CCIE R&S LAB h2+ Updated
CCIE R&S LAB h2+ Updated
Version 5
WWW.PASSRNSLABS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
!!!!! Important read the following guidelines before starting the section !!!!
This section is comprised of set of configuration tasks to be completed within 5.30 hours.
The final score of this section is combined with the troubleshooting section to comprise your final
pass or fail status on the ccie lab exam
A candidate is required to pass both sections of cisco ccie certification.
1. Read all questions in each section before proceeding with any configuration.
2. Before starting the exam confirm that all devices in your rack are in working order. During the exam,
if any device is locked or inaccessible for any reason you must recover it. When you complete the
exam ensure that all devices are accessible to the grading proctor. A device that is not accessible for
grading cannot be marked and may cause you to lose substantial point.
3. Knowledge of implementation and troubleshooting techniques is part of skills tested in the
configuration section of the lab exam.
4. If you suspect that there may be hardware problem with your equipment contact the lab proctor
immediately
5. Points are awarded for working configuration only. Test the functionality of all of the requirements
before you complete your exam. As you configure one part of the exam you may break a previous
requirement or configuration.
6. No partial points can be granted for any question. All requirements needed to be fulfill in order to
receive the points for the question some requirements depend on other questions either before or after
the current question.
7. You will be presented with pre-configuration Routers and switches. Do not change the following
configuration on the device.
Hostname
Enable password ‘’cisco’’
Console line configuration
8. In any configuration where additional addressing may be necessary. Use only the major network as
displayed in diagram 1. Ensure that it does not conflict with a network that is already used in your
network.
WWW.PASSRNSLABS.COM 2 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
9. Unicast or multicast static and default routes are not permitted unless permission to use them is
directly stated in a specific question. This restricted includes floating static routes and those routes
that were generated by a routing protocol routes to null 0 that are generated as a result of a dynamic
routing protocol solution are permitted.
10. Save your configuration frequently.
11. Doc cd:- you have access to http://www.cisco.com/ciscoweb/pass . All configuration guides and
master indexes are there
12. Tools: notepad and calculator are available
Note : This ccie lab scenario is only for applicants, please do not publish it on the internet or
anywhere else.
WWW.PASSRNSLABS.COM 3 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
Refer to “Diagram 1 : Jameson’s Layer 2 Connections” and “Table 1: Jameson’s VLAN to Port
Mapping”.
There has been pre-configured in Jameson’s datacenter. Do not modify this configuration.
Some other configuration was already started but it is your responsibility to verify and
complete them.
Configure all four switches in Jameson’s datacenter network (AS 65002) as per the following
requirements:
All unused ports must be configured in VLAN 999 and administratively shutdown. Refer to
“Table 1 : Jameson’s VLAN to Port Mapping” to figure out which ports are used and unused.
Datacenter switches are in transparent mode and vtp version should be 2.
Access-ports must immediately transition to the forwarding state upon link up, as long as they
do not receive a BPDU. Use a unique command per switch to enable this feature.
Ports that were shutdown must always rely on a manual intervention to recover.
VLAN 911 (10.2.100.x/24) will be used as the management VLAN in Jameson’s datacenter.
Ensure that all datacenter switches are able to ping each other IP address in the management
VLAN.
SW5 and SW6 are low-end access switches and they do not have much processing power.
Ensure that their only Layer 3 interfaces are Loopback0 and VLAN 911.
SW3 and SW4 are robust and powerful distribution switches. Ensure that they maintain a Layer
3 interface for all local VLANs as well as all access VLANs, as specified in “ Table 1: Jameson’s
VLAN to Port Mapping”.
WWW.PASSRNSLABS.COM 4 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
WWW.PASSRNSLABS.COM 5 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
Pre-Configurations :
1) SW1 and SW2 are configured with Vlan 100,101,999
Vlan 100 - Metro (PC), Vlan 911 - Management vlan, Vlan 999 - unused
2) SW3,SW4,SW5 & SW6 are configured with Vlan 34,100,153, 156,164,1732,184,911,999
3) Trunks are pre-configured on all switches. (Always check)
4) There are SVI Vlans configured, but may be in shutdown state.
5) In real exam port numbers may be different, so please refer to the physical topology and use “Show cdp neighbor
command. "
Solutions :
On SW1 & SW2
vlan 100,101,999
exit
On SW3
vlan 34,100,153,164,156,173,184,911,999
exit
int e0/2
switchport mode access
switchport access vlan 153
int e0/3
switchport mode access
switchport access vlan 156
int range e0/0-1 , e2/0-3 In the exam you may get additional and different port nos.
switchport mode access
switchport access vlan 999
shutdown
On SW4
int e0/2
switchport mode access
switchport access vlan 164
int e0/3
switchport mode access
switchport access vlan 156
int range e0/0-1 , e2/0-3 In the exam you may get additional and different ports
switchport mode access
switchport access vlan 999
shutdown
WWW.PASSRNSLABS.COM 6 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
On SW5
int e0/1
switchport mode access
switchport access vlan 173
int range e0/2-3
switchport mode access
switchport access vlan 100
On SW6
int e1/0
switchport mode access
switchport access vlan 184
int range e0/1-3
switchport mode access
switchport access vlan 100
* Use “Show int status “command on all Switches to check the config.
