Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Document Information
1
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
CONTENTS
1. SECTION 1: Layer 2 technologies ................................................................................. 7
1.1 Section 1.1: Jameson’s Datacenter: Access Ports .......................................... 7
1.2 Section 1.2: Jameson’s Datacenter: Trunk Ports .......................................... 12
1.3 Section 1.3 Jameson’s Datacenter: Link bundling ....................................... 14
1.4 Section 1.4 Jameson’s Branch Offices ................................................................. 21
2. SECTION 2 Layer 3 Technologies ............................................................................... 24
2.1 Section 2.1 Jameson’s IGP, Part 1......................................................................... 24
2.2 Section 2.2 Jameson’s IGP, Part 2......................................................................... 31
2.3 Section 2.3 Jacob’s IGP ................................................................................................ 35
2.4 Jameson’s Pre-merge .................................................................................................... 39
2.5 Jacob’s Pre-merge ........................................................................................................... 47
2.6 Merge phase 1: BGP ........................................................................................................ 51
2.7 Merge phase 2: IGP ........................................................................................................ 53
2.8 Section 2.8 Merge phase 2: Routing Policies .................................................. 55
2.9 IPv6 Routing, Part 1 ....................................................................................................... 57
2.10 IPv6 Routing, Part 2 ................................................................................................... 61
2.11 Multicast in Jameson’s .............................................................................................. 63
3. SECTION 3 VPN Technology........................................................................................... 66
3.1 Jameson’s Branch Offices ........................................................................................... 66
3.2 Jameson’s Pre-merge VPN ......................................................................................... 68
3.3 Merge Phase 2: VPN ....................................................................................................... 73
3.4 Inter-VPN Routing ........................................................................................................... 77
4. SECTION 4 Infrastructure Security ........................................................................... 81
4.1 Section 4.1 Device Security ....................................................................................... 81
4.2 Network Security.............................................................................................................. 82
5. SECTION 5 Infrastructure Services ........................................................................... 84
5.1 Section 5.1 Centralized DHCP ................................................................................... 84
5.2 Section 5.2 Internet Gateway .................................................................................. 86
5.3 Section 5.3 First hop redundancy........................................................................... 89
5.4 Section 5.4 Tracking reachability ........................................................................... 91
2
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
Main Topology
3
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
BGP Topology
4
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
IPv6 Topology
5
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
6
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
There has been pre-configured in Jameson’ s Datacenter. SW3 is the server and the
other three switches are clients. Do not modify this configuration. Some other
configuration was already started but it is your responsibility to verify and complete
them.
Configure all four switches in Jameson’s datacenter network (AS 65002) as per the
following requirements:
7
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
Solution:
SW3:
vtp mode server
vtp domain jamesons
vtp password CISCO
vtp version 2
vlan 34,100,101,153,156,164,173,184,911,999
SW4/SW5/SW6
vtp mode client
vtp domain jamesons
vtp password CISCO
8
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
SW5
int e0/0
sw acc vlan 173
sw mode acc
no shut
!
int range e0/1-3
sw acc vlan 101
sw mode acc
no shut
SW6
int e0/0
sw ac vlan 184
sw mode acc
no shut
!
int range e0/1-3
sw acc vlan 100
sw mode acc
no shut
SW5/SW6
int range e1/2-3,e2/0-3,e3/0-3
sw ac vlan 999
sw mod acc
shut
SW3/SW4/SW5/SW6
spanning-tree portfast default
spanning-tree portfast bpduguard default
snmp-server enable traps syslog
9
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
Verification:
Show vlan bri
Show int description
show vtp status
SW3#show vlan bri
SW3#
SW3#show vtp status
VTP Version capable : 1 to 3
VTP version running : 2
VTP Domain Name : jamesons
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : aabb.cc00.6000
Configuration last modified by 10.2.0.13 at 6-14-17 18:46:55
Local updater ID is 10.2.0.13 on interface Vl34 (lowest numbered VLAN
interface found)
Feature VLAN:
--------------
VTP Operating Mode : Server
Maximum VLANs supported locally : 1005
Number of existing VLANs : 16
Configuration Revision : 1
MD5 digest : 0x9A 0xD9 0x43 0xA9 0x8B 0x3C 0xA8 0x31
0x1D 0x6F 0x53 0xAD 0x22 0xFA 0xF9 0xEC
10
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
Et1/0 up up
Et1/1 up up
Et1/2 admin down down
Et1/3 admin down down
Et2/0 up up
Et2/1 up up
Et2/2 admin down down
Et2/3 admin down down
Et3/0 admin down down
Et3/1 admin down down
Et3/2 admin down down
Et3/3 admin down down
Po35 up up
Po34 up up
Lo0 up up
Vl1 admin down down
Vl34 up up
Vl100 up up
Vl101 up up
Vl153 up up
Vl173 up up
Vl911 up up
11
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
Solution:
SW3/SW4
int range e2/0-1,e1/0-1
sw trunk en dot
sw mod trunk
sw trunk native vlan 1
no shut
SW5/SW6
int range e1/0-1
sw trunk en dot
sw mode trunk
sw trunk native vlan 1
no shut
SW3
span vlan 1-1005 pri 0
SW4
span vlan 1-1005 pri 4096
12
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
Verification:
SW3#show int
*Jun 14 20:15:09.328: %SYS-5-CONFIG_I: Configured from console by
console
SW3#show int trunk
SW3#show int trunk
13
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
All four switches must bundle trunk ports so that they maintain a single logical
link to each other (excepted between SW5 and SW6), as shown in the
“Diagram 2: Initial Topology”.
The distribution switches SW3 and SW4 must balance traffic between all
members of the link bundle based on source and destination IP addresses.
The access switches SW5 and SW6 must balance the income traffic (that is
originated from server) between all members of the link bundle based on the
source mac address.
It requests use LACP, SW3 and SW4 configure, SW5 and SW6 configure
passive.
Solution:
SW3
int range e1/0-1,e2/0-1
shut
int range e2/0-1
channel-protocol lacp
channel-group 34 mode active
int range e1/0-1
channel-protocol lacp
channel-group 35 mode active
SW4
int range e1/0-1, e2/0-1
shut
int range e2/0-1
channel-protocol lacp
channel-group 34 mode active
int range e1/0-1
channel-pro lacp
channel-gro 46 mode active
SW5
int range e1/0-1
shut
channel-pro lacp
channel-gr 35 mode passive
14
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
SW6
int range e1/0-1
channel-protocol lacp
channel-group 46 mode pass
SW3/SW4
int range e1/0-1,e2/0-2
no shut
port-channel load-balance src-dst-ip
SW5,SW6
int range e1/0-1
no shut
port-channel load-balance src-mac
R17/R18
int range e0/0-1
no shut
Verification:
SW3#show int trunk
15
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
Et2/0 up up
Et2/1 up up
Et2/2 up up
Et2/3 admin down down
Et3/0 admin down down
Et3/1 admin down down
Et3/2 admin down down
Et3/3 admin down down
Po35 up up
Po34 up up
Lo0 up up
Vl1 admin down down
Vl34 up up
Vl100 up up
Vl101 up up
Vl153 up up
Vl173 up up
Vl911 up up
SW3#show vlan
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
34 enet 100034 1500 - - - - - 0 0
100 enet 100100 1500 - - - - - 0 0
101 enet 100101 1500 - - - - - 0 0
153 enet 100153 1500 - - - - - 0 0
156 enet 100156 1500 - - - - - 0 0
164 enet 100164 1500 - - - - - 0 0
173 enet 100173 1500 - - - - - 0 0
184 enet 100184 1500 - - - - - 0 0
911 enet 100911 1500 - - - - - 0 0
999 enet 100999 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 trcrf 101003 4472 1005 3276 - - srb 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trbrf 101005 4472 - - 15 ibm - 0 0
16
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
1003 7 7 off
SW3#show span
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 1
Address aabb.cc00.6000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
VLAN0034
Spanning tree enabled protocol rstp
Root ID Priority 34
Address aabb.cc00.6000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
VLAN0100
Spanning tree enabled protocol rstp
Root ID Priority 100
Address aabb.cc00.6000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
17
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
VLAN0101
Spanning tree enabled protocol rstp
Root ID Priority 101
Address aabb.cc00.6000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
VLAN0153
Spanning tree enabled protocol rstp
Root ID Priority 153
Address aabb.cc00.6000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
VLAN0156
Spanning tree enabled protocol rstp
Root ID Priority 156
Address aabb.cc00.6000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
VLAN0164
18
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
VLAN0173
Spanning tree enabled protocol rstp
Root ID Priority 173
Address aabb.cc00.6000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
VLAN0184
Spanning tree enabled protocol rstp
Root ID Priority 184
Address aabb.cc00.6000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
VLAN0911
Spanning tree enabled protocol rstp
Root ID Priority 911
Address aabb.cc00.6000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
19
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
VLAN0999
Spanning tree enabled protocol rstp
Root ID Priority 999
Address aabb.cc00.6000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
20
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
Configure interface Ethernet0/0 in Jameson’s branch routers R19, R20 and R21 as
per the following requirements:
The Ethernet WAN links must rely on a Layer 2 protocol that support link
negotiation and authentication.
