Lab 1.1

(1)

(2)

Disclaimer :

CCCIE RSv5 lab Exam Workbook is designed to provide extensive

practical information to help candidates in the preparation for CISCO Systems CCIE

RSv5 Lab Exam. We do not take liability or responsibility to any person or entity with

respect to loss or damage caused by the information presented in the workbook

Cisco, Cisco Systems,and CCIE (Cisco Certified Internetwork Expert) are registered

trademarks of Cisco Systems, Inc.And of its affiliates in the USA and other countries .

The information presented in the workbook is not necessarily related to Cisco

Systems, Inc. This workbook is not affiliated, endorsed or sponsored by Cisco

Systems, Inc.This workbook provides detailed and comprehensive practical examples

for the preparation of CCIE RSv5 labs but cannot be used as a replacement of other

supplementary books or prescribed materials. Purpose of the workbook is to provide

more practical information about the CCIE RSv5 lab Exam.

This workbook is prepared for the individual candidates who have purchased it with

non-disclosure agreement. Imitation, copying, editing or posting contents of the

workbook over the internet is part of copyright and non-disclosure agreement

violation.

(3)

(4)

Configure the ACME Headquarters network (AS 12345) & New York Office (34567) as per the

following requirements.

1. The VTP domain must be set to CCIE 2. Use VTP version 2

3. SW1 must be the VTP server and SW2 must be the VTP client

4. Secure all VTP updates with an MD5 digest of the ASCII string "CCIErocks$”

5. SW3 & SW4 must not advertise their VLAN configuration but must forward VTP advertisement that they receive out on their trunk ports.

6. In order to avoid as much as possible unknown unicast flooding in all vlans the administrator

requires that any dynamic entries learned by other SW1 and SW2 must be retained for 2 hours before being refreshed.

Solution :-

SW1 --- Configuration

SW1(config)#vtp version 2 SW1(config)#vtp domain CCIE

SW1(config)#vtp password CCIErock$ ---> Note CCIErock$ is without quotes SW1(config)#vtp mode server

(5)

SW2 --- Configuration

SW2(config)#vtp password CCIErock$ ---> Note CCIErock$ is without quotes SW2(config)#vtp mode client

SW2(config)#mac address-table aging-time 7200 ---> 7200 seconds = 2 hours

SW3 --- Configuration

SW3(config)#vtp password CCIErock$ ---> Note CCIErock$ is without quotes SW3(config)#vtp mode transparent

SW4 --- Configuration

SW4(config)#vtp password CCIErock$ ---> Note CCIErock$ is without quotes SW4(config)#vtp mode transparent

Verification :-

(6)

On SW2

(7)

NOTE :- Mac address-table aging-time 300 is by default on SW3

On SW4

(8)

Configure All Switch Ports as per the following requirements :-

1. Complete the configuration of all vlans so that all routers that are located in ACME's headquarters (AS12345) and New York office (AS 34567) can ping their directly connected neighbors.

2. All four switches (SW1-SW4) must have four dot1q trunks that do not rely on negotiation DO NOT configure any ether channel

3. Ensure that the following unused ports on all four switches are shutdown and configured as access ports in vlan 999

E3/0 - E3/3 are unused on SW1 and SW2 E1/0 - E1/3 are unused on SW3 and SW4 E3/0 - E3/3 are unused on SW3 and SW4

Solution :-

SW1 --- Configuration

SW1(config)#vlan 14 SW1(config-vlan)#exit SW1(config)#vlan 15 SW1(config-vlan)#exit SW1(config)#vlan 23 SW1(config-vlan)#exit SW1(config)#vlan 24 SW1(config-vlan)#exit SW1(config)#vlan 35 SW1(config-vlan)#exit SW1(config)#vlan 46 SW1(config-vlan)#exit SW1(config)#vlan 57 SW1(config-vlan)#exit SW1(config)#vlan 67 SW1(config-vlan)#exit SW1(config)#vlan 999 SW1(config-vlan)#exit SW1(config)#

(9)

SW1(config-if-range)#switchport trunk encapsulation dot1q SW1(config-if-range)#switchport mode trunk

SW1(config-if-range)#switchport nonegotiate SW1(config-if-range)#exit

SW1(config)#

SW1(config)#interface range ethernet 3/0 – 3 SW1(config-if-range)#switchport mode access SW1(config-if-range)#switchport access vlan 999 SW1(config-if-range)#shutdown

SW1(config-if-range)#exit SW1(config)#

SW1(config)# interface ethernet 0/0 SW1(config-if)#switchport mode access SW1(config-if)#switchport access vlan 14 SW1(config-if)#no shutdown

SW1(config-if)#exit SW1(config)#

SW1(config)#interface ethernet 0/1 SW1(config-if)#switchport mode access SW1(config-if)#switchport access vlan 23 SW1(config-if)#no shutdown

(10)

SW1(config-if)#switchport mode access SW1(config-if)#switchport access vlan 15 SW1(config-if)#no shutdown

SW2 --- Configuration

SW2(config)#interface range ethernet 2/0 – 3

SW2(config)#

SW2(config)#interface range ethernet 3/0 – 3 SW2(config-if-range)#switchport mode access SW2(config-if-range)#switchport access vlan 999 SW2(config-if-range)#shutdown

(11)

(12)

SW3 --- Configuration

SW3(config)#vlan 34 SW3(config-vlan)#exit SW3(config)#vlan 38 SW3(config-vlan)#exit SW3(config)#vlan 49 SW3(config-vlan)#exit SW3(config)#vlan 89 SW3(config-vlan)#exit SW3(config)#vlan 111 SW3(config-vlan)#exit SW3(config)#vlan 310 SW3(config-vlan)#exit SW3(config)#vlan 411 SW3(config-vlan)#exit SW3(config)#vlan 999 SW3(config-vlan)#exit SW3(config)#

