Scribd Logo
Upload

Welcome to Scribd!

  • K6 Old PDF

    Uploaded by

    satourism
    233 views24 pages
    K6 OLD

    Original Title

    K6 OLD.pdf

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    K6 OLD

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    233 views24 pages

    K6 Old PDF

    Uploaded by

    satourism
    K6 OLD

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 24

    K6 OLD SOLUTION BOOK

    CCIE SOLDIER
    1.2 Implement Access Switch Ports of Switched Network SW1 vtp domain CCIE vtp password cisco vtp version 2 vtp mode server SW2 SW3 SW4 vtp domain CCIE vtp password cisco vtp version 2 vtp mode client SW1 SW2 SW3 SW4 spanning-tree portfast default spanning-tree portfast bpduguard default interface fa0/10 spanning-tree bpduguard disable spanning-tree bpdufilter enable Note : Remember to configure the backbone interface before configuring the portfast default and portfast bpduguard default globally... as otherwise those interface would go to err-disabled state...

    1.3 Spanning-Tree Domains for Switched Network

    On SW1, SW2, SW3, SW4 spanning-tree mode mst spanning-tree mst configuration instance 1 vlan 11, 22, 33 instance 2 vlan 42, 44, 55, 123, 999 exit spanning-tree mst max-age 30 SW1 spanning-tree mst 1 root primary spanning-tree mst 2 root secondary SW2 spanning-tree mst 2 root primary spanning-tree mst 1 root secondary

    1.4 Switch Trunking and Ether Channel SW1, SW2, SW3, SW4 interface range fastethernet 0/19-24 switchport trunk encapsulation dot1q switchport mode trunk SW1 interface range fa0/23-24 channel-group 1 mode active SW2 interface range fa0/23-24 channel-group 1 mode passive SW3 interface range fa0/23-24 channel-group 1 mode desirable

    SW4 interface range fa0/23-24 channel-group 1 mode auto

    1.5 Spanning-Tree Tuning On SW1 interface fastethernet 0/19 spanning-tree mst 1 port-priority 240 On SW2 interface fastethernet 0/19 spanning-tree mst 2 port-priority 240

    1.6 RSPAN SW1 vlan 999 remote-span monitor session 1 source vlan 11 , 22 rx monitor session 1 destination remote vlan 999 SW2 monitor session 1 source vlan 11 , 22 rx monitor session 1 destination remote vlan 999 SW4 monitor session 1 source remote vlan 999 monitor session 1 destination interface fastEthernet 0/15 monitor session 2 source interface port-channel 34 both monitor session 2 destination interface fastEthernet 0/16 interface range f0/15-16 no shutdown

    1.7 PPP & CHAP On R4 aaa new-model aaa authentication login default line /* none required at the end only if no line password is configured */ aaa authentication ppp default group radius local-case radius host YY.YY.44.200 key CISCO username <Hostname of R1> password 0 CCIE username <Hostname of R2> password 0 CCIE interface s0/0/0 /* interface facing R1 */ encapsulation ppp ppp authentication chap default interface s0/1/0 /* interface facing R2 */ encapsulation ppp ppp authentication chap default On R1 & R2 interface s0/0/0 /* interface facing R4 encapsulation ppp ppp chap password 0 CCIE Note: If the question says to use AAA list name R1 and R2 for authenticating R1 and R2 respectively, use the below configuration On R4 aaa new-model aaa authentication login default line /* none required at the end only if no line password is configured */ aaa authentication ppp R1 group radius local-case aaa authentication ppp R2 group radius local-case radius host YY.YY.44.200 key CISCO username <Hostname of R1> password 0 CCIE username <Hostname of R2> password 0 CCIE interface s0/0/0 /* interface facing R1 */

    encapsulation ppp ppp authentication chap R1 interface s0/1/0 /* interface facing R2 */ encapsulation ppp ppp authentication chap R2 On R1 & R2 interface s0/0/0 /* interface facing R4 */ encapsulation ppp ppp chap password 0 CCIE

