ciers2-ca-lab01-sc-learn.pdf

CIERSASSESS-5

Cisco 360 CCIE R&S Advanced Workshop 2 Assessment Lab 1

The Cisco 360 CCIE® Routing and Switching (R&S) Advanced Workshop 2 is a five-day course for CCIE candidates who are ready to attempt the Cisco CCIE lab. Advanced Workshop 2 is notan entry-level course. You should take this course only if you are close to passing the actual CCIE lab.

Advanced Workshop 2 further develops such high-level candidates by presenting learners with five multitopic labs that simulate the actual Cisco CCIE lab experience. Four of the labs are eight hours long; one is four hours long.

One lab is administered on each day of the course. On the first four days, you will perform an eight-hour lab. On the fifth day of the course, you will perform the four-hour lab. During each lab, you will be tested on your knowledge of complex internetworking subjects, your problem-solving skills, and your test-taking strategies.

After each of the labs, you will receive a detailed assessment score report combined with an answer key and Mentor Guide support. To supplement this feedback, Cisco CCIE instructors will provide review sessions after each lab and directed instruction during each lab if necessary. These resources provide feedback that maximizes the learning experience of each lab.

2 Cisco 360 CCIE R&S Workshop 2 Assessment Lab 1 © 2009 Cisco Systems, Inc.


COPYRIGHT 2009, CISCO SYSTEMS, INC. ALL RIGHTS RESERVED. ALL CONTENT AND MATERIALS, INCLUDING WITHOUT LIMITATION, RECORDINGS, COURSE MATERIALS, HANDOUTS AND PRESENTATIONS AVAILABLE ON THIS PAGE, ARE PROTECTED BY COPYRIGHT LAWS. THESE MATERIALS ARE LICENSED EXCLUSIVELY TO REGISTERED STUDENTS FOR THEIR INDIVIDUAL PARTICIPATION IN THE SUBJECT COURSE. DOWNLOADING THESE MATERIALS SIGNIFIES YOUR AGREEMENT TO THE FOLLOWING: (1) YOU ARE PERMITTED TO PRINT THESE MATERIALS ONLY ONCE, AND OTHERWISE MAY NOT REPRODUCE THESE MATERIALS IN ANY FORM, OR BY ANY MEANS, WITHOUT PRIOR WRITTEN PERMISSION FROM CISCO; AND (2) YOU ARE NOT PERMITTED TO SAVE ON ANY SYSTEM, MODIFY, DISTRIBUTE, REBROADCAST, PUBLISH, TRANSMIT, SHARE OR CREATE DERIVATIVE WORKS ANY OF THESE MATERIALS. IF YOU ARE NOT A REGISTERED STUDENT THAT HAS ACCEPTED THESE AND OTHER TERMS OUTLINED IN THE STUDENT AGREEMENT OR OTHERWISE AUTHORIZED BY CISCO, YOU ARE NOT AUTHORIZED TO ACCESS THESE MATERIALS.

© 2009 Cisco Systems, Inc. Cisco 360 CCIE R&S Workshop 2 Assessment Lab 1 3

Table of Contents Cisco 360 CCIE R&S Advanced Workshop 2 Assessment Lab 1 .....................................1

Cisco 360 CCIE R&S Advanced Workshop 2 Assessment Lab 1 ............................................ 2Table of Contents ..................................................................................................................................... 3Activity Objectives .................................................................................................................................... 5General Lab Instructions .......................................................................................................................... 5Difficulty Levels ........................................................................................................................................ 6

Cisco 360 CCIE R&S Advanced Workshop 2 Assessment Lab 1 ............................................ 7Grading and Duration ............................................................................................................................... 7Difficulty Level .......................................................................................................................................... 7Restrictions and Goals ............................................................................................................................. 7

1. Frame Relay and Serial Communications Section Total: 5 points .................................................... 131.1. Configure Frame Relay Interfaces (Basic: 2 points) ................................................................................... 131.2. Control the Full Mesh with Static Maps (Basic: 2 points) ........................................................................... 131.3. Verify Layer 3 Connectivity (Basic: 1 point) ................................................................................................ 13