SW3(config)#

SW3(config)# interface range ethernet 1/0 - 3 , ethernet 3/0 – 3 SW3(config-if-range)#switchport mode access

SW3(config-if-range)#switchport access vlan 999 SW3(config-if-range)#shutdown

(13)

SW3(config)#interface ethernet 0/3 SW3(config-if)#switchport mode access SW3(config-if)#switchport access vlan 111 SW3(config-if)#no shutdown SW3(config-if)#exit SW3(config)#

SW4 --- Configuration

SW4(config)#vlan 34 SW4(config-vlan)#exit SW4(config)#vlan 38 SW4(config-vlan)#exit SW4(config)#vlan 49 SW4(config-vlan)#exit SW4(config)#vlan 89 SW4(config-vlan)#exit SW4(config)#vlan 111 SW4(config-vlan)#exit SW4(config)#vlan 310 SW4(config-vlan)#exit SW4(config)#vlan 411 SW4(config-vlan)#exit SW4(config)#vlan 999 SW4(config-vlan)#exit SW4(config)#exit

SW4(config)#

SW4(config)# interface range ethernet 1/0 - 3 , ethernet 3/0 – 3 SW4(config-if-range)#switchport mode access

SW4(config-if-range)#switchport access vlan 999 SW4(config-if-range)#shutdown

(14)

Verification :-

(15)

(16)

(17)

(18)

(19)

(20)

NOTE :- Once Section 1.2 is completed , test connectivity by pinging directly

(21)

Configure the ACME network as per the following requirements.

1. SW1 must be the root switch for all odd vlans and must be the backup for all even vlans 2. SW2 must be the root switch for all even vlans and must be the backup for all odd vlans 3. SW3 must be the root switch for all odd vlans and must be the backup for all even vlans 4. SW4 must be the root switch for all even vlans and must be the backup for all odd vlans

5. Explicitly configure the root and backup roles, assuming that other switches with default configuration may eventually be added in the network in the future

6. All Switches must maintain one stp instance per vlan

7. Use stp mode that has only 3 possible port states.

8. All access ports must immediately transitioned to the forwarding state upon link up and they must still participate in STP . Use single command per switch to enable this

9. Access ports must automatically shut down if they receive any BPDU and an administrator must still manually re-enable the port. Use a single command per switch to enable this feature.

Solution :-

SW1 --- Configuration

SW1(config)#spanning-tree mode rapid- pvst SW1(config)#spanning-tree portfast default

SW1(config)#spanning-tree portfast bpduguard default

SW1(config)#Spanning-tree vlan 1,15,23,35,57,67,999 root primary SW1(config)#Spanning-tree vlan 14,24,46 root secondary

SW1(config)#errdisable recovery cause bpduguard

SW2 --- Configuration

SW2(config)#spanning-tree portfast bpduguard default SW2(config)#Spanning-tree vlan 14,24,46 root primary

SW2(config)#Spanning-tree vlan 1,15,23,35,57,67,999 root secondary SW2(config)#errdisable recovery cause bpduguard

(22)

SW3 --- Configuration

SW3(config)#spanning-tree portfast bpduguard default

SW3(config)#Spanning-tree vlan 1,49,89,111,411,999 root primary SW3(config)#Spanning-tree vlan 34,38,310 root secondary

SW3(config)#errdisable recovery cause bpduguard

SW4 --- Configuration

SW4(config)#spanning-tree portfast bpduguard default SW4(config)#Spanning-tree vlan 34,38,310 root primary

SW4(config)#Spanning-tree vlan 1,49,89,111,411,999 root secondary SW4(config)#errdisable recovery cause bpduguard

Verification :-

(23)

On SW2

On SW3

(24)

NOTE :- 1) When SW1 goes down , SW2 will become root switch for all odd vlans.

2) When SW2 goes down , SW1 will become root switch for all even vlans.

3) When SW3 goes down , SW4 will become root switch for all odd vlans.

(25)

Configure WAN Connectivity as per the following requirements

1. The WAN links must rely on a layer 2 protocol that supports link negotiation and authentication. 2. The Service provider expects both R18 and R19 to complete three way hand shake by providing the

expected response of a challenge that is sent by R63 3. R18 must use the username ACME-R18 and password CCIE 4. R19 must use the username ACME-R19 and password CCIE

Solution :-

R18 --- Configuration

R18(config)#interface serial 1/0 R18(config-if)#encapsulation ppp R18(config-if)#no peer neighbor-route R18(config-if)#ppp chap hostname ACME-R18 R18(config-if)#ppp chap password CCIE R18(config-if)#no shutdown R18(config-if)#exit R18(config

R19 --- Configuration

R19(config)#interface serial 1/0 R19(config-if)#encapsulation ppp R19(config-if)#no peer neighbor-route R19(config-if)#ppp chap hostname ACME-R19 R19(config-if)#ppp chap password CCIE R19(config-if)#no shutdown

R19(config-if)#exit R19(config)#

(26)

Verification :-

(27)

(28)

Configure OSPFv2 area 0 in ACME HQ (AS12345) according to the following requirements

1. Configure the OSPF process id to 12345 and set the router id to interface loopback 0 on all seven routers 2. The interface loopback 0 at each router must be seen as an internal OSPF prefix by all other routers 3. Ensure that OSPF is not running on any interface that is facing another AS. Use any method to

accomplish this requirement .