The service provider expect that the branch routers complete a three-way
handshake by providing the expected response of a challenge that is sent by
ISP.
R19 must use the username “Jamesons-R19” and password “CCIE” (without
quotes).
R20 must use the username “Jamesons-R20” and password “CCIE” (without
quotes).
R21 must use the username “Jamesons-R21” and password “CCIE” (without
quotes).
The interface Eth0/0 of all three routers must receive an IP address from ISP.
Ensure that all three routers can ping the IP address of each other’s interface
Eth0/0.
You are allowed to configure a single static route in each branch router to
achieve the previous requirement.
Solution:
R19
interface dialer1
ip address negotiated
encap ppp
dialer pool 1
ppp chap hostname Jamesons-R19
ppp chap pass 0 CCIE
!
int e0/0
pppoe enable group global
pppoe-client dial-pool-number 1
no shut
!
ip route 192.0.2.0 255.255.255.0 dialer 1
R20
int dialer 1
ip add nego
en ppp
dialer pool 1
21
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
R21
int dialer 1
ip add nego
en ppp
dialer pool 1
ppp chap hostname Jamesons-R21
ppp chap pass 0 CCIE
!
int e0/0
pppoe enable group global
pppoe-client dial-pool-number 1
no shut
!
ip route 192.0.2.0 255.255.255.0 dialer 1
Explain:
By default, when you checked in the router, you will get the output:
C 192.0.2.5/32 is directly connected, Dialer1
C 192.0.2.6/32 is directly connected, Dialer1
So when you want to ping the Ip address of R21 interface E0/0, it will be not success
(because you don’t have route in the routing table, so it is reason you need to add a
static route).
Verification:
R19#show ip int br
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 unassigned YES TFTP up up
Ethernet0/1 10.16.1.1 YES TFTP up up
Ethernet0/2 unassigned YES TFTP administratively down down
Ethernet0/3 unassigned YES TFTP administratively down down
Ethernet1/0 unassigned YES TFTP administratively down down
Ethernet1/1 unassigned YES TFTP administratively down down
Ethernet1/2 unassigned YES TFTP administratively down down
Ethernet1/3 unassigned YES TFTP administratively down down
Dialer1 192.0.2.6 YES IPCP up up
Loopback0 10.255.1.19 YES TFTP up up
22
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
R19#ping 192.0.2.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.0.2.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
R19#ping 192.0.2.14
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.0.2.14, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
R19#ping 192.0.2.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.0.2.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
23
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
After finishing each ò the following questions make sure that all configured
interfaces and subnets are consistently visible on all pertinent router and
switches.
Do not redistribute route between any interior gateway protocol IGP and BGP
if not explicitly required.
If not explicitly stated otherwise, you need to ping a BGP route only if it is
stated in a question otherwise the route should be only in the BGP table.
At the end of this section all subnets in your topology in your topology
including the loopback interface must be reachable via Ping from anywhere in
your topology the back bone interfaces must be reachable only if they are
part of the solution to a question.
The loopback interface must be seen as a host route /32 in the routing tables
unless stated otherwise in a question.
Configure Jameson’s network (AS 65001 and AS 65002) according to the following
requirements:
Ensure that all routers use their interface Loopback 0 as OSPF router-id.
Ensure that OSPF is not running on any interface that is facing another BGP
AS.
SW5 and SW6 must not participate in OSPF at all.
Do not use the “network” statement under the “router ospf” configuration
anywhere in the core network (AS 65001).
Do not change the default OSPF cost of any interface anywhere.
Ensure that R1, SW1 and SW2 are elected the Designated router on all of their
interfaces, and that they have the best chances of maintaining that role as
long as their interfaces are up.
Ensure that R2 is elected the Backup Designated router on all of their
interfaces, and that it has the best chances of maintaining that role as long as
its interfaces are up.
Request passive interface VLAN 100, VLAN 101, VLAN 911 on exam.
OSPF process is 1.
24
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
Solution:
SW3/SW4
router ospf 1
passive-int vlan 100
passive-int vlan 101
passive-int vlan 911
R17
router ospf 1
router-id 10.255.1.17
!
interface l0
ip ospf 1 are 0
int e0/1
ip ospf 1 area 0
R18
router ospf 1
router-id 10.255.1.18
int l0
ip ospf 1 area 0
int e0/1
ip ospf 1 area 0
SW1
router ospf 1
router-id 10.255.1.101
int l0
ip ospf 1 area 0
int vlan 100
ip ospf 1 are 0
!
int vlan 101
ip ospf 1 area 0
ip ospf pri 255
25
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
R11
router ospf 1
router-id 10.255.1.11
int l0
ip ospf 1 area 0
int e0/1
ip ospf 1 area 0
R12
router ospf 1
router-id 10.255.1.12
!
int l0
ip ospf 1 area 0
int e0/1
ip ospf 1 area 0
SW2
router ospf 1
router-id 10.255.1.102
int l0
ip ospf 1 area 0
int vlan 100
ip ospf 1 are 0
int vlan 101
ip ospf 1 area 0
ip ospf priority 255
R13
router ospf 1
router-id 10.255.1.13
int l0
ip ospf 1 area 0
int e0/1
ip ospf 1 are 0
R14
router ospf 1
router-id 10.255.1.14
int l0
ip ospf 1 are 0
int e0/1
ip ospf 1 are 0
26
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
R1
router ospf 1
router-id 10.255.1.1
int l0
ip ospf 1 are 0
int range e0/0-3,e1/0
ip ospf 1 are 0
ip ospf pri 255
R3
router ospf 1
router-id 10.255.1.3
int l0
ip ospf 1 area 0
int e0/0
ip ospf 1 area 0
int e0/2
ip ospf 1 area 0
R4
router ospf 1
router-id 10.255.1.4
int l0
ip ospf 1 are 0
int e0/0
ip ospf 1 are 0
int e0/2
ip ospf 1 area 0
ip ospf pri 255
R5
router ospf 1
router-id 10.255.1.5
!