    Section 2 Layer 3 Technologies 2.1 Configure OSPF Area 0, 142 and 51 as per diagram R1 router ospf YY router-id YY.YY.1.1 network YY.YY.1.1 0.0.0.0 area 142 network YY.YY.14.1 0.0.0.0 area 142 network YY.YY.17.1 0.0.0.0 area 142 R2 router ospf YY router-id YY.YY.2.2 network YY.YY.24.2 0.0.0.0 area 142 network YY.YY.42.2 0.0.0.0 area 142 redistribute connected subnets route-map EXT route-map EXT match interface fastethernet 0/1 R3 router ospf YY router-id YY.YY.3.3 network YY.YY.3.3 0.0.0.0 area 51 network YY.YY.35.3 0.0.0.0 area 51

    R4 router ospf YY router-id YY.YY.4.4 network YY.YY.4.4 0.0.0.0 area 142 network YY.YY.14.4 0.0.0.0 area 142 network YY.YY.24.4 0.0.0.0 area 142 network YY.YY.44.4 0.0.0.0 area 142 R5 router ospf YY router-id YY.YY.5.5 network YY.YY.5.5 0.0.0.0 area 51 network YY.YY.35.5 0.0.0.0 area 51 network YY.YY.55.5 0.0.0.0 area 51 SW1 ip routing router ospf YY router-id YY.YY.7.7 network YY.YY.7.7 0.0.0.0 area 0 network YY.YY.123.7 0.0.0.0 area 0 network YY.YY.17.7 0.0.0.0 area 142 interface vlan 123 ip ospf priority 255 SW2 ip routing router ospf YY router-id YY.YY.8.8 network YY.YY.8.8 0.0.0.0 area 0 network YY.YY.123.8 0.0.0.0 area 0 network YY.YY.55.8 0.0.0.0 area 51

    interface vlan 123 ip ospf priority 254 SW3

    ip routing router ospf YY router-id YY.YY.9.9 network YY.YY.9.9 0.0.0.0 area 0 network YY.YY.123.9 0.0.0.0 area 0 SW4 ip routing router ospf YY router-id YY.YY.10.10 network YY.YY.10.10 0.0.0.0 area 0 network YY.YY.123.10 0.0.0.0 area 0 network YY.YY.42.10 0.0.0.0 area 142

    2.2 Implement IPv4 EIGRP SW2 router eigrp 100 no auto-summary network 150.3.YY.1 0.0.0.0

    2.3 Implement RIP Version 2 R3 router rip version 2 passive-interface default no passive-interface f0/0 /* interface facing BB1 neighbor 150.1.YY.254 network 150.1.0.0 distribute-list 1 in fastethernet 0/0 /* interface facing BB1 */ no auto-summary access-list 1 permit 199.172.5.0 0.0.10.0

    2.4 Redistribute RIP into OSPF

    R3 access-list 2 permit 199.172.5.0 0.0.2.0 route-map RIP permit 10 match ip address 2 set metric-type type-1

    route-map RIP permit 20 set metric 30

    router ospf YY redistribute rip subnets route-map RIP area 51 nssa

    R5

    router ospf YY area 51 nssa SW2 router ospf YY area 51 nssa

    2.5 Redistribute EIGRP into OSPF router ospf YY redistribute eigrp 100 subnets area 51 nssa no-summary no-redistribution

    2.6 Implement IPv4 BGP

    R1 / R2 / R3 / R5 router bgp YY bgp router-id YY.YY.X.X neighbor YY.YY.8.8 remote-as YY neighbor YY.YY.8.8 update-source loopback0 neighbor YY.YY.8.8 send-community ------> you don't need this command on R1, R5 since there is no community on them to send it .. only on the routers facing the BB and on the route-reflector SW2 router bgp YY bgp router-id YY.YY.X.X neighbor YY.YY.1.1 remote-as YY neighbor YY.YY.1.1 update-source loopback 0 neighbor YY.YY.1.1 route-reflector-client neighbor YY.YY.1.1 send-community neighbor YY.YY.2.2 remote-as YY neighbor YY.YY.2.2 update-source loopback 0 neighbor YY.YY.2.2 route-reflector-client neighbor YY.YY.2.2 send-community neighbor YY.YY.3.3 remote-as YY neighbor YY.YY.3.3 update-source loopback 0 neighbor YY.YY.3.3 route-reflector-client neighbor YY.YY.3.3 send-community neighbor YY.YY.5.5 remote-as YY neighbor YY.YY.5.5 update-source loopback 0 neighbor YY.YY.5.5 route-reflector-client neighbor YY.YY.5.5 send-community R2 neighbor 150.2.YY.254 remote-as 254 neighbor 150.2.YY.254 send-community neighbor 150.2.YY.254 route-map BB2 in route-map BB2 set community 104 208 additive R3

    neighbor 150.1.YY.254 remote-as 254 neighbor 150.1.YY.254 route-map BB1 in neighbor 150.1.YY.254 send-community route-map BB1 set local-preference 200 set community 103 207 additive

