CIERSASSESS-6

Cisco 360 CCIE R&S Workshop 2 Assessment Lab 2 Configuration Section

Cisco 360 CCIE Routing and Switching (R&S) Advanced Workshop 2 is a five-day course for CCIE candidates who are ready to attempt the Cisco CCIE lab. Advanced Workshop 2 is not an entry-level course. You should take this course only if you are close to passing the actual CCIE lab. Advanced Workshop 2 further develops such high-level candidates by presenting learners with five multitopic labs at CCIE level that simulate the actual Cisco CCIE lab experience (four of these labs are eight hours long; one is four hours long). A lab is administered on each day of the course. On the first four days, you will perform an eight-hour lab. On the fifth, and last, day of the course, you will perform the four-hour lab. During each lab, you will be tested on your knowledge of complex internetworking subjects, your problem solving skills, and your test-taking strategies. After each of these labs, you will get a detailed assessment score report combined with an answer key and Mentor Guide support. To supplement this feedback, Cisco CCIE instructors will provide review sessions after each lab and directed instruction during each lab if necessary. These resources provide feedback that maximizes the learning experience of each lab.

Cisco 360 CCIE R&S Workshop 2 Assessment Lab 2 Configuration Section

Note COPYRIGHT. 2008. CISCO SYSTEMS, INC. ALL RIGHTS RESERVED. ALL CONTENT AND MATERIALS, INCLUDING WITHOUT LIMITATION, RECORDINGS, COURSE MATERIALS, HANDOUTS AND PRESENTATIONS AVAILABLE ON THIS PAGE, ARE PROTECTED BY COPYRIGHT LAWS. THESE MATERIALS ARE LICENSED EXCLUSIVELY TO REGISTERED STUDENTS FOR THEIR INDIVIDUAL PARTICIPATION IN THE SUBJECT COURSE. DOWNLOADING THESE MATERIALS SIGNIFIES YOUR AGREEMENT TO THE FOLLOWING: (1) YOU ARE PERMITTED TO PRINT THESE MATERIALS ONLY ONCE, AND OTHERWISE MAY NOT REPRODUCE THESE MATERIALS IN ANY FORM, OR BY ANY MEANS, WITHOUT PRIOR WRITTEN PERMISSION FROM CISCO; AND (2) YOU ARE NOT PERMITTED TO SAVE ON ANY SYSTEM, MODIFY, DISTRIBUTE, REBROADCAST, PUBLISH, TRANSMIT, SHARE OR CREATE DERIVATIVE WORKS ANY OF THESE MATERIALS. IF YOU ARE NOT A REGISTERED STUDENT THAT HAS ACCEPTED THESE AND OTHER TERMS OUTLINED IN THE STUDENT AGREEMENT OR OTHERWISE AUTHORIZED BY CISCO, YOU ARE NOT AUTHORIZED TO ACCESS THESE MATERIALS.