On SW3 to SW6
spanning-tree portfast default
spanning-tree portfast bpduguard default
On SW3 to SW6
(config)#snmp-server enable traps syslog
Reference : http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-
2_53_se/command/reference/2960ComRef/cli3.html
WWW.PASSRNSLABS.COM 7 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
Configure Jameson’s datacenter network (AS 65002) as per the following requirements:
All inter-switch links must be configured to use 4 byte tag encapsulation.
Ensure that no switch attempt to negotiate the trunk parameters.
Ensure that all four switches send and receive untagged frames on VLAN 1.
All four switches must maintain a separate Spanning-tree instance for each VLAN.
All Jameson's Switches Must run multiple spanning tree and the MST configuration as Follows
Instance 1 VLANs :Odd Vlans
Instance 2 VLANs: Even Vlans
Switch 3 must be root bridge for instance 1 and Switch 4 root bridge for instance 2
SW3 port e1/1 should be in forwarding state for VLAN 34 and no traffic should pass through
interface e1/0
Solutions :
On SW3 & SW4
(config)#int range e1/0-3
(config-if-range)#switchport trunk encapsulation dot1q
(config-if-range)#switchport mode trunk
(config-if-range)#switchport nonegotiate This command may not work in exam
On SW3 to SW6
(config)#spanning-tree mode mst
(config)#spanning-tree mst configuration
(config-mst)#name CCIE
(config-mst)#revision 1
(config-mst)#instance 1 vlan 1,153,173,911,999
(config-mst)#instance 2 vlan 34,100,156,164,184
On SW3
(config)#spanning-tree mst 1 priority 0
(config)#spanning-tree mst 2 priority 4096
On SW4
WWW.PASSRNSLABS.COM 8 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
(config)#int e1/1
(config)#spanning-tree mst 2 port-priority 64 This will force SW3 to make e1/1 as root port for MST2
(config)#spanning-tree mst 1 cost 100 This will force SW4 to make e1/1 as root port for MST1
Verifications :
On Next page
On SW3
WWW.PASSRNSLABS.COM 9 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
CRL_LAB4_R17#pi 10.2.0.37
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.0.37, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
WWW.PASSRNSLABS.COM 10 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
Configure Cisco propriety protocol on pre configured port channel and insert trunk port
between SW3, SW5 and SW4, SW6.
SW3 and SW4 must initiate the bundling.
The distribution switches SW3 and SW4 must balance traffic between all members of the
bundle based on source and destination IP addresses
The access switcher SW5 and SW6 must balance the incoming traffic (that is originated from
servers) between all members of the link bundle based on the server’s MAC address.
Solutions :
On SW3
(config)#int range e1/2-3
(config-if-range)# channel-group 35 mode desirable
On SW4
(config)#int range e1/2-3
(config-if-range)# channel-group 46 mode desirable
On SW5
(config)#int range e1/2-3
(config-if-range)#channel-group 35 mode auto
On SW6
(config)#int range e1/2-3
(config-if-range)#channel-group 46 mode auto
WWW.PASSRNSLABS.COM 11 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
WWW.PASSRNSLABS.COM 12 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
On All Switches
WWW.PASSRNSLABS.COM 13 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
On R19
interface Dialer10
mtu 1492
ip address negotiated
encapsulation ppp
dialer pool 1
ppp chap hostname Jamesons-R19
ppp chap password 0 CCIE
ppp ipcp route default
exit
interface Ethernet0/0
no ip address
no shut
pppoe enable group global
pppoe-client dial-pool-number 1
exit
On R20
interface Dialer10
mtu 1492
WWW.PASSRNSLABS.COM 14 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
ip address negotiated
encapsulation ppp
dialer pool 1
ppp chap hostname Jamesons-R20
ppp chap password 0 CCIE
ppp ipcp route default
exit
interface Ethernet0/0
no ip address
no shut
pppoe enable group global
pppoe-client dial-pool-number 1
exit
On R21
interface Dialer10
mtu 1492
ip address negotiated
encapsulation ppp
dialer pool 1
ppp chap hostname Jamesons-R21
ppp chap password 0 CCIE
ppp ipcp route default
exit
interface Ethernet0/0
no ip address
no shut
pppoe enable group global
pppoe-client dial-pool-number 1
R17 is already configured with BGP and getting a default route from R49
R49 already has the PPPOE server config :
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/bbdsl/configuration/xe-3s/bba-pppoe-client.html#GUID-B1DB9A75-
76E3-4553-B3C3-A73046F5A505
Verification : Check your connectivity from R19,20 and 21 to R17's int e0/0 and each other's interfaces.