4. SW 1 and SW2 must not participate in routing at all

5. Do not change the default OSPF cost of any interface in AS12345 6. R1 must see the following OSPF routes in the routing table

(29)

Solution :-

R1 --- Configuration

R1(config)#router ospf 12345 R1(config-router)#router-id 123.1.1.1 R1(config-router)#network 123.10.1.1 0.0.0.0 area 0 R1(config-router)#network 123.10.1.5 0.0.0.0 area 0 R1(config-router)#network 123.1.1.1 0.0.0.0 area 0 R1(config-router)#exit R1(config)#

R2

--- Configuration

R3 --- Configuration

R4 --- Configuration

R4(config)#router ospf 12345 R4(config-router)#router-id 123.4.4.4 R4(config-router)#network 123.10.1.2 0.0.0.0 area 0 R4(config-router)#network 123.10.1.21 0.0.0.0 area 0 R4(config-router)#network 123.10.1.18 0.0.0.0 area 0 R4(config-router)#network 123.4.4.4 0.0.0.0 area 0 R4(config-router)#exit R4(config)#

(30)

R5

--- Configuration

R5(config)#router ospf 12345 R5(config-router)#router-id 123.5.5.5 R5(config-router)#network 123.10.1.6 0.0.0.0 area 0 R5(config-router)#network 123.10.1.14 0.0.0.0 area 0 R5(config-router)#network 123.10.1.29 0.0.0.0 area 0 R5(config-router)#network 123.5.5.5 0.0.0.0 area 0 R5(config-router)#exit R5(config)#

R6

--- Configuration

R7

--- Configuration

(31)

Verification :-

On R1

(32)

On R3

On R4

On R5

On R6

On R7

(33)

Configure EIGRP for ipv4 in the New York office (AS34567) according to the following requirements

1. The EIGRP Autonomous System is 34567

2. The interface loopback 0 on each router must be seen as an internal EIGRP prefix by all other routers 3. Ensure the EIGRP is not running on any interface that is facing another AS. Use any method to

accomplish this requirement

4. Using a single command on one switch only ensure that R8 installs two equal-cost route for the following three path

 Vlan 411

 Interface loopback0 at SW4

 Interface loopback0 at R11



5. Using a single command on one switch only ensure that R9 installs two equal cost route for the following three path

 Vlan 310  Interface loopback0 at SW3  Interface loopback0 at R10

Solution :-

R8 --- Configuration

R8(config)#router eigrp 34567 R8(config-router)#network 123.10.2.1 0.0.0.0 R8(config-router)#network 123.10.2.5 0.0.0.0 R8(config-router)#network 123.8.8.8 0.0.0.0 R8(config-router)#no auto-summary R8(config-router)#exit R8(config)#

(34)

R9

--- Configuration

R10

--- Configuration

R11 --- Configuration

SW3

--- Configuration

SW3(config)#router eigrp 34567 SW3(config-router)#network 123.10.2.13 0.0.0.0 SW3(config-router)#network 123.10.2.6 0.0.0.0 SW3(config-router)#network 123.10.2.17 0.0.0.0 SW3(config-router)#network 123.33.33.33 0.0.0.0 SW3(config-router)#no auto-summary SW3(config-router)#exit SW3(config)# SW3(config)#interface vlan 34 SW3(config-if)#delay 100

(35)

SW4

--- Configuration

SW4(config)#router eigrp 34567 SW4(config-router)#network 123.10.2.10 0.0.0.0 SW4(config-router)#network 123.10.2.14 0.0.0.0 SW4(config-router)#network 123.10.2.21 0.0.0.0 SW4(config-router)#network 123.44.44.44 0.0.0.0 SW4(config-router)#no auto-summary SW4(config-router)#exit SW4(config)# SW4(config)#interface vlan 34 SW4(config-if)#delay 100

Verification :-

On R8

(36)

(37)

On R10

On R11

On SW3

(38)

Configure EIGRP in AS 45678 according to the following requirements.

2. The interface loopback0 at each router must be seen as an internal EIGRP prefix by all other routers 3. Ensure the EIGRP is not running on any interface that is facing another AS. Use any method to

accomplish this requirement .

4. SW5 and SW6 are layer 3 switches and must configure EIGRP

5. On all three routers R15, 16, 17 must use EIGRP with 64bit metric version 6. Do not change the interface bandwidth on any physical interface in AS 45678

Solution :-

R15 --- Configuration

R15(config)#router eigrp CCIE

R15(config-router)#address-family ipv4 unicast autonomous-system 45678 R15(config-router-af)#network 123.20.1.1 0.0.0.0

R15(config-router-af)#network 123.20.1.9 0.0.0.0 R15(config-router-af)#network 123.15.15.15 0.0.0.0 R15(config-router-af)# topology base

R15(config-router-af-topology)#no auto-summary R15(config-router-af-topology)#exit-af-topology R15(config-router-af)#exit-address-family R15(config-router)#exit R15(config)#

R16 --- Configuration

R16(config-router-af-topology)#no auto-summary R16(config-router-af-topology)#exit-af-topology R16(config-router-af)#exit-address-family R16(config-router)#exit

(39)

R17 --- Configuration

R17(config-router-af-topology)#no auto-summary R17(config-router-af-topology)#exit-af-topology R17(config-router-af)#exit-address-family R17(config-router)#exit R17(config)#

SW5 --- Configuration

SW5(config)#Vlan 5 ---> Pre-configured SW5(config)#Vlan 55 ---> Pre-configured SW5(config)#router eigrp 45678 SW5(config-router)#network 123.20.1.3 0.0.0.0 SW5(config-router)#network 123.55.55.55 0.0.0.0 SW5(config-router)#no auto-summary SW5(config-router)#exit SW5(config)#

SW6 --- Configuration

SW6(config)#Vlan 6 ---> Pre-configured SW6(config)#Vlan 66 ---> Pre-configured SW6(config)#router eigrp 45678 SW6(config-router)#network 123.20.1.11 0.0.0.0 SW6(config-router)#network 123.66.66.66 0.0.0.0 SW6(config-router)#no auto-summary SW6(config-router)#exit SW6(config)#

(40)

Verification :-

(41)

(42)

(43)

(44)

(45)

Configure EIGRP in AS 65222 according to the following requirements.