Cisco 360 CCIE R&S Workshop 2 Assessment Lab 2

2009 Cisco Systems, Inc.

Table of Contents
Cisco 360 CCIE R&S Workshop 2 Assessment Lab 2 Configuration Section ............ 1
Cisco 360 CCIE R&S Workshop 2 Assessment Lab 2 Configuration Section ..................... 2 Table of Contents ................................................................................................................................. 3 Activity Objectives ................................................................................................................................. 4 General Lab Instructions....................................................................................................................... 4 Difficulty Levels ..................................................................................................................................... 5 Cisco 360 CCIE R&S Workshop 2 Assessment Lab 2 Configuration Section ..................... 6 Grading and Duration ........................................................................................................................... 6 Difficulty Level ....................................................................................................................................... 6 Restrictions and Goals.......................................................................................................................... 6 1. Frame Relay and Serial Communications Section Total: 4 points ................................................. 12 1.1. Configure Frame Relay Interfaces (Basic: 1 point) .................................................................................. 12 1.2. Control the Full Mesh with Static Maps (Basic: 2 points) ......................................................................... 12 1.3. Verify Layer 3 Connectivity (Basic: 1 point) ............................................................................................. 12 2. Catalyst Switch Configuration Section Total: 13 points .................................................................. 12 2.1. Configure VLANs on SW1 and SW2 (Intermediate: 2 points) ................................................................. 12 2.2. Configure VLANs on SW3 and SW4 (Intermediate: 2 points) ................................................................. 13 2.3. Configure Switch-to-Router Links (Basic: 2 points) ................................................................................. 13 2.4. Control Switch-to-Switch Links (Basic: 2 points) ..................................................................................... 13 2.5. Native VLANs and Greeting Message (Intermediate: 2 points) ............................................................... 14 2.6. Tuning Ports (Intermediate: 2 points) ...................................................................................................... 14 2.7. Control VLANs (Intermediate: 1 point) ..................................................................................................... 14 3. IPv4 OSPF Section Total: 12 points .............................................................................................. 15 3.1. Create OSPF Areas (Basic: 2 points) ...................................................................................................... 15 3.2. OSPF Authentication (Intermediate: 2 points) ......................................................................................... 15 3.3. OSPF Advertisements (Basic: 3 points) .................................................................................................. 15 3.4. Control OSPF Advertisements (Intermediate: 3 points) ........................................................................... 15 3.5. OSPF Forwarding (Intermediate: 2 points) .............................................................................................. 15 4. IPv4 EIGRP Section Total: 5 points ............................................................................................... 16 4.1. EIGRP IP Subnet (Intermediate: 1 point) ................................................................................................. 16 4.2. EIGRP AS1 (Basic: 2 points) ................................................................................................................... 16 4.3. Control EIGRP Bandwidth and Advertisements (Advanced: 2 points) .................................................... 16 5. IPv4 RIP Section Total: 4 points .................................................................................................... 16 5.1. RIP and Backbone (Intermediate: 2 points) ............................................................................................. 16 5.2. Internal RIP (Basic: 2 points) ................................................................................................................... 16 6. Border Gateway Protocol Section Total: 8 points .......................................................................... 16 6.1. Configure Processes and Peers with the Backbone (Basic: 2 points) ..................................................... 16 6.2. Configure Processes and Peers Within Your Network (Intermediate: 2 points) ...................................... 17 6.3. BGP Adjustments (Intermediate: 2 points) .............................................................................................. 17 6.4. BGP Decision Process (Advanced: 2 points) .......................................................................................... 17 7. IPv6 Routing Section Total: 4 points .............................................................................................. 17 7.1. Configure IPv6 Addresses for RIP (Basic: 2 points) ................................................................................ 17 7.2. Configure IPv6 NAT (Advanced: 2 points) ............................................................................................... 17 8. Security Section Total: 3 points ..................................................................................................... 17 8.1. Security Policy (Intermediate: 3 points) ................................................................................................... 17 9. QoS Section Total: 4 points ........................................................................................................... 17 9.1. Configure Policy Maps, Part 1 (Advanced: 2 points) ............................................................................... 18 9.2. Configure Policy Maps, Part 2 (Advanced: 2 points) ............................................................................... 18 10. Network Time Section Total: 5 points .......................................................................................... 18 10.1. Enable NTP (Intermediate: 2 points) ..................................................................................................... 18 10.2. Adjust Clock (Intermediate: 2 points) ..................................................................................................... 18 10.3. Synchronize the Backbone (Advanced: 1 point) .................................................................................... 18 11. Cisco IOS Software Services Section Total: 2 points .................................................................. 19 11.1. Enable SSH (Intermediate: 2 points) ..................................................................................................... 19 12. Multicast Configuration Section Total: 6 points ............................................................................ 19 12.1. Enable PIM, Part 1 (Intermediate: 2 points) ........................................................................................... 19 12.2. Enable PIM, Part 2 (Intermediate: 2 points) ........................................................................................... 19 12.3. Join Multicast Group (Intermediate: 2 point) .......................................................................................... 19 13. Address Administration Section Total: 2 points............................................................................ 19 13.1. NAT (Advanced: 2 points) ...................................................................................................................... 19 14. Catalyst Specialties Section Total: 3 points ................................................................................. 20 14.1. RSPAN (Advanced: 3 points) ................................................................................................................ 20