int l0
ip ospf 1 are 0
int rang e0/0-1
ip ospf 1 are 0
R6
router ospf 1
router-id 10.255.1.6
27
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
int l0
ip ospf 1 area 0
int e0/0
ip ospf 1 are 0
int e0/1
ip ospf 1 are 0
ip ospf pri 255
R7
router ospf 1
router-id 10.255.1.7
int l0
ip ospf 1 are 0
int e0/3
ip ospf 1 area 0
R8
router ospf 1
router-id 10.255.1.8
int l0
ip ospf 1 area 0
int e0/3
ip ospf 1 are 0
ip ospf pri 255
R9/R10
int range e0/0-1
no shut
R9
router ospf 1
router-id 10.255.1.9
int l0
ip ospf 1 area 0
int e0/0
ip ospf 1 are 0
R10
router ospf 1
router-id 10.22.1.10
int l0
ip ospf 1 area 0
int e0/0
28
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
ip ospf 1 area 0
ip ospf pri 255
R2
router ospf 1
router-id 10.255.1.2
int l0
ip ospf 1 are 0
int range e0/0-3,e1/0
ip ospf 1 are 0
ip ospf pri 254
Verification:
R1#show ip os int br
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Lo0 1 0 10.255.1.1/32 1 LOOP 0/0
Et0/0 1 0 10.254.0.1/30 10 DR 1/1
Et0/1 1 0 10.254.0.5/30 10 DR 1/1
Et0/2 1 0 10.254.0.13/30 10 DR 1/1
Et0/3 1 0 10.254.0.9/30 10 DR 1/1
Et1/0 1 0 10.254.0.17/30 10 DR 1/1
R1#show ip os ne
R2#show ip os int br
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Lo0 1 0 10.255.1.2/32 1 LOOP 0/0
Et0/0 1 0 10.254.0.2/30 10 BDR 1/1
Et0/1 1 0 10.254.0.21/30 10 BDR 1/1
Et0/2 1 0 10.254.0.33/30 10 BDR 1/1
Et0/3 1 0 10.254.0.25/30 10 BDR 1/1
Et1/0 1 0 10.254.0.29/30 10 BDR 1/1
R2#show ip os ne
SW1#show ip os int br
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Lo0 1 0 10.255.1.101/32 1 LOOP 0/0
Vl101 1 0 10.1.254.254/24 1 DR 2/2
Vl100 1 0 10.1.1.254/24 1 DR 0/0
SW1#show ip os ne
SW2#show ip os int br
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Lo0 1 0 10.255.1.102/32 1 LOOP 0/0
Vl101 1 0 10.3.254.254/24 1 DR 2/2
Vl100 1 0 10.3.1.254/24 1 DR 0/0
SW2#show ip os ne
R4#show ip os int br
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Lo0 1 0 10.255.1.4/32 1 LOOP 0/0
Et0/2 1 0 10.254.0.34/30 10 DR 1/1
Et0/0 1 0 10.254.0.50/30 10 BDR 1/1
R4#show ip os ne
30
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
R17 must propagate a default route in its OSPF domain, but only if it already
has a default route in its routing table.
Do not redistribute BGP into OSPF and vice versa on R17.
Each branch router must establish an OSPF adjacency with R17 and must
receive a default route via OSPF. They may not receive any other LSA type 3
from the ABR.
Each branch router must advertise their interface Lo0 and Ethernet0/1 into
OSPF.
None of the branch routers may attempt to elect a Designated Router on their
Tunnel 0 interface.
Solution:
Explain
Help others network go to internet. It is needed configure for 3.1
section DMVPN
R17
int tunnel 0
ip nhrp map multicast dynamic
ip nhrp network-id 12345
ip nhrp redirect
tunnel source e0/0
tunnel mode gre multipoint
R19/20/21
int t0
ip nhrp map multicast 192.0.2.2
ip nhrp map 10.100.0.1 192.0.2.2
ip nhrp network-id 12345
ip nhrp shortcut
ip nhrp nhs 10.100.0.1
tunnel source dialer 1
31
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
R17
router ospf 1
area 51 stub no-sum
default-information originate
!
int t0
ip ospf 1 area 51
ip ospf network point-to-multipoint
R19
router ospf 1
router-id 10.255.1.19
are 51 stub
!
int t0
ip ospf 1 area 51
ip ospf net point-to-multipoint
!
int l0
ip ospf 1 area 51
int e0/1
ip ospf 1 area 51
R20
router ospf 1
router-id 10.255.1.20
area 51 stub
!
int l0
ip ospf 1 are 51
int e0/1
ip ospf 1 are 51
int t0
ip ospf 1 area 51
ip ospf network point-to-multipoint
R21
router ospf 1
router-id 10.255.1.21
area 51 stub
int l0
ip ospf 1 are 51
32
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
int e0/1
ip ospf 1 are 51
int t0
ip ospf 1 are 51
ip ospf network point-to-multipoint
Verification:
R17#show ip os ne
R17#show ip os int br
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Lo0 1 0 10.255.1.17/32 1 LOOP 0/0
Et0/1 1 0 10.2.0.38/30 10 BDR 1/1
Tu0 1 51 10.100.0.1/24 1000 P2MP 3/3
R19#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static
route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
R17#show dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
1 192.0.2.6 10.100.0.19 UP 00:10:38 D
1 192.0.2.10 10.100.0.20 UP 00:10:26 D
1 192.0.2.14 10.100.0.21 UP 00:10:11 D
34
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
Configure EIGRP for IPv4 in Jacob’s core network (AS 65006) according to the
following requirements:
All EIGRP routers must support 64-bit metric calculations and Routing
Information Base (RIB) scaling in EIGRP topologies.
The interface Lo0 of each router must be seen as an internal EIGRP prefix by
all other routers in their local domain.
Ensure that EIGRP is not running on any interface that is facing another AS.
Use any method to accomplish this requirement.
Jacob’s core network must use the EIGRP autonomous system number 1.
R52 must inject its interface loopback 52 into EIGRP as an external prefix.
All EIGRP core routers R50, R51 must add the administrator tag
“172.172.172.172” to all prefixes that they inject into EIGRP. Ensure that
operators can filter routes by using the route tag wildcard mask.
The following output must be seen on R50:
R50#show ip ei topology 52.52.52.52 255.255.255.255
EIGRP-IPv4 VR(JACOBS) Topology Entry for AS(1)/ID(172.30.1.50) for
52.52.52.52/32
State is Passive, Query origin flag is 1, 1 Successor(s), FD is
131153920, RIB is 1024640
Descriptor Blocks:
172.30.100.3 (Ethernet0/0), from 172.30.100.3, Send flag is 0x0
Composite metric is (131153920/163840), route is External
Vector metric:
Minimum bandwidth is 10000 Kbit
Total delay is 1001250000 picoseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 1
Originating router is 172.30.1.52
External data:
AS number of route is 0
External protocol is Connected, external metric is 0
Administrator tag is 172.172.172.172
Solution:
R53/R54
int range e0/0-1
no shut
35
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
R50/R51/R52/R53/R54
no router eigrp 1
R50
router eigrp JACOBS
address-family ipv4 unicast autonomous-system 1
network 172.30.1.50 0.0.0.0
network 172.30.100.1 0.0.0.0
R51
router eigrp JACOBS
address-family ipv4 unicast autonomous-system 1
network 172.30.1.51 0.0.0.0
network 172.30.100.2 0.0.0.0
R52
router eigrp JACOBS
address-family ipv4 unicast autonomous-system 1
net 172.30.1.52 0.0.0.0
net 172.30.100.3 0.0.0.0
topology base
redistribute connected route-map CONNECTED
route-map CONNECTED
match interface loopback 52
R53
router eigrp JACOBS
address-family ipv4 unicast autonomous-system 1
network 172.30.1.53 0.0.0.0
net 172.30.100.4 0.0.0.0
R54
router eigrp JACOBS
address-family ipv4 unicast autonomous-system 1
network 172.30.1.54 0.0.0.0
net 172.30.100.5 0.0.0.0
36
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
R50/51/52/53/54/R9/R10
route-tag notation dotted-decimal
Explain:
This is really important command. It helps the output to become Tag:
172.172.172.172
R50/51/52
route-map TAG permit 10
set tag 172.172.172.172
!
router eigrp JACOBS
address-family ipv4 unicast autonomous-system 1
topology base
distribute-list route-map TAG out
!