2. The interface loopback0 at each router must be seen as an internal EIGRP prefix by all other routers 3. Ensure that EIGRP is not running on any interface that is facing another AS.Use any method to

accomplish this requirement

4. Ensure that R17 should be the DMVPN hub and R18, R19 should be as the spoke. Use the pre-configured tunnel 0

Pre-configuration for tunnel 0 on each routers

On R17

Interface tunnel 0 no ip redirects

Ip address 123.20.1.25 255.255.255.248 tunnel source ethernet 0/0

tunnel mode gre multipoint

On R18

Ip address 123.20.1.26 255.255.255.248 tunnel source Serial1/0

tunnel mode gre multipoint

On R19

Ip address 123.20.1.27 255.255.255.248 tunnel source Serial1/0

(46)

Solution

:-R17 --- Configuration

R17(config-router)#address-family ipv4 unicast autonomous-system 45678 R17(config-router-af)#topology base

R17(config-router-af-topology)# no auto-summary R17(config-router-af-topology)#exit-af-topology

R17(config-router-af)#network 123.20.1.25 0.0.0.0 ---> tunnel 0 ip address R17(config-router-af)#exit-address-family

R17(config-router)#exit R17(config)#

R18 --- Configuration

R18(config)#router eigrp 45678

R18(config-router)# network 10.1.18.1 0.0.0.0 ---> Connected PC ip address R18(config-router)# network 123.18.18.18 0.0.0.0 ---> Loopback 0 ip address R18(config-router)# network 123.20.1.26 0.0.0.0 ---> tunnel 0 ip address R18(config-router)#eigrp stub connected

R18(config-router)# no auto-summary R18(config-router)#exit

R18(config)#

R19 --- Configuration

R19(config-router)# network 10.1.19.1 0.0.0.0 ---> Connected PC ip address R19(config-router)# network 123.19.19.19 0.0.0.0 ---> Loopback 0 ip address R19(config-router)# network 123.20.1.27 0.0.0.0 ---> tunnel 0 ip address R19(config-router)#eigrp stub connected

R19(config-router)# no auto-summary R19(config-router)#exit

(47)

Verification :-

(48)

(49)

On R19

Note : You will get the above result only after completing Section 3.3

(DMVPN task).

(50)

BGP is partially pre-configured in ACME headquarters. Complete the configuration as required.

Configure the IBGP in ACME’s headquarters (AS 12345) according to the following requirements.

1. R4 and R5 must not establish any BGP session at any time

2. All BGP routers must use their interface loopback0 as their BGP router-id

3. Disable the default ipv4 unicast address family for peering session establishment in all BGP routers 4. R1 must be the ipv4 route-reflector for BGP AS 12345

5. R1 must use the peer-gorup named “IBGP” for all internal peerings

Configure EBGP between ACME's San Francisco and San Jose sites according to the following requirements 6. R20 is the CE router and uses EBGP to connect to the managed services that are provided by the PE

routers R2 and R3

7. R20 must establish separate EBGP peering with both R2 and R3 for every VRF 8. R20 must advertise the following prefix to all of its BGP peers

 123.0.0.0/8 summary-only

 10.0.0.0/8 summary-only

9. R20 must advertise a default route to all of its BGP peer except to 10.120.99.1 and 10.120.99.5

Solution :-

For IBGP

R1 --- Configuration

R1(config)#router bgp 12345

R1(config-router)#bgp router-id 123.1.1.1 R1(config-router)#no bgp default ipv4-unicast R1(config-router)#neighbor IBGP peer-group R1(config-router)#neighbor IBGP remote-as 12345

R1(config-router)#neighbor IBGP update-source loopback 0 R1(config-router)#neighbor 123.2.2.2 peer-group IBGP R1(config-router)#neighbor 123.3.3.3 peer-group IBGP R1(config-router)#neighbor 123.6.6.6 peer-group IBGP R1(config-router)#neighbor 123.7.7.7 peer-group IBGP

(51)

R1(config-router-af)#neighbor IBGP route-reflector-client R1(config-router-af)#neighbor 123.2.2.2 activate R1(config-router-af)#neighbor 123.3.3.3 activate R1(config-router-af)#neighbor 123.6.6.6 activate R1(config-router-af)#neighbor 123.7.7.7 activate R1(config-router-af)#exit-address-family R1(config-router)#exit R1(config)#

R2 --- Configuration

R2(config)#router bgp 12345 R2(config-router)#bgp router-id 123.2.2.2 R2(config-router)#no bgp default ipv4-unicast

R2(config-router)#neighbor 123.1.1.1 remote-as 12345

R2(config-router)#neighbor 123.1.1.1 update-source loopback 0 R2(config-router)#address-family ipv4 R2(config-router-af)#neighbor 123.1.1.1 activate R2(config-router-af)#exit-address-family R2(config-router)#exit R2(config)#

R3 --- Configuration

R3(config-router)#neighbor 123.1.1.1 update-source loopback 0 R3(config-router)#address-family ipv4

R3(config-router-af)#neighbor 123.1.1.1 activate R3(config-router-af)#exit-address-family

R3(config-router)#exit R3(config)#

(52)

R6 --- Configuration

R6(config-router)#bgp router-id 123.6.6.6 R6(config-router)#no bgp default ipv4-unicast

R7 --- Configuration

For EBGP

R2 --- Configuration

R2(config-router)#address-family ipv4 vrf BLUE

R2(config-router-af)#neighbor 10.120.13.2 remote-as 65112 R2(config-router-af)#neighbor 10.120.13.2 activate

R2(config-router-af)#exit-address-family R2(config-router)#

R2(config-router)#address-family ipv4 vrf GREEN

(53)