2009 Cisco Systems, Inc.

Cisco 360 CCIE R&S Workshop 2 Assessment Lab 2

Activity Objectives
When performing any assessment lab, you will encounter a multitopic-practice Cisco CCIE Routing and Switching lab. Each lab consists of a range of internetworking topics. You have a predetermined set of hours to complete each assessment lab. When performing any assessment lab, formulate a test-taking strategy that includes the following activities. These same activities should be conducted in the actual Cisco CCIE lab:

Create a strategy for how to begin an assessment lab Create a checklist of best general practices to observe during the assessment lab Create a strong set of issue-spotting skills to be able to uncover hidden and complex internetworking issues Develop time-management techniques

General Lab Instructions

Read the instructions carefully. If you misinterpret any directions, very likely you will lose points. After you have read the General Lab Instructions section, read all the other sections of the lab. Pay very close attention to the Restrictions and Goals section.

Your pod is cabled according to the Ethernet Cabling Topology and the Frame Relay and Serial Cabling Topology diagrams. All routers should have an initial IP configuration loaded. Frame Relay switching and the terminal server are preconfigured. If you experience any connectivity problems to the terminal server using multiple Telnet sessions, try to access the routers through the terminal server with Ctrl-Shift-6x. Review all the tasks in the scenario.

Cisco 360 CCIE R&S Workshop 2 Assessment Lab 2

2009 Cisco Systems, Inc.

Difficulty Levels
Tasks are categorized as follows:

Basic: These fundamental tasks are generally those that are needed to provide the basic functions of the protocol or feature. You must complete these tasks to provide reachability and to move forward in the lab. Intermediate: These tasks include protocol features like routing optimization, route filtering, optimal path selection, load sharing, and summarization. Failure to complete these tasks will usually not affect later lab sections. Advanced: This category includes new Cisco IOS Software features and IP services, complex optimizations, and fine-tuning.

Scenarios are categorized as follows based on task classifications:

Basic Basic to intermediate Intermediate Intermediate to advanced Advanced

2009 Cisco Systems, Inc.

Cisco 360 CCIE R&S Workshop 2 Assessment Lab 2

Cisco 360 CCIE R&S Workshop 2 Assessment Lab 2 Configuration Section

Grading and Duration

Configuration lab duration: Configuration lab maximum score: Troubleshooting lab duration: Troubleshooting lab maximum score: Minimum passing score (after troubleshooting and configuration):

8 hours 75 points 2 hours 25 points 80 points

Difficulty Level

Difficulty: Intermediate

Restrictions and Goals

Note Note: Read this section carefully.

To receive any credit for a subsection you must fully complete the subsection. You will not get partial credit for partially completed subsections. IP subnets on the Lab IPv4 IGP diagram belong to network 172.16.0.0/16. Do not introduce any new IP addresses and do not create any tunnel links. Do not use any static routes, unless specifically specified. Do not use the ip default-network or default-information originate commands. Advertise loopback interfaces with their original masks. The backbone router BB1 is reachable via 192.40.100.10. The backbone router BB2 is reachable via 172.40.10.10. The backbone router BB3 is reachable via 172.30.4.10. All IP version 4 (IPv4) IP addresses involved in this scenario must be reachable, except for the prefixes advertised from the backbone and interfaces connected to the shared equipment. N represents the group number; X represents the pod number. Check your online instructions for your number NX. Failure to assign the correct IP address could result in losing points in multiple sections.

Cisco 360 CCIE R&S Workshop 2 Assessment Lab 2

2009 Cisco Systems, Inc.

Do not modify the hostname, console, or vty configuration unless you are specifically asked to do so. Do not modify the initial interface or IP address numbering.

