2012年8月31日金曜日
fhnoeu
1. FRAME RELAY (2points)fhnoeu fhnoeuRequires R15 to telnet to R13 and R14 loopbacksfhnoeu※SubInt無い版fhnoeuR13fhnoeufhnoeuinterface Serial0/0fhnoeuip address 172.16.13.2 255.255.255.248fhnoeuencapsulation frame-relayfhnoeuip ospf network broadcast or point-to-multipointfhnoeuframe-relay map ip 172.16.13.4 341 broadcastfhnoeuframe-relay map ip 172.16.13.3 345 broadcastfhnoeuframe-relay lmi-type ciscofhnoeuno frame-relay inverse arpfhnoeufhnoeufhnoeuR14fhnoeuinterface Serial0/0fhnoeuip address 172.16.13.4 255.255.255.248fhnoeuencapsulation frame-relayfhnoeuip ospf network broadcast or point-to-multipointfhnoeuframe-relay map ip 172.16.13.2 314 broadcastfhnoeuframe-relay map ip 172.16.13.3 315 broadcastfhnoeuframe-relay lmi-type ciscofhnoeuno frame-relay inverse arpfhnoeufhnoeufhnoeuR15fhnoeuinterface Serial1/0fhnoeuip address 172.16.13.3 255.255.255.248fhnoeuencapsulation frame-relayfhnoeuip ospf network broadcast or point-to-multipointfhnoeuframe-relay map ip 172.16.13.4 351 broadcastfhnoeuframe-relay map ip 172.16.13.2 354 broadcastfhnoeuframe-relay lmi-type ciscofhnoeuno frame-relay inverse arpfhnoeufhnoeuVerification steps:fhnoeufhnoeufhnoeushow frame‐relay map <--DLCI should be activefhnoeush run interface s0/0/0fhnoeuR15# telnet 10.1.1.14fhnoeu....openfhnoeufhnoeufhnoeuR15# telnet 10.1.1.14fhnoeu....openfhnoeufhnoeufhnoeufhnoeufhnoeufhnoeufhnoeu2. HRSP (2 points)fhnoeu fhnoeuEnsure the output of "show standby" on R22 and R23 is the same as shown belowfhnoeufhnoeuR22 being the active unit with a priority configured of 100 (not by default), and also a track 1 configured and up, with a decrement value of 60.fhnoeuR23 is the standby unit, using the default priority value (100), no authentication, with preempt, track 1 configured and up, with a decrement value of 60.fhnoeufhnoeufhnoeufhnoeufhnoeuR22fhnoeuinterface Ethernet0/0fhnoeustandby 1 priority 100fhnoeustandby 1 track 1 decrement 60fhnoeuno standby 1 preemptfhnoeufhnoeufhnoeuR23fhnoeuinterface Ethernet0/0fhnoeuno standby 1 priority 150fhnoeuno standby 1 authentication md5 key-string ciscofhnoeustandby 1 track 1 decrement 60fhnoeufhnoeufhnoeuR21(1.1.70.0/24 だった場合)fhnoeurouter eigrp 200fhnoeuredistribute ospf 1 metric 10000 100 255 1 1500 route-map PREFIXfhnoeu!fhnoeuroute-map PREFIX permit 10fhnoeumatch ip address 1fhnoeu!fhnoeuaccess-list 1 permit 1.1.70.0 0.0.0.255fhnoeufhnoeufhnoeuR13(DefaultRouteだった場合)fhnoeu!fhnoeu!fhnoeurouter ospf 1fhnoeu area 1 nssa default-information originate allwaysfhnoeufhnoeufhnoeufhnoeufhnoeuVerification steps:fhnoeuR22/R23#show standby <--should match exactly the output givenfhnoeufhnoeufhnoeufhnoeufhnoeufhnoeufhnoeu3. NTP (2 points)fhnoeu fhnoeuR13 NTP cannot synchronize with R5, Fix itfhnoeufhnoeufhnoeuR5fhnoeuntp authentication-key 1 md5 ciscofhnoeufhnoeufhnoeuR13fhnoeuntp authentication-key 1 md5 ciscofhnoeuntp server 10.1.1.5 key 1fhnoeuntp authentication fhnoeuntp trusted-keyfhnoeufhnoeufhnoeufhnoeufhnoeufhnoeuR9fhnoeuip access-list extended deny_udpfhnoeupermit ip any anyfhnoeufhnoeufhnoeufhnoeufhnoeuR11fhnoeu!fhnoeuip access-list extended deny_udpfhnoeupermit ip any anyfhnoeufhnoeufhnoeufhnoeufhnoeuVerification steps:fhnoeuR5/R13#show ntp association detail <--should be synchronized and sanefhnoeufhnoeufhnoeufhnoeufhnoeufhnoeufhnoeufhnoeu4. PPP/RIP (2 points)fhnoeuR24 cannot ping R29 192.168.20.1, Fix itfhnoeufhnoeuR25fhnoeuusername ccie password ciscofhnoeufhnoeuinterface Serial1/0 ---> connecting to R29fhnoeuip address 172.16.9.1 255.255.255.248fhnoeuclockrate 512000fhnoeu!fhnoeufhnoeufhnoeurouter eigrp 200fhnoeuredistribute rip metric 100000 100 255 1 1500fhnoeuno auto-summaryfhnoeu!fhnoeurouter ripfhnoeuversion 2fhnoeufhnoeufhnoeufhnoeufhnoeuR29fhnoeuinterface Serial1/0fhnoeuip address 172.16.9.2 255.255.255.248fhnoeuencapsulation pppfhnoeuppp chap hostname cciefhnoeuppp chap password 0 ciscofhnoeu!fhnoeurouter ripfhnoeuversion 2fhnoeunetwork 172.16.0.0fhnoeuno auto-summaryfhnoeufhnoeufhnoeufhnoeuVerification steps:fhnoeuR25/R29#show ip interface brief <--serial1/0 should be upfhnoeuR25#show ip route <--should see the network 192.168.20.0fhnoeuR24#telnet 192.168.20.1fhnoeuopen...fhnoeufhnoeufhnoeu5. OSPF (3 points)fhnoeuR18fhnoeuno ip route X.X.X.X 0.0.0.X.172.16.12.5 --->pointing toward R17fhnoeufhnoeufhnoeuR17fhnoeuinterface Ethernet1/0fhnoeuip ospf network broadcastfhnoeu!fhnoeuip access-list extended 111fhnoeu permit icmp any anyfhnoeu!fhnoeuno ip route X.X.X.X 0.0.0.X 172.16.12.6--->pointing toward R18fhnoeufhnoeufhnoeufhnoeuR16fhnoeuinterface Ethernet2/0 ---> facing R17fhnoeuip ospf network broadcastfhnoeu!fhnoeurouter ospf 1fhnoeuarea 3 virtual-link 10.1.1.18 message-digest-key 1 md5 ciscofhnoeudistribute-list 12 in e1/0fhnoeu!fhnoeuaccess-list 12 permit anyfhnoeufhnoeufhnoeuR8fhnoeurouter ospf 1fhnoeuredistribute bgp 200 subnetsfhnoeufhnoeufhnoeuR27fhnoeurouter bgp 300fhnoeuneighbor 10.1.1.28 next-hop-selffhnoeufhnoeuSummary of issuesfhnoeuVerification steps:fhnoeufhnoeuR20#ping 10.1.1.28 source loopback0fhnoeutrying open 10.1.1.28fhnoeuuser verificationfhnoeupassword:fhnoeufhnoeufhnoeufhnoeufhnoeufhnoeufhnoeufhnoeu6. ZBFW (2 points)fhnoeuR29fhnoeuclass-map type inspect match-all telneticmpfhnoeuno match protocol icmpfhnoeufhnoeu!fhnoeuzone-pair security inbound source zoneout destination zoneinfhnoeuservice-policy type inspect inboundfhnoeuzone-pair security outbound source zonein destination zoneoutfhnoeuservice-policy type inspect outboundfhnoeu!fhnoeufhnoeuinterface Ethernet2/0<-- to R30fhnoeuzone-member security zoneinfhnoeu!fhnoeuinterface Ethernet2/1 <-- to R31fhnoeuzone-member security zoneoutfhnoeu!fhnoeuip route 10.1.1.30 255.255.255.255 172.16.39.30fhnoeuip route 10.1.1.31 255.255.255.255 172.16.129.31fhnoeufhnoeufhnoeuR30fhnoeuip route 0.0.0.0 0.0.0.0 172.16.39.29fhnoeufhnoeuR31fhnoeuip route 0.0.0.0 0.0.0.0 172.16.129.29fhnoeufhnoeuVerification steps:fhnoeufhnoeufhnoeufhnoeuR30#telnet 10.1.1.31fhnoeuTrying open 10.1.1.31fhnoeuUser verificationfhnoeu..... fhnoeuthen -->R29#show policy‐map type inspect zone-pair sessions <-- should match exactly the given outputfhnoeufhnoeufhnoeufhnoeu7. BGP (2 points)fhnoeu R28 must see two next hop for the network 1.100.100.100 in show ip bgp tablefhnoeu R28 must see 2 paths in BGP tableキ・
R28 must select path through R26キ・
Not allowed to touch AS100キ・& 300 configuration (variable depending on the Lab)fhnoeufhnoeufhnoeufhnoeuR6fhnoeurouter bgp 200fhnoeuno synchronizationfhnoeuneighbor 10.1.1.8 route-reflector-clientfhnoeuneighbor 10.1.1.8 password cisco fhnoeuno auto-summaryfhnoeufhnoeufhnoeufhnoeuR7fhnoeurouter bgp 200fhnoeuno synchronizationfhnoeubgp default local-preference 200fhnoeuno bgp maxas-limit 1fhnoeu!fhnoeuroute-map toas300 permit 10fhnoeuset metric 100fhnoeu!fhnoeufhnoeufhnoeuR8fhnoeurouter bgp 200fhnoeubgp default local-preference 200fhnoeuneighbor 10.1.1.6 password ciscofhnoeuneighbor 10.1.1.6 route-reflector-clientfhnoeu!fhnoeuroute-map toas300 permit 10fhnoeuset metric 100fhnoeu!fhnoeufhnoeufhnoeufhnoeuR26fhnoeurouter bgp 300fhnoeubgp default local-preference 200fhnoeufhnoeufhnoeufhnoeuR27fhnoeurouter bgp 300fhnoeubgp default local-preference 200fhnoeufhnoeufhnoeufhnoeuVerification steps:fhnoeuR28# sh ip bgp 1.100.100.100 <-- should see two possible next hops R26 & R2R with R26 being the preferred next hopfhnoeufhnoeufhnoeufhnoeufhnoeu8. IPv6 (2 points)fhnoeuR1 can not telnet R4 IPv6 address 2011:ABC:34::4, fix the problemfhnoeufhnoeufhnoeufhnoeuR1fhnoeuipv6 router ospf 1fhnoeurouter-id 10.1.1.1fhnoeufhnoeufhnoeuR3fhnoeuinterface Ethernet1/0fhnoeuipv6 traffic-filter filter infhnoeu!fhnoeuipv6 access-list filterfhnoeupermit 89 any host FF02::5 seq 1 <-- OSPFv3 Multicast dest IPfhnoeupermit 89 any host FF02::6 seq 2fhnoeupermit 89 host <R1 link local> host <R3 link local> seq 3fhnoeupermit icmp any any seq 4fhnoeudeny ipv6 any any fhnoeufhnoeufhnoeufhnoeuR4fhnoeuipv6 router ospf 1fhnoeurouter-id 10.1.1.4fhnoeuSummary of issuesfhnoeufhnoeuVerification steps:fhnoeufhnoeufhnoeufhnoeuR1# ping 2011:ABC:34::4fhnoeufhnoeufhnoeufhnoeufhnoeufhnoeu9. MST (2 points)fhnoeuR10 must reach R9 in a single hop, SW1 (or SW2) is not allowed to be touchedfhnoeufhnoeufhnoeuSW2fhnoeuint e0/1fhnoeuspanning-tree mst 1 port-priority 0fhnoeu!fhnoeufhnoeuR9fhnoeuでroute-map が入ってる場合は新しいのをもうひとつつくること。fhnoeub. R9 Exiting route-map dropping some traffic <-- the route map selects certain traffic and has an explicit deny. Put another route‐map with the permit statementfhnoeuroute-map kakuninnhituyoufhnoeumatch ip add 1fhnoeufhnoeufhnoeufhnoeufhnoeu10. MSDP (3 points)fhnoeuR13 cannot ping R28 group 224.8.8.8 in AS 200, Fix itfhnoeu(R8->R6->R2)->(R1->R3->R5)->R9->R11->R13fhnoeuAS200 AS100fhnoeufhnoeuR8fhnoeuinterface Ethernet0/0fhnoeuip pim sparse-dense-modefhnoeufhnoeufhnoeufhnoeuR6fhnoeuinterface Ethernet0/0fhnoeuip pim sparse-dense-modefhnoeu!fhnoeuip pim rp-address 10.1.1.2fhnoeufhnoeufhnoeufhnoeuR2fhnoeuip msdp peer 200.0.0.3 connect-source Loopback1 remote-as 100fhnoeu!fhnoeuip pim rp-address 10.1.1.2fhnoeufhnoeuR1fhnoeurouter bgp 100fhnoeuaddress-family ipv4 multicastfhnoeu redistribute ospf 1 fhnoeu exit-address-familyfhnoeufhnoeufhnoeufhnoeuR3fhnoeuip msdp peer 200.0.0.3 connect-source loopback 1 remote-as 200fhnoeu!fhnoeuip pim rp-address 10.1.1.3fhnoeufhnoeufhnoeufhnoeufhnoeuR9fhnoeuaccess-list 10 permit any fhnoeuip pim rp-address 10.1.1.3fhnoeufhnoeufhnoeufhnoeu
2012年8月29日水曜日
おりょりょ
R1
vlan database
vlan 2
exi
conf t
ho R1
int vlan 2
ip add 1.1.2.1 255.255.255.0
no shut
int fa1/2
swi mode acce
swi acce vlan 2
int fa0/0
ip add 2.2.2.1 255.255.255.0
no shut
ip route 0.0.0.0 0.0.0.0 2.2.2.2
ip route 1.1.2.2 255.255.255.0 2.2.2.2
ip route 10.10.10.0 255.255.255.0 1.1.2.22
R2
vlan database
vlan 2
exi
conf t
ho R2
int vlan 2
ip add 1.1.2.2 255.255.255.0