    NOTE: if the question saying something like: you have to use the least command for the route-reflector .. then you should make the Peer group

    2.7 Implement Performance Routing

    on R1/2/4 key chain PFR key 1 key-string cisco on R1/2 pfr border local Loopback0 master yy.yy.4.4 key-chain PFR active-probe address source interface Loopback0 on R1 interface Tunnel12 ip address 12.12.12.1 255.255.255.252 tunnel source Loopback0 tunnel destination yy.yy.2.2 on R2 interface Tunnel12 ip address 12.12.12.2 255.255.255.252 tunnel source Loopback0 tunnel destination yy.yy.1.1 on sw2 router bgp yy network yy.yy.55.0 mask 255.255.255.0 route-map COMM route-map COMM permit 10 set community no-export

    on R5 ip sla responder on r4 pfr master policy-rules PFR no max-range-utilization logging ! border yy.yy.2.2 key-chain PFR interface Serial0/0/0 internal interface Tunnel12 internal interface fastEthernet0/0 external link-group R2 ! border yy.yy.1.1 key-chain PFR interface Tunnel12 internal interface Serial0/0/0 internal interface fastEthernet0/0 external link-group R1 ! periodic 90 no resolve range no resolve utilization learn periodic-interval 0 monitor-period 1

    pfr-map PFR 10 match traffic-class access-list CS2 set mode route control set mode select-exit good set mode monitor active set active-probe echo yy.yy.55.5 set link-group R1 ! pfr-map PFR 20 match traffic-class access-list CS4 set mode route control set mode select-exit good set mode monitor active

    set active-probe echo yy.yy.55.5 set link-group R2 ip access-list extended CS2 permit ip yy.yy.44.0 0.0.0.255 yy.yy.55.0 0.0.0.255 dscp cs2 ip access-list extended CS4 permit ip yy.yy.44.0 0.0.0.255 yy.yy.55.0 0.0.0.255 dscp cs4

    2.8 Implement Performance Routing -2 on R4 ip access-list extended VOICE permit udp yy.yy.44.0 0.0.0.255 yy.yy.55.0 0.0.0.255 range 16384 32768 dscp ef pfr-map PFR 30 match traffic-class access-list VOICE set delay threshold 40 set mode route control set mode select-exit good set mode monitor fast set jitter threshold 5 set active-probe jitter yy.yy.55.5 target-port 32767 set probe frequency 2

    2.9 Implement IPv6 R1 ipv6 unicast-routing ipv6 cef ipv6 router ospf YY router-id YY.YY.1.1 interface Serial 0/0/0 ipv6 address fec1:cc1e:14::1/64 ipv6 ospf YY area 142 interface fastethernet 0/0

    ipv6 address fec1:cc1e:17::1/64 ipv6 ospf YY area 142 R2 ipv6 unicast-routing ipv6 cef ipv6 router ospf YY router-id YY.YY.2.2 interface Serial 0/0/0 ipv6 address fec1:cc1e:24::2/64 ipv6 ospf YY area 142 interface FastEthernet 0/0 ipv6 address fec1:cc1e:42::2/64 ipv6 ospf YY area 142 R3 ipv6 unicast-routing ipv6 cef ipv6 router ospf YY router id YY.YY.3.3 interface Serial 0/0/0 ipv6 address fec1:cc1e:35::3/64 ipv6 ospr YY area 51 R4 ipv6 unicast-routing ipv6 cef ipv6 router ospf YY router-id YY.YY.4.4 interface fastethernet 0/1 ipv6 address fec1:cc1e:44::4/64 ipv6 ospf YY area 142 interface Serial 0/0/0 ipv6 address fec1:cc1e:14::4/64 ipv6 ospf YY area 142