R2(config-router)#address-family ipv4 vrf RED

R2(config-router)#address-family ipv4 vrf YELLOW

R2(config-router-af)#neighbor 10.120.15.2 remote-as 65112 R2(config-router-af)#neighbor 10.120.15.2 activate R2(config-router-af)#exit-address-family R2(config-router)#exit R2(config)#

On R3 --- Configuration

R3(config-router)#address-family ipv4 vrf BLUE

R3(config-router)#address-family ipv4 vrf GREEN

R3(config-router)#address-family ipv4 vrf INET

R3(config-router)#address-family ipv4 vrf RED

(54)

R3(config-router-af)#neighbor 10.120.15.6 remote-as 65112 R3(config-router-af)#neighbor 10.120.15.6 activate R3(config-router-af)#exit-address-family R3(config-router)#exit R3(config)#

R20 --- Configuration

R20(config)#router bgp 65112 R20(config-router)#network 10.0.0.0 R20(config-router)#network 123.0.0.0 R20(config-router)#neighbor 10.120.12.1 remote-as 12345 R20(config-router)#neighbor 10.120.12.1 default-originate R20(config-router)#neighbor 10.120.12.5 remote-as 12345 R20(config-router)#neighbor 10.120.12.5 default-originate R20(config-router)#neighbor 10.120.13.1 remote-as 12345 R20(config-router)#neighbor 10.120.13.1 default-originate R20(config-router)#neighbor 10.120.13.5 remote-as 12345 R20(config-router)#neighbor 10.120.13.5 default-originate R20(config-router)#neighbor 10.120.14.1 remote-as 12345 R20(config-router)#neighbor 10.120.14.1 default-originate R20(config-router)#neighbor 10.120.14.5 remote-as 12345 R20(config-router)#neighbor 10.120.14.5 default-originate R20(config-router)#neighbor 10.120.15.1 remote-as 12345 R20(config-router)#neighbor 10.120.15.1 default-originate R20(config-router)#neighbor 10.120.15.5 remote-as 12345 R20(config-router)#neighbor 10.120.15.5 default-originate R20(config-router)#neighbor 10.120.99.1 remote-as 12345 R20(config-router)#neighbor 10.120.99.5 remote-as 12345 R20(config-router)#aggregate-address 123.0.0.0 255.0.0.0 summary-only R20(config-router)#aggregate-address 10.0.0.0 255.0.0.0 summary-only R20(config-router)# auto-summary R20(config-router)#exit R20(config)#

(55)

Verification :-

For IBGP

On R1

On R2

On R3

On R6

(56)

On R7

For EBGP

On R2

(57)

(58)

(59)

(60)

(61)

BGP is partially pre-configured in ACME New York office(AS 34567).

Complete the configuration as required.

Configure IBGP in AS 34567 according to the following requirements

1. SW3 and SW4 must not establish any BGP session at any time

2. All four BGP routers must use their interface loopback0 as their bgp router-id

3. Disable the default ipv4 unicast address family for peering session establishment in all BGP routers 4. Configure full mesh IBGP peering between all four routers use any configuration method

5. R9 must be selected as the preferred exit point for traffic destined to remote AS's 6. R11 must be selected as the next preferred exit point in case R9 fails

7. No BGP speaker in AS 34567 must use network statement under the BGP router configuration. 8. Ensure that all the BGP next-hop is never marked as unreachable as long as interface loopback0 of

the remote peer is known via IGP

Configure EBGP in AS 34567 according to the following requirements

9. All four BGP routers must establish EBGP peering with their neighboring AS as shown in diagram 3 (BGP topology)

10. All four BGP routers must redistribute EIGRP into BGP

11. R9 and R11 must redistribute only the BGP default route into Eigrp

12. Ensure that R9 is the only router that sees the default as a BGP route and that all other routers (R8, R10, R11) see it as an EIGRP external router.

Solution :-

For IBGP

R8 --- Configuration

R8(config-router)#bgp router-id 123.8.8.8 R8(config-router)#no bgp default ipv4-unicast

R8(config-router)#neighbor 123.9.9.9 update-source loopback 0 R8(config-router)#neighbor 123.10.10.10 remote-as 34567

(62)

[email protected] All Right Reserved Page 62 R8(config-router)#address-family ipv4 R8(config-router-af)#neighbor 123.9.9.9 activate R8(config-router-af)#neighbor 123.9.9.9 next-hop-self R8(config-router-af)#neighbor 123.10.10.10 activate R8(config-router-af)#neighbor 123.10.10.10 next-hop-self R8(config-router-af)#neighbor 123.11.11.11 activate R8(config-router-af)#neighbor 123.11.11.11 next-hop-self R8(config-router-af)#exit-address-family R8(config-router)#exit R8(config)#

R9 --- Configuration

R9(config-router)#neighbor 123.11.11.11 update-source loopback 0 R9(config-router)#bgp default local-preference 102

R9(config-router)#address-family ipv4 R9(config-router-af)#neighbor 123.8.8.8 activate R9(config-router-af)#neighbor 123.8.8.8 next-hop-self R9(config-router-af)#neighbor 123.10.10.10 activate R9(config-router-af)#neighbor 123.10.10.10 next-hop-self R9(config-router-af)#neighbor 123.11.11.11 activate R9(config-router-af)#neighbor 123.11.11.11 next-hop-self R9(config-router-af)#exit-address-family R9(config-router)#exit R9(config)#

R10 --- Configuration

(63)

[email protected] All Right Reserved Page 63 R10(config-router)#address-family ipv4 R10(config-router-af)#neighbor 123.8.8.8 activate R10(config-router-af)#neighbor 123.8.8.8 next-hop-self R10(config-router-af)#neighbor 123.9.9.9 activate R10(config-router-af)#neighbor 123.9.9.9 next-hop-self R10(config-router-af)#neighbor 123.11.11.11 activate R10(config-router-af)#neighbor 123.11.11.11 next-hop-self R10(config-router-af)#exit-address-family R10(config-router)#exit R10(config)#