R57
router eigrp 10
network 172.18.2.1 0.0.0.0
network 172.30.1.57 0.0.0.0
Verification:
R50#show ip ei ne
EIGRP-IPv4 VR(JACOBS) Address-Family Neighbors for AS(1)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
3 172.30.100.5 Et0/0 11 00:04:58 2 100 0 12
2 172.30.100.4 Et0/0 11 00:05:09 5 100 0 14
1 172.30.100.3 Et0/0 11 00:05:19 2 100 0 19
0 172.30.100.2 Et0/0 11 00:05:27 1 100 0 17
37
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
R50#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
38
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
Refer to the “Overall Scenario”, “Diagram 2: Initial Topology” and “Diagram 4: Pre-
merge Topology”.
R11, R12, R13 and R14 must redistribute OSPF into BGP and they must
advertise a default route into their respective OSPF domain. They may not
redistribute BGP into OSPF. Need add always, it is request on exam.
R15 and R16 must mutually redistribute OSPF and BGP.
R11, R12, R13 and R14 must advertise only four prefixes via eBGP to
Jameson’s core network as follows:
o R11 and R12 must advertise 10.1.0.0/16, 10.255.1.11/32,
10.255.1.12/32 and 10.255.1.101/32;
o R13 and R14 must advertise 10.3.0.0/16, 10.255.1.13/32,
10.255.1.14/32 and 10.255.1.102/32;
R1 must reflect IPv4 BGP prefixes to all core routers except R2. All internal
BGP peers must be established using interface Lo0.
Ensure that each Jameson’s site receives BGP prefixes from other sites.
A very smaller output as the one shown below must be seen on R11, R12, R13
and R14 (only the next-hop, version and update-group may differ).
R11#show ip bgp 10.2.0.0/16
BGP routing table entry for 10.2.0.0/16, version 18
Paths: (2 available, best #2, table default)
Advertised to update-groups:
2
Refresh Epoch 1
65001 65001, (aggregated by 65002 10.255.1.16)
10.255.1.12 (metric 11) from 10.255.1.12 (10.255.1.12)
Origin IGP, metric 0, localpref 100, valid, internal, atomic-aggregate
rx pathid: 0, tx pathid: 0
Refresh Epoch 1
65001 65001, (aggregated by 65002 10.255.1.15)
10.254.0.53 from 10.254.0.53 (10.255.1.7)
Origin IGP, localpref 100, valid, external, atomic-aggregate, best
rx pathid: 0, tx pathid: 0x0
Ensure that any prefix that originate in any of these main site will not advertise
back to same site via redundant gateway.
The configuration must equally apply to any future prefixes that may be
advertised by any site
R15 and R16 must advertise their OSPF default route to their PE.
39
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
Solution:
R1
router bgp 65001
bgp router-id 10.255.1.1
nei IBGP peer-group
nei IBGP remote-as 65001
nei IBGP update-source loopback 0
nei IBGP route-reflector-client
nei 10.255.1.3 peer-group IBGP
nei 10.255.1.4 peer-group IBGP
nei 10.255.1.5 peer-group IBGP
nei 10.255.1.6 peer-group IBGP
nei 10.255.1.7 peer-group IBGP
nei 10.255.1.8 peer-group IBGP
R3
router bgp 65001
bgp router-id 10.255.1.3
nei 10.255.1.1 remote-as 65001
nei 10.255.1.1 update-source l0
nei 10.255.1.1 next-hop-self
R4
router bgp 65001
bgp router-id 10.255.1.4
nei 10.255.1.1 remote-as 65001
nei 10.255.1.1 update-source l0
nei 10.255.1.1 next-hop-self
R5
router bgp 65001
bgp router-id 10.255.1.5
nei 10.255.1.1 remote-as 65001
nei 10.255.1.1 update-source l0
nei 10.255.1.1 next-hop-self
R6
router bgp 65001
bgp router-id 10.255.1.6
nei 10.255.1.1 remote-as 65001
nei 10.255.1.1 update-source l0
nei 10.255.1.1 next-hop-self
40
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
R7
router bgp 65001
bgp router-id 10.255.1.7
nei 10.255.1.1 remote-as 65001
nei 10.255.1.1 update-source l0
nei 10.255.1.1 next-hop-self
R8
router bgp 65001
bgp router-id 10.255.1.8
nei 10.255.1.1 remote-as 65001
nei 10.255.1.1 update-source l0
nei 10.255.1.1 next-hop-self
Explain:
Why do you need the command: next-hop-self under the BGP configuration?
Because the interface faced to the edge router, you don’t advertise it into the core
network, so if the route from
R3 (role as PE)
ip vrf GREEN
rd 65002:15
!
int e0/1
ip vrf forwarding GREEN
ip add 10.254.0.73 255.255.255.252
!
router bgp 65001
no nei 10.254.0.74 remote-as 65002
address-family ipv4 vrf GREEN
nei 10.254.0.74 remote-as 65002
nei 10.254.0.74 as-override
R4 (PE role)
ip vrf GREEN
rd 65002:16
!
int e0/1
ip vrf forwarding GREEN
ip add 10.254.0.77 255.255.255.252
router bgp 65001
no nei 10.254.0.78 remote-as 65002
address-family ipv4 vrf GREEN
41
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
R5 (PE role)
ip vrf GREEN
rd 65002:13
int e0/2
ip vrf forwarding GREEN
ip add 10.254.0.41 255.255.255.252
!
router bgp 65001
no nei 10.254.0.42 remote-as 65002
address-family ipv4 vrf GREEN
nei 10.254.0.42 remote-as 65002
nei 10.254.0.42 as-override
R6 (PE role)
ip vrf GREEN
rd 65002:14
!
int e0/2
ip vrf forwarding GREEN
ip add 10.254.0.45 255.255.255.252
!
router bgp 65001
no nei 10.254.0.46 remote-as 65002
address-family ipv4 vrf GREEN
nei 10.254.0.46 remote-as 65002
nei 10.254.0.46 as-override
R7 (PE role)
ip vrf RED
rd 65002:11
!
int e0/0
ip vrf forwarding RED
ip add 10.254.0.53 255.255.255.252
!
router bgp 65001
no nei 10.254.0.54 remote-as 65002
address-family ipv4 vrf RED
nei 10.254.0.54 remote-as 65002
nei 10.254.0.54 as-override
R8 (PE role)
42
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
ip vrf RED
rd 65002:12
int e0/0
ip vrf forwarding RED
ip add 10.254.0.57 255.255.255.252
router bgp 65001
no nei 10.254.0.58 remote-as 65002
address-family ipv4 vrf RED
nei 10.254.0.58 remote-as 65002
nei 10.254.0.58 as-override
43
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
R11/R12
router bgp 65002
redistribute ospf 1
aggregate-address 10.1.0.0 255.255.0.0 summary-only
!
router ospf 1
default-information originate always
R13/R14
router bgp 65002
redistribute ospf 1
aggregate-address 10.3.0.0 255.255.0.0 summary-only
!
router ospf 1
default-information originate always
R15/R16
router bgp 65002
redistribute ospf 1 match internal external 2
aggregate-address 10.2.0.0 255.255.0.0 summary-only
!
router ospf 1
redistribute bgp 65002 subnets metric-type 1
!
router bgp 65002
default-information originate
44
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
R15/R16
ip prefix-list AS65005 seq 5 deny 172.18.1.0/24
ip prefix-list AS65005 seq 10 permit 0.0.0.0/0 le 32
R15
router bgp 65002
nei 10.254.0.73 prefix AS65005 out
R16
router bgp 65002
nei 10.254.0.77 prefix AS65005 out
Verification:
R1#show ip bgp summary
BGP router identifier 10.255.1.1, local AS number 65001
BGP table version is 1, main routing table version 1
R15#show ip bgp
BGP table version is 342, local router ID is 10.255.1.15
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
45
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
46
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
Refer to the “Overall Scenario”, “Diagram 2: Initial Topology” and “Diagram 4: Pre-
merge Topology”. Jacob’s decided to enable MPLS VPN in their network Configure
Jameson’s network as per the following requirements: based on Topology.