2009 Cisco Systems, Inc.

Cisco 360 CCIE R&S Workshop 2 Assessment Lab 2

Ethernet Cabling Topology

Fa0/0

R6 2811

Fa0/1

Fa0/0

R5 2811

Fa0/1

Fa0/0

R4 2811

Fa0/1

Fa0/0

R3 2811

Fa0/1

Fa0/0

R2 2811

Fa0/1

Fa0/0

R1 2811

Fa0/1

Fa0/6 Fa0/5

Fa0/4 Fa0/3

Fa0/2 Fa0/1 Fa0/23 Fa0/24 Fa0/23 Fa0/24 Fa0/21 Fa0/22 Fa0/1

Fa0/2 Fa0/3

Fa0/4 Fa0/5

Fa0/6

Fa0/19 Fa0/20

Fa0/21 Fa0/22

Fa0/20 Fa0/19

Fa0/19

Fa0/20

Fa0/21 Fa0/22 Fa0/23 Fa0/24

Fa0/22 Fa0/23

Fa0/21

Fa0/19

Fa0/20

Fa0/24

Fa0/10
TRUNK

BACKBONE

Cisco 360 CCIE R&S Workshop 2 Assessment Lab 2

2009 Cisco Systems, Inc.

Frame Relay and Serial Cabling Topology

Frame Relay DLCI Assignments

Router DLCI Assignments 102

R1 Frame Relay interface

103 104 201

R2 Frame Relay interface

203 204 301

R3 Frame Relay interface

302 304 401

R4 Frame Relay interface

402 403

2009 Cisco Systems, Inc.

Cisco 360 CCIE R&S Workshop 2 Assessment Lab 2

Lab IPv4 IGP

Lo107:107.1/24

192.40.100.10/24 VLAN998 Fa0/1 192.40.100.NX/24 Fa0/1 12.1/24

BB1

RIPv2
Lo101:101.1/24 10.7/24 Fa0/1 VLAN13

A12
VLAN14 12.2/24

S0/0/0

R1 S0/0/0

10.1/24

A1
10.11/24

123.1/24

14.1/24

A22
Lo102:102.1/24 Lo5:53.5/30 Lo9:53.9/30

Fa0/0

A0

R4
21.10/24 104 103

Lo110:110.1/24

R2
Fa0/0 26.2 VLAN11

123.2/24 S0/0/0 201 401 301 102

RIPv2
21.20/24

A41

R4
Lo120:120.1/24

AS1
Lo106:106.1/24 Lo10:10.10.10.1/24 Lo10:10.10.20.1/24

26.3 Fa0/0 123.3/24 S0/0/0 14.4/24 S0/0/0

R6
Fa0/0 172.40.10.NX/24

Lo103:103.1/24 Lo97:4.97/29

R3
Fa0/0 35.3/24

R4 Fa0/0
172.30.4.NX/24 VLAN999

Lo104:104.1/24 Lo49:4.49/28 Lo65:4.65/28 Lo81:4.81/28

A4

VLAN888

172.40.10.10/24

VLAN12

A0

172.30.4.10/24

BB2
Lo113:113.1/24 Fa0/0

35.5/24 Fa0/0

A115
Lo105:105.1/24 Lo115:115.1/24 Lo53:53.1/30

BB3

R5

116.1/24 VLAN15

10

Cisco 360 CCIE R&S Workshop 2 Assessment Lab 2

2009 Cisco Systems, Inc.

Lab IPv6 IGP

2009 Cisco Systems, Inc.

Cisco 360 CCIE R&S Workshop 2 Assessment Lab 2

11

1. Frame Relay and Serial Communications Section Total: 4 points

1.1. Configure Frame Relay Interfaces (Basic: 1 point)

R1, R2, and R3 should be in the same subnet. R1 and R4 should be in the same subnet. Configure a physical interface on router R3 and logical interfaces on all other Frame Relay interfaces. Use point-to-point logical interfaces wherever possible.

1.2.

Control the Full Mesh with Static Maps (Basic: 2 points)

The Frame Relay switch router is configured for a full mesh. Make sure that only the permanent virtual circuits (PVCs) listed on the Lab IPv4 interior gateway protocol (IGP) diagram are used for user traffic. No dynamic entries are allowed in the Frame Relay map tables.

1.3.

Verify Layer 3 Connectivity (Basic: 1 point)

Supply IPv4 addresses on all required Frame Relay interfaces. Make sure that routers R2, R3, and R4 can ping R1 over respective Frame Relay PVCs.

