K6 ++ Solution BOOK

8/22/2019 K6 ++ Solution BOOK

1/21

K6++ SOLUTION BOOK

CCIE SOLDIER

1.2 Implement Access Switch Ports of Switched Network

SW1

vtp domain CCIE

vtp password ciscovtp version 2

vtp mode server

SW2 SW3 SW4

vtp domain CCIEvtp password ciscovtp version 2

vtp mode client

SW1 SW2 SW3 SW4

spanning-tree portfast defaultspanning-tree portfast bpduguard defaultinterface fa0/10spanning-tree bpduguard disablespanning-tree bpdufilter enable

Note : Remember to configure the backbone interface before configuring theportfast defaultandportfast

bpduguard defaultglobally... as otherwise those interface would go to err-disabled state...


2/21

1.3 Spanning-Tree Domains for Switched Network

Configure the switches according to the following requirements:

SW1

spanning-tree mode rpvst

spanning-tree vlan 1,11,33,55,123,999 root primary

spanning-tree vlan 22,42,44 root secondary

SW2

spanning-tree mode rpvst

spanning-tree vlan 1,11,33,55,123,999 root secondary

spanning-tree vlan 22,42,44 root primary

SW1-SW4

spanning-tree vlan 1-4094 max-age 30

1.4 Switch Trunking and Ether Channel

SW1, SW2, SW3, SW4interface range fastethernet 0/19-24switchport trunk encapsulation dot1qswitchport mode trunkSW1

interface range fa0/23-24

channel-group 1 mode active

SW2

interface range fa0/23-24channel-group 1 mode passive

SW3


channel-group 1 mode desirable


3/21

SW4


channel-group 1 mode auto

1.5 Spanning-Tree TuningSW2

spanning-tree vlan 42 priority 12288

int f0/19

spanning-tree vlan 22,42,44 port-priority 240

1.6 RSPAN

SW1

vlan 999

remote-span

monitor session 1 source vlan 11 , 22 rx

monitor session 1 destination remote vlan 999

SW2

monitor session 1 source vlan 11 , 22 rx

monitor session 1 destination remote vlan 999

SW4

monitor session 1 source remote vlan 999

monitor session 1 destination interface fastEthernet 0/15

monitor session 2 source interface port-channel 34 both

monitor session 2 destination interface fastEthernet 0/16

interface range f0/15-16

no shutdown


4/21

1.7 PPP & CHAP

On R4

aaa new-model

aaa authentication login default line /* none required at the end only if no line password is configured */

aaa authentication ppp default group radius local-case

radius host YY.YY.44.200 key CISCO

username password 0 CCIE


interface s0/0/0 /* interface facing R1 */

encapsulation ppp

ppp authentication chap default


encapsulation ppp

ppp authentication chap default

On R1 & R2

interface s0/0/0 /* interface facing R4

encapsulation ppp

ppp chap password 0 CCIE

Note: If the question says to use AAA list name R1 and R2 for authenticating R1 and R2 respectively, use the

below configuration

On R4

aaa new-model

aaa authentication login default line /* none required at the end only if no line password is configured */