no shut
int fa1/2
swi mode acce
swi acce vlan 2
int fa0/0
ip add 2.2.2.2 255.255.255.0
no shut
int lo 0
ip add 10.10.10.2 255.255.255.255
2012年8月14日火曜日
2012年8月13日月曜日
jfreoialjfiqofiqo
1. FRAME RELAY (2points)jfreoialjfiqofiqo jfreoialjfiqofiqoRequires R15 to telnet to R13 and R14 loopbacksjfreoialjfiqofiqo※SubInt無い版jfreoialjfiqofiqojfreoialjfiqofiqoR13jfreoialjfiqofiqojfreoialjfiqofiqointerface Serial0/0jfreoialjfiqofiqoip address 172.16.13.2 255.255.255.252jfreoialjfiqofiqoip ospf authentication message-digestjfreoialjfiqofiqoip ospf message-digest-key 1 md5 ciscojfreoialjfiqofiqoip ospf network point-to-pointjfreoialjfiqofiqoip ospf priority 255jfreoialjfiqofiqoserial restart-delay 0jfreoialjfiqofiqono snmp trap link-statusjfreoialjfiqofiqono fair-queuejfreoialjfiqofiqoframe-relay map ip 172.16.13.1 341jfreoialjfiqofiqoframe-relay map ip 172.16.13.3 345jfreoialjfiqofiqoip pim sparse-dense-modejfreoialjfiqofiqojfreoialjfiqofiqoR14jfreoialjfiqofiqojfreoialjfiqofiqointerface Serial0/0jfreoialjfiqofiqoip address 172.16.13.3 255.255.255.252jfreoialjfiqofiqoip ospf authentication message-digestjfreoialjfiqofiqoip ospf message-digest-key 1 md5 ciscojfreoialjfiqofiqoip ospf network point-to-pointtjfreoialjfiqofiqoserial restart-delay 0jfreoialjfiqofiqono fair-queuejfreoialjfiqofiqoframe-relay lmi-type ansijfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR15jfreoialjfiqofiqojfreoialjfiqofiqointerface Serial1/0jfreoialjfiqofiqoip address 172.16.13.1 255.255.255.252jfreoialjfiqofiqoip ospf authentication message-digestjfreoialjfiqofiqoip ospf message-digest-key 1 md5 ciscojfreoialjfiqofiqoip ospf network point-to-pointjfreoialjfiqofiqoserial restart-delay 0jfreoialjfiqofiqono fair-queuejfreoialjfiqofiqoframe-relay lmi-type ansijfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqo2. HRSP (2 points)jfreoialjfiqofiqo jfreoialjfiqofiqoEnsure the output of "show standby" on R22 and R23 is the same as shown belowjfreoialjfiqofiqojfreoialjfiqofiqoR22 being the active unit with a priority configured of 100 (not by default), and also a track 1 configured and up, with a decrement value of 60.jfreoialjfiqofiqoR23 is the standby unit, using the default priority value (100), no authentication, with preempt, track 1 configured and up, with a decrement value of 60.jfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoInitial Configs ()jfreoialjfiqofiqoR22jfreoialjfiqofiqotrack 1 ip route 0.0.0.0 0.0.0.0 reachability→R13へjfreoialjfiqofiqotrack 1 ip route 1.1.70.0 255.255.255.0 reachability→R21へjfreoialjfiqofiqo!jfreoialjfiqofiqointerface Ethernet0/0jfreoialjfiqofiqoip address 172.16.10.10 255.255.255.248jfreoialjfiqofiqohalf-duplexjfreoialjfiqofiqostandby 1 ip 172.16.10.14jfreoialjfiqofiqostandby 1 priority 150jfreoialjfiqofiqostandby 1 preemptjfreoialjfiqofiqostandby 1 track 1 shutdownjfreoialjfiqofiqojfreoialjfiqofiqoR23jfreoialjfiqofiqo!jfreoialjfiqofiqointerface Ethernet0/0jfreoialjfiqofiqoip address 172.16.10.11 255.255.255.248jfreoialjfiqofiqohalf-duplexjfreoialjfiqofiqostandby 1 ip 172.16.10.14jfreoialjfiqofiqostandby 1 priority 150jfreoialjfiqofiqostandby 1 track 1 shutdownjfreoialjfiqofiqostandby 1 preemptjfreoialjfiqofiqostandby 1 authentication md5 key-string ciscojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR21(1.1.70.0/24 だった場合)jfreoialjfiqofiqorouter eigrp 200jfreoialjfiqofiqoredistribute ospf 1 route-map PREFIXjfreoialjfiqofiqonetwork 172.16.10.22 0.0.0.0jfreoialjfiqofiqonetwork 172.16.10.26 0.0.0.0jfreoialjfiqofiqono auto-summaryjfreoialjfiqofiqo!jfreoialjfiqofiqoroute-map PREFIX permit 10jfreoialjfiqofiqomatch ip address 1jfreoialjfiqofiqo!jfreoialjfiqofiqoaccess-list 1 permit 10.0.0.0 0.255.255.255jfreoialjfiqofiqoaccess-list 1 permit 172.16.0.0 0.0.255.255jfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR13(DefaultRouteだった場合)jfreoialjfiqofiqo!jfreoialjfiqofiqo!jfreoialjfiqofiqorouter ospf 1jfreoialjfiqofiqo log-adjacency-changesjfreoialjfiqofiqo area 1 nssajfreoialjfiqofiqo network 10.1.1.13 0.0.0.0 area 0jfreoialjfiqofiqo network 172.16.13.2 0.0.0.0 area 1jfreoialjfiqofiqo network 172.16.14.42 0.0.0.0 area 0jfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqo3. NTP (2 points)jfreoialjfiqofiqo jfreoialjfiqofiqoR13 NTP cannot synchronize with R5, Fix itjfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoInitial Configs ()jfreoialjfiqofiqoR5jfreoialjfiqofiqontp authentication-key 1 md5 030758020337jfreoialjfiqofiqontp master 2jfreoialjfiqofiqojfreoialjfiqofiqoR13jfreoialjfiqofiqojfreoialjfiqofiqontp authentication-key 1 md5 ciscojfreoialjfiqofiqontp server 10.1.1.5 key 1jfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR9jfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqointerface Ethernet0/0jfreoialjfiqofiqoip address 172.16.14.1 255.255.255.248jfreoialjfiqofiqoip pim sparse-dense-modejfreoialjfiqofiqoip ospf authentication message-digestjfreoialjfiqofiqoip ospf message-digest-key 1 md5 ciscojfreoialjfiqofiqoip igmp access-group 10jfreoialjfiqofiqoip access-group deny_udp injfreoialjfiqofiqohalf-duplexjfreoialjfiqofiqo!jfreoialjfiqofiqojfreoialjfiqofiqoip access-list extended deny_udpjfreoialjfiqofiqodeny udp any any eq ntpjfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR11jfreoialjfiqofiqojfreoialjfiqofiqointerface Ethernet1/0jfreoialjfiqofiqoip address 172.16.14.34 255.255.255.248jfreoialjfiqofiqoip ospf authentication message-digestjfreoialjfiqofiqoip ospf message-digest-key 1 md5 ciscojfreoialjfiqofiqoip pim sparse-dense-modejfreoialjfiqofiqoip access-group deny_udp injfreoialjfiqofiqohalf-duplexjfreoialjfiqofiqo!jfreoialjfiqofiqojfreoialjfiqofiqoip access-list extended deny_udpjfreoialjfiqofiqodeny udp any any eq ntpjfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoSummary of issuesjfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoVerification steps:jfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR5/R13#show ntp association detail <--should be synchronized and sanejfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqo4. PPP/RIP (2 points)jfreoialjfiqofiqo jfreoialjfiqofiqoR24 cannot ping R29 192.168.20.1, Fix itjfreoialjfiqofiqojfreoialjfiqofiqoInitial Configs ()jfreoialjfiqofiqoR25jfreoialjfiqofiqoservice password-encryptionjfreoialjfiqofiqo!jfreoialjfiqofiqojfreoialjfiqofiqointerface Serial1/0 ---> connecting to R29jfreoialjfiqofiqoip address 172.16.9.1 255.255.255.248jfreoialjfiqofiqoencapsulation pppjfreoialjfiqofiqoserial restart-delay 0jfreoialjfiqofiqono fair-queuejfreoialjfiqofiqoppp authentication chapjfreoialjfiqofiqo!jfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqorouter eigrp 200jfreoialjfiqofiqoredistribute rip metric 100000 100 255 1 1500jfreoialjfiqofiqonetwork 10.1.1.25 0.0.0.0jfreoialjfiqofiqonetwork 172.16.10.77 0.0.0.0jfreoialjfiqofiqono auto-summaryjfreoialjfiqofiqo!jfreoialjfiqofiqorouter ripjfreoialjfiqofiqoversion 1jfreoialjfiqofiqonetwork 172.16.0.0jfreoialjfiqofiqono auto-summaryjfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR29jfreoialjfiqofiqono service password-encryptionjfreoialjfiqofiqo!jfreoialjfiqofiqointerface Loopback1jfreoialjfiqofiqoip address 192.168.20.1 255.255.255.255jfreoialjfiqofiqo!jfreoialjfiqofiqointerface Serial1/0jfreoialjfiqofiqoip address 172.16.9.2 255.255.255.248jfreoialjfiqofiqoencapsulation pppjfreoialjfiqofiqoserial restart-delay 0jfreoialjfiqofiqono fair-queuejfreoialjfiqofiqoppp chap hostname cciejfreoialjfiqofiqoppp chap password 0 ciscojfreoialjfiqofiqo!jfreoialjfiqofiqorouter ripjfreoialjfiqofiqoversion 2jfreoialjfiqofiqonetwork 172.16.0.0jfreoialjfiqofiqono auto-summaryjfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoVerification steps:jfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR25/R29#show ip interface brief <--serial1/0 should be upjfreoialjfiqofiqoR25#show ip route <--should see the network 192.168.20.0jfreoialjfiqofiqoR24#telnet 192.168.20.1jfreoialjfiqofiqoopen...jfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqo5. OSPF (3 points)jfreoialjfiqofiqo jfreoialjfiqofiqoPC 10.1.1.20 on R20 cannot ping PC 10.1.1.28 on R28, Fix itjfreoialjfiqofiqojfreoialjfiqofiqoInitial Configs ()jfreoialjfiqofiqoR18jfreoialjfiqofiqojfreoialjfiqofiqorouter ospf 1jfreoialjfiqofiqorouter-id 10.1.1.18jfreoialjfiqofiqolog-adjacency-changesjfreoialjfiqofiqoarea 3 virtual-link 10.1.1.16 authentication message-digestjfreoialjfiqofiqoarea 3 virtual-link 10.1.1.16 message-digest-key 1 md5 ciscojfreoialjfiqofiqonetwork 10.1.1.18 0.0.0.0 area 0jfreoialjfiqofiqonetwork 10.10.10.1 0.0.0.0 area 0jfreoialjfiqofiqonetwork 172.16.12.6 0.0.0.0 area 3jfreoialjfiqofiqo!jfreoialjfiqofiqoip route X.X.X.X 0.0.0.X.172.16.12.5 --->pointing toward R17jfreoialjfiqofiqojfreoialjfiqofiqoR17jfreoialjfiqofiqojfreoialjfiqofiqointerface Ethernet0/0jfreoialjfiqofiqoip address 172.16.12.5 255.255.255.252jfreoialjfiqofiqoip access-group 111 injfreoialjfiqofiqohalf-duplexjfreoialjfiqofiqo!jfreoialjfiqofiqojfreoialjfiqofiqointerface Ethernet1/0jfreoialjfiqofiqoip address 172.16.12.2 255.255.255.252jfreoialjfiqofiqoip ospf network point-to-pointjfreoialjfiqofiqohalf-duplexjfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoip access-list extended 111jfreoialjfiqofiqo deny icmp any anyjfreoialjfiqofiqo permit udp any anyjfreoialjfiqofiqo permit ospf any anyjfreoialjfiqofiqo permit tcp any anyjfreoialjfiqofiqo!jfreoialjfiqofiqoip route X.X.X.X 0.0.0.X 172.16.12.6 --->pointing toward R18jfreoialjfiqofiqojfreoialjfiqofiqoR16jfreoialjfiqofiqointerface Ethernet2/0 ---> facing R17jfreoialjfiqofiqoip address 172.16.12.1 255.255.255.252jfreoialjfiqofiqoip ospf network broadcastjfreoialjfiqofiqohalf-duplexjfreoialjfiqofiqo!jfreoialjfiqofiqorouter ospf 1jfreoialjfiqofiqorouter-id 10.1.1.16jfreoialjfiqofiqolog-adjacency-changesjfreoialjfiqofiqoarea 3 virtual-link 10.1.1.18 