CRL_LAB4_R19#ping 192.0.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.0.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1
CRL_LAB4_R19#ping 192.0.20.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.0.20.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
CRL_LAB4_R19#ping 192.0.21.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.0.21.2, timeout is 2 seconds:
WWW.PASSRNSLABS.COM 15 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Verifications :
WWW.PASSRNSLABS.COM 16 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
WWW.PASSRNSLABS.COM 17 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
On R1
int range e0/0-3 ,e1/0 , lo0
ip ospf 1 area 0
int range e0/0-3 ,e1/0
ip ospf priority 255
On R2
int range e0/0-3 , e1/0 , lo0
ip ospf 1 area 0
int range e0/0-3 , e1/0
ip ospf priority 254
On R3
int range e0/0 , e0/2 , lo0
ip ospf 1 area 0
On R4
int range e0/0, e0/2 , lo0
ip ospf 1 area 0
int range e0/2
ip ospf priority 255
On R5
int range e0/0-1 , lo0
ip ospf 1 area 0
On R6
int range e0/0-1 , lo0
ip ospf 1 area 0
int range e0/1
ip ospf priority 255
On R7
int range e0/3 , lo0
ip ospf 1 area 0
On R8
int range e0/3 , lo0
ip ospf 1 area 0
int range e0/3
ip ospf priority 255
WWW.PASSRNSLABS.COM 18 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
WWW.PASSRNSLABS.COM 19 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
On R13
router ospf 1
router-id 10.255.1.13
network 10.3.254.1 0.0.0.0 area 0
network 10.255.1.13 0.0.0.0 area 0
On R14
router ospf 1
router-id 10.255.1.14
network 10.3.254.2 0.0.0.0 area 0
network 10.255.1.14 0.0.0.0 area 0
Verifications :
WWW.PASSRNSLABS.COM 20 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
On R11
router ospf 1
router-id 10.255.1.11
network 10.1.254.1 0.0.0.0 area 0
network 10.255.1.11 0.0.0.0 area 0
On R12
router ospf 1
router-id 10.255.1.12
network 10.1.254.2 0.0.0.0 area 0
network 10.255.1.12 0.0.0.0 area 0
Verifications :
WWW.PASSRNSLABS.COM 21 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
int loopback 0
ip ospf 1 area 0
On SW4
router ospf 1
router-id 10.255.1.104
int range vlan 911,vlan 34,vlan 100,vlan 164,vlan 184
ip ospf 1 area 0
ip ospf network point-to-point
int loopback 0
ip ospf 1 area 0
On R15
router ospf 1
router-id 10.255.1.15
int range e0/2,e0/0
ip ospf 1 area 0
ip ospf network point-to-point
int loopback 0
ip ospf 1 area 0
WWW.PASSRNSLABS.COM 22 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
On R16
router ospf 1
router-id 10.255.1.16
int range e0/2,e0/0
ip ospf 1 area 0
ip ospf network point-to-point
int loopback 0
ip ospf 1 area 0
On R17
router ospf 1 vrf LOCALSP
router-id 10.255.1.17
int e0/1
ip ospf 1 area 0
ip ospf network point-to-point
int loopback 0
ip ospf 1 area 0
On R18
router ospf 1
router-id 10.255.1.18
int e0/1
ip ospf 1 area 0
ip ospf network point-to-point
int loopback 0
ip ospf 1 area 0
Verifications :
WWW.PASSRNSLABS.COM 23 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
WWW.PASSRNSLABS.COM 24 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
WWW.PASSRNSLABS.COM 25 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
Solutions :
In exam the tunnel 0 is preconfigured, but you need to modify few things for the DMVPN tunnel to work. It is in
Section 3.1. Use the below configuration:
On R17
interface Tunnel0
ip vrf forwarding LOCALSP
ip address 10.100.0.1 255.255.255.0
no ip redirects
ip nhrp authentication 65002key
ip nhrp map multicast dynamic
ip nhrp network-id 51
ip nhrp holdtime 300
ip ospf network point-to-multipoint
ip ospf 1 area 51
delay 100
tunnel source Ethernet0/0
tunnel mode gre multipoint
tunnel key 65002
exit
WWW.PASSRNSLABS.COM 26 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
On R17
router ospf 1 vrf LOCALSP
capability vrf-lite
default-information originate
network 10.100.0.1 0.0.0.0 area 51
area 0 range 10.2.0.0 255.255.0.0
!