2. Cisco Catalyst Switch Configuration Section Total: 17 points .......................................................... 132.1. Configure VLANs (Basic: 3 points) ............................................................................................................. 132.2. Control Switch-to-Switch Links (Basic: 3 points) ........................................................................................ 142.3. Link Aggregation and VLAN Control (Intermediate: 3 points) .................................................................... 152.4. Within VLAN IP Connectivity (Intermediate: 2 points) ................................................................................ 152.5. VLAN 12 Spanning Tree Manipulation (Intermediate: 3 points) ................................................................. 152.6. VLAN 16 Spanning Tree Manipulation (Intermediate: 3 points) ................................................................. 15

3. IPv4 OSPF Section Total: 9 points ................................................................................................... 153.1. Create the OSPF Backbone Area (Basic: 2 points) ................................................................................... 163.2. OSPF Advertisements (Basic: 3 points) ..................................................................................................... 163.3. Set the Gateway of Last Resort (Intermediate: 2 points) ........................................................................... 163.4. More OSPF Areas (Intermediate: 2 points) ................................................................................................ 16

4. IPv4 EIGRP Section Total: 7 points ................................................................................................. 164.1. Create EIGRP AS (Basic: 2 points) ............................................................................................................ 164.2. Allow Only Prefix 3.0.0.0/8 (Advanced: 3 points) ....................................................................................... 164.3. Allow Only One Prefix (Advanced: 2 points) .............................................................................................. 16

5. IPv4 RIP Section Total: 5 points ....................................................................................................... 165.1. Enable RIP (Intermediate: 3 points) ........................................................................................................... 165.2. Control Updates (Advanced: 2 points) ....................................................................................................... 16

6. Cisco OER and NAT Section Total: 6 points .................................................................................... 176.1. Configure Cisco OER (Advanced: 3 points) ............................................................................................... 176.2. Configure NAT (Intermediate: 3 points) ...................................................................................................... 17

7. Border Gateway Protocol Section Total: 10 points ........................................................................... 177.1. Configure Processes and Peers (Basic: 2 points) ...................................................................................... 177.2. Advertise and Summarize Routes in BGP I (Intermediate: 3 points) ......................................................... 177.3. Advertise and Summarize Routes in BGP II (Intermediate: 2 points) ........................................................ 187.4. BGP AS11111 (Advanced: 3 points) .......................................................................................................... 18

8. IPv6 Routing Section Total: 6 points ................................................................................................ 188.1. Configure RIPng (Intermediate: 3 points) ................................................................................................... 188.2. Configure IPv6 OSPF and IPv6 Redistribution (Intermediate: 3 points) ..................................................... 18

9. Security Section Total: 5 points ........................................................................................................ 199.1. IP Header (Intermediate: 2 points) ............................................................................................................. 199.2. IPS Probe (Advanced: 3 points) ................................................................................................................. 19

10. QoS Section Total: 5 points ............................................................................................................ 1910.1. Limit Traffic (Intermediate: 2 points) ......................................................................................................... 1910.2. Traffic Shaping (Advanced: 3 points) ....................................................................................................... 19

11. Address Administration Section Total: 4 points .............................................................................. 1911.1. DHCP (Intermediate: 2 points) ................................................................................................................. 1911.2. DHCP Binding (Intermediate: 2 points) .................................................................................................... 20

12. HSRP Gateway Redundancy Section Total: 4 points ..................................................................... 2012.1. Enable HSRP (Intermediate: 2 points) ..................................................................................................... 2012.2. Tune HSRP (Intermediate: 2 points) ........................................................................................................ 20

13. NTP Configuration Section Total: 3 points ..................................................................................... 2013.1. Enable NTP (Intermediate: 3 points) ........................................................................................................ 20

14. Multicast Configuration Section Total: 9 points .............................................................................. 2014.1. Enable PIM (Intermediate: 3 points) ......................................................................................................... 2014.2. Join Multicast Group (Intermediate: 1 point) ............................................................................................ 2014.3. Secure Multicast (Intermediate: 2 points) ................................................................................................. 2014.4. Tune PIM (Intermediate: 3 points) ............................................................................................................ 20


15. SNMP Section Total: 5 points ......................................................................................................... 2115.1. Configure SNMP Groups, Users, and Views (Intermediate: 3 points) ...................................................... 2115.2. Restrict SNMP Access (Intermediate: 2 points) ........................................................................................21


Activity Objectives When performing any assessment lab, you will encounter a multitopic-practice Cisco CCIE R&S lab. Each lab consists of a range of internetworking topics. You have a predetermined set of hours to complete each assessment lab.