authentication message-digestjfreoialjfiqofiqoarea 3 virtual-link 10.1.1.18 message-digest-key 1 md5 cisc0jfreoialjfiqofiqonetwork 10.1.1.16 0.0.0.0 area 3jfreoialjfiqofiqonetwork 172.16.12.1 0.0.0.0 area 3jfreoialjfiqofiqonetwork 172.32.10.2 0.0.0.0 area 1jfreoialjfiqofiqodistribute-list 12 in e1/0jfreoialjfiqofiqojfreoialjfiqofiqoR8jfreoialjfiqofiqojfreoialjfiqofiqorouter eigrp 200jfreoialjfiqofiqoredistribute ospf 1 metric 100000 100 255 1 1500jfreoialjfiqofiqonetwork 10.1.1.8 0.0.0.0jfreoialjfiqofiqonetwork 172.16.16.21 0.0.0.0jfreoialjfiqofiqono auto-summaryjfreoialjfiqofiqo!jfreoialjfiqofiqorouter ospf 1jfreoialjfiqofiqolog-adjacency-changesjfreoialjfiqofiqoredistribute eigrp 200 subnetsjfreoialjfiqofiqonetwork 172.32.10.1 0.0.0.0 area 1jfreoialjfiqofiqo!jfreoialjfiqofiqorouter bgp 200jfreoialjfiqofiqono synchronizationjfreoialjfiqofiqobgp log-neighbor-changesjfreoialjfiqofiqonetwork 10.1.1.8 mask 255.255.255.255jfreoialjfiqofiqoneighbor 10.1.1.6 remote-as 200jfreoialjfiqofiqoneighbor 10.1.1.6 password ciscojfreoialjfiqofiqoneighbor 10.1.1.6 update-source Loopback0jfreoialjfiqofiqoneighbor 10.1.1.6 route-reflector-clientjfreoialjfiqofiqoneighbor 10.1.1.6 next-hop-selfjfreoialjfiqofiqoneighbor 197.68.3.2 remote-as 300jfreoialjfiqofiqoredistribute ospf 1jfreoialjfiqofiqono auto-summaryjfreoialjfiqofiqojfreoialjfiqofiqoR27jfreoialjfiqofiqorouter ospf 1jfreoialjfiqofiqolog-adjacency-changesjfreoialjfiqofiqonetwork 10.1.1.27 0.0.0.0 area 0jfreoialjfiqofiqonetwork 172.16.17.9 0.0.0.0 area 0jfreoialjfiqofiqo!jfreoialjfiqofiqorouter bgp 300jfreoialjfiqofiqono synchronizationjfreoialjfiqofiqobgp log-neighbor-changesjfreoialjfiqofiqobgp default local-preference 200jfreoialjfiqofiqonetwork 10.1.1.27 mask 255.255.255.255jfreoialjfiqofiqoneighbor 10.1.1.28 remote-as 300jfreoialjfiqofiqoneighbor 10.1.1.28 update-source Loopback0jfreoialjfiqofiqoneighbor 197.68.3.1 remote-as 200jfreoialjfiqofiqono auto-summaryjfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqo6. ZBFW (2 points)jfreoialjfiqofiqo jfreoialjfiqofiqoR30 cannot telnet R31, fix itjfreoialjfiqofiqoR30#telnet 10.1.1.31jfreoialjfiqofiqoTrying open 10.1.1.31jfreoialjfiqofiqoUser verificationjfreoialjfiqofiqo..... jfreoialjfiqofiqo--> Should match the given "show policy‐map type inspect zone-pair sessions" output. R31 is in outside zone, R30 was in inside zone.jfreoialjfiqofiqojfreoialjfiqofiqoInitial Configs ()jfreoialjfiqofiqoR29jfreoialjfiqofiqoclass-map type inspect match-all telneticmpjfreoialjfiqofiqomatch protocol telnetjfreoialjfiqofiqomatch protocol icmpjfreoialjfiqofiqoclass-map type inspect match-all httpjfreoialjfiqofiqomatch protocol httpjfreoialjfiqofiqoclass-map type inspect match-all outboundjfreoialjfiqofiqomatch access-group name from R30toR31jfreoialjfiqofiqo!jfreoialjfiqofiqo!jfreoialjfiqofiqopolicy-map type inspect outboundjfreoialjfiqofiqoclass type inspect outboundjfreoialjfiqofiqo inspectjfreoialjfiqofiqopolicy-map type inspect inboundjfreoialjfiqofiqoclass type inspect telneticmpjfreoialjfiqofiqo inspectjfreoialjfiqofiqoclass type inspect httpjfreoialjfiqofiqo inspectjfreoialjfiqofiqo!jfreoialjfiqofiqozone security zoneinjfreoialjfiqofiqozone security zoneoutjfreoialjfiqofiqo!jfreoialjfiqofiqo!jfreoialjfiqofiqo!jfreoialjfiqofiqo!jfreoialjfiqofiqo!jfreoialjfiqofiqozone-pair security inbound source zoneout destination zoneinjfreoialjfiqofiqozone-pair security outbound source zonein destination zoneoutjfreoialjfiqofiqo!jfreoialjfiqofiqojfreoialjfiqofiqointerface Ethernet2/0<-- to R30jfreoialjfiqofiqoip address 172.16.39.29 255.255.255.248jfreoialjfiqofiqono shutdownjfreoialjfiqofiqozone-member security zoneoutjfreoialjfiqofiqohalf-duplexjfreoialjfiqofiqo!jfreoialjfiqofiqointerface Ethernet2/1 <-- to R31jfreoialjfiqofiqoip address 172.16.129.29 255.255.255.248jfreoialjfiqofiqono shutdownjfreoialjfiqofiqozone-member security zoneinjfreoialjfiqofiqohalf-duplexjfreoialjfiqofiqo!jfreoialjfiqofiqoip access-list extended R30toR31jfreoialjfiqofiqopermit ip host 172.16.39.30 host 10.1.1.31jfreoialjfiqofiqopermit ip host 10.1.1.30 host 10.1.1.31jfreoialjfiqofiqopermit ip host 10.1.1.30 host 172.16.129.31jfreoialjfiqofiqopermit ip host 172.16.39.30 host 172.16.129.31jfreoialjfiqofiqo!jfreoialjfiqofiqojfreoialjfiqofiqorouter ripjfreoialjfiqofiqoversion 2jfreoialjfiqofiqonetwork 172.16.0.0jfreoialjfiqofiqonetwork 192.168.20.0jfreoialjfiqofiqono auto-summaryjfreoialjfiqofiqojfreoialjfiqofiqoR30jfreoialjfiqofiqointerface Loopback0jfreoialjfiqofiqoip address 10.1.1.30 255.255.255.255jfreoialjfiqofiqo!jfreoialjfiqofiqointerface Ethernet0/0jfreoialjfiqofiqoip address 172.16.39.30 255.255.255.248jfreoialjfiqofiqohalf-duplexjfreoialjfiqofiqono shutdownjfreoialjfiqofiqo!jfreoialjfiqofiqojfreoialjfiqofiqoR31jfreoialjfiqofiqojfreoialjfiqofiqointerface Loopback0jfreoialjfiqofiqoip address 10.1.1.31 255.255.255.255jfreoialjfiqofiqo!jfreoialjfiqofiqointerface Ethernet0/0jfreoialjfiqofiqoip address 172.16.129.31 255.255.255.248jfreoialjfiqofiqohalf-duplexjfreoialjfiqofiqono shutdownjfreoialjfiqofiqo!jfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqo7. BGP (2 points)jfreoialjfiqofiqo jfreoialjfiqofiqoR28 must see two next hop for the network 1.100.100.100 in show ip bgp tablejfreoialjfiqofiqo R28 must see 2 paths in BGP tableキ・
R28 must select path through R26キ・
Not allowed to touch AS100キ・& 300 configuration (variable depending on the Lab)jfreoialjfiqofiqojfreoialjfiqofiqoInitial Configs ()jfreoialjfiqofiqoR6jfreoialjfiqofiqorouter bgp 200jfreoialjfiqofiqono synchronizationjfreoialjfiqofiqobgp log-neighbor-changesjfreoialjfiqofiqonetwork 10.1.1.6 mask 255.255.255.255jfreoialjfiqofiqoneighbor 10.1.1.2 remote-as 200jfreoialjfiqofiqoneighbor 10.1.1.2 update-source Loopback0jfreoialjfiqofiqoneighbor 10.1.1.2 route-reflector-clientjfreoialjfiqofiqoneighbor 10.1.1.7 remote-as 200jfreoialjfiqofiqoneighbor 10.1.1.7 update-source Loopback0jfreoialjfiqofiqoneighbor 10.1.1.7 route-reflector-clientjfreoialjfiqofiqoneighbor 10.1.1.8 remote-as 200jfreoialjfiqofiqoneighbor 10.1.1.8 update-source Loopback0 jfreoialjfiqofiqono auto-summaryjfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR7jfreoialjfiqofiqojfreoialjfiqofiqorouter bgp 200jfreoialjfiqofiqosynchronizationjfreoialjfiqofiqobgp log-neighbor-changesjfreoialjfiqofiqonetwork 10.1.1.7 mask 255.255.255.255jfreoialjfiqofiqobgp maxas-limit 1jfreoialjfiqofiqoneighbor 10.1.1.6 remote-as 200jfreoialjfiqofiqoneighbor 10.1.1.6 update-source Loopback0jfreoialjfiqofiqoneighbor 10.1.1.6 route-reflector-clientjfreoialjfiqofiqoneighbor 10.1.1.6 next-hop-selfjfreoialjfiqofiqoneighbor 197.68.2.2 remote-as 300jfreoialjfiqofiqoneighbor 197.68.2.2 route-map toas300 outjfreoialjfiqofiqono auto-summaryjfreoialjfiqofiqo!jfreoialjfiqofiqoroute-map toas300 permit 10jfreoialjfiqofiqomatch ip address toas300jfreoialjfiqofiqoset metric 99jfreoialjfiqofiqo!jfreoialjfiqofiqoip access-list extended toas300jfreoialjfiqofiqopermit ip any anyjfreoialjfiqofiqojfreoialjfiqofiqoR8jfreoialjfiqofiqorouter bgp 200jfreoialjfiqofiqono synchronizationjfreoialjfiqofiqobgp log-neighbor-changesjfreoialjfiqofiqonetwork 10.1.1.8 mask 255.255.255.255jfreoialjfiqofiqoneighbor 10.1.1.6 remote-as 200jfreoialjfiqofiqoneighbor 10.1.1.6 password cisc0jfreoialjfiqofiqoneighbor 10.1.1.6 update-source Loopback0jfreoialjfiqofiqoneighbor 10.1.1.6 next-hop-selfjfreoialjfiqofiqoneighbor 197.68.3.2 remote-as 300jfreoialjfiqofiqoneighbor 197.68.3.2 route-map toas300 outjfreoialjfiqofiqoredistribute ospf 1jfreoialjfiqofiqono auto-summaryjfreoialjfiqofiqo!jfreoialjfiqofiqoroute-map toas300 permit 10jfreoialjfiqofiqomatch ip address toas300jfreoialjfiqofiqo!jfreoialjfiqofiqoip access-list extended toas300jfreoialjfiqofiqopermit ip any anyjfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR26jfreoialjfiqofiqorouter bgp 300jfreoialjfiqofiqono synchronizationjfreoialjfiqofiqobgp log-neighbor-changesjfreoialjfiqofiqonetwork 10.1.1.26 mask 255.255.255.255jfreoialjfiqofiqoneighbor 10.1.1.28 remote-as 300jfreoialjfiqofiqoneighbor 10.1.1.28 update-source Loopback0jfreoialjfiqofiqoneighbor 197.68.2.1 remote-as 200jfreoialjfiqofiqono auto-summaryjfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR27jfreoialjfiqofiqorouter bgp 300jfreoialjfiqofiqono synchronizationjfreoialjfiqofiqobgp log-neighbor-changesjfreoialjfiqofiqonetwork 10.1.1.27 mask 255.255.255.255jfreoialjfiqofiqoneighbor 10.1.1.28 remote-as 300jfreoialjfiqofiqoneighbor 10.1.1.28 update-source Loopback0jfreoialjfiqofiqoneighbor 197.68.3.1 remote-as 200jfreoialjfiqofiqono auto-summaryjfreoialjfiqofiqojfreoialjfiqofiqoSummary of issuesjfreoialjfiqofiqojfreoialjfiqofiqoa. R7/R8 Metric (MED) mismatch <-- Make sure R7 and R8 have the same MED value to their neighbor R26 and R27.jfreoialjfiqofiqob. R7 Synchronization enabled <-- disable it "no synchronization"jfreoialjfiqofiqoc. R7 maxas-limit enabled <-- remove that commandjfreoialjfiqofiqod. R7/R8 BGP local-preference mismatch <-- Make sure they have the same value.jfreoialjfiqofiqoe. R6 missing route-reflector-client command to neighbor R8 <-- put that commandjfreoialjfiqofiqoOthers possible issues being reported:jfreoialjfiqofiqo- R26 next-hop-self command missing (if permission is not restricted to touch AS 300)jfreoialjfiqofiqo- R6/R6 BGP password mismatchjfreoialjfiqofiqo- R26/R27 bgp local-preference value mismatchjfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoVerification steps:jfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR28# sh ip bgp 1.100.100.100 <-- should see two possible next hops R26 & R2R with R26 being the preferred next hopjfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqo8. IPv6 (2 points)jfreoialjfiqofiqo jfreoialjfiqofiqoR1 can not telnet R4 IPv6 address 2011:ABC:34::4, fix the problemjfreoialjfiqofiqojfreoialjfiqofiqoNote: Not allowed to delete any configuration!jfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoInitial Configs ()jfreoialjfiqofiqoR1jfreoialjfiqofiqoipv6 unicast-routingjfreoialjfiqofiqo!jfreoialjfiqofiqointerface Loopback1jfreoialjfiqofiqo ip address 10.1.1.1 255.255.255.255jfreoialjfiqofiqo ip pim sparse-dense-modejfreoialjfiqofiqo!jfreoialjfiqofiqointerface Ethernet1/0jfreoialjfiqofiqoip address 172.16.15.1 255.255.255.248jfreoialjfiqofiqoip pim sparse-dense-modejfreoialjfiqofiqohalf-duplexjfreoialjfiqofiqoipv6 address 2011:ABC:13::1/64jfreoialjfiqofiqoipv6 ospf 1 area 0jfreoialjfiqofiqo!jfreoialjfiqofiqoipv6 router ospf 1jfreoialjfiqofiqolog-adjacency-changesjfreoialjfiqofiqorouter-id 10.1.1.4jfreoialjfiqofiqojfreoialjfiqofiqoR3jfreoialjfiqofiqoipv6 unicast-routingjfreoialjfiqofiqo!jfreoialjfiqofiqointerface Ethernet0/0jfreoialjfiqofiqoip address 172.16.15.9 255.255.255.248jfreoialjfiqofiqoip pim sparse-dense-modejfreoialjfiqofiqohalf-duplexjfreoialjfiqofiqoipv6 address 2011:ABC:34::3/64jfreoialjfiqofiqoipv6 ospf 1 area 0jfreoialjfiqofiqo!jfreoialjfiqofiqointerface Ethernet1/0jfreoialjfiqofiqoip address 172.16.15.2 255.255.255.248jfreoialjfiqofiqoip pim sparse-dense-modejfreoialjfiqofiqohalf-duplexjfreoialjfiqofiqoipv6 address 2011:ABC:13::3/64jfreoialjfiqofiqoipv6 ospf 1 area 0jfreoialjfiqofiqoipv6 traffic-filter filter injfreoialjfiqofiqo!jfreoialjfiqofiqoipv6 access-list filterjfreoialjfiqofiqodeny ipv6 any any routingjfreoialjfiqofiqojfreoialjfiqofiqoR4jfreoialjfiqofiqoipv6 unicast-routingjfreoialjfiqofiqojfreoialjfiqofiqointerface Ethernet0/0jfreoialjfiqofiqoip address 172.16.15.10 255.255.255.248jfreoialjfiqofiqoip pim sparse-dense-modejfreoialjfiqofiqohalf-duplexjfreoialjfiqofiqoipv6 address 2011:ABC:34::4/64jfreoialjfiqofiqoipv6 ospf 1 area 0jfreoialjfiqofiqo!jfreoialjfiqofiqoipv6 router ospf 1jfreoialjfiqofiqolog-adjacency-changesjfreoialjfiqofiqojfreoialjfiqofiqoSummary of issuesjfreoialjfiqofiqojfreoialjfiqofiqoa. R3 ACL Blocking Ipv6 traffic <-- should add explicit rules for link‐local addressesjfreoialjfiqofiqoipv6 access-list filterjfreoialjfiqofiqojfreoialjfiqofiqopermit 89 any host FF02::5 seq 1 <-- OSPFv3 Multicast dest IPjfreoialjfiqofiqopermit 89 any host FF02::6 seq 2jfreoialjfiqofiqopermit 89 host <R1 link local> host <R3 link local> seq 3jfreoialjfiqofiqopermit icmp any any seq 4jfreoialjfiqofiqodeny ipv6 any any (by default seq 10) <-- don't touchjfreoialjfiqofiqob. R1/R4 Duplicate router-id <-- make sure R1 router-id is set to its Loopback1 IPjfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoVerification steps:jfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR1# ping 2011:ABC:34::4jfreoialjfiqofiqojfreoialjfiqofiqo9. MST (2 points)jfreoialjfiqofiqo jfreoialjfiqofiqoR10 must reach R9 in a single hop, SW1 (or SW2) is not allowed to be touchedjfreoialjfiqofiqoSW1jfreoialjfiqofiqohostname SW1jfreoialjfiqofiqono aaa new-modeljfreoialjfiqofiqoclock timezone CSRT 8jfreoialjfiqofiqo!jfreoialjfiqofiqoip cefjfreoialjfiqofiqo!jfreoialjfiqofiqono ipv6 cefjfreoialjfiqofiqo!jfreoialjfiqofiqospanning-tree mode mstjfreoialjfiqofiqospanning-tree extended system-idjfreoialjfiqofiqo!jfreoialjfiqofiqospanning-tree mst configurationjfreoialjfiqofiqoname ciscojfreoialjfiqofiqoinstance 1 vlan 102,119jfreoialjfiqofiqoinstance 2 vlan 109,129jfreoialjfiqofiqo!jfreoialjfiqofiqospanning-tree mst 2 priority 0jfreoialjfiqofiqovlan internal allocation policy ascendeingjfreoialjfiqofiqo!jfreoialjfiqofiqoint e0/0jfreoialjfiqofiqoswi jfreoialjfiqofiqoswi acce vlan 102jfreoialjfiqofiqoswi mode acce jfreoialjfiqofiqo!jfreoialjfiqofiqoint e0/1jfreoialjfiqofiqoswi jfreoialjfiqofiqoshutdownjfreoialjfiqofiqo!jfreoialjfiqofiqoint e0/2jfreoialjfiqofiqoswi jfreoialjfiqofiqoswi acce vlan 129jfreoialjfiqofiqoswi mode accejfreoialjfiqofiqo!jfreoialjfiqofiqoint e0/3jfreoialjfiqofiqoswi jfreoialjfiqofiqoswi acce vlan 109jfreoialjfiqofiqoswi mode accejfreoialjfiqofiqo!jfreoialjfiqofiqoint e1/0jfreoialjfiqofiqoswi jfreoialjfiqofiqoswi acce vlan 102jfreoialjfiqofiqoswi mode accejfreoialjfiqofiqo!jfreoialjfiqofiqoint e1/1jfreoialjfiqofiqoswi jfreoialjfiqofiqoshutjfreoialjfiqofiqo!jfreoialjfiqofiqoint 1/2jfreoialjfiqofiqoswi jfreoialjfiqofiqoswi acce vlan 110jfreoialjfiqofiqoswi mode accejfreoialjfiqofiqo!jfreoialjfiqofiqoint e1/3jfreoialjfiqofiqoswijfreoialjfiqofiqoshutjfreoialjfiqofiqo!jfreoialjfiqofiqoint e2/0jfreoialjfiqofiqoswi jfreoialjfiqofiqoswi trunk encapsualtion dot1qjfreoialjfiqofiqoswi mode trunkjfreoialjfiqofiqo!jfreoialjfiqofiqoint e2/1jfreoialjfiqofiqoswijfreoialjfiqofiqoswi trunk enc dot1qjfreoialjfiqofiqoswi mode trunkjfreoialjfiqofiqoshutjfreoialjfiqofiqo!jfreoialjfiqofiqoint e2/2jfreoialjfiqofiqoswijfreoialjfiqofiqoshutjfreoialjfiqofiqo!jfreoialjfiqofiqoint e2/3jfreoialjfiqofiqoswijfreoialjfiqofiqoshutjfreoialjfiqofiqojfreoialjfiqofiqoSW2jfreoialjfiqofiqohostname SW2jfreoialjfiqofiqono aaa new-modeljfreoialjfiqofiqoclock timezone CSRT 8jfreoialjfiqofiqo!jfreoialjfiqofiqoip cefjfreoialjfiqofiqo!jfreoialjfiqofiqono ipv6 cefjfreoialjfiqofiqo!jfreoialjfiqofiqospanning-tree mode mstjfreoialjfiqofiqospanning-tree extended system-idjfreoialjfiqofiqo!jfreoialjfiqofiqospanning-tree mst configurationjfreoialjfiqofiqoname ciscojfreoialjfiqofiqoinstance 1 vlan 102,119jfreoialjfiqofiqoinstance 2 vlan 109,129jfreoialjfiqofiqo!jfreoialjfiqofiqospanning-tree mst 2 priority 24576jfreoialjfiqofiqovlan internal allocation policy ascendeingjfreoialjfiqofiqo!jfreoialjfiqofiqoint e0/0jfreoialjfiqofiqoswi jfreoialjfiqofiqoswi acce vlan 110jfreoialjfiqofiqoswi mode acce jfreoialjfiqofiqo!jfreoialjfiqofiqoint e0/1jfreoialjfiqofiqoswi jfreoialjfiqofiqoswi acce vlan 109jfreoialjfiqofiqoswi mode accejfreoialjfiqofiqo!jfreoialjfiqofiqoint e0/2jfreoialjfiqofiqoswi jfreoialjfiqofiqoshutjfreoialjfiqofiqo!jfreoialjfiqofiqoint e0/3jfreoialjfiqofiqoswi jfreoialjfiqofiqoswi acce vlan 119jfreoialjfiqofiqoswi mode accjfreoialjfiqofiqo!jfreoialjfiqofiqoint e1/0jfreoialjfiqofiqoswi jfreoialjfiqofiqoshutjfreoialjfiqofiqo!jfreoialjfiqofiqoint e1/1jfreoialjfiqofiqoswi jfreoialjfiqofiqoswi acce vlan 129jfreoialjfiqofiqoswi mode acccejfreoialjfiqofiqo!jfreoialjfiqofiqoint 1/2jfreoialjfiqofiqoswi jfreoialjfiqofiqoshutjfreoialjfiqofiqo!jfreoialjfiqofiqoint e1/3jfreoialjfiqofiqoswi jfreoialjfiqofiqoswi acce vlan 119jfreoialjfiqofiqoswi mode accessjfreoialjfiqofiqo!jfreoialjfiqofiqoint e2/0jfreoialjfiqofiqoswi jfreoialjfiqofiqoswi trunk encapsualtion dot1qjfreoialjfiqofiqoswi mode trunkjfreoialjfiqofiqo!jfreoialjfiqofiqoint e2/1jfreoialjfiqofiqoswijfreoialjfiqofiqoswi trunk enc dot1qjfreoialjfiqofiqoswi mode trunkjfreoialjfiqofiqoshutjfreoialjfiqofiqo!jfreoialjfiqofiqoint e2/2jfreoialjfiqofiqoswijfreoialjfiqofiqoshutjfreoialjfiqofiqo!jfreoialjfiqofiqoint e2/3jfreoialjfiqofiqoswijfreoialjfiqofiqoshutjfreoialjfiqofiqojfreoialjfiqofiqoR9jfreoialjfiqofiqoversion 12.4jfreoialjfiqofiqoservice timestamps debug datetime msecjfreoialjfiqofiqoservice timestamps log datetime msecjfreoialjfiqofiqono service password-encryptionjfreoialjfiqofiqo!jfreoialjfiqofiqohostname R9jfreoialjfiqofiqo!jfreoialjfiqofiqoboot-start-markerjfreoialjfiqofiqoboot-end-markerjfreoialjfiqofiqo!jfreoialjfiqofiqoenable password ciscojfreoialjfiqofiqo!jfreoialjfiqofiqono aaa new-modeljfreoialjfiqofiqomemory-size iomem 5jfreoialjfiqofiqo!jfreoialjfiqofiqoip cefjfreoialjfiqofiqono ip domain lookupjfreoialjfiqofiqo!jfreoialjfiqofiqoip multicast-routing jfreoialjfiqofiqo!jfreoialjfiqofiqomultilink bundle-name authenticatedjfreoialjfiqofiqo!jfreoialjfiqofiqoarchivejfreoialjfiqofiqo log configjfreoialjfiqofiqo hidekeysjfreoialjfiqofiqo! jfreoialjfiqofiqo!jfreoialjfiqofiqovlan internal allocation policy ascendingjfreoialjfiqofiqo!jfreoialjfiqofiqointerface Loopback0jfreoialjfiqofiqo ip address 10.1.1.9 255.255.255.255jfreoialjfiqofiqo ip pim sparse-dense-modejfreoialjfiqofiqo!jfreoialjfiqofiqointerface FastEthernet0/0jfreoialjfiqofiqo ip address 172.16.14.1 255.255.255.248jfreoialjfiqofiqo ip pim sparse-dense-modejfreoialjfiqofiqo ip ospf authentication message-digestjfreoialjfiqofiqo ip ospf message-digest-key 1 md5 ciscojfreoialjfiqofiqo duplex autojfreoialjfiqofiqo speed autojfreoialjfiqofiqo!jfreoialjfiqofiqointerface FastEthernet0/1jfreoialjfiqofiqo no ip addressjfreoialjfiqofiqo shutdownjfreoialjfiqofiqo duplex autojfreoialjfiqofiqo speed autojfreoialjfiqofiqo!jfreoialjfiqofiqointerface FastEthernet1/0jfreoialjfiqofiqo no switchportjfreoialjfiqofiqo ip address 172.16.14.33 255.255.255.248jfreoialjfiqofiqo ip pim sparse-dense-modejfreoialjfiqofiqo ip ospf authentication message-digestjfreoialjfiqofiqo ip ospf message-digest-key 1 md5 ciscojfreoialjfiqofiqo ip igmp access-group 10jfreoialjfiqofiqo!jfreoialjfiqofiqointerface FastEthernet1/1jfreoialjfiqofiqo!jfreoialjfiqofiqointerface FastEthernet1/2jfreoialjfiqofiqo!jfreoialjfiqofiqointerface FastEthernet1/3jfreoialjfiqofiqo!jfreoialjfiqofiqointerface FastEthernet1/4jfreoialjfiqofiqo!jfreoialjfiqofiqointerface FastEthernet1/5jfreoialjfiqofiqo!jfreoialjfiqofiqointerface FastEthernet1/6jfreoialjfiqofiqo!jfreoialjfiqofiqointerface FastEthernet1/7jfreoialjfiqofiqo!jfreoialjfiqofiqointerface FastEthernet1/8jfreoialjfiqofiqo!jfreoialjfiqofiqointerface FastEthernet1/9jfreoialjfiqofiqo!jfreoialjfiqofiqointerface FastEthernet1/10jfreoialjfiqofiqo!jfreoialjfiqofiqointerface FastEthernet1/11jfreoialjfiqofiqo!jfreoialjfiqofiqointerface FastEthernet1/12jfreoialjfiqofiqo!jfreoialjfiqofiqointerface FastEthernet1/13jfreoialjfiqofiqo!jfreoialjfiqofiqointerface FastEthernet1/14jfreoialjfiqofiqo!jfreoialjfiqofiqointerface FastEthernet1/15jfreoialjfiqofiqo!jfreoialjfiqofiqointerface Vlan1jfreoialjfiqofiqo no ip addressjfreoialjfiqofiqo!jfreoialjfiqofiqorouter ospf 1jfreoialjfiqofiqo log-adjacency-changesjfreoialjfiqofiqo network 