R11 --- Configuration

R11(config-router)#neighbor 123.10.10.10 update-source loopback 0 R11(config-router)#bgp default local-preference 101

R11(config-router)#address-family ipv4 R11(config-router-af)#neighbor 123.8.8.8 activate R11(config-router-af)#neighbor 123.8.8.8 next-hop-self R11(config-router-af)#neighbor 123.9.9.9 activate R11(config-router-af)#neighbor 123.9.9.9 next-hop-self R11(config-router-af)#neighbor 123.10.10.10 activate R11(config-router-af)#neighbor 123.10.10.10 next-hop-self R11(config-router-af)#exit-address-family R11(config-router)#exit R11(config)#

(64)

For EBGP

R8 --- Configuration

R8(config)#router bgp 34567 R8(config-router)#neighbor 101.1.34.1 remote-as 10001 R8(config-router)#address-family ipv4 R8(config-router-af)#neighbor 101.1.34.1 activate R8(config-router-af)#redistribute eigrp 34567 R8(config-router-af)#exit-address-family R8(config-router)#exit R8(config)#

R9 --- Configuration

R9(config)#router bgp 34567 R9(config-router)#neighbor 102.2.34.1 remote-as 10002 R9(config-router)#neighbor 33.34.4.1 remote-as 30000 R9(config-router)#address-family ipv4 R9(config-router-af)#neighbor 102.2.34.1 activate R9(config-router-af)#neighbor 33.34.4.1 activate R9(config-router-af)#redistribute eigrp 34567

R9(config-router-af)#neighbor 33.34.4.1 route-map DEFAULT in R9(config-router-af)#exit-address-family

R9(config)#ip prefix-list DEFAULT permit 0.0.0.0/0 R9(config)#route-map DEFAULT

R9(config-route-map)#match ip address prefix-list DEFAULT R9(config-route-map)#exit

R9(config)#

R9(config-router)#redistribute bgp 34567 route-map DEFAULT metric 100000 10 255 1 1500 R9(config-router)#exit

(65)

--- Configuration

R10(config)#router bgp 34567 R10(config-router)#neighbor 201.1.34.1 remote-as 20001 R10(config-router)#address-family ipv4 R10(config-router-af)#neighbor 201.1.34.1 activate R10(config-router-af)#redistribute eigrp 34567 R10(config-router-af)#exit-address-family R10(config-router)#exit R10(config)#

R11 --- Configuration

R11(config)#router bgp 34567 R11(config-router)#neighbor 33.34.3.1 remote-as 30000 R11(config-router)#neighbor 202.2.34.1 remote-as 20002 R11(config-router)#address-family ipv4 R11(config-router-af)#neighbor 33.34.3.1 activate R11(config-router-af)#neighbor 202.2.34.1 activate R11(config-router-af)#redistribute eigrp 34567 R11(config-router-af)#exit-address-family R11(config-router)#exit R11(config)#

R11(config)#ip prefix-list DEFAULT permit 0.0.0.0/0 R11(config)#route-map DEFAULT

R11(config-route-map)#match ip address prefix-list DEFAULT R11(config-route-map)#exit

R11(config)#

R11(config-router)#redistribute bgp 34567 route-map DEFAULT R11(config-router)#exit

(66)

Verification :-

For IBGP

On R8

On R9

On R10

On R11

(67)

For EBGP

On R8

(68)

(69)

(70)

(71)

(72)

(73)

(74)

Configure EBGP in ACME's APAC region (AS45678 and AS 65222) according to the following

requirements.

Refer “ Diagram 3 : BGP routing “

1. SW5 and SW6 must not establish any BGP session at any time.

2. All BGP routers must use their interface loopback0 as the BGP router-id. 3. No IBGP peering session are allowed in AS 45678.

4. R15 must establish an EBGP peering with AS 10003 and must receive a default route as well as other prefix.

5. R15 must redistribute BGP into EIGRP vice versa.

6. R15 must also advertise an aggregate prefix for 123.20.1.0/24 to AS 10003 and must suppress all components prefixes.

7. R16 , R17 , R18 , R19 must establish an EBGP peering with AS 20003 and must receive a default route as well as other prefix.

8. R16 , R17 , R18 , R19 must not advertise any prefix to AS 20003.

9. As long as R15 operational , R16 , R17 , R18 , R19 must prefer the EIGRP default route over the EBGP default route.

10. Do not create any VRF in anywhere in order to accomplish the above requirements.

Solution :-

R15 --- Configuration

R15(config)#router bgp 45678 R15(config-router)#bgp router-id 123.15.15.15 R15(config-router)#neighbor 103.2.45.1 remote-as 10003 R15(config-router)#redistribute eigrp 45678 R15(config-router)#aggregate-address 123.20.1.0 255.255.255.0 summary-only R15(config-router)#exit R15(config)#

R15(config-router)#address-family ipv4 autonomous-system 45678 R15(config-router-af)#topology base R15(config-router-af-topology)#redistribute bgp 45678 R15(config-router-af-topology)#exit-af-topology R15(config-router-af)#exit-address-family R15(config-router)#exit R15(config)#

(75)

R16 --- Configuration

R16(config)#router bgp 45678 R16(config-router)#bgp router-id 123.16.16.16 R16(config-router)#neighbor 203.3.16.1 remote-as 20003 R16(config-router)#distance 171 203.3.16.1 0.0.0.0 1 R16(config-router)#exit R16(config)# R16(config)#access-list 1 permit 0.0.0.0

R17 --- Configuration

R18 --- Configuration

R19 --- Configuration

(76)

Verification :-

(77)

(78)

(79)

(80)

(81)

Configure the ACME network as per the following requirements

1. All ACME border routers in AS 12345 must filter the BGP prefixes that are advertised to their SP in VRF INET and must allow all prefixes that belong to class A 123.0.0.0./8 and all other VRF's must propagate all prefix

2. All ACME border routers in AS 34567 must filter the BGP prefixes that are advertised to their SP and must allow only all prefixes that belong to the class A 123.0.0.0/8

3. Do not use any route-map or access-list to accomplish the above requirements

4. R13 must route traffic preferably via AS 20002, use any method to accomplish this requirement 5. All three remote sites in AS 65111 must be able to ping 1.2.3.4 and traceroute must reveal the exact

same path as shown in the following output

R12# ping 1.2.3.4 source loopback0

!!!!!

