicast-routing
ip multicast-routing vrf LOCALSP
int range lo0,e0/1,tunn0
ip pim sparse-mode
!
int e0/1
ip igmp join-group 239.1.1.1
Verifications:
Section 3 – VPN Technologies

3.1 Jameson’s Branch Offices
Configure DMVPN Phase 3 in Jameson’s branch network as per the following requirements:
 Use the preconfigured interface Tunnel0 on all four routers in order to accomplish this task.
 R17 must be configured as the hub router.
 R19, R20 and R21 must be the spoke routers and must participate in the NHRP information
exchange.
 Ensure that spoke-to-spoke traffic does not transit via the hub.
 Protest the tunneled traffic by attaching the preconfigured IPsec profile to the tunnel interface
on all tunnel end-points.
 Ensure that all spokes establish an OSPF adjacency through the tunnel with the hub R17,
without attempting to elect any Designated Router.
 Ensure that the following tests are successful:
Solutions :
Check the pre-configurations : IPsec profile is pre-configured.
On R17
interface Tunnel0
ip address 10.100.0.1 255.255.255.0
no ip redirects
ip pim sparse-mode
ip nhrp map multicast dynamic
ip nhrp redirect
ip virtual-reassembly in
ip ospf 1 area 51
tunnel source Ethernet0/0
tunnel key 5115
tunnel protection ipsec profile cisco
On R19,R20 & R21

interface Tunnel0
ip address 10.100.0.x 255.255.255.0
no ip redirects
ip pim sparse-mode
ip nhrp map 10.100.0.1 192.0.2.2
ip nhrp map multicast 192.0.2.2
ip nhrp nhs 10.100.0.1
ip nhrp shortcut
tunnel source Dialer10
tunnel key 5115
tunnel protection ipsec profile cisco
Verifications :
3.2 Jameson’s pre-merge VPN

Refer to the “Overall Scenario” and “Diagram 4: Pre-merge Topology”
Jameson’s decided to enable MPLS VPN in their network.

They started configuring it but it is your responsibility to complete it and verify that it is fully
functional.
 Enable LDP in the core network as indicated in “Diagram 4: Pre-merge Topology”.
 Ensure that all LDP routers use their interface Lo0 as their LDP router-id.
 R1 must reflect VPNv4 prefixes to all PE’s.
 The datacenter network must be connected to the VPN “DC” via eBGP.
 The headquarters and main office networks must be connected to the VPN “CORP” via eBGP.
 All six PE’s must use a consistent format “ASN:nn” for the VPN route-distinguisher, where:
 ASN is the Autonomous System Number of the connected CE.
 nn is any relevant number for the VPN site.
 Ensure that R101 in the datacenter’s VLAN 100 can successfully ping SW2 in the main office as
shown below:
METRO_PC#pi 10.3.1.254
!!!!!
Note: You’re not allowed to use Site of origin feature for loop avoidance.
Solutions:
On R1 to R8
mpls label protocol ldp
mpls ldp router-id lo0 force
router ospf 1
mpls ldp autoconfig
On R1
router bgp 65001
address-family vpnv4
neighbor IBGP send-community both
neighbor IBGP route-reflector-client
On R3 to R8
router bgp 65001
On R3
vrf definition DC
rd 65002:3 There are wrong RDs pre-configured. Change it according to the requirement.
address-family ipv4
exit-address-family
On R4
vrf definition DC
rd 65002:4
address-family ipv4
exit-address-family
On R7
vrf definition CORP
rd 65002:7
address-family ipv4
exit-address-family
On R8
vrf definition CORP
rd 65002:8
address-family ipv4
exit-address-family
On R5
vrf definition CORP
rd 65002:5
address-family ipv4
exit-address-family
On R6
vrf definition CORP
rd 65002:6
address-family ipv4
exit-address-family
On R3
vrf forwarding DC
ip address 10.254.0.73 255.255.255.252
!
router bgp 65001
address-family ipv4 vrf DC
On R4
vrf forwarding DC
ip address 10.254.0.77 255.255.255.252
!
router bgp 65001
On R5
vrf forwarding CORP
ip address 10.254.0.41 255.255.255.252
!
router bgp 65001
address-family ipv4 vrf CORP
On R6
vrf forwarding CORP
ip address 10.254.0.45 255.255.255.252
!
router bgp 65001
On R7
vrf forwarding CORP
ip address 10.254.0.53 255.255.255.252
router bgp 65001
On R8
vrf forwarding CORP
ip address 10.254.0.57 255.255.255.252
!
router bgp 65001
On R3
router bgp 65001
neighbor 10.254.0.74 soo 15:16
neighbor 10.254.0.74 as-override
On R4
router bgp 65001