When performing any assessment lab, formulate a test-taking strategy that includes the following activities. These same activities should be conducted in the actual Cisco CCIE lab:

Create a strategy for how to begin an assessment lab

Create a checklist of best general practices to observe during the assessment lab

Create a strong set of issue-spotting skills to be able to uncover hidden and complex internetworking issues

Develop time-management techniques

General Lab Instructions Read the instructions carefully. If you misinterpret any directions, you will very likely lose points. After you have read the General Lab Instructions section, read all the other sections of the lab. Pay very close attention to the Restrictions and Goals section.

Your pod is cabled according to the Ethernet Cabling Topology and the Frame Relay and Serial Cabling Topology diagrams.

All routers should have an initial IP configuration loaded.

Frame Relay switching and the terminal server are preconfigured.

If you experience any connectivity problems to the terminal server using multiple Telnet sessions, try to access the routers through the terminal server with Ctrl-Shift-6-x.

Review all the tasks in the scenario.


Difficulty Levels Tasks are categorized as follows:

Basic: These fundamental tasks are generally those that are needed to provide the basic functions of the protocol or feature. You must complete these tasks to provide reachability and to move forward in the lab.

Intermediate: These tasks include protocol features like routing optimization, route filtering, optimal path selection, load sharing, and summarization. Failure to complete these tasks will usually not affect later lab sections.

Advanced: This category includes new Cisco IOS Software features and IP services, complex optimizations, and fine-tuning.

Scenarios are categorized as follows based on task classifications:

Basic

Basic to intermediate

Intermediate

Intermediate to advanced

Advanced



Grading and Duration Lab duration: 8 hours

Maximum score: 100 points

Minimum passing score: 80 points

Difficulty Level Difficulty: Intermediate

Restrictions and Goals Note Read this section carefully.

To receive any credit for a subsection, you must complete the subsection. You will not get partial credit for partially completed subsections.

IP subnets on the Lab IPv4 IGP diagram belong to network 172.16.0.0/16.

Use a minimum number of statements in all filters unless otherwise directed.

Use only the IP version 4 (IPv4) and IPv6 addresses that are displayed on the IPv4 and IPv6 interior gateway protocol (IGP) diagrams. Do not introduce new addresses.

The Frame Relay switching router is configured for a full mesh of permanent virtual circuits (PVCs). Do not change the PVC configuration on the Frame Relay switching router.

Do not rely on Frame Relay Inverse Address Resolution Protocol (Inverse ARP).

Do not create any static routes on any routers and switches except for R6 and SW2. Do not use policy-based routing (PBR).

Advertise all loopback interfaces with their original masks, unless noted otherwise.

All IPv4 IP addresses that are involved in this scenario must be reachable, except for the prefixes from the 1.0.0.0/8 network involved in Cisco Optimized Edge Routing (OER), prefixes that are advertised from the backbone, and interfaces that are connected to the shared equipment.

N represents the group number; X represents the pod number. Check your online instructions for your number NX. Failure to assign the correct IP address could result in losing points in multiple sections.


Do not modify the hostname, console, or vty configuration unless you are specifically asked to do so.

Do not modify the initial interface or IP address numbering.


Ethernet Cabling Topology

Frame Relay and Serial Cabling Topology

Frame Relay DLCI Assignments

Router DLCI Assignments

R1 Frame Relay interface 102 103 104

R2 Frame Relay interface 201 203 204 206

R3 Frame Relay interface 301 302 304

401 R4 Frame Relay interface 402

403

R6 Frame Relay interface 602



Lab IPv4 IGP

Lab IPv6 IGP



1. Frame Relay and Serial Communications Section Total: 5 points

1.1. Configure Frame Relay Interfaces (Basic: 2 points) Use a logical interface on R1. Use physical interfaces on R2 and R3 on the IP subnet 172.16.123.0/24 and use logical point to point interfaces on R2 and R6. Supply IPv4 addresses on required Frame Relay interfaces. Routers R2 and R3 must be able to ping R1 over respective Frame Relay PVCs. R6 must be able to ping R2 over respective Frame Relay PVC.

1.2. Control the Full Mesh with Static Maps (Basic: 2 points) Use only the PVCs that are listed on the Lab IPv4 IGP diagram for user traffic. No dynamic entries are allowed in the Frame Relay map tables.