2. Catalyst Switch Configuration Section Total: 13 points

Note Port 0/10 on SW4 is connected to the backbone. The configuration of this port should be trunk encapsulation dot1q. Healthy trunk status is displayed as following: Mode on Encapsulation 802.1q Status trunking

Do not change any initially configured link speeds.

2.1.

Configure VLANs on SW1 and SW2 (Intermediate: 2 points)

Create the VLANs referenced in the VLANs table and the IPv4 IGP diagram. The domain name is ciers2lab02. VLANs
VLAN VLAN11 VLAN12 VLAN13 VLAN14 VLAN15 VLAN998 VLAN888 VLAN999 A B C D E VLANBB1 VLANBB2 VLANBB3 VLAN NAME

When creating VLANs, allow the VLANs to be advertised from SW2 to SW1 only.

12

Cisco 360 CCIE R&S Workshop 2 Assessment Lab 2

2009 Cisco Systems, Inc.

2.2.

Configure VLANs on SW3 and SW4 (Intermediate: 2 points)

SW3 and SW4 should operate in transparent VTP mode. Configure VLANs according to the following table.

Switch SW3

VLAN VLAN15 VLAN1234 VLAN998 VLAN888 E

VLAN NAME

ODD? VLANBB1 VLANBB2 VLANBB3 ODD?

SW4 VLAN999 VLAN1234

Make sure that only these VLANs are configured on SW3 and SW4.

2.3.

Configure Switch-to-Router Links (Basic: 2 points)

Configure the following switch-to-router connections. Use the IEEE tagging method on the trunk links where necessary and be sure that they will not conflict with other lab requirements. Switch-to-Router Connections
Switch SW2 SW1 SW1 SW1 SW1 SW1 R1 R2 R3 R4 R5 R6 Router VLAN VLAN13, VLAN14, VLAN998 VLAN11, VLAN14 VLAN12 VLAN999 VLAN12, VLAN15 VLAN11, VLAN888

Create the necessary switched virtual interfaces (SVIs) and assign the IP addresses specified in the Lab IPv4 IGP diagram.

2.4.

Control Switch-to-Switch Links (Basic: 2 points)

Make sure that the ports specified in the following table are shut down:

2009 Cisco Systems, Inc.

Cisco 360 CCIE R&S Workshop 2 Assessment Lab 2

13

Switch 0/19 SW1 0/21 0/22 SW2 0/21 0/22 0/19 SW3 0/21 0/22 0/21 SW4 0/22 0/24

Port

Configure switch-to-switch links according to the following table. Use the Cisco proprietary tagging method on the trunk links where necessary: Switch-to-Switch Connections

Switch SW1 SW1 SW1 SW2 SW2 SW3

Port 0/23 0/24 0/20 0/19 0/20 0/23

Switch SW2 SW2 SW3 SW4 SW4 SW4 0/23 0/24 0/20 0/19 0/20 0/23

Port Routed Trunk

Mode

Access VLAN15 TBD Trunk Trunk

Note

TBD = To be determined

SW4 port 0/10 is your connection to the backbone. Verify that it is a dot1q trunk.

2.5.

Native VLANs and Greeting Message (Intermediate: 2 points)

Set the native VLAN to 11 for the link between R6 and SW1. Configure an appropriate trunk encapsulation. Configure a message of the day Welcome to CIERS2-GA-LAB02! on SW1.

2.6.

Tuning Ports (Intermediate: 2 points)

Configure the link 172.16.21.0/24 between SW1 and SW2 using the interface 0/23 on both switches. See the IPv4 IGP diagram. Assign an IPv4 address on SW4 according to the IPv4 IGP diagram.

2.7.

Control VLANs (Intermediate: 1 point)

Allow only VLAN 1234 on the link between SW3 and SW4. Allow only backbone VLAN 888, VLAN 998 and VLAN 999 on the link between ports 0/20 of SW2 and SW4.
2009 Cisco Systems, Inc.