aaa authentication ppp R1 group radius local-case

aaa authentication ppp R2 group radius local-case

radius host YY.YY.44.200 key CISCO




encapsulation ppp

ppp authentication chap R1


5/21


encapsulation ppp

ppp authentication chap R2

On R1 & R2


encapsulation ppp

ppp chap password 0 CCIE

Section 2 Layer 3 Technologies

2.1 Configure OSPF Area 0, 142 and 51 as per diagram

R1

router ospf YY

router-id YY.YY.1.1

network YY.YY.1.1 0.0.0.0 area 142



R2

router ospf YY

router-id YY.YY.2.2network YY.YY.24.2 0.0.0.0 area 142


redistribute connected subnets route-map EXT

route-map EXT

match interface fastethernet 0/1

R3

router ospf YY

router-id YY.YY.3.3




6/21

R4

router ospf YY

router-id YY.YY.4.4






R5

router ospf YY

router-id YY.YY.5.5




SW1

ip routing

router ospf YY

router-id YY.YY.7.7




interface vlan 123ip ospf priority 255

SW2

ip routing

router ospf YY

router-id YY.YY.8.8




interface vlan 123

ip ospf priority 254

SW3


7/21

ip routing

router ospf YY

router-id YY.YY.9.9



SW4

ip routing

router ospf YY

router-id YY.YY.10.10




2.2 Implement IPv4 EIGRP

SW2

router eigrp 100

no auto-summary

network 150.3.YY.1 0.0.0.0

2.3 Implement RIP Version 2

router rip

version 2

no auto-summary

network 150.1.0.0

distribute-list 1 in interface f0/0

access-list 1 permit 199.172.4.0 0.0.10.0

2.4 Redistribute RIP into OSPF

access-list 2 permit 199.172.4.0 0.0.2.0

route-map RIP

match ip address 2

set metric-type type-1


8/21

route-map RIP permit 20router ospf YY

redistribute rip subnets route-map RIP

On R3/R5/SW2

area 51 nssa

2.5 Redistribute EIGRP into OSPF

router ospf YY

redistribute eigrp YY subnets

area 51 nssa no-summary no-redistribution

2.6 Implement IPv4 BGP

R1 / R2 / R3 / R5

router bgp YY

bgp router-id YY.YY.X.X

neighbor YY.YY.8.8 remote-as YY

neighbor YY.YY.8.8 update-source loopback0

neighbor YY.YY.8.8 send-community ------> you don't need this command on R1, R5 since there is no

community on them to send it .. only on the routers facing the BB and on the route-reflector

SW2

router bgp YY

bgp router-id YY.YY.X.X


neighbor YY.YY.1.1 update-source loopback 0

neighbor YY.YY.1.1 route-reflector-client

neighbor YY.YY.1.1 send-community

neighbor YY.YY.2.2 remote-as YYneighbor YY.YY.2.2 update-source loopback 0







9/21






R2

neighbor 150.2.YY.254 remote-as 254

neighbor 150.2.YY.254 send-community

neighbor 150.2.YY.254 route-map BB2 in

route-map BB2

set community 104 208 additive

R3

neighbor 150.1.YY.254 remote-as 254neighbor 150.1.YY.254 route-map BB1 in

neighbor 150.1.YY.254 send-community

route-map BB1

set local-preference 200

set community 103 207 additive

NOTE: if the question saying something like: you have to use the least command for the route-reflector .. then

you should make the Peer group

2.7 Implement Performance Routing

On R1/R2

key chain PFR

key 1

key-string cisco

pfr border

local Loopback0

master yy.yy.1.1 key-chain PFR

active-probe address source interface Loopback0

int f0/0

load-interval 30

On R2


10/21

interface Tunnel12

ip address 12.12.12.2 255.255.255.252

tunnel source Loopback0

tunnel destination yy.yy.1.1

ip route 0.0.0.0 0.0.0.0 yy.yy.42.10 250

On R1

interface Tunnel12

ip address 12.12.12.1 255.255.255.252

tunnel source Loopback0

tunnel destination yy.yy.2.2

ip route 0.0.0.0 0.0.0.0 yy.yy.17.7 250

pfr master

policy-rules PFR

no max-range-utilization

logging

border yy.yy.2.2 key-chain PFR

interface f0/0 external

max-xmit-utilization percentage 90

link-group R2

interface Serial0/0/0 internalinterface Tunnel12 internal

border yy.yy.1.1 key-chain PFR

interface f0/0 external

max-xmit-utilization percentage 80

link-group R1

interface Serial0/0/0 internal

interface Tunnel12 internal

periodic 90

no resolve range

no resolve utilization

ip access-list extended CS2

permit ip yy.yy.44.0 0.0.0.255 any dscp cs2

ip access-list extended CS4

permit ip yy.yy.44.0 0.0.0.255 any dscp cs4

pfr-map PFR 10


11/21

match traffic-class access-list CS2

set mode route control

set mode select-exit good

set mode monitor active

set active-probe echo yy.yy.55.5

set link-group R1

!