1.3. Verify Layer 3 Connectivity (Basic: 1 point) All routers must be able to ping all attached, same-subnet Frame Relay IPv4 interfaces, including local IPv4 addresses. R1 must send Internet Control Message Protocol (ICMP) packets to R2 when you ping 172.16.123.1 from R1.

2. Cisco Catalyst Switch Configuration Section Total: 17 points

Note Port 0/10 on switch SW4 is connected to the backbone. The configuration of this port should be trunk encapsulation dot1q. Healthy trunk status is displayed as following:

Mode Encapsulation Status on 802.1q trunking

Do not change any initially configured link speeds.

2.1. Configure VLANs (Basic: 3 points) Create the VLANs that are referenced in the VLANs table and in the Lab IPv4 and IPv6 IGP diagrams. When creating these VLANs, do not use any type of dynamic VLAN advertisement protocol. Set the domain name to CIERS2 on all switches. Configure only the necessary VLANs on the switches.

VLANs

VLAN VLAN Name

VLAN12 MERCURY

VLAN16 VENUS

VLAN17 MARS

VLAN25 NEPTUNE

VLAN34 JUPITER

VLAN88 SATURN

VLAN100 TRAFFIC

VLAN150 BB

Configure the following switch-to-router connections. Use the IEEE tagging method on these trunk links where necessary.


Switch-to-Router Connections

Switch Router VLAN

SW1 R2 VLAN25

SW1 R5 VLAN150, VLAN25

SW1 R6 VLAN12

SW2 R6 VLAN16

SW2 R1 VLAN16, VLAN17, VLAN88, VLAN100

SW2 R3 VLAN34

SW2 R4 VLAN34

Create the necessary switched virtual interfaces (SVIs), and assign the IP addresses that are specified in the Lab IPv4 IGP diagram.

2.2. Control Switch-to-Switch Links (Basic: 3 points) Make sure that the ports specified in the following table are shut down.

Switch Port

SW10/20 0/21 0/22

SW20/20 0/22

SW30/20 0/22

SW40/20 0/21 0/22

Configure switch-to-switch links according to the following table. Use the Cisco proprietary tagging method on these trunk links.


Switch-to-Switch Connections

Switch Port Switch Port Mode

SW1 0/19 SW3 0/19 Trunk

SW10/23 0/24

SW20/23 0/24

Trunk

SW2 0/19 SW4 0/19 Trunk

SW2 0/21 SW3 0/21 Access VLAN16

SW30/230/24

SW40/23 0/24

Access VLAN12 Access VLAN17

SW4 port 0/10 is your connection to the backbone; verify it as a dot1q trunk.

2.3. Link Aggregation and VLAN Control (Intermediate: 3 points) Automatically aggregate ports 0/23 and 0/24 between SW1 and SW2 using a protocol that is nonproprietary to Cisco. Initiate this process from the SW1 switch only.

For the link between SW1 and SW2, specify the trunk encapsulation on SW2 only. The SW2 end of the trunk should be set to permanent trunking.

Allow only the necessary VLANs on the trunk between SW1 and SW2.

2.4. Within VLAN IP Connectivity (Intermediate: 2 points) Configure VLAN 17 between R1 and SW3, and configure VLAN 88 between R1 and the SW1 SVI. Assign the lowest IP addresses on R1 for VLANs 17 and 88. For IP addressing, see the diagram.

Configure VLAN 100 on R1. Assign the IP address 10.1.1.NX/24 to the interface that is associated with VLAN 100.

All same-subnet VLAN IP addresses must be reachable within all VLANs.

2.5. VLAN 12 Spanning Tree Manipulation (Intermediate: 3 points) All switches should operate in the default spanning-tree mode.

Make SW4 the root bridge for VLAN 12 with priority 24576. Leave all path cost values on the links of VLAN 12 at the default values that are set by Cisco IOS Software. If the link between SW1 and SW2 goes down, make sure that forwarding on the link between SW1 and SW3 resumes within 5 seconds maximum.

2.6. VLAN 16 Spanning Tree Manipulation (Intermediate: 3 points) Make SW2 the root bridge for VLAN 16 with priority 24576. Leave all path cost values on the links of VLAN 16 at the default values that are set by Cisco IOS Software. If the link between SW2 and SW3 goes down, make sure that forwarding on the link between SW1 and SW3 resumes without waiting for maximum aging time expiration.