    interface serial 0/0/1 ipv6 address fec1:cc1e:24::4/64 ipv6 ospf YY area 142 R5 ipv6 unicast-routing ipv6 cef ipv6 router ospf YY router-id YY.YY.5.5 interface Serial 0/0/1 ipv6 address fec1:cc1e:35::5/64 ipv6 ospf YY area 51 interface FastEthernet 0/0 ipv6 address fec1:cc1e:58::5/64 ipv6 ospf YY area 51 SW1 sdm prefer dual-ipv4-and-ipv6 default ipv6 unicast-routing ipv6 cef ipv6 router ospf YY router-id YY.YY.7.7 interface fastethernet 0/1 ipv6 address fec1:cc1e:17::7/64 ipv6 ospf YY area 142 interface vlan 123 ipv6 address fec1:cc1e:123::7/64 ipv6 ospf YY area 0 ipv6 ospf priority 255 SW2 sdm prefer dual-ipv4-and-ipv6 default ipv6 unicast-routing ipv6 cef

    ipv6 router ospf YY router-id YY.YY.8.8 redistribute connected route-map loopback8 interface vlan 55 ipv6 address fec1:cc1e:58::8/64 ipv6 ospf YY area 51 interface vlan 123 ipv6 address fec1:cc1e:123::8/64 ipv6 ospf YY area 0 ipv6 ospf priority 254 interface loopback 8 ipv6 address 2011:cc1e:88:88:88::88/128 route-map loopback8 permit 10 match interface loopback8 SW3 sdm prefer dual-ipv4-and-ipv6 default ipv6 unicast-routing ipv6 cef ipv6 router ospf YY router-id YY.YY.9.9 interface vlan 123 ipv6 address fec1:cc1e:123::9/64 ipv6 ospf YY area 0 ipv6 ospf priority 0 SW4 sdm prefer dual-ipv4-and-ipv6 default ipv6 unicast-routing ipv6 cef ipv6 router ospf YY router-id YY.YY.10.10

    interface vlan 42 ipv6 address fec1:cc1e:42::10/64 ipv6 ospf YY area 142 interface vlan 123 ipv6 address fec1:cc1e:123::10/64 ipv6 ospf YY area 0 ipv6 ospf priority 0 R1/ R2 /R4 /SW1 /SW4 ipv6 router ospf YY area 142 nssa

    2.10 Implement Advanced IPv6 feature

    ipv6 cef ipv6 flow-export version 9 ipv6 flow-export source Loopback0 ipv6 flow-export template timeout-rate 2 ipv6 flow-export destination yy.yy.44.100 9876 ipv6 flow-aggregation cache protocol-port cache entries 20000 cache timeout inactive 180 export version 9 export template timeout-rate 2 export destination yy.yy.44.100 9876 enabled ! interface FastEthernet0/0 ipv6 flow egress Section 3 IP Multicast 3.1 IPv4 Multicast
    R1 ip multicast-routing interface loopback0 ip pim sparse-mode

    interface serial0/0/0 ip pim sparse-mode interface fastethernet 0/0 ip pim sparse-mode ip pim rp-candidate loopback0 priority 254 R2 ip multicast-routing

    interface loopback0 ip pim sparse-mode interface serial0/0/0 ip pim sparse-mode interface fastethernet 0/1 ip pim sparse-mode ip pim rp-candidate loopback0 priority 255 R4 ip multicast-routing interface loopback0 ip pim sparse-mode interface serial0/0/0 ip pim sparse-mode interface serial0/0/1 ip pim sparse-mode interface fastethernet0/0 ip pim sparse-mode ip pim bsr-candidate loopback0 SW1 ip multicast-routing distributrd

    interface loopback0 ip pim sparse-mode interface fastethernet0/1 ip pim sparse-mode interface vlan 123 ip pim sparse-mode SW2 ip multicast-routing distributrd interface loopback0 ip pim sparse-mode interface vlan 123 ip pim sparse-mode interface vlan 33 ip pim sparse-mode ip igmp join-group 239.YY.YY.1 SW3 ip multicast-routing distributrd interface loopback0 ip pim sparse-mode interface vlan 123 ip pim sparse-mode SW4 ip multicast-routing distributrd interface loopback0 ip pim sparse-mode interface vlan 42 ip pim sparse-mode interface vlan 123 ip pim sparse-mode

    3.2 PIM Tuning

    SW1 interface vlan 123 ip pim dr-priority <max-value> SW4 interface vlan 123 ip pim dr-priority <max-value-1>

    Section 4 Advanced Services 4.1 Network Address Translations (NAT)