Solution:
R56
router bgp 65005
bgp router-id 172.30.1.56
nei 172.18.253.5 remote-as 65006
nei 172.30.1.55 remote-as 65005
nei 172.30.1.55 update-source l0
nei 172.30.1.55 next-hop-self
aggregate-address 172.18.0.0 255.255.0.0 summary-only
R55
router bgp 65005
bgp router-id 172.30.1.55
nei 172.18.253.1 remote-as 65006
nei 172.30.1.56 remote-as 65005
nei 172.30.1.56 update-source l0
nei 172.30.1.56 next-hop-self
aggregate-address 172.18.0.0 255.255.0.0 summary-only
int e0/1
ip vrf forwarding GREEN
ip add 172.18.253.1 255.255.255.252
47
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
interface Ethernet0/1
ip vrf forwarding GREEN
ip address 172.18.253.5 255.255.255.252
int e0/1
ip vrf forwarding BLUE
ip add 172.17.253.22 255.255.255.252
48
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
!
router bgp 65005
redistribute eigrp 10 route-map JACOBHQ
!
router eigrp 10
redistribute bgp 65005 metric 1 1 1 1 1 route-map JACOBHQ1
Verification:
R50#show bgp vpnv4 uni all
BGP table version is 525, local router ID is 172.30.1.50
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
50
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
Refer to the “Overall Scenario” and “Diagram 5: Merge Phase: 1” Jameson’s and
Jacob’s started the first phase of their merge and add a new border router in their
respective main site (R18 and R57).
Interface loopback 0 of both R18 and R57 must be add into their respective
IGP domain.
Interface Eth0/1 of both R18 and R57 must peer with its connected IGP
neighbor.
Both R18 and R57 must advertise a summary prefix via eBGP to each other as
follows:
R18 advertises 10.0.0.0/8
R57 advertises 172.0.0.0/8
Both R18 and R57 must propagate the received summary prefix into their
respective IGP domain.
Solution:
R18
router bgp 65002
bgp router-id 10.255.1.18
nei 10.2.0.46 remote-as 65005
network 10.2.100.0 mask 255.255.255.0
aggregate-address 10.0.0.0 255.0.0.0
router ospf 1
redistribute bgp 65002 subnets
R57
router bgp 65005
bgp router-id 172.30.1.57
neighbor 10.2.0.45 remote-as 65002
network 172.18.1.0 mask 255.255.255.0
aggregate-address 172.0.0.0 255.0.0.0
!
router eigrp 10
redistribute bgp 65005 metric 10000 100 255 1 1500
51
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
Verification:
R18#show bgp ipv4 uni summary
BGP router identifier 10.255.1.18, local AS number 65002
BGP table version is 5, main routing table version 5
4 network entries using 560 bytes of memory
4 path entries using 320 bytes of memory
4/4 BGP path/bestpath attribute entries using 576 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1480 total bytes of memory
BGP activity 4/0 prefixes, 4/0 paths, scan interval 60 secs
R18#
R18#show bgp ipv4 uni nei 10.2.0.46 adver
R18#show bgp ipv4 uni nei 10.2.0.46 advertised-routes
BGP table version is 5, local router ID is 10.255.1.18
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
52
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
Refer to “Diagram 2: Initial Topology” and “Diagram 6: Merge Phase 2”. Jameson’s
and Jacob’s are entering in the second phase of the merge and have deployed two
new border routers in their respective core network. Configure the core networks as
per the following requirements:
R9 and R10 must run OSPF on their interface Eth0/0 and Loopback 0.
R9 and R10 must run EIGRP on their interface Eth0/1.
R53 and R54 must run EIGRP on all of their interfaces.
Mutually redistribute EIGRP and OSPF on both R9 and R10
Avoid routing loops and ensure that all current and future prefixes are routed
via their optimal path. Do not use any access-list or prefix-list in order to
achieve this requirement
Do not change any administrative distance of any protocol in any router.
Solution:
R9
router eigrp JACOBS
address-family ipv4 unicast autonomous-system 1
network 10.254.0.61 0.0.0.0
R10
router eigrp JACOBS
address-family ipv4 unicast autonomous-system 1
network 10.254.0.65 0.0.0.0
R53
router eigrp JACOBS
address-family ipv4 unicast autonomous-system 1
network 10.254.0.62 0.0.0.0
R54
router eigrp JACOBS
address-family ipv4 unicast autonomous-system 1
network 10.254.0.66 0.0.0.0
53
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
R9/R10
router ospf 1
redistribute eigrp 1 subnets
Verification:
R50#traceroute 10.255.1.8
Type escape sequence to abort.
Tracing the route to 10.255.1.8
VRF info: (vrf in name/id, vrf out name/id)
1 172.30.100.5 [MPLS: Label 22 Exp 0] 2 msec 1 msec 2 msec
2 10.254.0.65 [MPLS: Label 26 Exp 0] 2 msec 1 msec 2 msec
3 10.254.0.29 [MPLS: Label 28 Exp 0] 1 msec 1 msec 1 msec
4 10.254.0.26 2 msec * 5 msec
54
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
Network managers have decided that the primary path for all traffic between
Jameson’s 10.2.100.0/24 and Jacob’s 172.18.1.0/24 must be routed
preferably via the BGP backdoor link between R18 and R57. If this link
should fail, then traffic should fall back over the MPLS core network.
All other traffic must be routed preferably via the MPLS core network.
Do not configure any route-map nor access-list in order to achieve this
requirement
Ensure that the following test reveals the same path as shown below:
R101#traceroute 172.18.1.254 numeric
Type escape sequence to abort.
Tracing the route to 172.18.1.254
VRF info: (vrf in name/id, vrf out name/id)
1 10.2.100.253 2 msec 1 msec 1 msec
2 10.2.0.14 1 msec 2 msec 1 msec
3 10.2.0.42 2 msec 2 msec 1 msec
4 10.2.0.46 2 msec 2 msec 1 msec
5 172.18.2.254 2 msec * 3 msec
SW10#traceroute 10.2.100.253
Type escape sequence to abort.
Tracing the route to 10.2.100.253
VRF info: (vrf in name/id, vrf out name/id)
1 172.18.2.1 0 msec 1 msec 0 msec
2 10.2.0.45 2 msec 1 msec 1 msec
3 10.2.0.41 1 msec 1 msec 2 msec
4 10.2.100.253 3 msec * 2 msec
R101#traceroute 172.18.2.254
Type escape sequence to abort.
Tracing the route to 172.18.2.254
VRF info: (vrf in name/id, vrf out name/id)
1 10.2.100.253 2 msec 1 msec 1 msec
2 10.2.0.5 1 msec 1 msec 1 msec
3 10.254.0.73 2 msec 2 msec 1 msec
4 10.254.0.13 [MPLS: Labels 35/46 Exp 0] 2 msec 2 msec 2 msec
5 10.254.0.18 [MPLS: Labels 38/46 Exp 0] 3 msec 3 msec 2 msec
6 10.254.0.62 [MPLS: Labels 40/46 Exp 0] 2 msec 2 msec 3 msec
7 172.18.253.5 [MPLS: Label 46 Exp 0] 3 msec 3 msec 3 msec
8 172.18.253.6 2 msec 2 msec 3 msec
9 172.18.254.254 3 msec * 3 msec
55
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
Solution:
R51
router bgp 65006
bgp default local-preference 200
Explain:
If you don’t add local-preference 200 on R51, so traffic from R101 will cannot
follow exactly output as request from Cisco. R1 is RR, maybe it will choose R50 as
best path go to Jacob’s Headquater Network.