3. IPv4 OSPF Section Total: 9 points

Note Configure all Open Shortest Path First (OSPF) routers with only one OSPF process ID (PID). You will lose points from multiple sections for failing to assign one and only one OSPF PID on each specified router. Use your IGP diagram to help guide configuration.


3.1. Create the OSPF Backbone Area (Basic: 2 points) Configure the OSPF backbone area between R1, R2, and R3 on the Frame Relay cloud. Let the backbone OSPF speakers automatically discover each other. Make sure that they elect R1 as the designated router (DR).

3.2. OSPF Advertisements (Basic: 3 points) Add loopback 20 on R2 to OSPF Area 20. Summarize the address that is assigned to loopback 20 of R2 to 172.16.20.0/24.

Add loopback 2 on R2 into OSPF as an external route. Configure OSPF Area 126 on the R2 Frame Relay interface that is configured with the IPv4 address 172.16.62.2.

Place loopback 30 and loopback 3 in OSPF Area 30 on R3.

Do not use the redistribute connected command anywhere on R3.

3.3. Set the Gateway of Last Resort (Intermediate: 2 points) Make sure that the network 2.0.0.0 and its subnets do not appear in the routing tables of any router except R2. This network is not excluded from the scenario reachability requirement.

3.4. More OSPF Areas (Intermediate: 2 points) Configure Area 25 between R2 and R5. Add loopback 50 on R5 into OSPF as Area 50.

4. IPv4 EIGRP Section Total: 7 points

4.1. Create EIGRP AS (Basic: 2 points) Configure Enhanced Interior Gateway Routing Protocol (EIGRP) autonomous system 1 (AS1) between R3 and R4 on VLAN 34.

Add loopback 40 on R4 into EIGRP as an “EX” prefix.

4.2. Allow Only Prefix 3.0.0.0/8 (Advanced: 3 points) Allow only the prefix 3.0.0.0/8 to be advertised from R3 to R4; filter all other prefixes. R4 is not excluded from the scenario reachability requirement.

4.3. Allow Only One Prefix (Advanced: 2 points) Configure EIGRP AS2 between R3 and SW4.

Allow only one prefix—the one that represents the entire IPv4 address space—to be advertised from R3 to SW4; filter all other prefixes.

Advertise loopback 140 as an internal EIGRP AS2 network.

5. IPv4 RIP Section Total: 5 points

5.1. Enable RIP (Intermediate: 3 points) Configure Routing Information Protocol (RIP) version 2 between devices that are connected to VLAN 17. Do not include the 192.*.*.* networks in the RIP process.

Configure RIP version 2 between devices that are connected to VLAN 88.

Restrict the advertisement of RIP updates to VLAN 17 and VLAN 88 only.

5.2. Control Updates (Advanced: 2 points) Configure SW1 to send only a summary 172.16.80.0/25 on VLAN 88.


6. Cisco OER and NAT Section Total: 6 points

6.1. Configure Cisco OER (Advanced: 3 points) Statically configure two default routes to 172.16.16.1 and 172.16.62.2 on R6. Statically configure a default route to 1.1.1.6 on SW2.

R6 should be configured as a master controller and a border Cisco OER router. R6 should actively monitor a network delay to network 3.3.3.3/32 by sending ICMP probes and, based on the lower delay, select R1 as a gateway for the network 3.3.3.3/32.

If the ICMP probe fails between the R6 interface on VLAN 16 and the network 3.3.3.3/32, R6 should forward packets to R2.

6.2. Configure NAT (Intermediate: 3 points) IP packets that originated from SW2 should arrive on the network 3.3.3.0/24 with either source IP address 172.16.16.6 or 172.16.62.6.

Note Perform redistribution as necessary to provide universal unicast connectivity.

7. Border Gateway Protocol Section Total: 10 points

Note The Border Gateway Protocol (BGP) table must display only networks that are advertised according to the BGP section specifications.

7.1. Configure Processes and Peers (Basic: 2 points) Assign SW3 to AS700. Configure AS100 on R1 and AS64600 on routers R2, R3, and R4.

Peer AS700 and AS100. Peer AS100 and AS64600 between R1 and R2 only.