R12# traceroute 1.2.3.4 source loopback0

1. 201.1.12.1 [AS 65112]

2. 201.1.123.2 [AS 65112]

3. 10.120.12.1 [AS 65112] [MPLS: label 135 EXP 0]

4. 10.120.12.2 [AS 65112]

5. 10.120.99.5 [AS 65112]

6. 102.2.123.1 [AS 65112]

7. 33.10.2.1 [AS 65112]

Solution :-

R2 --- Configuration

R2(config)#ip prefix-list FILTER permit 123.0.0.0/8 le 32 R2(config)#router bgp 12345

R2(config-router)#address-family ipv4 vrf INET

(82)

R2(config-router-af)#exit-address-family R2(config-router)#exit

R2(config)#

R3 --- Configuration

R3(config)#Ip prefix-list FILTER permit 123.0.0.0/8 le 32 R3(config)#Router bgp 12345

R3(config-router)#Address-family ipv4 vrf INET

R3(config-router-af)#Neighbor 102.2.123.1 remote-as 10002 R3(config-router-af)#Neighbor 102.2.123.1 activate

R3(config-router-af)#Neighbor 102.2.123.1 prefix-list FILTER out R3(config-router-af)#exit-address-family

R6 --- Configuration

R7 --- Configuration

(83)

R8 --- Configuration

R8(config)#ip prefix-list FILTER permit 123.0.0.0/8 le 32 R8(config)#Router bgp 34567

R8(config-router)#Address-family ipv4

R9 --- Configuration

R9(config)#Ip prefix-list FILTER permit 123.0.0.0/8 le 32 R9(config)#router bgp 34567

R9(config-router)#address-family ipv4

R9(config-router-af)#neighbor 102.2.34.1 prefix-list FILTER out R9(config-router-af)#exit-address-family

R10 --- Configuration

R11 --- Configuration

R11(config-router-af)#Neighbor 202.2.34.1 activate

(84)

R12 --- Configuration

R12(config)#Router bgp 65111 R12(config-router)#Redistribute connected R12(config-router)#Neighbor 201.1.12.1 remote-as 20001 R12(config-router)#exit R12(config)#

R13 --- Configuration

R13(config)#Router bgp 65111 R13(config-router)#Redistribute connected R13(config-router)#Neighbor 201.1.13.1 remote-as 20001 R13(config-router)#Neighbor 202.2.13.1 remote-as 20002 R13(config-router)#Neighbor 202.2.13.1 weight 1 R13(config-router)#exit R13(config)#

R14 --- Configuration

R14(config)#Router bgp 65111 R14(config-router)#Redistribute connected R14(config-router)#Neighbor 202.2.14.1 remote-as 20002 R14(config-router)#exit R14(config)#

R20 --- Configuration

R20(config)#Router bgp 65112 R20(config-router)#Neighbor 10.120.99.5 weight 1 R20(config-router)#exit R20(config)#

(85)

Verification :-

On R12

(86)

On R14

Note : You will get the above result only after completing Section 3.1 & 3.2

(MPLS VPN PART 1 & PART 2)

(87)

1. Configure the OSPF process id 1 and set the router-id as interface loopback0

2. SW4 must be selected as the designated router on VLAN 34 and must have the best chance. 3. SW3 must be selected as the back-up designated router on VLAN 34 and must take over the

designated router if Switch4 is down.

Ipv6 address is Pre-Configured

Solution :-

SW3 --- Configuration

SW3(config)#ipv6 unicast-routing SW3(config)#ipv6 router ospf 1

SW3(config-rtr)#router-id 123.33.33.33 SW3(config-rtr)#exit

SW3(config)#

SW3(config)#interface loopback 0 SW3(config-if)# Ipv6 ospf 1 area 0 SW3(config)#exit

SW3(config)#

SW3(config)#interface vlan 34 SW3(config-if)# Ipv6 ospf 1 area 0 SW3(config-if)#ipv6 ospf priority 254 SW3(config)#exit

SW3(config)#

SW3(config-if)#interface vlan 310 SW3(config-if)# Ipv6 ospf 1 area 10 SW3(config-if)#exit

(88)

SW4 --- Configuration

SW4(config)#ipv6 unicast-routing SW4(config)#Ipv6 router ospf 1

SW4(config-rtr)#Router-id 123.44.44.44 SW4(config-rtr)#exit

SW4(config)#

SW4(config)#Interface loopback 0 SW4(config-if)# Ipv6 ospf 1 area 0 SW4(config-if)#exit

SW4(config)#

SW4(config)#Interface vlan 34 SW4(config-if)# Ipv6 ospf 1 area 0 SW4(config-if)#Ipv6 ospf priority 255 SW4(config-if)#exit

SW4(config)#

SW4(config-if)#Interface vlan 411 SW4(config-if)# Ipv6 ospf 1 area 11 SW4(config-if)#exit

SW4(config)#

R10 --- Configuration

R10(config)#ipv6 unicast-routing R10(config)#Ipv6 router ospf 1

R10(config-rtr)#Router-id 123.10.10.10 R10(config-rtr)#exit

R10(config)#

R10(config)#Interface ethernet0/1 R10(config-if)#Ipv6 ospf 1 area 10 R10(config-if)#exit