Verification:
R101#traceroute 172.18.1.254 numeric
Type escape sequence to abort.
Tracing the route to 172.18.1.254
VRF info: (vrf in name/id, vrf out name/id)
1 10.2.100.253 2 msec 1 msec 1 msec
2 10.2.0.14 1 msec 2 msec 1 msec
3 10.2.0.42 2 msec 2 msec 1 msec
4 10.2.0.46 2 msec 2 msec 1 msec
5 172.18.2.254 2 msec * 3 msec
SW10#traceroute 10.2.100.253
Type escape sequence to abort.
Tracing the route to 10.2.100.253
VRF info: (vrf in name/id, vrf out name/id)
1 172.18.2.1 0 msec 1 msec 0 msec
2 10.2.0.45 2 msec 1 msec 1 msec
3 10.2.0.41 1 msec 1 msec 2 msec
4 10.2.100.253 3 msec * 2 msec
R101#traceroute 172.18.2.254
Type escape sequence to abort.
Tracing the route to 172.18.2.254
VRF info: (vrf in name/id, vrf out name/id)
1 10.2.100.253 2 msec 1 msec 1 msec
2 10.2.0.5 1 msec 1 msec 1 msec
3 10.254.0.73 2 msec 2 msec 1 msec
4 10.254.0.13 [MPLS: Labels 35/46 Exp 0] 2 msec 2 msec 2 msec
5 10.254.0.18 [MPLS: Labels 38/46 Exp 0] 3 msec 3 msec 2 msec
6 10.254.0.62 [MPLS: Labels 40/46 Exp 0] 2 msec 2 msec 3 msec
7 172.18.253.5 [MPLS: Label 46 Exp 0] 3 msec 3 msec 3 msec
8 172.18.253.6 2 msec 2 msec 3 msec
9 172.18.254.254 3 msec * 3 msec
56
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
Establish OSPFv3 adjacencies in Area 0 between SW3, SW4, R15 and R16.
Do not use the command “ipv6 router ospf” anywhere in order to accomplish
the previous requirement.
Interface VLAN 100 of SW3 must be configured with default route preference
set to “high”.
Interface VLAN 100 of SW4 must be configured with default route preference
set to “medium”.
The interval between Router Advertisement transmissions on VLAN 100 must
be set 20 seconds on both SW3 and SW4.
Solution:
R15
router ospfv3 1
address-family ipv6 unicast
router-id 10.255.1.15
!
interface e0/0
ospfv3 1 ipv6 area 0
!
int e0/2
ospfv3 1 ipv6 area 0
R16
router ospfv3 1
address-family ipv6 unicast
router-id 10.255.1.16
!
int e0/0
ospfv3 1 ipv6 area 0
int e0/2
ospfv3 1 ipv6 are 0
57
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
SW3
router ospfv3 1
address-family ipv6 unicast
router-id 10.255.1.103
!
int loopback 0
ospfv3 1 ipv6 area 0
SW4
router ospfv3 1
address-family ipv6 unicast
router-id 10.255.1.104
!
int loopback 0
ospfv3 1 ipv6 area 0
!
int vlan 164
ospfv3 1 ipv6 area 0
!
int vlan 100
ospfv3 1 ipv6 area 0
ipv6 nd ra interval 20
!
int vlan 34
ospfv3 1 ipv6 area 0
int vlan 100
ipv6 nd router-preference medium
58
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
Verification:
R15#show ipv6 ospf ne
SW3#show ipv6 os ne
59
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
FF02::2
FF02::5
FF02::6
FF02::66
FF02::1:FF00:1
FF02::1:FF01:253
FF02::1:FF80:6000
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND advertised reachable time is 0 (unspecified)
ND advertised retransmit interval is 0 (unspecified)
ND router advertisements are sent every 20 seconds
ND router advertisements live for 1800 seconds
ND advertised default router preference is High
Hosts use stateless autoconfig for addresses.
60
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
SW3 and SW4 must provide first-hop redundancy for hosts in VLAN 100 by
sharing the virtual link-local address FE80:100::1.
SW3 must be elected as the active router and SW4 must be elected the
standby router.
In case SW3 is down, SW4 must take over the active role. If SW3 comes
back online, it must automatically recover the active role from SW4.
Ensure that HSRP Hello packets are exchanged every 10 second and that the
standby takes over the active role if three consecutive Hello packets were
missed from the active.
Solution:
SW3
int vlan 100
standby ver 2
standby 1 ipv6 fe80:100::1
standby 1 timers 10 30
standby 1 priority 105
standby 1 preempt
SW4
int vlan 100
standby version 2
standby 1 ipv6 fe80:100::1
standby 1 timer 10 30
standby 1 preempt
Verification:
SW3#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl100 1 105 P Active local FE80::A8BB:CCFF:FE80:8000
FE80:100::1
Vl100 2 95 P Active local 10.2.100.254 10.2.100.1
61
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
SW3#show standby
Vlan100 - Group 1 (version 2)
State is Active
2 state changes, last state change 00:01:41
Link-Local Virtual IPv6 address is FE80:100::1 (conf)
Active virtual MAC address is aabb.cc80.6000 (MAC In Use)
Local virtual MAC address is aabb.cc80.6000 (bia)
Hello time 10 sec, hold time 30 sec
Next hello sent in 5.824 secs
Preemption enabled
Active router is local
Standby router is FE80::A8BB:CCFF:FE80:8000, priority 100 (expires in
30.128 sec)
Priority 105 (configured 105)
Group name is "hsrp-Vl100-1" (default)
Vlan100 - Group 2 (version 2)
State is Active
2 state changes, last state change 00:01:39
Virtual IP address is 10.2.100.1
Active virtual MAC address is aabb.cc80.6000 (MAC In Use)
Local virtual MAC address is aabb.cc80.6000 (bia)
Hello time 10 sec, hold time 30 sec
Next hello sent in 2.624 secs
Preemption enabled
Active router is local
Standby router is 10.2.100.254, priority 90 (expires in 30.240 sec)
Priority 95 (configured 105)
Track object 1 state Down decrement 10
Group name is "hsrp-Vl100-2" (default)
62
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
Solution:
R17
ip multicast-routing
int e0/1
ip pim sparse-mode
int l0
ip pim sparse-mode
int tunnel 0
ip pim sparse-mode
!
ip pim bsr-candidate loopback0
ip pim rp-candidate loopback 0
63
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
R19/20/21
ip multicast-routing
int tunnel 0
ip pim sparse-mode
int e0/1
ip pim sparse-mode
ip igmp join-group 239.1.1.1
Verification:
R17#show ip mroute
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C -
Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry, E -
Extranet,
X - Proxy Join Timer Running, A - Candidate for MSDP
Advertisement,
U - URD, I - Received Source Specific Host Report,
Z - Multicast Tunnel, z - MDT-data group sender,
Y - Joined MDT-data group, y - Sending to MDT-data group,
G - Received BGP C-Mroute, g - Sent BGP C-Mroute,
N - Received BGP Shared-Tree Prune, n - BGP C-Mroute
suppressed,
Q - Received BGP S-A Route, q - Sent BGP S-A Route,
V - RD & Vector, v - Vector, p - PIM Joins on route
Outgoing interface flags: H - Hardware switched, A - Assert winner, p
- PIM Join
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
65
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
Use the preconfigured interface Tunnel0 on all four routers in order to accomplish
this task.