int tunnel 0
ip ospf network point-to-multipoint
ip route vrf LOCALSP 0.0.0.0 0.0.0.0 192.0.2.1 global > This will put the default route from global routing table
into VRF table
On R19
router ospf 1 vrf LOCALSP
router-id 10.255.1.19
capability vrf-lite
network 10.16.1.1 0.0.0.0 area 51
network 10.100.0.19 0.0.0.0 area 51
network 10.255.1.19 0.0.0.0 area 51
!
int tunnel 0
ip ospf network point-to-multipoint
On R20
router ospf 1 vrf LOCALSP
router-id 10.255.1.20
capability vrf-lite
network 10.16.2.1 0.0.0.0 area 51
network 10.100.0.20 0.0.0.0 area 51
network 10.255.1.20 0.0.0.0 area 51
WWW.PASSRNSLABS.COM 27 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
!
int tunnel 0
ip ospf network point-to-multipoint
On R21
router ospf 1 vrf LOCALSP
router-id 10.255.1.21
capability vrf-lite
network 10.16.3.1 0.0.0.0 area 51
network 10.100.0.21 0.0.0.0 area 51
network 10.255.1.21 0.0.0.0 area 51
!
int tunnel 0
ip ospf network point-to-multipoint
Verifications :
WWW.PASSRNSLABS.COM 28 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
WWW.PASSRNSLABS.COM 29 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
Solutions :
On R50
router eigrp CCIE
address-family ipv4 unicast autonomous-system 1
eigrp router-id 172.30.1.50
network 172.30.1.50 0.0.0.0
network 172.30.100.1 0.0.0.0
metric rib-scale 153
On R51
router eigrp CCIE
address-family ipv4 unicast autonomous-system 1
eigrp router-id 172.30.1.51
network 172.30.1.51 0.0.0.0
network 172.30.100.2 0.0.0.0
metric rib-scale 153
On R52
router eigrp CCIE
address-family ipv4 unicast autonomous-system 1
eigrp router-id 172.30.1.52
network 172.30.1.52 0.0.0.0
network 172.30.100.3 0.0.0.0
metric rib-scale 153
On R53
router eigrp CCIE
address-family ipv4 unicast autonomous-system 1
eigrp router-id 172.30.1.53
network 172.30.1.53 0.0.0.0
network 172.30.100.4 0.0.0.0
metric rib-scale 153
On R54
router eigrp CCIE
address-family ipv4 unicast autonomous-system 1
eigrp router-id 172.30.1.54
network 172.30.1.54 0.0.0.0
network 172.30.100.5 0.0.0.0
WWW.PASSRNSLABS.COM 30 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
On R52
create loopback 52
int lo52
ip add 52.52.52.52 255.255.255.255
WWW.PASSRNSLABS.COM 31 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
The Above output can be seen after you complete Section 3.2 & 3.3
Solutions :
On R11,12,13 & 14
router bgp 65002
redistribute ospf 1 match internal external
!
router ospf 1
default-information originate always
On R11
router bgp 65002
aggregate-address 10.1.0.0 255.255.0.0 summary-only
neighbor 10.255.1.12 remote 65002
neighbor 10.255.1.12 update-source Loopback0
neighbor 10.255.1.12 next-hop-self
neighbor 10.254.0.53 allowas-in
On R12
router bgp 65002
aggregate-address 10.1.0.0 255.255.0.0 summary-only
neighbor 10.255.1.11 remote 65002
neighbor 10.255.1.11 update-source Loopback0
neighbor 10.255.1.11 next-hop-self
neighbor 10.254.0.57 allowas-in
On R13
router bgp 65002
aggregate-address 10.3.0.0 255.255.0.0 summary-only
neighbor 10.255.1.14 next-hop-self
neighbor 10.255.1.14 remote 65002
neighbor 10.255.1.14 update-source Loopback0
On R14
router bgp 65002
aggregate-address 10.3.0.0 255.255.0.0 summary-only
neighbor 10.255.1.13 next-hop-self
neighbor 10.255.1.13 remote 65002
neighbor 10.255.1.13 update-source Loopback0
WWW.PASSRNSLABS.COM 32 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
On R15
router bgp 65002
neighbor 10.255.1.16 next-hop-self
!
redistribute ospf 1 match internal external
aggregate-address 10.0.0.0 255.0.0.0 summary-only
!
Router ospf 1
redistribute bgp 65002 subnets
distance 255 10.255.1.16 0.0.0.0 10
access-list 10 permit 10.0.0.0 0.0.0.255
On R16
router bgp 65002
neighbor 10.255.1.15 next-hop-self
!
redistribute ospf 1 match internal external
aggregate-address 10.0.0.0 255.0.0.0 summary-only
!