Do not form a BGP peer relationship between R2 and R4. Use the AS numbers that are given in the exam.

7.2. Advertise and Summarize Routes in BGP I (Intermediate: 3 points) Originate the following prefixes from SW3 with the origin code incomplete:

— 192.168.100.0/24

— 192.168.101.0/24

— 192.168.102.0/24

— 192.168.103.0/24

— 192.168.104.0/24

— 192.168.105.0/24

All BGP speakers in AS64600 must have the following prefixes in their BGP and IP routing tables: (1) 192.168.104.0/24, (2) 192.168.105.0/24, and (3) a summary for the remaining prefixes that are advertised by SW3 through BGP. Apply this configuration on R1. The summary must have the same AS path attribute as its constituents. Use the synchronization method on R2 and R3. You may redistribute as necessary to meet this requirement.


7.3. Advertise and Summarize Routes in BGP II (Intermediate: 2 points) Advertise loopback 3 into BGP on R3 only. All BGP speakers should have only a classful prefix of this network in their BGP tables. Do not reoriginate this network on any other routers. On SW3, this major network should be shown as originated from AS100.

7.4. BGP AS11111 (Advanced: 3 points) Configure BGP AS11111 on R5. Peer AS11111 only with the backbone AS1771. Configure filtering so that the only prefixes accepted are those that contain one of the following AS entries in their path AS: 51, 524, 523, and 52323. Use the minimal number of statements and characters in the filtering solution.

Summarize the received prefixes on R5 with an optimal mask, and suppress more specific prefixes without using the suppress map option. The summary must not be listed in the BGP tables of any other routers; the solution should not be based on a distribute list and should work even if new BGP peer relationships are added in the future without any additional configuration.

8. IPv6 Routing Section Total: 6 points

8.1. Configure RIPng (Intermediate: 3 points) Configure the link-local and site-local IPv6 addresses in accordance with the Lab IPv6 IGP diagram and this table:

Router Interface with IPv4 address IPv6 Address

R1 172.16.123.1 1230::1/16FE80::123:1 link local

R2 172.16.123.2 1230::2/16FE80::123:2 link local

R3 172.16.123.3 1230::3/16FE80::123:3 link local

R3 172.16.34.3 3400::3/16

SW4 172.16.34.40 3400::40/16

SW4 172.16.140.1 1400::1/16

All routers that are involved in this subsection must be able to ping same-subnet IPv6 addresses.

Configure a RIPng routing process named “frame” between R1, R2, R3, and SW4.

The RIP speakers that are connected to the “frame” RIP process should exchange updates using port 65000 and multicast group ff02::9999.

8.2. Configure IPv6 OSPF and IPv6 Redistribution (Intermediate: 3 points) Configure IPv6 addresses on R1 and R6 according to the Lab IPv6 IGP diagram and the following table.


Router Interface with IPv4 address IPv6 Address

R1 Logical Ethernet 172.16.16.1

1600::1/16

R6Ethernet 172.16.16.6

1600::6/16

R6 Loopback80 8000::1/16

All routers that are involved in this subsection must be able to ping same-subnet IPv6 addresses.

Configure IPv6 OSPF Area 0 on the VLAN 16 link between the interfaces of R1 and R6. Use the OSPF network type that does not elect a DR or backup designated router (BDR) and that would permit additional OSPF routers on the link.

Advertise the loopback 80 interface on R6 in IPv6 OSPF Area 80.

Perform redistribution between IPv6 routing protocols on R1 and R2. Provide IPv6 connectivity between all routed IPv6 addresses that are involved in this lab.

9. Security Section Total: 5 points

9.1. IP Header (Intermediate: 2 points) IP options are not used very often in modern networks; therefore, your supervisor has decided to drop all IP traffic containing IP options on R5. Do not apply your solution to any interface.

9.2. IPS Probe (Advanced: 3 points) An imaginary intrusion prevention system (IPS) probe with the MAC address 0007.ebaa.0e00 is residing on VLAN 16. One in every five packets of the incoming traffic from the network 172.16.50.0/24 destined to the network 172.16.77.0/24 must be exported to the IPS probe.

10.QoS Section Total: 5 points

10.1. Limit Traffic (Intermediate: 2 points) A User Datagram Protocol (UDP) stream originates from imaginary IP address 10.1.1.1 on VLAN 100 connected to port 0/10 of SW4. The UDP stream is destined to 10.1.1.NX port 5120.