pfr-map PFR 20

match traffic-class access-list CS4



set mode monitor active

set active-probe echo yy.yy.55.5

set link-group R2

On R5

ip sla responder

2.8 Implement Performance Routing 2

ip access-list extended VOICE

permit udp yy.yy.44.0 0.0.0.255 any range 16384 32768 dscp ef

pfr-map PFR 30

match traffic-class access-list VOICE

set delay threshold 40



set mode monitor fast

set jitter threshold 5

set active-probe jitter yy.yy.55.5 target-port 32767

set probe frequency 2

set link-group R1 fallback R2

2.9 Implement IPv6

R1

ipv6 multicast-routingipv6 unicast-routing

ipv6 cef

int f0/0

ipv6 ospf yy area 142

ipv6 mld join-group FF15::4000:4000


12/21

int s0/0/0

ipv6 ospf yy area 142ipv6 router ospf yy

passive-interface f0/0

ipv6 pim rp-address fec1:cc1e:44::4

R2

ipv6 multicast-routing

ipv6 unicast-routing

ipv6 cef

int g0/0


int s0/0/0ipv6 ospf yy area 142

ipv6 router ospf yy


ipv6 pim rp-address fec1:cc1e:44::4

R4

ipv6 multicast-routing

ipv6 unicast-routingipv6 cef

int f0/0


int f0/1


int s0/0/0


int s0/0/1


ipv6 router ospf yy




13/21

ipv6 pim rp-address fec1:cc1e:44::4 MCAST

ipv6 access-list MCAST

permit ipv6 any FF15::4000:4000/127

2.10 Implement Advanced IPv6 feature

R1/R2/R4

ipv6 icmp error-interval 200 1

R1

ipv6 flow-export source Loopback0

ipv6 flow-export version 9

ipv6 flow-export template timeout-rate 180

ipv6 flow-export destination yy.yy.44.100 9876

ipv6 flow-aggregation cache destination-prefix

export template timeout-rate 180

cache entries 20000

cache timeout inactive 120

export version 9

export destination YY.YY.44.100 9876

enabled

int g0/0

ipv6 flow ingress

3 Section 3 IP Multicast

3.1 IPv4 Multicast (autorp)

R4

ip multicast-routing

int s0/0/0

ip pim sparse-mode

int s0/0/1

ip pim sparse-mode


14/21

int f0/0

ip pim sparse-mode

ip pim autorp listener

ip pim send-rp-discovery lo0 scope 16

R1 - R2

ip multicast-routing

int lo0

ip pim sparse-mode

int s0/0/0

ip pim sparse-mode

int f0/0

ip pim sparse-mode


ip pim send-rp-announce lo0 scope 16

SW1

ip multicast-routing distributed

int f0/1

ip pim sparse-mode

int vlan 123

ip pim sparse-mode


SW2



15/21

int vlan 33

ip pim sparse-mode

ip igmp join-group 239.y.y.1

int vlan 123

ip pim sparse-mode


SW3


int vlan 123

ip pim sparse-mode


Sw4


int vlan 123

ip pim sparse-mode

int vlan 42

ip pim sparse-mode


3.2 PIM Tuning

SW1:

int vlan 123

ip pim dr-prio

SW2:


16/21

access-list 1 deny 224.0.1.39

access-list 1 deny 224.0.1.40

access-list 1 permit any

int vlan33ip multicast boundary 1 filter-autorp

SW4:

int vlan 123

ip pim dr-prio

Section 4 Advanced Services

4.1 Network Address Translations (NAT)

SW1

interface loopback100

ip address 100.100.17.7 255.255.255.0

ip route 100.100.42.0 255.255.255.0 YY.YY.17.1

R1

ip route 100.100.42.0 255.255.255.0 YY.YY.14.4

SW4

interface loopback100

ip address 100.100.42.10 255.255.255.0

ip route 100.100.17.0 255.255.255.0 YY.YY.42.2

R2

ip route 100.100.17.0 255.255.255.0 YY.YY.24.4

R4

interface serial0/0/0

ip nat outside

interface serial0/0/1

ip nat outside


17/21

ip nat inside source static YY.YY.17.7 100.100.17.7

ip nat inside source static YY.YY.42.10 100.100.42.10

4.2 MLS QoS

SW1 SW2 SW3 SW4

mls qos

mls qos srr-queue input cos-map queue 1 1 /* Default */

mls qos srr-queue input cos-map queue 2 5 --> you have to put it

mls qos srr-queue input threshold 1 40 100

mls qos srr-queue input threshold 2 100 100 /* Default */

interface range fastethernet 0/19 24mls qos trust cos

SW1

interface range fastethernet 0/1 5

mls qos cos 1

mls qos trust cos

4.3 QoS Class Based Weighted Fair Queuing (CBWFQ)

R2

class-map BB2

match input-interface f0/1 --> interface facing the BB2

policy-map CBWFQ

class BB2

bandwidth 10000

interface fastethernet0/0

service-policy output CBWFQ

R3

class-map BB1

match input-interface f0/0 --> interface facing the BB1

policy-map CBWFQ


18/21

class BB1

bandwidth 1000

interface serial0/0

service-policy output CBWFQ

4.4 Implement Routing Protocol Authentication

SW1 SW2 SW3 SW4

no service password-encryption

interface vlan 123

ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 cisco

4.5 Implement DHCP

R4

Service DHCP

ip dhcp pool POOL

network YY.YY.44.0 255.255.255.0

default-router YY.YY.44.4

dns-server YY.YY.55.50.YY.YY.55.51domain-name cisco.com

ip dhcp excluded-address YY.YY.44.4 /* Interface fastethernet 0/0 */

ip dhcp excluded-address YY.YY.44.100 /* Printer IP Address Statically configured ... Also the IPv6

Netflow Server IP Address */

ip dhcp excluded-address YY.YY.44.200 /* Radius Server */

On SW1

ip dhcp snooping

ip dhcp snooping vlan 44

no ip dhcp snooping information option

interface fastethernet0/4

switchport mode access

switchport access vlan 44

ip dhcp snooping trust


19/21

interface fastethernet0/14switchport mode access

switchport access vlan 44

switchport port-security

switchport port-security maximum 3

switchport port-security violation shutdown /* Shutdown the port when violation occurred*/

ip dhcp snooping limit rate 100

no shutdown

4.6 Implement Layer 2 Security

ip dhcp snooping binding abcd.abcd.abcd vlan 44 YY.YY.44.100 interface fastEthernet 0/14 expiry

4294967295

ip dhcp snooping verify mac-address /* Default */

ip dhcp snooping database flash:CCIE.TXT

ip arp inspection vlan 44

interface f0/4

ip arp inspection trust

inter f0/14

ip verify source

no shutdown /* dont forget this */

exit

4.7 Web Caching Communication Protocol (WCCP)

R4

ip wccp version 2

ip wccp 61 redirect-list S_T_C

ip wccp 62 redirect-list C_T_S

ip access ext C_T_S

permit ip y.y.44.0 0.0.0.255 any

ip access ext S_T_C

permit ip any y.y.44.0 0.0.0.255


20/21

ip wccp check services all

int f0/0ip wccp 62 redirect in

int s0/0/0

ip wccp 61 redirect in

int s0/0/1

ip wccp 61 redirect in

int f0/1

ip wccp redirect exclude in

Section 5 Optimize the Network

5.1 Implement SNMPR5

snmp-server community CiscoWorks RW 55

snmp-server enable traps bgp

snmp-server host YY.YY.55.240 CiscoWorks bgp

access-list 55 permit host YY.YY.55.240

5.2 Embedded Event Manager

event manager applet ENABLE_OSPF_DEBUG

event syslog pattern ".*%OSPF-5-ADJCHG: Process y, Nbr yy.yy.5.5 on Serial0/0/0 from FULL to

DOWN.*"

action 1.0 cli command "enable"action 2.0 cli command "debug ip ospf event"

action 3.0 cli command "debug ip ospf adj"

action 4.0 syslog priority informational msg "ENABLE_OSPF_DEBUG"


21/21

event manager applet DISABLE_OSPF_DEBUG

event syslog pattern ".*%OSPF-5-ADJCHG: Process y, Nbr yy.yy.5.5 on Serial0/0/0 from LOADING to

FULL.*"

action 1.0 cli command "enable"

action 2.0 cli command "undebug all"

action 3.0 syslog priority informational msg "DISABLE_OSPF_DEBUG"logging on

logging console debugging

logging buffered debugging

K6 ++ Solution BOOK

Documents