R10(config)#

R10(config)#Interface loopback 0 R10(config-if)#Ipv6 ospf 1 area 10 R10(config-if)#exit

(89)

R11 --- Configuration

R11(config)#ipv6 unicast-routing R11(config)#Ipv6 router ospf 1

R11(config-rtr)#Router-id 123.11.11.11 R11(config-rtr)#exit

R11(config)#

R11(config)#Interface ethernet0/2 R11(config-if)#Ipv6 ospf 1 area 11 R11(config-if)#exit

R11(config)#

R11(config)#Interface loopback 0 R11(config-if)#Ipv6 ospf 1 area 11 R11(config-if)#exit

R11(config)#

Verification :-

On R10

(90)

On SW3

(91)

1. Establish the four eBGP peering as indicated on "diagram IPV6 routing"

2. Do not use the network command under the BGP address-family ipv6 on either R10 or R11 3. Both regional Service Provider will advertise the necessary prefixes

4. Advertise the ipv6 prefix on interface Ethernet 0/0 into BGP on both R12 and R14

5. Configure your network such that any ipv6 that include can communicate with any ipv6 user that is located and vice versa.

6. Do not use any static route or default route anywhere 7. Use the following ping to verify your configuration

R12# ping 2001:CC1E:BEF:14:202:2:14:1 source Ethernet0/0

!!!!!

Solution :-

R10 --- Configuration

R10(config-router)#neighbor 2001:CC1E:BEF:10:201:1:34:1 remote-as 20001 R10(config-router)#address-family ipv6

R10(config-router-af)#neighbor 2001:CC1E:BEF:10:201:1:34:1 activate R10(config-router-af)#redistribute ospf 1 match internal external R10(config-router-af)#exit-address-family

R10(config)#ipv6 router ospf 1

R10(config-rtr)#redistribute bgp 34567 R10(config-rtr)#exit

(92)

R11 --- Configuration

R11(config)#Router bgp 34567

R11(config-router-af)#neighbor 2001:CC1E:BEF:11:202:2:34:1 activate R11(config-router-af)#redistribute ospf 1 match internal external R11(config-router-af)#exit-address-family

R11(config)#ipv6 router ospf 1

R11(config-rtr)#redistribute bgp 34567 R11(config-rtr)#exit

R11(config)#

R12 --- Configuration

R12(config-router-af)#neighbor 2001:CC1E:BEF:124:201:1:12:1 activate R12(config-router-af)#neighbor 2001:CC1E:BEF:124:201:1:12:1 allowas-in R12(config-router-af)#network 2001:CC1E:BEF:12::/64 R12(config-router-af)#exit-address-family R12(config-router)#exit R12(config)#

R14 --- Configuration

R14(config-router-af)#neighbor 2001:CC1E:BEF:144:202:2:14:1 activate R14(config-router-af)#neighbor 2001:CC1E:BEF:144:202:2:14:1 allowas-in R14(config-router-af)#network 2001:CC1E:BEF:14::/64

R14(config-router-af)#exit-address-family R14(config-router)#exit

(93)

Verification:-

(94)

On R11

(95)

Assume that Streaming server is connected in vlan 5 on SW5 and receiver are located at the DMVPN

spoke R18 and R19

Configure the ACME network as per the following requirements

1. Only network segments with active receivers that explicitly require the data must receive the multicast traffic

2. Interface loopback0 of R15 must be configured as RP 3. Use a standard method of dynamically distributing the RP 4. Both R16 and R17 must participate in the multicast routing

5. For testing purpose ,Configure interface ethernet0/0 of both R18 and R19 to join group 232.1.1.1

Solution :-

R15 --- Configuration

R15(config)#ip multicast-routing R15(config)#interface loopback 0 R15(config-if)#ip pim sparse-mode R15(config-if)#exit

R15(config)#

R15(config)#interface ethernet 0/1 R15(config-if)#ip pim sparse-mode R15(config-if)#exit

R15(config)#

R15(config)#int ethernet 0/2 R15(config-if)#ip pim sparse-mode R15(config-if)#exit

R15(config)#

R15(config)#ip pim rp-candidate loopback 0 R15(config)#ip pim bsr-candidate loopback 0

(96)

SW5 --- Configuration

SW5(config)#ip multicast-routing SW5(config)#int vlan 5

SW5(config-if)#ip pim sparse-mode SW5(config-if)#exit

SW5(config)#

SW5(config)#int vlan 55

SW5(config-if)#ip pim sparse-mode SW5(config-if)#exit

SW5(config)#

SW6 --- Configuration

SW6(config)#ip multicast-routing SW6(config)#interface vlan 66 SW6(config-if)#ip pim sparse-mode SW6(config-if)#exit

SW6(config)#

SW6(config)#interface vlan 6 SW6(config-if)#ip pim sparse-mode SW6(config-if)#exit

SW6(config)#

R16 --- Configuration

R16(config)#ip multicast-routing R16(config)#interface ethernet 0/1 R16(config-if)# ip pim sparse-mode R16(config-if)#exit

R16(config)#

R16(config)#interface ethernet 0/2 R16(config-if)# ip pim sparse-mode R16(config-if)#exit

(97)

R17 --- Configuration

R17(config)#ip multicast-routing R17(config)#interface tunnel 0 R17(config-if)# ip pim sparse-mode R17(config-if)#exit

R17(config)#

R18 --- Configuration

R18(config)#

R18(config)#interface ethernet 0/0 R18(config-if)# ip pim sparse-mode

R18(config-if)#ip igmp join-group 232.1.1.1 R18(config-if)#exit

R18(config)#

R19 --- Configuration

R19(config)#

R19(config)#interface ethernet 0/0 R19(config-if)# ip pim sparse-mode

(98)

R19(config-if)#exit R19(config)#