14

Cisco 360 CCIE R&S Workshop 2 Assessment Lab 2

3. IPv4 OSPF Section Total: 12 points

Note Configure all Open Shortest Path First (OSPF) routers with only one OSPF process ID (PID). You will lose points from multiple sections for failing to assign one and only one OSPF PID on each specified router. Use your IGP diagram to help guide configuration.

3.1.

Create OSPF Areas (Basic: 2 points)

Configure the Frame Relay network between R1, R2, and R3 as the OSPF backbone area. Automatically discover neighbors. The 172.16.123.0/24 subnet should be advertised by OSPF in a network link-state advertisement (LSA). Configure OSPF on the link between R1 and R4. Place this link in OSPF Area 41. Make R4 the designated router for the R1/R4 link. The OSPF packets carried on the link between R4 and R1 must have a unicast IP address in the destination field.

3.2.

OSPF Authentication (Intermediate: 2 points)

Configure OSPF Message Digest 5 (MD5) authentication for Area 0 using password cisco. Configure authentication type only at the area level.

3.3.

OSPF Advertisements (Basic: 3 points)

On R4, place the loopback interfaces with a 28-bit prefix and loopback 172.16.104.0/24 into OSPF Area 4. Summarize the /28 networks with the most optimal mask. Advertise the following loopbacks from R2 as Area 22: 172.16.102.1/24 172.16.53.5/30 172.16.53.9/30

Summarize the /30 networks with the mask /24. Advertise the network between R1, SW1, and SW4 in OSPF Area 1. Configure OSPF Area 0 between router R3 and R5. Place the loopback networks 172.16. 53.0/30, 172.16.105.0/24, and 172.16.115.0/24 in OSPF Area 115.

3.4.

Control OSPF Advertisements (Intermediate: 3 points)

Do not allow any external or interarea OSPF routing information to enter Area 1 from R1. Do not use any prefix-based filtering techniques. Advertise the loopback 107 interface on the SW4 router into OSPF as an internal OSPF route. On R3, advertise the loopback with a 29-bit mask as a type 1 OSPF external route with the minimal possible metric. Advertise loopback 103 as a type 2 OSPF external route with the maximum possible metric.

3.5.

OSPF Forwarding (Intermediate: 2 points)

Place the VLAN 14 link between the router R1 and R2 in the OSPF Area 12.
Cisco 360 CCIE R&S Workshop 2 Assessment Lab 2 15

2009 Cisco Systems, Inc.

Make sure that R2 prefers a next hop of 172.16.12.1 instead of 172.16.123.1 for interarea and external routes. Do not change any interface-to-area assignments.

4. IPv4 EIGRP Section Total: 5 points

4.1. EIGRP IP Subnet (Intermediate: 1 point)

Only two devices with the IP addresses displayed on the IPv4 IGP diagram must be on the subnet and form Enhanced Interior Gateway Routing Protocol (EIGRP) adjacency. Do not use any filtering technique to accomplish this task.

4.2.

EIGRP AS1 (Basic: 2 points)

Configure EIGRP AS 1 between R2 and R6. Create one and only one loopback 10 on router R6 and assign the following two addresses to the single loopback interface: 10.10.10.1/24 and 10.10.20.1/24. Advertise these addresses and 172.16.106.0/24 through EIGRP as internal EIGRP prefixes.

4.3.

Control EIGRP Bandwidth and Advertisements (Advanced: 2 points)

Make sure that EIGRP advertises only over the interfaces that are connected to VLAN 11. Restrict the bandwidth use to half the default value for EIGRP traffic on VLAN 11.

5. IPv4 RIP Section Total: 4 points

5.1. RIP and Backbone (Intermediate: 2 points)

Configure Routing Information Protocol (RIP) version 2 over the VLAN 998 connection between R1 and BB1. Make R1 a silent RIP router. Allow only the 192.168.105.0/24 and 192.168.107.0/24 subnets in from BB1. Configure the access list BB1-RIP-IN for this task. This access list must contain the minimal number of statements to complete this task. Add the network 172.16.101.0/24 to the RIP process on R1 with the network statement.

5.2.

Internal RIP (Basic: 2 points)

Configure RIP between SW1 and SW2. Routers R1 and SW1 must not communicate through RIP.