Router ospf 1
redistribute bgp 65002 subnets
distance 255 10.255.1.15 0.0.0.0 10
access-list 10 permit 10.0.0.0 0.0.0.255
Explanation :
Distance command used on R15 and R16 because 10.0.0.0 route need to be sent aggregated to R3 and R4
increased the AD for network 10.0.0.0 so that R15 n R16 will not learn it via ospf
but it will learn through BGP.
On R1
router bgp 65001
bgp router-id 10.255.1.1
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor IBGP peer-group
neighbor IBGP remote-as 65001
neighbor IBGP update-source Loopback0
neighbor 10.255.1.3 peer-group IBGP
neighbor 10.255.1.4 peer-group IBGP
neighbor 10.255.1.5 peer-group IBGP
neighbor 10.255.1.6 peer-group IBGP
neighbor 10.255.1.7 peer-group IBGP
neighbor 10.255.1.8 peer-group IBGP
!
address-family ipv4
neighbor IBGP route-reflector-client
neighbor 10.255.1.3 activate
neighbor 10.255.1.4 activate
neighbor 10.255.1.5 activate
neighbor 10.255.1.6 activate
WWW.PASSRNSLABS.COM 33 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
On R3,R4,R5,R6,R7,R8
router bgp 65001
bgp router-id 10.255.1.X (Lo0 Address)
no bgp default ipv4-unicast
neighbor 10.255.1.1 remote-as 65001
neighbor 10.255.1.1 update-source Loopback0
!
address-family ipv4
neighbor 10.255.1.1 activate
Verifications :
WWW.PASSRNSLABS.COM 34 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
Solutions :
On R15
router bgp 65002
neighbor 10.254.0.73 default- originate
redistribute ospf 1 match internal external
On R16
router bgp 65002
neighbor 10.254.0.77 default- originate
redistribute ospf 1 match internal external
Solutions :
EIGRP 10 is pre-configured in Jacob's HQ. You may get named mode EIGRP pre-configured.
On R57
router eigrp 10
WWW.PASSRNSLABS.COM 35 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
On R18
router ospf 1
router-id 10.255.1.18
redistribute bgp 65002 metric-type 1 subnets
network 10.2.0.42 0.0.0.0 area 0
network 10.255.1.18 0.0.0.0 area 0
Solutions :
On R9 & R10
router ospf 1 ( Already configured in Section 2.1 )
router-id 10.255.1.X
int range e0/0 , lo0
ip ospf 1 area 0
On R53
WWW.PASSRNSLABS.COM 36 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
On R54
router eigrp CCIE
address-family ipv4 unicast autonomous-system 1
network 10.254.0.66 0.0.0.0
On R9
router eigrp CCIE
address-family ipv4 autonomous-system 1
eigrp router-id 10.255.1.9
network 10.254.0.61 0.0.0.0
metric rib-scale 153
On R10
router eigrp CCIE
address-family ipv4 autonomous-system 1
eigrp router-id 10.255.1.10
network 10.254.0.65 0.0.0.0
metric rib-scale 153
On R9 & R10
router ospf 1
redistribute eigrp 1 subnets
distance ospf external 255
!
router eigrp CCIE
address-family ipv4 autonomous-system 1
topology base
redistribute ospf 1 metric 10000 100 255 1 1500
Verifications :
WWW.PASSRNSLABS.COM 37 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
The Trace to 172.18.2.254 will work only after completion of section 3.3 & 3.4
Solutions :
On R18
ip prefix-list LEAK permit 10.2.1.0/24 (10.2.100.0/24) In Section 2.1
WWW.PASSRNSLABS.COM 38 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
On R57
ip prefix-list LEAK permit 172.18.1.0/24
On R51
router bgp 65006
bgp default local-preference 110
On R55/R56
ip prefix-list EIGRP permit 172.18.0.0/16 le 32
route-map EIGRP permit 10
match ip address prefix-list EIGRP
!
router eigrp 10
redistribute bgp 65005 metric 1000 100 255 1 1500
!
router bgp 65005
redistribute eigrp 10 route-map EIGRP
You must check the pre-config on R55/R56. If any of the above is missing then add it. R55, R56 and SW10 may be
configured with EIGRP named mode, so according to the name mode apply the commands.