neighbor 10.254.0.78 soo 15:16
On R5
router bgp 65001
neighbor 10.254.0.42 soo 13:14
On R6
router bgp 65001
neighbor 10.254.0.46 soo 13:14
On R7
router bgp 65001
neighbor 10.254.0.54 soo 11:12
On R8
router bgp 65001
neighbor 10.254.0.58 soo 11:12
On R3 & R4
vrf definition DC
address-family ipv4
route-target export 1:1
route-target import 2:2
On R5 & R6
vrf definition CORP
address-family ipv4
On R7 & R8
vrf definition CORP
address-family ipv4
On SW3 & SW4

int vlan 100
standby use-bia
Reference : http://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t11/htbgpsoo.html
Verifications :
3.3 Merge Phase 2 : VPN

Jameson’s and Jacob’s are entering in the second phase of the merge and have deployed two
new border routers in their respective core network.
 The BGP AS number of Jacob’s original core network must be converted to use Jameson’s AS
number 65001, as indicated in “Diagram 6: Merge Phase 2”.
 All BGP sessions between Jacob’s core and remote sites (including headquarters and office
networks) must be recovered using the new AS number.
 Do not modify the BGP configuration of Jacob’s CEs (R55,R56,R58) in order to accomplish this
requirement.
 Enable LDP in the merged core network as indicated in “Diagram 6: Merge Phase 2”, including
the four new border routers(R9, R10, R53 and R54) and Jacob’s core network.
 Ensure that all LDP routers use their interface Lo0 as their LDP router-id.
 R1 must reflect VPNv4 prefixes to all PE’s, including to Jacob’s PEs.
 Jacob’s headquarters and office network must be added to the VPN JACOBCORP
 All nine PE’s must use a consistent format “ASN:nn” for the VPN route-distinguisher, where:
 ASN is Autonomous System Number of the connected CE
 nn is any relevant number
Solutions :
On R50 to R54
!
int e0/0
mpls ip
On R53 & R54

int e0/1
mpls ip
On R9 & R10
router ospf 1
mpls ldp autoconfig area 0
interface e0/1
mpls ip
On R50
no router bgp 65006
router bgp 65001

exit-address-family
!
neighbor 10.255.1.1 send-community extended
On R51
no router bgp 65006
router bgp 65001
bgp default local-preference 110
exit-address-family
!
exit-address-family
On R52
no router bgp 65006
router bgp 65001
exit-address-family
!
On R50
vrf definition JACOBCORP
rd 65005:50
!
address-family ipv4
int e0/1
vrf forwarding JACOBCORP
ip address 172.18.253.1 255.255.255.252
Router bgp 65001

address-family ipv4 vrf JACOBCORP
neighbor 172.18.253.2 local-as 65006
On R51
rd 65005:51
!
address-family ipv4
int e0/1
ip address 172.18.253.5 255.255.255.252
Router bgp 65001

On R52
rd 65005:52
!
address-family ipv4
int e0/1
ip address 172.17.253.22 255.255.255.252
!
Router bgp 65001
On R1
router bgp 65001
On R50, R51
address-family ipv4
On R52
address-family ipv4
On R58
router bgp 65007
aggregate-address 172.17.0.0 255.255.0.0
Verifications :
From METRO_PC#pi to SW11
* Above outputs you will get after completing 3.4
3.4 Inter-VPN Routing

 Jameson’s headquarters, main office and Jacob’s office must receive datacenter prefixes
 Jameson’s main office and headquarters many not receive Jacob’s prefixes.
 In order to simplify future changes, your solution may not be limited to specific prefixes.
Solutions :
On R3 & R4
vrf definition DC
address-family ipv4
On R5 & R6
vrf definition CORP
address-family ipv4
On R7 & R8
vrf definition CORP
address-family ipv4
On R50 & R51

address-family ipv4
On R52
address-family ipv4
After completing this section you will be able to ping all devices located in your topology
Section 4 – Infrastructure Security

4.1 Device Security
 Protect R17’s control-plane from TTL expiry attacks so that illegitimate IP packets with a TTL of 0
or 1 dropped before the CPU processes them.
 Legit packets include expected control protocols running on the link.
Solutions :
On R17
Solution 1
ip access-list extended TTL
permit icmp any any ttl lt 2
!
class-map match-all CLASS_TTL
match access-group name TTL
!
policy-map POLICY_TTL
class CLASS_TTL
drop
!
control-plane
service-policy input POLICY_TTL
Verifications :
4.2 Network Security