Note

Perform redistribution as necessary to provide universal unicast connectivity

6. Border Gateway Protocol Section Total: 8 points

Note The Border Gateway Protocol (BGP) table must display only networks that are advertised according to the BGP section specifications.

6.1.

Configure Processes and Peers with the Backbone (Basic: 2 points)

Configure BGP peering between BB2 (autonomous system [AS] 1581) and R6 (AS 800) and BB3 (AS 1771) and R4 (AS 800). Assign the IP address 172.40.10.NX/24 to Fa0/0 on R6. Allow only the prefixes 140.10.2.0/24, 140.10.3.0/24, 140.10.4.0/24, and 140.10.5.0/24 into AS 800. Use the minimum number of standard access list filtering entries to accomplish this task.
2009 Cisco Systems, Inc.

16

Cisco 360 CCIE R&S Workshop 2 Assessment Lab 2

6.2.

Configure Processes and Peers Within Your Network (Intermediate: 2 points)

Configure R1 and R4 in AS 65001. Configure R2, R3, R5, and R6 in AS 65000. Do not form a full mesh of internal BGP peer relationships; exchange BGP updates through R3 within AS 65000. Only one peering relationship can exist between AS 65000 and AS 65001. This peering must be established between R3 and R4.

6.3.

BGP Adjustments (Intermediate: 2 points)

Do not redistribute the BGP learned prefixes into any IGP on any router. Make R1, R2, R3, R4, R5, and R6 BGP speakers within AS 800.

6.4.

BGP Decision Process (Advanced: 2 points)

Make AS 1771 the preferred AS over AS 1581 for all outbound traffic destined to the 140.10.2.0/24 to 140.10.5.0/24 subnets.

7. IPv6 Routing Section Total: 4 points

7.1. Configure IPv6 Addresses for RIP (Basic: 2 points)

Configure the IPv6 addresses in accordance with the IPv6 diagram and this table.

Router R3 R5

Interface with IPv4 Address 172.16.35.3 172.16.35.5

IPv6 Address 3500::35:3/96 3500::35:5/96

Configure an IPv6 RIP process named IPV6RIP on routers R3 and R5.

7.2.

Configure IPv6 NAT (Advanced: 2 points)

Provide connectivity between the R5 IPv6 address and the IPv4 address 172.16.123.1/24 by configuring router R3. Use the following addresses to accomplish this task: 3555::35:3 and 172.16.123.10. No IPv6 static and default routes are permitted in this scenario.
Perform redistribute connected where required and when the lab does not restrict it.

Note

8. Security Section Total: 3 points

8.1. Security Policy (Intermediate: 3 points)

According to your company's security policy, between 10:00 p.m. and 11:00 p.m. traffic that pertains to time synchronization that is sourced from the loopback interface of R5 (172.16.105.1) and destined to the loopback interface of R6 (172.16.106.1) must be forwarded by R1 across the Frame Relay link. Other traffic should be unaffected.

9. QoS Section Total: 4 points

Note Note The quality of service (QoS) configuration must be applied on R2 using only one policy-map.

2009 Cisco Systems, Inc.

Cisco 360 CCIE R&S Workshop 2 Assessment Lab 2

17

9.1.

Configure Policy Maps, Part 1 (Advanced: 2 points)

Set the IP precedence to 4 for traffic with packet sizes in the range between 1000 and 1300 bytes entering R2 through the interface connected to VLAN 11. If the same size packets are Internet Control Message Protocol (ICMP) packets originated from the VLAN11 connected interface of R6 and destined to 172.16.103.1, the packets must be unconditionally discarded.

9.2.

Configure Policy Maps, Part 2 (Advanced: 2 points)

Make sure that you allow IP traffic with packet sizes in the range between 300 and 500 bytes that are entering router R2 through VLAN 11 at the leak rate of 8 kb/s, allowing bursts for 2000 bytes and excess bursts for 1000 bytes. If this type of traffic still exceeds the allowed buffers, drop it. Do not restrict ICMP packets of sizes between 300 and 500 bytes entering R2 through the interface on VLAN 11, originated from the VLAN 11 interface of R6 and destined to 172.16.103.1. Instead, change the differentiated services code point (DSCP) value of these packets to AF22.