10.1.1.9 0.0.0.0 area 0jfreoialjfiqofiqo network 172.16.14.1 0.0.0.0 area 0jfreoialjfiqofiqo network 172.16.14.33 0.0.0.0 area 0jfreoialjfiqofiqo!jfreoialjfiqofiqono ip http serverjfreoialjfiqofiqono ip http secure-serverjfreoialjfiqofiqoip forward-protocol ndjfreoialjfiqofiqo!jfreoialjfiqofiqoip pim rp-address 10.1.1.3jfreoialjfiqofiqo!jfreoialjfiqofiqoaccess-list 10 deny 10.1.1.3jfreoialjfiqofiqo!jfreoialjfiqofiqocontrol-planejfreoialjfiqofiqo!jfreoialjfiqofiqoline con 0jfreoialjfiqofiqo exec-timeout 0 0jfreoialjfiqofiqo password ciscojfreoialjfiqofiqo logging synchronousjfreoialjfiqofiqo stopbits 1jfreoialjfiqofiqoline aux 0jfreoialjfiqofiqo stopbits 1jfreoialjfiqofiqoline vty 0 4jfreoialjfiqofiqo exec-timeout 0 0jfreoialjfiqofiqo password ciscojfreoialjfiqofiqo logging synchronousjfreoialjfiqofiqo loginjfreoialjfiqofiqo!jfreoialjfiqofiqoendjfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoNote: This question has 02 completely different requirements depending on the Lab. On Some Lab, you are required to not SW1 and on some you are required to not touched SW2.jfreoialjfiqofiqojfreoialjfiqofiqoa. Vlan R9-R10 is blocked on the trunk1 and allowed on trunk2. But trunk2 is in spanning blocking state for MSTX (which contains) Vlan R9-R10. Which make the link between R9-R10 being down <-- Just lower the port-priority on trunk2 so it can became the forwarding port or raise the port-priority on trunk1 son trunk2 can be preferred.jfreoialjfiqofiqointerface ex/yjfreoialjfiqofiqo spanning-tree mst x port-priority 0jfreoialjfiqofiqoNote: The switch denied to be touched is the root for the mst containing the vlan between R9-R10jfreoialjfiqofiqob. R9 Exiting route-map dropping some traffic <-- the route map selects certain traffic and has an explicit deny. Put another route‐map with the permit statementjfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqo10. MSDP (3 points)jfreoialjfiqofiqo jfreoialjfiqofiqoR13 cannot ping R28 group 224.8.8.8 in AS 200, Fix itjfreoialjfiqofiqojfreoialjfiqofiqo(R8->R6->R2)->(R1->R3->R5)->R9->R11->R13jfreoialjfiqofiqoAS200 AS100jfreoialjfiqofiqojfreoialjfiqofiqoR8jfreoialjfiqofiqoip multicast-routingjfreoialjfiqofiqo!jfreoialjfiqofiqointerface Loopback0jfreoialjfiqofiqoip address 10.1.1.8 255.255.255.255jfreoialjfiqofiqoip pim sparse-dense-modejfreoialjfiqofiqoip igmp join-group 224.8.8.8jfreoialjfiqofiqo!jfreoialjfiqofiqojfreoialjfiqofiqointerface Ethernet0/0jfreoialjfiqofiqoip address 172.16.16.21 255.255.255.248jfreoialjfiqofiqohalf-duplexjfreoialjfiqofiqo!jfreoialjfiqofiqorouter eigrp 200jfreoialjfiqofiqoredistribute ospf 1 metric 100000 100 255 1 1500jfreoialjfiqofiqoredistribute bgp 200 metric 100000 100 255 1 1500jfreoialjfiqofiqonetwork 10.1.1.8 0.0.0.0jfreoialjfiqofiqonetwork 172.16.16.21 0.0.0.0jfreoialjfiqofiqono auto-summaryjfreoialjfiqofiqo!jfreoialjfiqofiqoip pim rp-address 10.1.1.2jfreoialjfiqofiqojfreoialjfiqofiqoR6jfreoialjfiqofiqoip multicast-routingjfreoialjfiqofiqo!jfreoialjfiqofiqointerface Loopback0jfreoialjfiqofiqoip address 10.1.1.6 255.255.255.255jfreoialjfiqofiqoip pim sparse-dense-modejfreoialjfiqofiqo!jfreoialjfiqofiqointerface Ethernet0/0jfreoialjfiqofiqoip address 172.16.16.19 255.255.255.248jfreoialjfiqofiqohalf-duplexjfreoialjfiqofiqo!jfreoialjfiqofiqointerface Ethernet1/0jfreoialjfiqofiqoip address 172.16.16.2 255.255.255.248jfreoialjfiqofiqoip pim sparse-dense-modejfreoialjfiqofiqohalf-duplexjfreoialjfiqofiqo!jfreoialjfiqofiqorouter eigrp 200jfreoialjfiqofiqonetwork 10.1.1.6 0.0.0.0jfreoialjfiqofiqonetwork 172.16.16.2 0.0.0.0jfreoialjfiqofiqonetwork 172.16.16.19 0.0.0.0jfreoialjfiqofiqono auto-summaryjfreoialjfiqofiqo!jfreoialjfiqofiqojfreoialjfiqofiqoR2jfreoialjfiqofiqointerface Loopback0jfreoialjfiqofiqoip address 10.1.1.2 255.255.255.255jfreoialjfiqofiqoip pim sparse-dense-modejfreoialjfiqofiqo!jfreoialjfiqofiqointerface Loopback1jfreoialjfiqofiqoip address 200.0.0.1 255.255.255.255jfreoialjfiqofiqoip pim sparse-dense-modejfreoialjfiqofiqo!jfreoialjfiqofiqointerface Ethernet0/0jfreoialjfiqofiqoip address 197.68.1.2 255.255.255.252jfreoialjfiqofiqoip pim sparse-dense-modejfreoialjfiqofiqohalf-duplexjfreoialjfiqofiqoipv6 address 2011:ABC:12::2/64jfreoialjfiqofiqoipv6 ospf 1 area 0jfreoialjfiqofiqo!jfreoialjfiqofiqointerface Ethernet1/0jfreoialjfiqofiqoip address 172.16.16.1 255.255.255.248jfreoialjfiqofiqoip pim sparse-dense-modejfreoialjfiqofiqohalf-duplexjfreoialjfiqofiqo!jfreoialjfiqofiqorouter eigrp 200jfreoialjfiqofiqonetwork 10.1.1.2 0.0.0.0jfreoialjfiqofiqonetwork 172.16.16.1 0.0.0.0jfreoialjfiqofiqono auto-summaryjfreoialjfiqofiqo!jfreoialjfiqofiqorouter bgp 200jfreoialjfiqofiqono synchronizationjfreoialjfiqofiqobgp log-neighbor-changesjfreoialjfiqofiqonetwork 10.1.1.1 mask 255.255.255.255jfreoialjfiqofiqoneighbor 10.1.1.6 remote-as 200jfreoialjfiqofiqoneighbor 10.1.1.6 update-source Loopback0jfreoialjfiqofiqoneighbor 10.1.1.6 next-hop-selfjfreoialjfiqofiqoneighbor 197.68.1.1 remote-as 100jfreoialjfiqofiqono auto-summaryjfreoialjfiqofiqo!jfreoialjfiqofiqoaddress-family ipv4 unicastjfreoialjfiqofiqo no synchronizationjfreoialjfiqofiqo network 10.1.1.2 mask 255.255.255.255jfreoialjfiqofiqo redistribute eigrp 200jfreoialjfiqofiqo neighbor 10.1.1.6 activatejfreoialjfiqofiqo neighbor 10.1.1.6 next-hop-selfjfreoialjfiqofiqo neighbor 197.68.1.1 activatejfreoialjfiqofiqo exit-address-familyjfreoialjfiqofiqo!jfreoialjfiqofiqoaddress-family ipv4 multicast jfreoialjfiqofiqo network 200.0.0.1 mask 255.255.255.255jfreoialjfiqofiqo neighbor 197.68.1.1 activatejfreoialjfiqofiqo no auto-summaryjfreoialjfiqofiqo exit-address-familyjfreoialjfiqofiqo!jfreoialjfiqofiqoip msdp peer 10.1.1.3 connect-source Loopback1 remote-as 100jfreoialjfiqofiqo!jfreoialjfiqofiqoip pim rp-address 10.1.1.2jfreoialjfiqofiqojfreoialjfiqofiqoR1jfreoialjfiqofiqojfreoialjfiqofiqoip multicast-routingjfreoialjfiqofiqo!jfreoialjfiqofiqointerface Loopback0jfreoialjfiqofiqoip address 10.1.1.1 255.255.255.255jfreoialjfiqofiqoip pim sparse-dense-modejfreoialjfiqofiqo!jfreoialjfiqofiqointerface Ethernet0/0jfreoialjfiqofiqoip address 197.68.1.1 255.255.255.252jfreoialjfiqofiqoip pim sparse-dense-modejfreoialjfiqofiqohalf-duplexjfreoialjfiqofiqoipv6 address 2011:ABC:12::1/64jfreoialjfiqofiqoipv6 ospf 1 area 0jfreoialjfiqofiqo!jfreoialjfiqofiqointerface Ethernet1/0jfreoialjfiqofiqoip address 172.16.15.1 255.255.255.248jfreoialjfiqofiqoip pim sparse-dense-modejfreoialjfiqofiqohalf-duplexjfreoialjfiqofiqoipv6 address 2011:ABC:13::1/64jfreoialjfiqofiqoipv6 ospf 1 area 0jfreoialjfiqofiqo!jfreoialjfiqofiqorouter ospf 1jfreoialjfiqofiqolog-adjacency-changesjfreoialjfiqofiqonetwork 10.1.1.1 0.0.0.0 area 3jfreoialjfiqofiqonetwork 172.16.15.1 0.0.0.0 area 3jfreoialjfiqofiqo!jfreoialjfiqofiqorouter bgp 100jfreoialjfiqofiqono synchronizationjfreoialjfiqofiqobgp log-neighbor-changesjfreoialjfiqofiqonetwork 1.100.100.100 mask 255.255.255.255jfreoialjfiqofiqonetwork 10.1.1.1 mask 255.255.255.255jfreoialjfiqofiqoneighbor 10.1.1.3 remote-as 100jfreoialjfiqofiqoneighbor 10.1.1.3 update-source Loopback0jfreoialjfiqofiqoneighbor 10.1.1.3 next-hop-selfjfreoialjfiqofiqoneighbor 197.68.1.2 remote-as 200jfreoialjfiqofiqoneighbor 197.68.1.2 route-map as100 outjfreoialjfiqofiqono auto-summaryjfreoialjfiqofiqo!jfreoialjfiqofiqojfreoialjfiqofiqoaddress-family ipv4 unicastjfreoialjfiqofiqo no synchronizationjfreoialjfiqofiqo neighbor 10.1.1.3 activatejfreoialjfiqofiqo neighbor 10.1.1.3 next-hop-selfjfreoialjfiqofiqo neighbor 197.68.1.2 activatejfreoialjfiqofiqo exit-address-familyjfreoialjfiqofiqo!jfreoialjfiqofiqoaddress-family ipv4 multicastjfreoialjfiqofiqo neighbor 10.1.1.3 activatejfreoialjfiqofiqo no auto-summaryjfreoialjfiqofiqo exit-address-familyjfreoialjfiqofiqojfreoialjfiqofiqoip pim rp-address 10.1.1.3jfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR3jfreoialjfiqofiqoip multicast-routingjfreoialjfiqofiqo!jfreoialjfiqofiqointerface Loopback0jfreoialjfiqofiqoip address 10.1.1.3 255.255.255.255jfreoialjfiqofiqoip pim sparse-dense-modejfreoialjfiqofiqo!jfreoialjfiqofiqojfreoialjfiqofiqointerface Loopback1jfreoialjfiqofiqoip address 200.0.0.3 255.255.255.255jfreoialjfiqofiqoip pim sparse-dense-modejfreoialjfiqofiqo!jfreoialjfiqofiqointerface Ethernet0/0jfreoialjfiqofiqoip address 172.16.15.9 255.255.255.248jfreoialjfiqofiqoip pim sparse-dense-modejfreoialjfiqofiqohalf-duplexjfreoialjfiqofiqoipv6 address 2011:ABC:34::3/64jfreoialjfiqofiqoipv6 ospf 1 area 0jfreoialjfiqofiqo!jfreoialjfiqofiqointerface Ethernet1/0jfreoialjfiqofiqoip address 172.16.15.2 255.255.255.248jfreoialjfiqofiqoip pim sparse-dense-modejfreoialjfiqofiqohalf-duplexjfreoialjfiqofiqoipv6 address 2011:ABC:13::3/64jfreoialjfiqofiqoipv6 ospf 1 area 0jfreoialjfiqofiqoipv6 traffic-filter filter injfreoialjfiqofiqo!jfreoialjfiqofiqorouter ospf 1jfreoialjfiqofiqolog-adjacency-changesjfreoialjfiqofiqonetwork 10.1.1.3 0.0.0.0 area 3jfreoialjfiqofiqonetwork 172.16.15.2 0.0.0.0 area 3jfreoialjfiqofiqonetwork 172.16.15.9 0.0.0.0 area 3jfreoialjfiqofiqo!jfreoialjfiqofiqorouter bgp 100jfreoialjfiqofiqono synchronizationjfreoialjfiqofiqobgp log-neighbor-changesjfreoialjfiqofiqonetwork 10.1.1.3 mask 255.255.255.255jfreoialjfiqofiqoneighbor 10.1.1.1 remote-as 100jfreoialjfiqofiqoneighbor 10.1.1.1 update-source Loopback0jfreoialjfiqofiqoneighbor 10.1.1.1 route-reflector-clientjfreoialjfiqofiqoneighbor 10.1.1.4 remote-as 100jfreoialjfiqofiqoneighbor 10.1.1.4 update-source Loopback0jfreoialjfiqofiqoneighbor 10.1.1.4 route-reflector-clientjfreoialjfiqofiqoneighbor 10.1.1.5 remote-as 100jfreoialjfiqofiqoneighbor 10.1.1.5 update-source Loopback0jfreoialjfiqofiqoneighbor 10.1.1.5 route-reflector-clientjfreoialjfiqofiqono auto-summaryjfreoialjfiqofiqo!jfreoialjfiqofiqojfreoialjfiqofiqoaddress-family ipv4 unicastjfreoialjfiqofiqo no synchronizationjfreoialjfiqofiqo