8/22/2019 K6 ++ Solution BOOK
1/21
K6++ SOLUTION BOOK
CCIE SOLDIER
1.2 Implement Access Switch Ports of Switched Network
SW1
vtp domain CCIE
vtp password ciscovtp version 2
vtp mode server
SW2 SW3 SW4
vtp domain CCIEvtp password ciscovtp version 2
vtp mode client
SW1 SW2 SW3 SW4
spanning-tree portfast defaultspanning-tree portfast bpduguard defaultinterface fa0/10spanning-tree bpduguard disablespanning-tree bpdufilter enable
Note : Remember to configure the backbone interface before configuring theportfast defaultandportfast
bpduguard defaultglobally... as otherwise those interface would go to err-disabled state...
8/22/2019 K6 ++ Solution BOOK
2/21
1.3 Spanning-Tree Domains for Switched Network
Configure the switches according to the following requirements:
SW1
spanning-tree mode rpvst
spanning-tree vlan 1,11,33,55,123,999 root primary
spanning-tree vlan 22,42,44 root secondary
SW2
spanning-tree mode rpvst
spanning-tree vlan 1,11,33,55,123,999 root secondary
spanning-tree vlan 22,42,44 root primary
SW1-SW4
spanning-tree vlan 1-4094 max-age 30
1.4 Switch Trunking and Ether Channel
SW1, SW2, SW3, SW4interface range fastethernet 0/19-24switchport trunk encapsulation dot1qswitchport mode trunkSW1
interface range fa0/23-24
channel-group 1 mode active
SW2
interface range fa0/23-24channel-group 1 mode passive
SW3
interface range fa0/23-24
channel-group 1 mode desirable
8/22/2019 K6 ++ Solution BOOK
3/21
SW4
interface range fa0/23-24
channel-group 1 mode auto
1.5 Spanning-Tree TuningSW2
spanning-tree vlan 42 priority 12288
int f0/19
spanning-tree vlan 22,42,44 port-priority 240
1.6 RSPAN
SW1
vlan 999
remote-span
monitor session 1 source vlan 11 , 22 rx
monitor session 1 destination remote vlan 999
SW2
monitor session 1 source vlan 11 , 22 rx
monitor session 1 destination remote vlan 999
SW4
monitor session 1 source remote vlan 999
monitor session 1 destination interface fastEthernet 0/15
monitor session 2 source interface port-channel 34 both
monitor session 2 destination interface fastEthernet 0/16
interface range f0/15-16
no shutdown
8/22/2019 K6 ++ Solution BOOK
4/21
1.7 PPP & CHAP
On R4
aaa new-model
aaa authentication login default line /* none required at the end only if no line password is configured */
aaa authentication ppp default group radius local-case
radius host YY.YY.44.200 key CISCO
username password 0 CCIE
username password 0 CCIE
interface s0/0/0 /* interface facing R1 */
encapsulation ppp
ppp authentication chap default
interface s0/1/0 /* interface facing R2 */
encapsulation ppp
ppp authentication chap default
On R1 & R2
interface s0/0/0 /* interface facing R4
encapsulation ppp
ppp chap password 0 CCIE
Note: If the question says to use AAA list name R1 and R2 for authenticating R1 and R2 respectively, use the
below configuration
On R4
aaa new-model
aaa authentication login default line /* none required at the end only if no line password is configured */
aaa authentication ppp R1 group radius local-case
aaa authentication ppp R2 group radius local-case
radius host YY.YY.44.200 key CISCO
username password 0 CCIE
username password 0 CCIE
interface s0/0/0 /* interface facing R1 */
encapsulation ppp
ppp authentication chap R1