Configure the network as per following requirements:
 SW5 and SW6 must filter DHCP messages received by untrusted hosts by comparing the source
MAC address and the DHCP client hardware address. If the addresses match, the switches must
forward the packet. If the addresses do not match, the switcher must drop the packet.
 Ensure that these access switches do not filter DHCP packets on their uplinks.
 Ensure that the DHCP relay switches(refer to item 5.1) allow DHCP messages received on their
interface Vlan 100 with the added Option 82 and uninitialized GIADDR field to be accepted.
Solutions :
On SW5
ip dhcp snooping
ip dhcp snooping vlan 100
ip dhcp snooping verify mac-address
!
interface range po35
ip dhcp snooping trust
On SW6
ip dhcp snooping
ip dhcp snooping vlan 100
ip dhcp snooping verify mac-address
!
interface range po46

ip dhcp snooping trust
!
On SW3 & SW4

interface vlan 100
ip dhcp relay information trusted
Verifications :
Show ip dhcp snooping on SW5 & SW6
Section 5 – Infrastructure Services

5.1 Centralized DHCP
Jameson’s R15 must centralize DHCP service for the datacenter’s hosts VLANs.
 Ensure that the distribution switches SW3 and SW4 forward DHCP discover broadcast messages
received from VLAN 100’s hosts to interface Lo0 of R15 as unicast message.
 R15 must assign hosts in VLAN 100 a valid IP address from the prefix 10.2.1.0/24
 Ensure that addresses that were statically configured will never be assigned to any hosts.
 The DHCP offer must include the ip address 10.2.1.1/24 as the default gateway for VLAN 100
users.
 Ensure that the server R101 effectively receives an IP address from the expected prefix
10.2.1.0/24 as well as its default gateway information.
Solutions :
On Metro_PC
int e0/0
ip address dhcp
On R15
ip dhcp excluded-address 10.2.1.1 (10.2.100.1) virtual IP for HSRP
ip dhcp excluded-address 10.2.1.253 (10.2.100.253)
ip dhcp excluded-address 10.2.1.254 (10.2.100.254)
ip dhcp pool VLAN100

network 10.2.1.0 255.255.255.0
default-router 10.2.1.1
On SW3 & SW4

int vlan 100
ip helper-address 10.255.1.15
Verifications :
5.2 Internet Gateway


 R17 is Jameson’s Internet gateway router.
 Ensure that R17 enables all internal hosts (that is: hosts with source IP address in the range os
10.0.0.0/8 or 172.0.0.0/8) to simultaneously connect to the Internet using the public IP address
of interface Eth0/0.
 The following tests must be successful.
CRL_LAB4_SW1#pi 8.8.8.8
!!!!!
!!!!!
!!!!!
CRL_LAB4_R19#pi 8.8.8.8
!!!!!
Solutions :
On R17
!
interface e0/0
ip nat outside
!
interface range e0/1, tunnel0
ip nat inside
!
ip nat inside source list 17 interface Ethernet0/0 vrf LOCALSP overload
On R58
router bgp 65007
aggregate-address 172.17.0.0 255.255.0.0
There is a summary route pre-configured on R58 pointing towards Loopback interface, remove it.
On R52 wrong subnet mask /24 is configured on interface facing R58. Correct it to /30
Verifications :
5.3 First Hop Redundancy

Jameson’s datacenter’s SW3 and SW4 must offer first hop redundancy to VLAN 100’s hosts
using HSRP.
 SW3 and SW4 must use the multicast address 224.0.0.102 in order to negotiate the active and
standby roles.
 SW3 must be elected as the active router and SW4 must be elected as the standby router.
 In case SW3 is down, SW4 must take over the active role. If SW3 comes back online, it must
automatically recover the active role from SW4.
 Ensure that HSRP hello packets are exchanged every 10 seconds and that the standby take over
the active role if three consecutive Hello packets were missed from the active.
 Both routers must share the virtual ip address 10.2.1.1 that will be used as the default gateway
for WLAN 100’s hosts.
Solutions :
On SW3
int vlan 100
standby 1 ip 10.2.1.1
standby 1 preempt
standby use-bia
On SW4
int vlan 100
standby 1 ip 10.2.1.1
standby 1 preempt
standby use-bia
Verifications :
5.4 Tracking Reachability

 SW3 and SW4 must monitor the reachability of their OSPF IPv4 default route and in case it is not
available, the HSRP priority must be decreased by 10.
Solutions :
On SW3 & SW4
track 1 ip route 0.0.0.0 0.0.0.0 reachability
!
int vlan 100
standby 1 track 1 decrement 10
Verifications :
Remove default-information originate from R17
router ospf 1
no default-information originate
Check on SW3 & SW4
* After the above test please re-configure default-information originate on R17
#######################THANK YOU###########################
ALL OUR ACTIVE CLIENTS CAN GET DIRECT SUPPORT FROM