network 10.1.1.3 mask 255.255.255.255jfreoialjfiqofiqo neighbor 10.1.1.1 activatejfreoialjfiqofiqo exit-address-familyjfreoialjfiqofiqo!jfreoialjfiqofiqoaddress-family ipv4 multicast jfreoialjfiqofiqo network 200.0.0.3 mask 255.255.255.255jfreoialjfiqofiqo neighbor 10.1.1.1 activatejfreoialjfiqofiqo no auto-summaryjfreoialjfiqofiqo exit-address-familyjfreoialjfiqofiqo!jfreoialjfiqofiqoip msdp peer 10.1.1.2 connect-source loopback 0 remote-as 200jfreoialjfiqofiqo!jfreoialjfiqofiqoip pim rp-address 10.1.1.3jfreoialjfiqofiqojfreoialjfiqofiqoR9jfreoialjfiqofiqojfreoialjfiqofiqointerface Loopback0jfreoialjfiqofiqoip address 10.1.1.9 255.255.255.255jfreoialjfiqofiqoip pim sparse-dense-modejfreoialjfiqofiqo!jfreoialjfiqofiqointerface Ethernet0/0jfreoialjfiqofiqoip address 172.16.14.1 255.255.255.248jfreoialjfiqofiqoip pim sparse-dense-modejfreoialjfiqofiqoip ospf authentication message-digestjfreoialjfiqofiqoip ospf message-digest-key 1 md5 ciscojfreoialjfiqofiqoip igmp access-group 10jfreoialjfiqofiqohalf-duplexjfreoialjfiqofiqo!jfreoialjfiqofiqointerface Ethernet1/0jfreoialjfiqofiqoip address 172.16.14.33 255.255.255.248jfreoialjfiqofiqoip pim sparse-dense-modejfreoialjfiqofiqoip ospf authentication message-digestjfreoialjfiqofiqoip ospf message-digest-key 1 md5 ciscojfreoialjfiqofiqohalf-duplexjfreoialjfiqofiqo!jfreoialjfiqofiqoaccess-list 10 deny 10.1.1.3jfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoSummary of issuesjfreoialjfiqofiqojfreoialjfiqofiqoa. Wrong MSDP source and peer IPs <---jfreoialjfiqofiqo R3:ip msdp peer 200.0.0.2 connect-source loopback 1 remote-as 200jfreoialjfiqofiqoR2:ip msdp peer 200.0.0.3 connect-source Loopback1 remote-as 100jfreoialjfiqofiqob. R6/R9 Missing RP config <-- R6: ip pim rp-address 10.1.1.2, R9: ip pim rp-address 10.1.1.3jfreoialjfiqofiqoc. R8 Missing PIM command on R8 interface <-- enable ip pim sparse-dense-mode on the interface connecting R8->R6jfreoialjfiqofiqod. R9 IGMP traffic being blocked <-- change the ACL 10 to permit any jfreoialjfiqofiqoe. R1 Missing OSPF/BGP address-family ipv4 multicast redistribution<-- under R1 address-family ipv4 multicast, add the command "redistribute ospf 1"jfreoialjfiqofiqojfreoialjfiqofiqoGood luck in your CCIE journey,jfreoialjfiqofiqojfreoialjfiqofiqoBR ccie36060 jfreoialjfiqofiqojfreoialjfiqofiqoEdited by ccie36060, 18 July 2012 - 06:08 AM.jfreoialjfiqofiqojfreoialjfiqofiqo#########################################################################################################################################################################jfreoialjfiqofiqo#########################################################################################################################################################################jfreoialjfiqofiqo#########################################################################################################################################################################jfreoialjfiqofiqo#########################################################################################################################################################################jfreoialjfiqofiqo#########################################################################################################################################################################jfreoialjfiqofiqo#########################################################################################################################################################################jfreoialjfiqofiqo#########################################################################################################################################################################jfreoialjfiqofiqo#########################################################################################################################################################################jfreoialjfiqofiqo#########################################################################################################################################################################jfreoialjfiqofiqo#########################################################################################################################################################################jfreoialjfiqofiqo#########################################################################################################################################################################jfreoialjfiqofiqo#########################################################################################################################################################################jfreoialjfiqofiqo#########################################################################################################################################################################jfreoialjfiqofiqo#########################################################################################################################################################################jfreoialjfiqofiqo#########################################################################################################################################################################jfreoialjfiqofiqo#########################################################################################################################################################################jfreoialjfiqofiqo#########################################################################################################################################################################jfreoialjfiqofiqo#########################################################################################################################################################################jfreoialjfiqofiqo#########################################################################################################################################################################jfreoialjfiqofiqo#########################################################################################################################################################################jfreoialjfiqofiqo#########################################################################################################################################################################jfreoialjfiqofiqo#########################################################################################################################################################################jfreoialjfiqofiqo#########################################################################################################################################################################jfreoialjfiqofiqo#########################################################################################################################################################################jfreoialjfiqofiqo#########################################################################################################################################################################jfreoialjfiqofiqo#########################################################################################################################################################################jfreoialjfiqofiqo#########################################################################################################################################################################jfreoialjfiqofiqo#########################################################################################################################################################################jfreoialjfiqofiqo#########################################################################################################################################################################jfreoialjfiqofiqo#########################################################################################################################################################################jfreoialjfiqofiqo#########################################################################################################################################################################jfreoialjfiqofiqo#########################################################################################################################################################################jfreoialjfiqofiqo#########################################################################################################################################################################jfreoialjfiqofiqo#########################################################################################################################################################################jfreoialjfiqofiqo#########################################################################################################################################################################jfreoialjfiqofiqo#########################################################################################################################################################################jfreoialjfiqofiqo#########################################################################################################################################################################jfreoialjfiqofiqo1. FRAME RELAY (2points)jfreoialjfiqofiqo jfreoialjfiqofiqoRequires R15 to telnet to R13 and R14 loopbacksjfreoialjfiqofiqo※SubInt無い版jfreoialjfiqofiqoR13jfreoialjfiqofiqojfreoialjfiqofiqointerface Serial0/0jfreoialjfiqofiqoip address 172.16.13.2 255.255.255.248jfreoialjfiqofiqoencapsulation frame-relayjfreoialjfiqofiqoip ospf network broadcast or point-to-multipointjfreoialjfiqofiqoframe-relay map ip 172.16.13.4 341 broadcastjfreoialjfiqofiqoframe-relay map ip 172.16.13.3 345 