8/22/2019 K6 ++ Solution BOOK
5/21
interface s0/1/0 /* interface facing R2 */
encapsulation ppp
ppp authentication chap R2
On R1 & R2
interface s0/0/0 /* interface facing R4 */
encapsulation ppp
ppp chap password 0 CCIE
Section 2 Layer 3 Technologies
2.1 Configure OSPF Area 0, 142 and 51 as per diagram
R1
router ospf YY
router-id YY.YY.1.1
network YY.YY.1.1 0.0.0.0 area 142
network YY.YY.14.1 0.0.0.0 area 142
network YY.YY.17.1 0.0.0.0 area 142
R2
router ospf YY
router-id YY.YY.2.2network YY.YY.24.2 0.0.0.0 area 142
network YY.YY.42.2 0.0.0.0 area 142
redistribute connected subnets route-map EXT
route-map EXT
match interface fastethernet 0/1
R3
router ospf YY
router-id YY.YY.3.3
network YY.YY.3.3 0.0.0.0 area 51
network YY.YY.35.3 0.0.0.0 area 51
8/22/2019 K6 ++ Solution BOOK
6/21
R4
router ospf YY
router-id YY.YY.4.4
network YY.YY.4.4 0.0.0.0 area 142
network YY.YY.14.4 0.0.0.0 area 142
network YY.YY.24.4 0.0.0.0 area 142
network YY.YY.44.4 0.0.0.0 area 142
network YY.YY.144.4 0.0.0.0 area 142
R5
router ospf YY
router-id YY.YY.5.5
network YY.YY.5.5 0.0.0.0 area 51
network YY.YY.35.5 0.0.0.0 area 51
network YY.YY.55.5 0.0.0.0 area 51
SW1
ip routing
router ospf YY
router-id YY.YY.7.7
network YY.YY.7.7 0.0.0.0 area 0
network YY.YY.123.7 0.0.0.0 area 0
network YY.YY.17.7 0.0.0.0 area 142
interface vlan 123ip ospf priority 255
SW2
ip routing
router ospf YY
router-id YY.YY.8.8
network YY.YY.8.8 0.0.0.0 area 0
network YY.YY.123.8 0.0.0.0 area 0
network YY.YY.55.8 0.0.0.0 area 51
interface vlan 123
ip ospf priority 254
SW3
8/22/2019 K6 ++ Solution BOOK
7/21
ip routing
router ospf YY
router-id YY.YY.9.9
network YY.YY.9.9 0.0.0.0 area 0
network YY.YY.123.9 0.0.0.0 area 0
SW4
ip routing
router ospf YY
router-id YY.YY.10.10
network YY.YY.10.10 0.0.0.0 area 0
network YY.YY.123.10 0.0.0.0 area 0
network YY.YY.42.10 0.0.0.0 area 142
2.2 Implement IPv4 EIGRP
SW2
router eigrp 100
no auto-summary
network 150.3.YY.1 0.0.0.0
2.3 Implement RIP Version 2
router rip
version 2
no auto-summary
network 150.1.0.0
distribute-list 1 in interface f0/0
access-list 1 permit 199.172.4.0 0.0.10.0
2.4 Redistribute RIP into OSPF
access-list 2 permit 199.172.4.0 0.0.2.0
route-map RIP
match ip address 2
set metric-type type-1
8/22/2019 K6 ++ Solution BOOK
8/21
route-map RIP permit 20router ospf YY
redistribute rip subnets route-map RIP
On R3/R5/SW2
area 51 nssa
2.5 Redistribute EIGRP into OSPF
router ospf YY
redistribute eigrp YY subnets
area 51 nssa no-summary no-redistribution
2.6 Implement IPv4 BGP
R1 / R2 / R3 / R5
router bgp YY
bgp router-id YY.YY.X.X
neighbor YY.YY.8.8 remote-as YY
neighbor YY.YY.8.8 update-source loopback0
neighbor YY.YY.8.8 send-community ------> you don't need this command on R1, R5 since there is no
community on them to send it .. only on the routers facing the BB and on the route-reflector
SW2
router bgp YY
bgp router-id YY.YY.X.X
neighbor YY.YY.1.1 remote-as YY
neighbor YY.YY.1.1 update-source loopback 0
neighbor YY.YY.1.1 route-reflector-client
neighbor YY.YY.1.1 send-community
neighbor YY.YY.2.2 remote-as YYneighbor YY.YY.2.2 update-source loopback 0
neighbor YY.YY.2.2 route-reflector-client
neighbor YY.YY.2.2 send-community