Limit the above-specified UDP traffic to an 8000-b/s rate on the VLAN 100 interface of R1. Configure the minimal values for normal burst size and maximum burst size.

Drop excessive traffic. Do not use the Modular QoS CLI (MQC) configuration method.

10.2. Traffic Shaping (Advanced: 3 points) Configure Frame Relay traffic shaping (FRTS) on the PVC between R1 and R3 on both routers. The committed information rate (CIR) of the PVC should be set to 96000 b/s. The committed rate measurement interval (Tc) value should be 10 ms. Do not allow excess bursts, and do not use a throttling mechanism.

11.Address Administration Section Total: 4 points

11.1. DHCP (Intermediate: 2 points) On R4, configure pool test. R4 will supply IP addresses to workstations on VLAN 34, as well as an appropriate gateway IP address. IP address 172.16.34.40 is configured on the VLAN 34 interface of SW4, and the lowest 10 IP addresses will be used for routers, servers, and printers.

Supply the Domain Name System (DNS) server address 10.10.10.10; the domain name is test.net.


11.2. DHCP Binding (Intermediate: 2 points) UNIX workstations with MAC addresses 00-50-04-DF-5F-60 and 00-50-04-DF-5F-61 should always receive the IP addresses 172.16.34.60/25 and 172.16.34.61/25, respectively. These workstations must also receive the appropriate gateway address, DNS server address, and domain name.

12.HSRP Gateway Redundancy Section Total: 4 points

12.1. Enable HSRP (Intermediate: 2 points) Prefer R3 as a gateway for imaginary hosts on VLAN 34.

Assign the lowest IP address on VLAN 34 to the virtual gateway.

12.2. Tune HSRP (Intermediate: 2 points) If the Frame Relay connection fails, hosts should prefer R4.

Hosts must again prefer R3 when the Frame Relay connection becomes active.

13.NTP Configuration Section Total: 3 points

13.1. Enable NTP (Intermediate: 3 points) Make R1 the Network Time Protocol (NTP) master with stratum 5.

Configure a server association between R3 and R1.

Configure a peer association between R3 and R4.

14.Multicast Configuration Section Total: 9 points

14.1. Enable PIM (Intermediate: 3 points) The shared tree for the group 230.30.30.30 should be rooted from interface loopback 10 of R1.

Configure member routers to statically join the shared tree.

14.2. Join Multicast Group (Intermediate: 1 point) Use loopback interfaces to simulate receivers of the traffic destined to the group 230.30.30.30. The following table provides details for this task.

Router Interface Multicast Group

R2 Loopback20 230.30.30.30

R1 Loopback10 230.30.30.30

R3 Loopback30 230.30.30.30

R5 Loopback50 230.30.30.30

14.3. Secure Multicast (Intermediate: 2 points) Build the multicast tree only for 230.30.30.30. Use a standard access list with the name “MCAST” to accomplish this task.

14.4. Tune PIM (Intermediate: 3 points) Use the ping utility to source the multicast traffic from R6 IP address 172.16.16.1. R6 is excluded from the multicast tree and should not have any PIM configuration.

No multicast routers should display (S,G) state in their respective multicast routing tables.


15. SNMP Section Total: 5 points

15.1. Configure SNMP Groups, Users, and Views (Intermediate: 3 points) Configure a group named OPERATORS to support the SNMP version 3 security model. The OPERATORS group members should be able to read only a view CISCO of the SNMP object cisco.

Assign a user named OPER to the group OPERATORS.

Configure a group named ADMINISTRATORS to support the SNMP version 3 security model. The group named ADMINISTRATORS should be able to write to a view CISCO of the SNMP object cisco.

Assign a user named ADMIN to the group ADMINISTRATORS.

Apply the SNMP configuration with no authentication on R1.

15.2. Restrict SNMP Access (Intermediate: 2 points) Restrict access to the group OPERATORS from only one host located at 10.1.1.90.

Restrict access to the group ADMINISTRATORS from only one host located at 10.1.1.91.

ciers2-ca-lab01-sc-learn.pdf

Documents

assessment lab

actual ccie lab

ccie rs workshop

cisco ccie instructors

cisco systems

fourhour lab

ccie rs advanced workshop

course materials