Solution:
R17
int tunnel 0
ip nhrp map multicast dynamic
ip nhrp network-id 12345
ip nhrp redirect
tunnel source e0/0
tunnel mode gre multipoint
R19/20/21
int tunnel 0
ip nhrp map multicast 192.0.2.2
ip nhrp map 10.100.0.1 192.0.2.2
66
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
R17/18/19/20
int tunnel 0
tunnel protection ipsec profile DMVPNPROFILE
Verification:
R17#show dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
1 192.0.2.6 10.100.0.19 UP 02:17:23 D
1 192.0.2.10 10.100.0.20 UP 02:17:23 D
1 192.0.2.14 10.100.0.21 UP 02:17:23 D
67
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
68
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
Solution:
R1/R2
ip cef
mpls ip
mpls label protocol ldp
mpls ldp router-id loopback 0
!
int range e0/0-3
mpls ip
int e1/0
mpls ip
R3/R4
ip cef
mpls ip
mpls label protocol ldp
mpls ldp router-id loopback 0
int range e0/0, e0/2
mpls ip
R5/R6
ip cef
mpls ip
mpls label protocol ldp
mpls ldp router-id loopback 0
int rang e0/0-1
mpls ip
R7/R8
ip cef
mpls ip
mpls label protocol ldp
mpls ldp router-id loopback 0
int e0/3
mpls ip
R1
router bgp 65001
address-family vpnv4
nei IBGP route-reflector-client
nei 10.255.1.3 activate
nei 10.255.1.4 activate
nei 10.255.1.5 activate
nei 10.255.1.6 activate
nei 10.255.1.7 activate
nei 10.255.1.8 activate
Explain:
R4
ip vrf GREEN
rd 65002:16
route-target export 65002:1516
route-target import 65002:1112
route-target import 65002:1314
route-target import 65005:5556
route-target import 65007:58
70
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
R5
ip vrf GREEN
rd 65002:13
route-target export 65002:1314
route-target import 65002:1516
R6
ip vrf GREEN
rd 65002:14
route-target export 65002:1314
route-target import 65002:1516
R7
ip vrf RED
rd 65002:11
route-target export 65002:1112
route-target import 65002:1516
R8
ip vrf RED
rd 65002:12
route-target export 65002:1112
route-target import 65002:1516
Verification:
R101#traceroute 10.1.1.254
Type escape sequence to abort.
Tracing the route to 10.1.1.254
VRF info: (vrf in name/id, vrf out name/id)
1 10.2.100.253 1 msec 1 msec 1 msec
2 10.2.0.5 1 msec 1 msec 1 msec
3 10.254.0.73 2 msec 1 msec 1 msec
4 10.254.0.13 [MPLS: Labels 29/44 Exp 0] 2 msec 3 msec 2 msec
5 10.254.0.53 [MPLS: Label 44 Exp 0] 2 msec 1 msec 2 msec
6 10.254.0.54 2 msec 3 msec 2 msec
7 10.1.254.254 3 msec * 4 msec
R101#traceroute 10.3.1.254
Type escape sequence to abort.
Tracing the route to 10.3.1.254
VRF info: (vrf in name/id, vrf out name/id)
1 10.2.100.253 1 msec 1 msec 0 msec
2 10.2.0.5 1 msec 1 msec 2 msec
3 10.254.0.73 1 msec 1 msec 2 msec
71
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
72
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
Refer to the “Overall Scenario” and “Diagram 6: Merge Phase 2”. Jameson’s and
Jacob’s are entering in the second phase of the merge and have deployed two new
border routers in their respective core network. Configure the network as per the
following requirements:
Solution:
R50/51/52
router bgp 65006
no bgp default ipv4-unicast
nei 10.255.1.1 remote-as 65001
nei 10.255.1.1 local-as 65001
nei 10.255.1.1 update-source l0
address-family vpnv4
nei 10.255.1.1 act
R50
ip vrf GREEN
rd 65005:55
route-target export 65005:5556
route-target import 65002:1516
R51
ip vrf GREEN
rd 65005:56
route-target export 65005:5556
route-target import 65002:1516
R52
ip vrf BLUE
rd 65007:58
route-target export 65007:58
route-target import 65002:1516
74
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
Verification:
R1#show bgp vpnv4 uni all summary
BGP router identifier 10.255.1.1, local AS number 65001
BGP table version is 235, main routing table version 235
70 network entries using 10640 bytes of memory
70 path entries using 5600 bytes of memory
32/32 BGP path/bestpath attribute entries using 4864 bytes of memory
3 BGP AS-PATH entries using 72 bytes of memory
5 BGP extended community entries using 120 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 21296 total bytes of memory
BGP activity 83/13 prefixes, 83/13 paths, scan interval 60 secs
75
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
***Big note that: If don’t define RT or wrong RT then PE don’t receive VPNV4 route
from PE. Good.
76
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
Refer to the “Overall Scenario” and “Diagram 6: Merge Phase 2”. Configure the
network as per the following requirements:
Jameson’s headquarters (VPN RED), main office (VPN GREEN) and Jacob’
office (VPN BLUE) must receive datacenter prefixes (VPN GREEN).
Jameson’s main office (VPN GREEN) may not receive headquarters (VPN
RED) prefixes nor Jacob’s headquarters (VPN GREEN) prefixes.
In order to simplify future changes, your solution may not be limited to
specific prefixes.
Solution:
R7/R8
ip vrf RED
route-target import 65002:1516
R50/51
ip vrf GREEN
route-target import 65002:1516
R52
ip vrf BLUE
route-target import 65002:1516
Verification:
R11#show bgp ipv4 uni
BGP table version is 56, local router ID is 10.255.1.11
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
78
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
79
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
80
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
Protect R17’s control-plane from TTL expiry attacks so that match IP packets
with a TTL of 0 or 1 are dropped before the CPU processes them.
Legit packets include expected control protocols running on the link.
Solution:
R17
ip access-list extended TTL
deny ospf any any
deny tcp any any eq bgp
deny tcp any eq bgp any
deny pim any any
deny esp any any
deny gre any any
deny udp any any eq 500
deny udp any any eq 4500
permit ip any any ttl eq 0
permit ip any any ttl eq 1
class-map match-all TTL
match access-group name TTL
policy-map TTL
class TTL
drop
!
Control-plane
service-policy input TTL
81
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
Verification:
17#show ip access-lists TTL
Extended IP access list TTL
10 deny ospf any any (1762 matches)
20 deny tcp any any eq bgp (275 matches)
30 deny tcp any eq bgp any
40 deny pim any any (683 matches)
50 deny esp any any
60 deny gre any any (17 matches)
70 deny udp any any eq isakmp (15 matches)
80 deny udp any any eq non500-isakmp
90 permit ip any any ttl eq 0
100 permit ip any any ttl eq 1 (217 matches)
SW5 and SW6 must filter DHCP message received by untrusted hosts by
comparing the source MAC address and the DHCP client hardware address. If
the address match, the switches must forward the packet. If the addresses
do not match, the switches must drop the packet.
Ensure that these access switches do not filter DHCP packets on their
uplinks.
Ensure that the DHCP relay switches (refer to item 5.1) allow DHCP message
received on their interface VLAN 100 with the added Option 82 and
uninitialized GIADDR field to be accepted.
82
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
Solution:
SW5
ip dhcp snooping
ip dhcp snooping vlan 100
ip dhcp snooping information option
interface port-channel 35
ip dhcp snooping trust
sw6
ip dhcp snooping
ip dhcp snooping vlan 100
ip dhcp snooping information option
interface port-channel 46
ip dhcp snooping trust
Verification:
SW6#show ip dhcp snooping
Switch DHCP snooping is enabled
DHCP snooping is configured on following VLANs:
100
DHCP snooping is operational on following VLANs:
100
DHCP snooping is configured on the following L3 Interfaces:
83
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
Ensure that the distribution switches SW3 and SW4 forward DHCP discover
broadcast message received from VLAN 100’s hosts to interface Loopback0 of
R15 as unicast messages.