SKYPE: CCIERNSLABSv5
OUR CCIE R&S ENGINEERS ARE AVAILABLE ON SKYPE CHAT OR LIVE SUPPORT CHAT FROM
WEBSITE
http://passrnslabs.com/contactus.html (LIVE SUPPORT)
http://passrnslabs.com/cciernsupdates.html (UPDATED DATE)
YOUR GATEWAY TO SUCCESS TOWARDS CCIE LAB
ACTIVE CLIENTS WILL GET VERY SPECIAL DISCOUNTS ON OTHER CCIE TRACKS
KINDLY VISIT FOR FURTHER INFORMATION
CCIE R&S -- WWW.PASSRNSLABS.COM (PRL)
CCIE SECURITY ----> WWW.PASSSECURITYLABS.COM (PSL)
CCIE WIRELESS ----> WWW.PASSWIRELESSLABS.COM (PWL)
CCIE DATACENTER ----> WWW.PASSDATACENTERLABS.COM (PDL)
CCIE COLLABORATION ----> WWW.PASSCOLLABORATIONLABS.COM (PCL)
CCIE SERVICEPROVIDER -----> WWW.PASSSPLABS.COM (PSL)
CCDE LABS -- WWW.PASSCCDELABS.COM (PCL)
CCIE WRITTEN ---- WWW.PASSWRITTEN.COM (PW)
VCIX -- WWW.VCIXLABS.COM (VL)
WORLD FIRST REAL LAB RACK RENTAL FOR ALL CCIE TRACKS
CCIE RACK RENTALS -----> WWW.CCIERACK.RENTALS (CRR)
KINDLY CONTACT US AT SALES@PASSRNSLABS.COM FOR FURTHER INFORMATION ON

OTHER TRACKS

CCIE R&S LAB h2+ Updated

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CCIE R&S LAB h2+ Updated

Uploaded by

Copyright:

Available Formats

QUESTION / SOLUTION LAB 4.

Section 1 – Layer 2 Technologies

 If an accessport received a BPDU,it must automaticallyshutdown , generate a syslog and a SNMP

Table 1 : Jameson's VLAN to Port Mapping

4 101 SW1 E0/0-1 SW1,

6 164 SW4 E0/2 SW4

7 173 SW3 - SW3

8 173 SW5 E0/1 -

9 184 SW4 - SW4

10 184 SW6 E1/0 -

11 911 SW3, - SW3,

14 999 SW5 E0/0 -

On SW1 & SW2

On SW3, SW4, SW5 and SW6

On SW5 & SW6

1.2 Jameson’s Datacenter: Trunk ports

On SW5 & SW6

(config)#spanning-tree mst 1 priority 4096

* Check on All Switches

1.3 Jameson’s Datacenter: Link bundling

On SW3 and SW4

On SW5 and SW6

Verification : On All Switches

1.4 Jameson’s Branch Offices

---------- output omitted -------

Section 2 – Layer 3 Technologies

On R9 Required for Section 3.3

On R10 Required for Section 3.3

Verification : Check On all Routers

All Loopback interfaces in Routing table must be seen :

Jameson's Main Office Network 65002 OSPF AREA 0

CRL_LAB4_R13#sh ip route ospf

Jameson's Head Quarter Network 65002 OSPF AREA 0

int vlan 101

Jameson's Data Center Network 65002 OSPF AREA 0

On SW3 & SW4

2.2 Jameson’s IGP, part 2

On R19, R20, & R21

ip vrf forwarding LOCALSP

2.3 Jacob’s IGP

metric rib-scale 153

route-map LO52 permit 10

router eigrp CCIE

2.4 Jameson’s Pre-merge Part 1

neighbor 10.255.1.7 activate

2.5 Jameson’s Pre-merge Part 2

Completed In Section 3.3 for VRF

2.6 Merge Phase 1: BGP

network 172.18.2.1 0.0.0.0

router bgp 65002

2.7 Merge Phase 2 : IGP

router eigrp CCIE

2.8 Merge Phase 2 : Routing Policies

METRO_PC#trac 172.18.2.254 so e0/0 pr 1

route-map LEAK permit 10

router bgp 65002

route-map LEAK permit 10

neighbor 10.2.0.45 unsuppress-map LEAK

On R15 & R16

On R55 & R56

Pre-configuration on R55 and R56 :

Update : Wrong prefix list on R55 & R56