broadcastjfreoialjfiqofiqoframe-relay lmi-type ciscojfreoialjfiqofiqono frame-relay inverse arpjfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR14jfreoialjfiqofiqointerface Serial0/0jfreoialjfiqofiqoip address 172.16.13.4 255.255.255.248jfreoialjfiqofiqoencapsulation frame-relayjfreoialjfiqofiqoip ospf network broadcast or point-to-multipointjfreoialjfiqofiqoframe-relay map ip 172.16.13.2 314 broadcastjfreoialjfiqofiqoframe-relay map ip 172.16.13.3 315 broadcastjfreoialjfiqofiqoframe-relay lmi-type ciscojfreoialjfiqofiqono frame-relay inverse arpjfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR15jfreoialjfiqofiqointerface Serial1/0jfreoialjfiqofiqoip address 172.16.13.3 255.255.255.248jfreoialjfiqofiqoencapsulation frame-relayjfreoialjfiqofiqoip ospf network broadcast or point-to-multipointjfreoialjfiqofiqoframe-relay map ip 172.16.13.4 351 broadcastjfreoialjfiqofiqoframe-relay map ip 172.16.13.2 354 broadcastjfreoialjfiqofiqoframe-relay lmi-type ciscojfreoialjfiqofiqono frame-relay inverse arpjfreoialjfiqofiqojfreoialjfiqofiqoVerification steps:jfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoshow frame‐relay map <--DLCI should be activejfreoialjfiqofiqosh run interface s0/0/0jfreoialjfiqofiqoR15# telnet 10.1.1.14jfreoialjfiqofiqo....openjfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR15# telnet 10.1.1.14jfreoialjfiqofiqo....openjfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqo2. HRSP (2 points)jfreoialjfiqofiqo jfreoialjfiqofiqoEnsure the output of "show standby" on R22 and R23 is the same as shown belowjfreoialjfiqofiqojfreoialjfiqofiqoR22 being the active unit with a priority configured of 100 (not by default), and also a track 1 configured and up, with a decrement value of 60.jfreoialjfiqofiqoR23 is the standby unit, using the default priority value (100), no authentication, with preempt, track 1 configured and up, with a decrement value of 60.jfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR22jfreoialjfiqofiqoとくになしjfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR23jfreoialjfiqofiqointerface Ethernet0/0jfreoialjfiqofiqono standby 1 priority 150jfreoialjfiqofiqono standby 1 authentication md5 key-string ciscojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR21(1.1.70.0/24 だった場合)jfreoialjfiqofiqorouter eigrp 200jfreoialjfiqofiqoredistribute ospf 1 metric 10000 100 255 1 1500 route-map PREFIXjfreoialjfiqofiqo!jfreoialjfiqofiqoroute-map PREFIX permit 10jfreoialjfiqofiqomatch ip address 1jfreoialjfiqofiqo!jfreoialjfiqofiqoaccess-list 1 permit 1.1.70.0 0.0.0.255jfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR13(DefaultRouteだった場合)jfreoialjfiqofiqo!jfreoialjfiqofiqo!jfreoialjfiqofiqorouter ospf 1jfreoialjfiqofiqo area 1 nssa default-information originate allwaysjfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoVerification steps:jfreoialjfiqofiqoR22/R23#show standby <--should match exactly the output givenjfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqo3. NTP (2 points)jfreoialjfiqofiqo jfreoialjfiqofiqoR13 NTP cannot synchronize with R5, Fix itjfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR5jfreoialjfiqofiqontp authentication-key 1 md5 ciscojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR13jfreoialjfiqofiqontp authentication-key 1 md5 ciscojfreoialjfiqofiqontp server 10.1.1.5 key 1jfreoialjfiqofiqontp authentication jfreoialjfiqofiqontp trusted-keyjfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR9jfreoialjfiqofiqointerface Ethernet0/0jfreoialjfiqofiqoip address 172.16.14.1 255.255.255.248jfreoialjfiqofiqoip pim sparse-dense-modejfreoialjfiqofiqoip ospf authentication message-digestjfreoialjfiqofiqoip ospf message-digest-key 1 md5 ciscojfreoialjfiqofiqoip igmp access-group 10jfreoialjfiqofiqoip access-group deny_udp injfreoialjfiqofiqohalf-duplexjfreoialjfiqofiqo!jfreoialjfiqofiqoip access-list extended deny_udpjfreoialjfiqofiqopermit ip any anyjfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR11jfreoialjfiqofiqointerface Ethernet1/0jfreoialjfiqofiqoip address 172.16.14.34 255.255.255.248jfreoialjfiqofiqoip ospf authentication message-digestjfreoialjfiqofiqoip ospf message-digest-key 1 md5 ciscojfreoialjfiqofiqoip pim sparse-dense-modejfreoialjfiqofiqoip access-group deny_udp injfreoialjfiqofiqohalf-duplexjfreoialjfiqofiqo!jfreoialjfiqofiqoip access-list extended deny_udpjfreoialjfiqofiqopermit ip any anyjfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoVerification steps:jfreoialjfiqofiqoR5/R13#show ntp association detail <--should be synchronized and sanejfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqo4. PPP/RIP (2 points)jfreoialjfiqofiqoR24 cannot ping R29 192.168.20.1, Fix itjfreoialjfiqofiqojfreoialjfiqofiqoR25jfreoialjfiqofiqoservice password-encryptionjfreoialjfiqofiqo!jfreoialjfiqofiqointerface Serial1/0 ---> connecting to R29jfreoialjfiqofiqoip address 172.16.9.1 255.255.255.248jfreoialjfiqofiqoencapsulation pppjfreoialjfiqofiqoserial restart-delay 0jfreoialjfiqofiqono fair-queuejfreoialjfiqofiqoppp authentication chapjfreoialjfiqofiqo!jfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqorouter eigrp 200jfreoialjfiqofiqoredistribute rip metric 100000 100 255 1 1500jfreoialjfiqofiqonetwork 10.1.1.25 0.0.0.0jfreoialjfiqofiqonetwork 172.16.10.77 0.0.0.0jfreoialjfiqofiqono auto-summaryjfreoialjfiqofiqo!jfreoialjfiqofiqorouter ripjfreoialjfiqofiqoversion 1jfreoialjfiqofiqonetwork 172.16.0.0jfreoialjfiqofiqono auto-summaryjfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR29jfreoialjfiqofiqono service password-encryptionjfreoialjfiqofiqo!jfreoialjfiqofiqointerface Loopback1jfreoialjfiqofiqoip address 192.168.20.1 255.255.255.255jfreoialjfiqofiqo!jfreoialjfiqofiqointerface Serial1/0jfreoialjfiqofiqoip address 172.16.9.2 255.255.255.248jfreoialjfiqofiqoencapsulation pppjfreoialjfiqofiqoserial restart-delay 0jfreoialjfiqofiqono fair-queuejfreoialjfiqofiqoppp chap hostname cciejfreoialjfiqofiqoppp chap password 0 ciscojfreoialjfiqofiqo!jfreoialjfiqofiqorouter ripjfreoialjfiqofiqoversion 2jfreoialjfiqofiqonetwork 172.16.0.0jfreoialjfiqofiqono auto-summaryjfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoVerification steps:jfreoialjfiqofiqoR25/R29#show ip interface brief <--serial1/0 should be upjfreoialjfiqofiqoR25#show ip route <--should see the network 192.168.20.0jfreoialjfiqofiqoR24#telnet 192.168.20.1jfreoialjfiqofiqoopen...jfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqo5. OSPF (3 points)jfreoialjfiqofiqoR18jfreoialjfiqofiqono ip route X.X.X.X 0.0.0.X.172.16.12.5 --->pointing toward R17jfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR17jfreoialjfiqofiqointerface Ethernet1/0jfreoialjfiqofiqoip ospf network broadcastjfreoialjfiqofiqo!jfreoialjfiqofiqoip access-list extended 111jfreoialjfiqofiqo permit icmp any anyjfreoialjfiqofiqo!jfreoialjfiqofiqono ip route X.X.X.X 0.0.0.X 172.16.12.6--->pointing toward R18jfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR16jfreoialjfiqofiqointerface Ethernet2/0 ---> facing R17jfreoialjfiqofiqoip ospf network broadcastjfreoialjfiqofiqo!jfreoialjfiqofiqorouter ospf 1jfreoialjfiqofiqoarea 3 virtual-link 10.1.1.18 message-digest-key 1 md5 ciscojfreoialjfiqofiqodistribute-list 12 in e1/0jfreoialjfiqofiqo!jfreoialjfiqofiqoaccess-list 12 permit anyjfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR8jfreoialjfiqofiqorouter ospf 1jfreoialjfiqofiqoredistribute bgp 200 subnetsjfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR27jfreoialjfiqofiqorouter bgp 300jfreoialjfiqofiqoneighbor 10.1.1.28 next-hop-selfjfreoialjfiqofiqojfreoialjfiqofiqoSummary of issuesjfreoialjfiqofiqoVerification steps:jfreoialjfiqofiqojfreoialjfiqofiqoR20#ping 10.1.1.28 source loopback0jfreoialjfiqofiqotrying open 10.1.1.28jfreoialjfiqofiqouser verificationjfreoialjfiqofiqopassword:jfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqo6. ZBFW (2 points)jfreoialjfiqofiqoR29jfreoialjfiqofiqoclass-map type inspect match-all telneticmpjfreoialjfiqofiqono match protocol icmpjfreoialjfiqofiqojfreoialjfiqofiqo!jfreoialjfiqofiqozone-pair security inbound source zoneout destination zoneinjfreoialjfiqofiqoservice-policy type inspect inboundjfreoialjfiqofiqozone-pair security outbound source zonein destination zoneoutjfreoialjfiqofiqoservice-policy type inspect outboundjfreoialjfiqofiqo!jfreoialjfiqofiqojfreoialjfiqofiqointerface Ethernet2/0<-- to R30jfreoialjfiqofiqozone-member security zoneinjfreoialjfiqofiqo!jfreoialjfiqofiqointerface Ethernet2/1 <-- to R31jfreoialjfiqofiqozone-member security zoneoutjfreoialjfiqofiqo!jfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR30jfreoialjfiqofiqoip route 0.0.0.0 0.0.0.0 172.16.39.29jfreoialjfiqofiqojfreoialjfiqofiqoR31jfreoialjfiqofiqoip route 0.0.0.0 0.0.0.0 172.16.129.29jfreoialjfiqofiqojfreoialjfiqofiqoVerification steps:jfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR30#telnet 10.1.1.31jfreoialjfiqofiqoTrying open 10.1.1.31jfreoialjfiqofiqoUser verificationjfreoialjfiqofiqo..... jfreoialjfiqofiqothen -->R29#show policy‐map type inspect zone-pair sessions <-- should match exactly the given outputjfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqo7. BGP (2 points)jfreoialjfiqofiqo R28 must see two next hop for the network 1.100.100.100 in show ip bgp tablejfreoialjfiqofiqo R28 must see 2 paths in BGP tableキ・