R15 must assign hosts in VLAN 100 a valid IP address from the prefix
10.2.100.0/24.
Ensure that addresses that were statically configured will never be assigned
to any host.
The DHCP offer must include the IP address 10.2.100.1/24 as the default
gateway for VLAN 100 users.
Ensure that the server R101 effectively receives an IP address from the
expected prefix 10.2.1.0/24 as well as its default gateway information.
Solution:
R15
ip dhcp pool R101
host 10.2.100.2 255.255.255.0
client-identifier 01aa.bbcc.00a0.00
default-router 10.2.100.1
!
ip dhcp pool VLAN 100
network 10.2.100.0 255.255.255.0
default-router 10.2.100.1
ip dhcp excluded-address 10.2.100.1
ip dhcp excluded-address 10.2.100.253
ip dhcp excluded-address 10.2.100.254
SW3/SW4
interface vlan 100
ip helper-address 10.255.1.15
ip dhcp relay information trusted
84
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
Verification:
R101#show ip int br
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 10.2.100.2 YES DHCP up up
Ethernet0/1 unassigned YES NVRAM administratively down down
Ethernet0/2 unassigned YES NVRAM administratively down down
Ethernet0/3 unassigned YES NVRAM administratively down down
85
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
Refer to “Diagram 1: Initial Topology”. Configure the network as per the following
requirements:
86
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
Solution:
R17
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 1 permit 172.0.0.0 0.255.255.255
!
ip nat inside source list 1 interface e0/0 overload
interface e0/0
ip nat outside
interface e0/1
ip nat inside
interface t0
ip nat inside
R58
router eigrp 10
summary-metric 0.0.0.0/0 distance 80
Verification:
R58#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static
route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
88
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
SW3 and SW4 must use the multicast address 224.0.0.102 in order to
negotiate the active and standby roles.
SW3 must be elected as the active router and SW4 must be elected as the
standby router.
In case SW3 is down, SW4 must take over the active role. If SW3 comes
back online, it must automatically recover the active role from SW4.
Ensure that HSRP hello packets are exchanged every 10 second and that the
standby takes over the active role if three consecutive Hello packets were
missed from the active.
Both routers must share the virtual IP address 10.2.100.1 that will be used
as default gateway for VLAN 100’s hosts.
Solution:
SW3
interface vlan 100
standby 2 ip 10.2.100.1
standby 2 timers 10 30
standby 2 priority 105
standby 2 preempt
SW4
interface vlan 100
standby 2 ip 10.2.100.1
standby timers 10 30
standby 2 preempt
Verification:
SW3#show standby bri
SW3#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl100 1 105 P Active local FE80::A8BB:CCFF:FE80:8000
FE80:100::1
Vl100 2 105 P Active local 10.2.100.254 10.2.100.1
SW3#show standby
Vlan100 - Group 1 (version 2)
State is Active
89
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
90
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
SW3 and SW4 must monitor the reachability of their OSPF IPv4 default route
and in case it is not available, the HSRP priority must be decreased by 10
Solution:
sw3/sw4
track 1 ip route 0.0.0.0 0.0.0.0 reachability
interface vlan 100
standby 2 track 1 decrement 10
Verification:
SW3#show track
Track 1
IP route 0.0.0.0 0.0.0.0 reachability
Reachability is Up (OSPF)
2 changes, last change 01:24:55
First-hop interface is Vlan173
Tracked by:
HSRP Vlan100 2
SW4#show track
Track 1
IP route 0.0.0.0 0.0.0.0 reachability
Reachability is Up (OSPF)
2 changes, last change 01:24:59
First-hop interface is Vlan34
Tracked by:
HSRP Vlan100 2
91
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
After you finished the LAB, Exam is requested you test as following:
R101#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
R19#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
SW3#ping 239.1.1.1 so
SW3#ping 239.1.1.1 source vlan 173
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 239.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 10.2.0.37
Reply to request 0 from 10.16.2.1, 23 ms
Reply to request 0 from 10.16.1.1, 37 ms
Reply to request 0 from 10.16.3.1, 31 ms
SW1#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms
SW2#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/4 ms
92
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
SW2#
R101#
R101#ping 172.18.1.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.18.1.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms
R101#
R101#traceroute 172.18.1.254
Type escape sequence to abort.
Tracing the route to 172.18.1.254
VRF info: (vrf in name/id, vrf out name/id)
1 10.2.100.253 1 msec 1 msec 1 msec
2 10.2.0.14 1 msec 1 msec 0 msec
3 10.2.0.42 2 msec 2 msec 2 msec
4 10.2.0.46 2 msec 2 msec 2 msec
5 172.18.2.254 2 msec * 3 msec
R101#
R101#traceroute 172.18.2.254
Type escape sequence to abort.
Tracing the route to 172.18.2.254
VRF info: (vrf in name/id, vrf out name/id)
1 10.2.100.253 2 msec 1 msec 1 msec
2 10.2.0.5 1 msec 1 msec 1 msec
3 10.254.0.73 2 msec 3 msec 2 msec
4 10.254.0.13 [MPLS: Labels 58/81 Exp 0] 3 msec 2 msec 3 msec
5 10.254.0.18 [MPLS: Labels 38/81 Exp 0] 2 msec 2 msec 3 msec
6 10.254.0.62 [MPLS: Labels 20/81 Exp 0] 4 msec 3 msec 4 msec
7 172.18.253.5 [MPLS: Label 81 Exp 0] 10 msec 3 msec 4 msec
8 172.18.253.6 3 msec 3 msec 3 msec
9 172.18.254.254 3 msec * 4 msec
R101#traceroute 172.18.254.254
Type escape sequence to abort.
Tracing the route to 172.18.254.254
VRF info: (vrf in name/id, vrf out name/id)
1 10.2.100.253 2 msec 2 msec 1 msec
2 10.2.0.5 2 msec 1 msec 2 msec
3 10.254.0.73 1 msec 2 msec 2 msec
4 10.254.0.13 [MPLS: Labels 58/27 Exp 0] 3 msec 2 msec 3 msec
5 10.254.0.18 [MPLS: Labels 38/27 Exp 0] 2 msec 3 msec 3 msec
6 10.254.0.62 [MPLS: Labels 20/27 Exp 0] 2 msec 2 msec 2 msec
7 172.18.253.5 [MPLS: Label 27 Exp 0] 3 msec 3 msec 4 msec
8 172.18.253.6 3 msec 2 msec 2 msec
9 172.18.254.254 2 msec * 4 msec
93
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com CC Dreamer and Combat
R18
Router bgp 65002
Neighbor 10.2.0.46 shutdown
R101#ping 172.18.1.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.18.1.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/4/5 ms
R101#traceroute 172.18.1.254
Type escape sequence to abort.
Tracing the route to 172.18.1.254
VRF info: (vrf in name/id, vrf out name/id)
1 10.2.100.253 1 msec 1 msec 1 msec
2 10.2.0.5 2 msec 1 msec 1 msec
3 10.254.0.73 2 msec 1 msec 1 msec
4 10.254.0.13 [MPLS: Labels 58/84 Exp 0] 4 msec 5 msec 3 msec
5 10.254.0.18 [MPLS: Labels 38/84 Exp 0] 4 msec 4 msec 3 msec
6 10.254.0.62 [MPLS: Labels 20/84 Exp 0] 4 msec 5 msec 4 msec
7 172.18.253.5 [MPLS: Label 84 Exp 0] 4 msec 3 msec 3 msec
8 172.18.253.6 3 msec 4 msec 4 msec
9 172.18.254.254 4 msec * 5 msec
Note: remember no shutdown bgp peer after you test backup path.
R18
Router bgp 65002
no neighbor 10.2.0.46 shutdown
94
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.