neighbor YY.YY.3.3 remote-as YY
neighbor YY.YY.3.3 update-source loopback 0
neighbor YY.YY.3.3 route-reflector-client
8/22/2019 K6 ++ Solution BOOK
9/21
neighbor YY.YY.3.3 send-community
neighbor YY.YY.5.5 remote-as YY
neighbor YY.YY.5.5 update-source loopback 0
neighbor YY.YY.5.5 route-reflector-client
neighbor YY.YY.5.5 send-community
R2
neighbor 150.2.YY.254 remote-as 254
neighbor 150.2.YY.254 send-community
neighbor 150.2.YY.254 route-map BB2 in
route-map BB2
set community 104 208 additive
R3
neighbor 150.1.YY.254 remote-as 254neighbor 150.1.YY.254 route-map BB1 in
neighbor 150.1.YY.254 send-community
route-map BB1
set local-preference 200
set community 103 207 additive
NOTE: if the question saying something like: you have to use the least command for the route-reflector .. then
you should make the Peer group
2.7 Implement Performance Routing
On R1/R2
key chain PFR
key 1
key-string cisco
pfr border
local Loopback0
master yy.yy.1.1 key-chain PFR
active-probe address source interface Loopback0
int f0/0
load-interval 30
On R2
8/22/2019 K6 ++ Solution BOOK
10/21
interface Tunnel12
ip address 12.12.12.2 255.255.255.252
tunnel source Loopback0
tunnel destination yy.yy.1.1
ip route 0.0.0.0 0.0.0.0 yy.yy.42.10 250
On R1
interface Tunnel12
ip address 12.12.12.1 255.255.255.252
tunnel source Loopback0
tunnel destination yy.yy.2.2
ip route 0.0.0.0 0.0.0.0 yy.yy.17.7 250
pfr master
policy-rules PFR
no max-range-utilization
logging
border yy.yy.2.2 key-chain PFR
interface f0/0 external
max-xmit-utilization percentage 90
link-group R2
interface Serial0/0/0 internalinterface Tunnel12 internal
border yy.yy.1.1 key-chain PFR
interface f0/0 external
max-xmit-utilization percentage 80
link-group R1
interface Serial0/0/0 internal
interface Tunnel12 internal
periodic 90
no resolve range
no resolve utilization
ip access-list extended CS2
permit ip yy.yy.44.0 0.0.0.255 any dscp cs2
ip access-list extended CS4
permit ip yy.yy.44.0 0.0.0.255 any dscp cs4
pfr-map PFR 10
8/22/2019 K6 ++ Solution BOOK
11/21
match traffic-class access-list CS2
set mode route control
set mode select-exit good
set mode monitor active
set active-probe echo yy.yy.55.5
set link-group R1
!
pfr-map PFR 20
match traffic-class access-list CS4
set mode route control
set mode select-exit good
set mode monitor active
set active-probe echo yy.yy.55.5
set link-group R2
On R5
ip sla responder
2.8 Implement Performance Routing 2
ip access-list extended VOICE
permit udp yy.yy.44.0 0.0.0.255 any range 16384 32768 dscp ef
pfr-map PFR 30
match traffic-class access-list VOICE
set delay threshold 40
set mode route control
set mode select-exit good
set mode monitor fast
set jitter threshold 5
set active-probe jitter yy.yy.55.5 target-port 32767
set probe frequency 2
set link-group R1 fallback R2
2.9 Implement IPv6
R1
ipv6 multicast-routingipv6 unicast-routing
ipv6 cef
int f0/0
ipv6 ospf yy area 142
ipv6 mld join-group FF15::4000:4000
8/22/2019 K6 ++ Solution BOOK
12/21
int s0/0/0
ipv6 ospf yy area 142ipv6 router ospf yy
passive-interface f0/0
ipv6 pim rp-address fec1:cc1e:44::4
R2
ipv6 multicast-routing
ipv6 unicast-routing
ipv6 cef
int g0/0
ipv6 ospf yy area 142
int s0/0/0ipv6 ospf yy area 142