    SW1 interface loopback100 ip address 100.100.17.7 255.255.255.0 ip route 100.100.42.0 255.255.255.0 YY.YY.17.1 R1 ip route 100.100.42.0 255.255.255.0 YY.YY.14.4 SW4 interface loopback100 ip address 100.100.42.10 255.255.255.0 ip route 100.100.17.0 255.255.255.0 YY.YY.42.2 R2 ip route 100.100.17.0 255.255.255.0 YY.YY.24.4 R4

    interface serial0/0/0 ip nat outside interface serial0/0/1 ip nat outside ip nat inside source static YY.YY.17.7 100.100.17.7 ip nat inside source static YY.YY.42.10 100.100.42.10

    4.2 MLS QoS

    SW1 SW2 SW3 SW4 mls qos mls qos srr-queue input cos-map queue 1 1 /* Default */ mls qos srr-queue input cos-map queue 2 5 --> you have to put it mls qos srr-queue input threshold 1 40 100 mls qos srr-queue input threshold 2 100 100 /* Default */ interface range fastethernet 0/19 24 mls qos trust cos SW1 interface range fastethernet 0/1 5 mls qos cos 1 mls qos trust cos 4.3 QoS Class Based Weighted Fair Queuing (CBWFQ)
    R2 class-map BB2 match input-interface f0/1 --> interface facing the BB2 policy-map CBWFQ class BB2 bandwidth 10000 interface fastethernet0/0 service-policy output CBWFQ

    R3 class-map BB1 match input-interface f0/0 --> interface facing the BB1 policy-map CBWFQ class BB1 bandwidth 1000 interface serial0/0/0 service-policy output CBWFQ

    4.4 Implement Routing Protocol Authentication


    SW1 SW2 SW3 SW4 no service password-encryption interface vlan 123 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 cisco

    4.5 Implement DHCP


    R4 Service DHCP ip dhcp pool POOL network YY.YY.44.0 255.255.255.0 default-router YY.YY.44.4 dns-server YY.YY.55.50 YY.YY.55.51 domain-name cisco.com ip dhcp excluded-address YY.YY.44.4 /* Interface fastethernet 0/0 */ ip dhcp excluded-address YY.YY.44.100 /* Printer IP Address Statically configured ... Also the IPv6 Netflow Server IP Address */ ip dhcp excluded-address YY.YY.44.200 /* Radius Server */ On SW1 ip dhcp snooping ip dhcp snooping vlan 44

    no ip dhcp snooping information option interface fastethernet0/4 switchport mode access switchport access vlan 44 ip dhcp snooping trust interface fastethernet0/14 switchport mode access switchport access vlan 44 switchport port-security switchport port-security maximum 3 switchport port-security violation shutdown /* Shutdown the port when violation occurred*/ ip dhcp snooping limit rate 100 no shutdown

    4.6 Implement Layer 2 Security


    ip dhcp snooping binding abcd.abcd.abcd vlan 44 YY.YY.44.100 interface fastEthernet 0/14 expiry 4294967295 ip dhcp snooping verify mac-address /* Default */ ip dhcp snooping database flash:CCIE.TXT ip arp inspection vlan 44 interface f0/4 ip arp inspection trust

    inter f0/14 ip verify source no shutdown /* dont forget this */ exit

    4.7 Web Caching Communication Protocol (WCCP)

    R4 ip wccp ver 2 --> dont need this, its default and you can check it by show ip wccp

    ip wccp 61 ip wccp 62 ip wccp check services all interface serial 0/0 ip wccp 61 redirect in ip wccp 62 redirect out interface serial 0/1 ip wccp 61 redirect in ip wccp 62 redirect out interface fastethernet 0/1 ip wccp redirect exclude in

    Section 5 Optimize the Network 5.1 Implement SNMP


    R5 snmp-server community CiscoWorks RW 55 snmp-server enable traps bgp snmp-server host YY.YY.55.240 CiscoWorks bgp access-list 55 permit host YY.YY.55.240

    5.2 Embedded Event Manager


    R3 logging on logging console archive log config logging enable event manager applet CONF_CHANGE event syslog pattern ".*SYS-5-CONFIG_I.*" action 1.0 cli command "enable"

    action 2.0 cli command "show clock | append flash:ConfSave.txt" action 3.0 syslog Priority informational msg "Configuration changed"

    You might also like