10. Network Time Section Total: 5 points

10.1. Enable NTP (Intermediate: 2 points)

All routers and switches specified in the following table must obtain time from the R6 loopback interface, 172.16.106.1, without attempting to adjust the R6 clock. All time synchronization packets within your pod must be terminated between the R6 loopback interface (172.16.106.1) and the IP addresses listed for each device in the following table.

Router R1 R2 R3 R4 R5 R6 SW4 SW1 SW2

IP Address 172.16.101.1 172.16.102.1 172.16.103.1 172.16.104.1 172.16.105.1 172.16.106.1 172.16.107.1 172.16.110.1 172.16.120.1

10.2.

Adjust Clock (Intermediate: 2 points)

All devices in the preceding table must show the current real time in Eastern Standard Time (EST) format with five hours offset. Enable daylight saving time on SW1 and SW2.

10.3.

Synchronize the Backbone (Advanced: 1 point)

Configure R6 to get the time from BB2. R6 should not attempt to provide time to the BB2. Use only Network Time Protocol (NTP) configuration commands to accomplish this task.
2009 Cisco Systems, Inc.

18

Cisco 360 CCIE R&S Workshop 2 Assessment Lab 2

11. Cisco IOS Software Services Section Total: 2 points

11.1. Enable SSH (Intermediate: 2 points)

On R5, configure the domain name lab02.com and generate an RSA key pair. Make R5 accessible through only version 2 of the Secure Shell (SSH) protocol from the user admin, using the password cisco.

12. Multicast Configuration Section Total: 6 points

12.1. Enable PIM, Part 1 (Intermediate: 2 points)

Configure multicast routing between R1, SW4, SW1, and SW2 using a protocol that uses any unicast routing protocol for source address determination and applies a flood and prune mechanism.

12.2.

Enable PIM, Part 2 (Intermediate: 2 points)

Configure multicast routing on R1, R2, and R3 according to the following table.
Router R1-R2 R1-R3 R3 Link 172.16.123.0/24 172.16.123.0/24 172.16.35.3/24

Do not configure Protocol Independent Multicast (PIM) on the interfaces of subnet 172.16.12.0/24.

12.3.

Join Multicast Group (Intermediate: 2 point)

Join management loopback interfaces of R1, R2, R3, SW4, SW1, and SW2 to group 229.9.9.9.
Router R1 R2 R3 SW4 SW1 SW2 Loopback 172.16.101.0/24 172.16.102.0/24 172.16.103.0/24 172.16.107.0/24 172.16.110.0/24 172.16.120.0/24

Ping the multicast group 229.9.9.9 from R5 to all other multicast routers.

13. Address Administration Section Total: 2 points

13.1. NAT (Advanced: 2 points)

IP packets sourced from the loopback 105 interface of R5 and destined to 172.16.107.1 IP address should be delivered to SW4 with a source IP address of 172.16.101.10. IP packets sourced from the loopback 105 interface of R5 and destined to 172.16.120.1 IP address should be delivered to SW2 with a source IP address of 172.16.101.20. Apply the solution on router R1. Verify with the ping utility, and make sure that the ICMP translation entry stays in the translation table for 10 minutes.
Cisco 360 CCIE R&S Workshop 2 Assessment Lab 2 19

2009 Cisco Systems, Inc.

14. Catalyst Specialties Section Total: 3 points

14.1. RSPAN (Advanced: 3 points)

Ping the IP address 172.16.10.255 from R1 and make sure that you get replies from 172.16.10.7, 172.16.10.11, and 172.16.116.1 only. ICMP echo request for 172.16.10.255 must be forwarded through SW2, SW4, SW3, and SW1, in this particular order. Do not use any bridging, VLAN mapping, or tunneling between the VLAN 13, VLAN 15, and VLAN 1234.

20

Cisco 360 CCIE R&S Workshop 2 Assessment Lab 2

2009 Cisco Systems, Inc.