ipv6 router ospf yy
passive-interface f0/0
ipv6 pim rp-address fec1:cc1e:44::4
R4
ipv6 multicast-routing
ipv6 unicast-routingipv6 cef
int f0/0
ipv6 ospf yy area 142
int f0/1
ipv6 ospf yy area 142
int s0/0/0
ipv6 ospf yy area 142
int s0/0/1
ipv6 ospf yy area 142
ipv6 router ospf yy
passive-interface f0/0
passive-interface f0/1
8/22/2019 K6 ++ Solution BOOK
13/21
ipv6 pim rp-address fec1:cc1e:44::4 MCAST
ipv6 access-list MCAST
permit ipv6 any FF15::4000:4000/127
2.10 Implement Advanced IPv6 feature
R1/R2/R4
ipv6 icmp error-interval 200 1
R1
ipv6 flow-export source Loopback0
ipv6 flow-export version 9
ipv6 flow-export template timeout-rate 180
ipv6 flow-export destination yy.yy.44.100 9876
ipv6 flow-aggregation cache destination-prefix
export template timeout-rate 180
cache entries 20000
cache timeout inactive 120
export version 9
export destination YY.YY.44.100 9876
enabled
int g0/0
ipv6 flow ingress
3 Section 3 IP Multicast
3.1 IPv4 Multicast (autorp)
R4
ip multicast-routing
int s0/0/0
ip pim sparse-mode
int s0/0/1
ip pim sparse-mode
8/22/2019 K6 ++ Solution BOOK
14/21
int f0/0
ip pim sparse-mode
ip pim autorp listener
ip pim send-rp-discovery lo0 scope 16
R1 - R2
ip multicast-routing
int lo0
ip pim sparse-mode
int s0/0/0
ip pim sparse-mode
int f0/0
ip pim sparse-mode
ip pim autorp listener
ip pim send-rp-announce lo0 scope 16
SW1
ip multicast-routing distributed
int f0/1
ip pim sparse-mode
int vlan 123
ip pim sparse-mode
ip pim autorp listener
SW2
ip multicast-routing distributed
8/22/2019 K6 ++ Solution BOOK
15/21
int vlan 33
ip pim sparse-mode
ip igmp join-group 239.y.y.1
int vlan 123
ip pim sparse-mode
ip pim autorp listener
SW3
ip multicast-routing distributed
int vlan 123
ip pim sparse-mode
ip pim autorp listener
Sw4
ip multicast-routing distributed
int vlan 123
ip pim sparse-mode
int vlan 42
ip pim sparse-mode
ip pim autorp listener
3.2 PIM Tuning
SW1:
int vlan 123
ip pim dr-prio
SW2:
8/22/2019 K6 ++ Solution BOOK
16/21
access-list 1 deny 224.0.1.39
access-list 1 deny 224.0.1.40
access-list 1 permit any
int vlan33ip multicast boundary 1 filter-autorp
SW4:
int vlan 123
ip pim dr-prio
Section 4 Advanced Services
4.1 Network Address Translations (NAT)
SW1
interface loopback100
ip address 100.100.17.7 255.255.255.0
ip route 100.100.42.0 255.255.255.0 YY.YY.17.1
R1
ip route 100.100.42.0 255.255.255.0 YY.YY.14.4
SW4
interface loopback100
ip address 100.100.42.10 255.255.255.0
ip route 100.100.17.0 255.255.255.0 YY.YY.42.2
R2
ip route 100.100.17.0 255.255.255.0 YY.YY.24.4
R4
interface serial0/0/0
ip nat outside
interface serial0/0/1
ip nat outside
8/22/2019 K6 ++ Solution BOOK
17/21
ip nat inside source static YY.YY.17.7 100.100.17.7
ip nat inside source static YY.YY.42.10 100.100.42.10
4.2 MLS QoS
SW1 SW2 SW3 SW4
mls qos
mls qos srr-queue input cos-map queue 1 1 /* Default */
mls qos srr-queue input cos-map queue 2 5 --> you have to put it
mls qos srr-queue input threshold 1 40 100
mls qos srr-queue input threshold 2 100 100 /* Default */
interface range fastethernet 0/19 24mls qos trust cos
SW1
interface range fastethernet 0/1 5
mls qos cos 1
mls qos trust cos
4.3 QoS Class Based Weighted Fair Queuing (CBWFQ)