WWW.PASSRNSLABS.COM 39 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
Verifications :
On SW3 &SW4
ipv6 unicast-routing
ipv6 cef
router ospfv3 10
router-id 10.255.1.X (Loopback 0)
On SW3
int range vlan 100,vlan 153,vlan 34 , lo0
ospfv3 10 ipv6 area 0
On SW4
int range vlan 100, vlan 164, vlan 34 , lo0
ospfv3 10 ipv6 area 0
On SW3 &SW4
router ospfv3 10
passive-interface vlan 100
On R15
router ospfv3 10
router-id 10.255.1.15
int range e0/0, e0/2 , lo0
ospfv3 10 ipv6 area 0
On R16
router ospfv3 10
router-id 10.255.1.16
int range e0/0,e0/2,lo0
ospfv3 10 ipv6 area 0
On SW3
int vlan 100
ipv6 nd router-preference medium
ipv6 nd ra interval 10
On SW4
int vlan 100
ipv6 nd router-preference high
ipv6 nd ra interval 10
On Metro_PC
int e0/0
ipv6 address autoconfig
WWW.PASSRNSLABS.COM 41 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
Verifications :
WWW.PASSRNSLABS.COM 42 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
On SW4
interface Vlan100
standby use-bia
standby version 2
standby 34 ipv6 FE80:100::1
standby 34 timers 10 30
standby 34 priority 101
standby 34 preempt
ospfv3 10 ipv6 area 0
Verifications :
WWW.PASSRNSLABS.COM 43 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
Solutions :
* Do not configure multicast commands on SW3 and SW5
On R17
ip multicast-routing
ip multicast-routing vrf LOCALSP
int range lo0,e0/1,tunn0
ip pim sparse-mode
!
ip pim vrf LOCALSP bsr-candidate Loopback0
ip pim vrf LOCALSP rp-candidate Loopback0
Verifications:
WWW.PASSRNSLABS.COM 44 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
WWW.PASSRNSLABS.COM 45 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
ip ospf 1 area 51
tunnel source Ethernet0/0
tunnel mode gre multipoint
tunnel key 5115
tunnel protection ipsec profile cisco
Verifications :
Note: You’re not allowed to use Site of origin feature for loop avoidance.
Solutions:
On R1 to R8
mpls label protocol ldp
mpls ldp router-id lo0 force
router ospf 1
mpls ldp autoconfig
On R1
router bgp 65001
address-family vpnv4
neighbor IBGP send-community both
neighbor IBGP route-reflector-client
neighbor 10.255.1.3 activate
neighbor 10.255.1.4 activate
neighbor 10.255.1.5 activate
neighbor 10.255.1.6 activate
neighbor 10.255.1.7 activate
neighbor 10.255.1.8 activate
WWW.PASSRNSLABS.COM 47 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
On R3 to R8
router bgp 65001
address-family vpnv4
neighbor 10.255.1.1 activate
On R3
vrf definition DC
rd 65002:3 There are wrong RDs pre-configured. Change it according to the requirement.
address-family ipv4
exit-address-family
On R4
vrf definition DC
rd 65002:4
address-family ipv4
exit-address-family
On R7
vrf definition CORP
rd 65002:7
address-family ipv4
exit-address-family
On R8
vrf definition CORP
rd 65002:8
address-family ipv4
exit-address-family
On R5
vrf definition CORP
rd 65002:5
address-family ipv4
exit-address-family
On R6
vrf definition CORP
rd 65002:6
address-family ipv4
exit-address-family
On R3
interface Ethernet0/1
vrf forwarding DC
ip address 10.254.0.73 255.255.255.252
!
router bgp 65001
address-family ipv4 vrf DC
neighbor 10.254.0.74 remote-as 65002
neighbor 10.254.0.74 activate
On R4
interface Ethernet0/1
WWW.PASSRNSLABS.COM 48 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
vrf forwarding DC
ip address 10.254.0.77 255.255.255.252
!
router bgp 65001
address-family ipv4 vrf DC
neighbor 10.254.0.78 remote-as 65002
neighbor 10.254.0.78 activate
On R5
interface Ethernet0/2
vrf forwarding CORP
ip address 10.254.0.41 255.255.255.252
!
router bgp 65001
address-family ipv4 vrf CORP
neighbor 10.254.0.42 remote-as 65002
neighbor 10.254.0.42 activate
On R6
interface Ethernet0/2
vrf forwarding CORP
ip address 10.254.0.45 255.255.255.252
!
router bgp 65001
address-family ipv4 vrf CORP
neighbor 10.254.0.46 remote-as 65002
neighbor 10.254.0.46 activate
On R7
interface Ethernet0/0
vrf forwarding CORP
ip address 10.254.0.53 255.255.255.252
router bgp 65001
address-family ipv4 vrf CORP
neighbor 10.254.0.54 remote-as 65002
neighbor 10.254.0.54 activate
On R8
interface Ethernet0/0
vrf forwarding CORP
ip address 10.254.0.57 255.255.255.252
!