R2
class-map BB2
match input-interface f0/1 --> interface facing the BB2
policy-map CBWFQ
class BB2
bandwidth 10000
interface fastethernet0/0
service-policy output CBWFQ
R3
class-map BB1
match input-interface f0/0 --> interface facing the BB1
policy-map CBWFQ
8/22/2019 K6 ++ Solution BOOK
18/21
class BB1
bandwidth 1000
interface serial0/0
service-policy output CBWFQ
4.4 Implement Routing Protocol Authentication
SW1 SW2 SW3 SW4
no service password-encryption
interface vlan 123
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco
4.5 Implement DHCP
R4
Service DHCP
ip dhcp pool POOL
network YY.YY.44.0 255.255.255.0
default-router YY.YY.44.4
dns-server YY.YY.55.50.YY.YY.55.51domain-name cisco.com
ip dhcp excluded-address YY.YY.44.4 /* Interface fastethernet 0/0 */
ip dhcp excluded-address YY.YY.44.100 /* Printer IP Address Statically configured ... Also the IPv6
Netflow Server IP Address */
ip dhcp excluded-address YY.YY.44.200 /* Radius Server */
On SW1
ip dhcp snooping
ip dhcp snooping vlan 44
no ip dhcp snooping information option
interface fastethernet0/4
switchport mode access
switchport access vlan 44
ip dhcp snooping trust
8/22/2019 K6 ++ Solution BOOK
19/21
interface fastethernet0/14switchport mode access
switchport access vlan 44
switchport port-security
switchport port-security maximum 3
switchport port-security violation shutdown /* Shutdown the port when violation occurred*/
ip dhcp snooping limit rate 100
no shutdown
4.6 Implement Layer 2 Security
ip dhcp snooping binding abcd.abcd.abcd vlan 44 YY.YY.44.100 interface fastEthernet 0/14 expiry
4294967295
ip dhcp snooping verify mac-address /* Default */
ip dhcp snooping database flash:CCIE.TXT
ip arp inspection vlan 44
interface f0/4
ip arp inspection trust
inter f0/14
ip verify source
no shutdown /* dont forget this */
exit
4.7 Web Caching Communication Protocol (WCCP)
R4
ip wccp version 2
ip wccp 61 redirect-list S_T_C
ip wccp 62 redirect-list C_T_S
ip access ext C_T_S
permit ip y.y.44.0 0.0.0.255 any
ip access ext S_T_C
permit ip any y.y.44.0 0.0.0.255
8/22/2019 K6 ++ Solution BOOK
20/21
ip wccp check services all
int f0/0ip wccp 62 redirect in
int s0/0/0
ip wccp 61 redirect in
int s0/0/1
ip wccp 61 redirect in
int f0/1
ip wccp redirect exclude in
Section 5 Optimize the Network
5.1 Implement SNMPR5
snmp-server community CiscoWorks RW 55
snmp-server enable traps bgp
snmp-server host YY.YY.55.240 CiscoWorks bgp
access-list 55 permit host YY.YY.55.240
5.2 Embedded Event Manager
event manager applet ENABLE_OSPF_DEBUG
event syslog pattern ".*%OSPF-5-ADJCHG: Process y, Nbr yy.yy.5.5 on Serial0/0/0 from FULL to
DOWN.*"
action 1.0 cli command "enable"action 2.0 cli command "debug ip ospf event"
action 3.0 cli command "debug ip ospf adj"
action 4.0 syslog priority informational msg "ENABLE_OSPF_DEBUG"
8/22/2019 K6 ++ Solution BOOK
21/21
event manager applet DISABLE_OSPF_DEBUG
event syslog pattern ".*%OSPF-5-ADJCHG: Process y, Nbr yy.yy.5.5 on Serial0/0/0 from LOADING to
FULL.*"
action 1.0 cli command "enable"
action 2.0 cli command "undebug all"
action 3.0 syslog priority informational msg "DISABLE_OSPF_DEBUG"logging on
logging console debugging
logging buffered debugging