router bgp 65001
address-family ipv4 vrf CORP
neighbor 10.254.0.58 remote-as 65002
neighbor 10.254.0.58 activate
On R3
router bgp 65001
address-family ipv4 vrf DC
neighbor 10.254.0.74 soo 15:16
neighbor 10.254.0.74 as-override
On R4
WWW.PASSRNSLABS.COM 49 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
On R5
router bgp 65001
address-family ipv4 vrf CORP
neighbor 10.254.0.42 soo 13:14
neighbor 10.254.0.42 as-override
On R6
router bgp 65001
address-family ipv4 vrf CORP
neighbor 10.254.0.46 soo 13:14
neighbor 10.254.0.46 as-override
On R7
router bgp 65001
address-family ipv4 vrf CORP
neighbor 10.254.0.54 soo 11:12
neighbor 10.254.0.54 as-override
On R8
router bgp 65001
address-family ipv4 vrf CORP
neighbor 10.254.0.58 soo 11:12
neighbor 10.254.0.58 as-override
On R3 & R4
vrf definition DC
address-family ipv4
route-target export 1:1
route-target import 2:2
route-target import 3:3
On R5 & R6
vrf definition CORP
address-family ipv4
route-target export 3:3
route-target import 1:1
On R7 & R8
vrf definition CORP
address-family ipv4
route-target export 2:2
route-target import 1:1
WWW.PASSRNSLABS.COM 50 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
Reference : http://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t11/htbgpsoo.html
Verifications :
WWW.PASSRNSLABS.COM 51 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
Jameson’s and Jacob’s are entering in the second phase of the merge and have deployed two
new border routers in their respective core network.
Configure the network as per the following requirements:
The BGP AS number of Jacob’s original core network must be converted to use Jameson’s AS
number 65001, as indicated in “Diagram 6: Merge Phase 2”.
All BGP sessions between Jacob’s core and remote sites (including headquarters and office
networks) must be recovered using the new AS number.
Do not modify the BGP configuration of Jacob’s CEs (R55,R56,R58) in order to accomplish this
requirement.
Enable LDP in the merged core network as indicated in “Diagram 6: Merge Phase 2”, including
the four new border routers(R9, R10, R53 and R54) and Jacob’s core network.
Ensure that all LDP routers use their interface Lo0 as their LDP router-id.
R1 must reflect VPNv4 prefixes to all PE’s, including to Jacob’s PEs.
Jacob’s headquarters and office network must be added to the VPN JACOBCORP
All nine PE’s must use a consistent format “ASN:nn” for the VPN route-distinguisher, where:
ASN is Autonomous System Number of the connected CE
nn is any relevant number
Solutions :
On R50 to R54
mpls ldp router-id lo0 force
!
int e0/0
mpls ip
On R9 & R10
mpls ldp router-id lo0 force
router ospf 1
mpls ldp autoconfig area 0
interface e0/1
mpls ip
On R50
no router bgp 65006
router bgp 65001
bgp router-id 172.30.1.50
bgp log-neighbor-changes
WWW.PASSRNSLABS.COM 52 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
On R51
no router bgp 65006
router bgp 65001
bgp default local-preference 110
bgp router-id 172.30.1.51
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 10.255.1.1 remote-as 65001
neighbor 10.255.1.1 update-source Loopback0
exit-address-family
!
address-family vpnv4
neighbor 10.255.1.1 activate
neighbor 10.255.1.1 send-community extended
exit-address-family
On R52
no router bgp 65006
router bgp 65001
bgp router-id 172.30.1.52
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 10.255.1.1 remote-as 65001
neighbor 10.255.1.1 update-source Loopback0
exit-address-family
!
address-family vpnv4
neighbor 10.255.1.1 activate
neighbor 10.255.1.1 send-community extended
On R50
vrf definition JACOBCORP
rd 65005:50
!
address-family ipv4
int e0/1
vrf forwarding JACOBCORP
ip address 172.18.253.1 255.255.255.252
WWW.PASSRNSLABS.COM 53 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
On R51
vrf definition JACOBCORP
rd 65005:51
!
address-family ipv4
int e0/1
vrf forwarding JACOBCORP
ip address 172.18.253.5 255.255.255.252
On R52
vrf definition JACOBCORP
rd 65005:52
!
address-family ipv4
int e0/1
vrf forwarding JACOBCORP
ip address 172.17.253.22 255.255.255.252
!
Router bgp 65001
address-family ipv4 vrf JACOBCORP
neighbor 172.17.253.21 remote-as 65007
neighbor 172.17.253.21 local-as 65006
On R1
router bgp 65001
neighbor 172.30.1.50 peer-group IBGP
neighbor 172.30.1.51 peer-group IBGP
neighbor 172.30.1.52 peer-group IBGP
address-family vpnv4
neighbor 172.30.1.50 activate
neighbor 172.30.1.51 activate
neighbor 172.30.1.52 activate
On R50, R51
vrf definition JACOBCORP
address-family ipv4
route-target export 5:5
route-target import 1:1
On R52
vrf definition JACOBCORP
address-family ipv4
route-target export 4:4
route-target import 1:1
WWW.PASSRNSLABS.COM 54 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
On R58
router bgp 65007
aggregate-address 172.17.0.0 255.255.0.0
Verifications :
WWW.PASSRNSLABS.COM 55 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
On R5 & R6
vrf definition CORP
address-family ipv4
route-target export 3:3
route-target import 1:1
route-target import 2:2
WWW.PASSRNSLABS.COM 56 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
On R7 & R8
vrf definition CORP
address-family ipv4
route-target export 2:2
route-target import 1:1
route-target import 3:3
On R17
Solution 1
ip access-list extended TTL
permit icmp any any ttl lt 2
!
class-map match-all CLASS_TTL
match access-group name TTL
!
policy-map POLICY_TTL
class CLASS_TTL
drop
!
control-plane
WWW.PASSRNSLABS.COM 57 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
Verifications :
On SW5
ip dhcp snooping
ip dhcp snooping vlan 100
ip dhcp snooping verify mac-address
!
interface range po35
ip dhcp snooping trust
On SW6
ip dhcp snooping
ip dhcp snooping vlan 100
ip dhcp snooping verify mac-address
!
WWW.PASSRNSLABS.COM 58 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
Verifications :
Show ip dhcp snooping on SW5 & SW6
WWW.PASSRNSLABS.COM 59 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
On R15
ip dhcp excluded-address 10.2.1.1 (10.2.100.1) virtual IP for HSRP
ip dhcp excluded-address 10.2.1.253 (10.2.100.253)
ip dhcp excluded-address 10.2.1.254 (10.2.100.254)
WWW.PASSRNSLABS.COM 60 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
CRL_LAB4_SW2#pi 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
CRL_LAB4_SW10#pi 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
CRL_LAB4_R19#pi 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/5/5 ms
Solutions :
On R17
access-list 17 permit 10.0.0.0 0.255.255.255
access-list 17 permit 172.0.0.0 0.255.255.255
!
interface e0/0
ip nat outside
!
interface range e0/1, tunnel0
ip nat inside
!
ip nat inside source list 17 interface Ethernet0/0 vrf LOCALSP overload
On R58
router bgp 65007
aggregate-address 172.17.0.0 255.255.0.0
WWW.PASSRNSLABS.COM 61 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
There is a summary route pre-configured on R58 pointing towards Loopback interface, remove it.
On R52 wrong subnet mask /24 is configured on interface facing R58. Correct it to /30
Verifications :
WWW.PASSRNSLABS.COM 62 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
In case SW3 is down, SW4 must take over the active role. If SW3 comes back online, it must
automatically recover the active role from SW4.
Ensure that HSRP hello packets are exchanged every 10 seconds and that the standby take over
the active role if three consecutive Hello packets were missed from the active.
Both routers must share the virtual ip address 10.2.1.1 that will be used as the default gateway
for WLAN 100’s hosts.
Solutions :
On SW3
int vlan 100
standby 1 ip 10.2.1.1
standby 1 timers 10 30
standby 1 priority 110
standby 1 preempt
standby use-bia
On SW4
int vlan 100
standby 1 ip 10.2.1.1
standby 1 timers 10 30
standby 1 priority 105
standby 1 preempt
standby use-bia
Verifications :
WWW.PASSRNSLABS.COM 63 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
Solutions :
On SW3 & SW4
track 1 ip route 0.0.0.0 0.0.0.0 reachability
!
int vlan 100
standby 1 track 1 decrement 10
Verifications :
Remove default-information originate from R17
router ospf 1
no default-information originate
WWW.PASSRNSLABS.COM 64 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
#######################THANK YOU###########################
WWW.PASSRNSLABS.COM 65 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
OUR CCIE R&S ENGINEERS ARE AVAILABLE ON SKYPE CHAT OR LIVE SUPPORT CHAT FROM
WEBSITE
ACTIVE CLIENTS WILL GET VERY SPECIAL DISCOUNTS ON OTHER CCIE TRACKS
WORLD FIRST REAL LAB RACK RENTAL FOR ALL CCIE TRACKS
CCIE RACK RENTALS -----> WWW.CCIERACK.RENTALS (CRR)
WWW.PASSRNSLABS.COM 66 WWW.PASSRNS.COM
WWW.PASSRNSLABS.COM FINAL RELEASE 15-May-17
WWW.PASSRNSLABS.COM 67 WWW.PASSRNS.COM