R28 must select path through R26キnot allowed to touch AS100キ・& 300 configuration (variable depending on the Lab)jfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR6jfreoialjfiqofiqorouter bgp 200jfreoialjfiqofiqono synchronizationjfreoialjfiqofiqoneighbor 10.1.1.8 route-reflector-clientjfreoialjfiqofiqoneighbor 10.1.1.8 password cisco jfreoialjfiqofiqono auto-summaryjfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR7jfreoialjfiqofiqorouter bgp 200jfreoialjfiqofiqono synchronizationjfreoialjfiqofiqobgp default local-preference 200jfreoialjfiqofiqono bgp maxas-limit 1jfreoialjfiqofiqo!jfreoialjfiqofiqoroute-map toas300 permit 10jfreoialjfiqofiqoset metric 100jfreoialjfiqofiqo!jfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR8jfreoialjfiqofiqorouter bgp 200jfreoialjfiqofiqobgp default local-preference 200jfreoialjfiqofiqoneighbor 10.1.1.6 password ciscojfreoialjfiqofiqoneighbor 10.1.1.6 route-reflector-clientjfreoialjfiqofiqo!jfreoialjfiqofiqoroute-map toas300 permit 10jfreoialjfiqofiqoset metric 100jfreoialjfiqofiqo!jfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR26jfreoialjfiqofiqorouter bgp 300jfreoialjfiqofiqobgp default local-preference 200jfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR27jfreoialjfiqofiqorouter bgp 300jfreoialjfiqofiqobgp default local-preference 200jfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoVerification steps:jfreoialjfiqofiqoR28# sh ip bgp 1.100.100.100 <-- should see two possible next hops R26 & R2R with R26 being the preferred next hopjfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqo8. IPv6 (2 points)jfreoialjfiqofiqoR1 can not telnet R4 IPv6 address 2011:ABC:34::4, fix the problemjfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR1jfreoialjfiqofiqoipv6 router ospf 1jfreoialjfiqofiqorouter-id 10.1.1.1jfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR3jfreoialjfiqofiqointerface Ethernet1/0jfreoialjfiqofiqoipv6 traffic-filter filter injfreoialjfiqofiqo!jfreoialjfiqofiqoipv6 access-list filterjfreoialjfiqofiqopermit 89 any host FF02::5 seq 1 <-- OSPFv3 Multicast dest IPjfreoialjfiqofiqopermit 89 any host FF02::6 seq 2jfreoialjfiqofiqopermit 89 host <R1 link local> host <R3 link local> seq 3jfreoialjfiqofiqopermit icmp any any seq 4jfreoialjfiqofiqodeny ipv6 any any jfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR4jfreoialjfiqofiqoipv6 router ospf 1jfreoialjfiqofiqoSummary of issuesjfreoialjfiqofiqojfreoialjfiqofiqoVerification steps:jfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR1# ping 2011:ABC:34::4jfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqo9. MST (2 points)jfreoialjfiqofiqoR10 must reach R9 in a single hop, SW1 (or SW2) is not allowed to be touchedjfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoSW2jfreoialjfiqofiqoint e0/1jfreoialjfiqofiqospanning-tree mst 1 port-priority 0jfreoialjfiqofiqo!jfreoialjfiqofiqojfreoialjfiqofiqoR9jfreoialjfiqofiqoでroute-map が入ってる場合は新しいのをもうひとつつくること。jfreoialjfiqofiqob. R9 Exiting route-map dropping some traffic <-- the route map selects certain traffic and has an explicit deny. Put another route‐map with the permit statementjfreoialjfiqofiqoroute-map kakuninnhituyoujfreoialjfiqofiqomatch ip add 1jfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqo10. MSDP (3 points)jfreoialjfiqofiqoR13 cannot ping R28 group 224.8.8.8 in AS 200, Fix itjfreoialjfiqofiqo(R8->R6->R2)->(R1->R3->R5)->R9->R11->R13jfreoialjfiqofiqoAS200 AS100jfreoialjfiqofiqojfreoialjfiqofiqoR8jfreoialjfiqofiqointerface Ethernet0/0jfreoialjfiqofiqoip pim sparse-dense-modejfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR6jfreoialjfiqofiqointerface Ethernet0/0jfreoialjfiqofiqoip pim sparse-dense-modejfreoialjfiqofiqo!jfreoialjfiqofiqoip pim rp-address 10.1.1.2jfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR2jfreoialjfiqofiqoip msdp peer 200.0.0.3 connect-source Loopback1 remote-as 100jfreoialjfiqofiqo!jfreoialjfiqofiqoip pim rp-address 10.1.1.2jfreoialjfiqofiqojfreoialjfiqofiqoR1jfreoialjfiqofiqorouter bgp 100jfreoialjfiqofiqoaddress-family ipv4 multicastjfreoialjfiqofiqo redistribute ospf 1 jfreoialjfiqofiqo exit-address-familyjfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR3jfreoialjfiqofiqoip msdp peer 200.0.0.3 connect-source loopback 1 remote-as 200jfreoialjfiqofiqo!jfreoialjfiqofiqoip pim rp-address 10.1.1.3jfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqoR9jfreoialjfiqofiqoaccess-list 10 permit any jfreoialjfiqofiqoip pim rp-address 10.1.1.3jfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqojfreoialjfiqofiqo
2012年8月3日金曜日
joawjeio
.joawjeiojoawjeio1. MPLS/BGP (3points)joawjeiojoawjeioR20 Host 171.2.2.2 in VPN Site-A2 cannot ping R8 host 171.1.1.1. Fix the problem so that the packet can be 100% successful.joawjeiojoawjeioInitial Configs ()joawjeiojoawjeioR20joawjeio!joawjeiointerface Serial0/0 <--R4joawjeioip address 172.29.7.2 255.255.255.252joawjeioip ospf authentication message-digestjoawjeioip ospf message-digest-key 1 md5 ciscojoawjeioserial restart-delay 0joawjeio!joawjeiojoawjeiorouter ospf 101joawjeiorouter-id 20.20.20.20joawjeiolog-adjacency-changesjoawjeionetwork 10.1.1.20 0.0.0.0 area 0joawjeionetwork 172.14.9.1 0.0.0.0 area 0joawjeionetwork 172.29.7.5 0.0.0.0 area 2joawjeionetwork 200.20.20.20 0.0.0.0 area 0joawjeiojoawjeiojoawjeiojoawjeioR4joawjeioip cefjoawjeio!joawjeioip vrf Site-Ajoawjeiord 10:20joawjeioroute-target export 10:20joawjeioroute-target export 10:10joawjeioroute-target import 10:10joawjeioimport map ciscojoawjeio!joawjeiompls label protocol tdpjoawjeio!joawjeio!joawjeiointerface Loopback0joawjeioip address 10.1.1.4 255.255.255.255joawjeio!joawjeiointerface Loopback1joawjeioip address 172.1.1.4 255.255.255.255joawjeio!joawjeiointerface Ethernet0/1 <--R1joawjeioip address 172.14.8.10 255.255.255.252joawjeioip ospf message-digest-key 1 md5 ciscojoawjeiohalf-duplexjoawjeioipv6 address 2002:14::4/64joawjeioipv6 enablejoawjeioipv6 ospf 1 area 0joawjeio!joawjeiointerface Ethernet0/2 <--R2joawjeioip address 172.14.8.30 255.255.255.252joawjeioip ospf message-digest-key 1 md5 ciscojoawjeiohalf-duplexjoawjeioipv6 address 2001:100::4/64joawjeioipv6 enablejoawjeioipv6 ospf 1 area 0joawjeio!joawjeiointerface Ethernet0/3joawjeiono ip addressjoawjeioshutdownjoawjeiohalf-duplexjoawjeio!joawjeiointerface Serial1/0 <-R20joawjeioip vrf forwarding Site-Ajoawjeioip address 172.29.7.1 255.255.255.252joawjeioip ospf authentication message-digestjoawjeioip ospf message-digest-key 1 md5 ciscojoawjeioserial restart-delay 0joawjeioclock rate 252000joawjeiono fair-queuejoawjeio!joawjeiorouter ospf 101 vrf Site-Ajoawjeiorouter-id 4.4.4.4joawjeiolog-adjacency-changesjoawjeionetwork 172.29.7.1 0.0.0.0 area 101joawjeio!joawjeiorouter ospf 1joawjeiolog-adjacency-changesjoawjeioarea 0 authentication message-digestjoawjeionetwork 10.1.1.4 0.0.0.0 area 0joawjeionetwork 172.14.8.10 0.0.0.0 area 0joawjeionetwork 172.14.8.30 0.0.0.0 area 0joawjeio!joawjeiorouter bgp 3joawjeiobgp log-neighbor-changesjoawjeioneighbor 10.1.1.1 remote-as 3joawjeioneighbor 10.1.1.1 update-source loopback0joawjeioneighbor 10.1.1.2 remote-as 3joawjeioneighbor 10.1.1.2 update-source loopback0joawjeio!joawjeioaddress-family ipv4joawjeioneighbor 10.1.1.1 activatejoawjeioneighbor 10.1.1.1 send-communityjoawjeioneighbor 10.1.1.2 activatejoawjeioneighbor 10.1.1.2 send-communityjoawjeionetwork 10.1.1.4 mask 255.255.255.255joawjeioexit-address-familyjoawjeio!joawjeioaddress-family vpnv4joawjeioneighbor 10.1.1.1 activatejoawjeioneighbor 10.1.1.1 send-community extendedjoawjeioneighbor 10.1.1.2 activatejoawjeioneighbor 10.1.1.2 send-community extendedjoawjeioexit-address-familyjoawjeio!joawjeioaddress-family ipv4 vrf Site-Ajoawjeioredistribute ospf 101 vrf Site-Ajoawjeiono synchronizationjoawjeioexit-address-familyjoawjeio!joawjeiompls ldp router-id Loopback1joawjeio!joawjeiojoawjeiojoawjeiojoawjeioTroubleshooting commands ()joawjeiojoawjeiojoawjeiojoawjeioshow run | in mpls <--- to check what label protocol is running and also what is the router-id for the label protocoljoawjeioshow mlps ldp neighbors <--- to verify or confirm that ldp neighborship is being formed correctly. Does the ACL on R2 is blocking the LDP (PORT 646) traffic?joawjeioshow mpls forwarding-table <--- to verify if the prefixes 171.1.1.1/32 and 171.2.2.2/32 are being transported correctly across MPLS. Be careful, R3 and R6 (the 2 other PE routers also have the same prefixes configured, one as loopback171 and the other one as a static route and redistributed in BGP. Make sure the next hop is 10.1.1.4 or 10.1.1.5)joawjeioshow mpls ldp discovery <-- In particular make sure R1/R2 are advertising the labels for the loopbacks of R3/R4/R5/R6. "mpls ldp advertise-labels for 14". CHECK THE acl 14joawjeioShow ip bgp summary <-- Just to confirm the BGP neighborship between R4 and R1/R2.joawjeioShow ip bgp all summary <-- very important command to check the BGP VPNv4 neighborship between R4 and R1/R2joawjeioShow ip bgp vpnv4 vrf Site-Ajoawjeiosh run | se bgp <-- Just to confirm the BGP configurationjoawjeioShow ip interface briefjoawjeioShow cdp neighborjoawjeiosh run | se ospfjoawjeiosh ip ospf njoawjeioshow ip route vrf Site-Ajoawjeioshow ip route vrf Site-A 171.1.1.1joawjeioshow ip route vrf Site-A 171.2.2.2joawjeiojoawjeioR1joawjeiojoawjeioip cefjoawjeio!joawjeiompls label protocol tdpjoawjeiompls ldp advertise-labels for 14joawjeio!joawjeiointerface Ethernet0/0joawjeioip address 172.14.8.17 255.255.255.252joawjeiorate-limit input access-group 100 8000 1500 2000 conform-action transmit exceed-action dropjoawjeioip ospf message-digest-key 1 md5 ciscojoawjeiohalf-duplexjoawjeioipv6 address 2002:15::1/64joawjeioipv6 enablejoawjeioipv6 ospf 1 area 0joawjeio!joawjeiojoawjeiorouter bgp 3joawjeiobgp cluster-id 12joawjeiobgp log-neighbor-changesjoawjeioneighbor 10.1.1.3 remote-as 3joawjeioneighbor 10.1.1.3 update-source Loopback0joawjeioneighbor 10.1.1.4 remote-as 3joawjeioneighbor 10.1.1.4 update-source Loopback0joawjeioneighbor 10.1.1.5 remote-as 3joawjeioneighbor 10.1.1.5 update-source Loopback0joawjeioneighbor 10.1.1.6 remote-as 3joawjeioneighbor 10.1.1.6 update-source Loopback0joawjeio!joawjeioaddress-family ipv4joawjeioneighbor 10.1.1.3 activatejoawjeioneighbor 10.1.1.3 send-communityjoawjeioneighbor 10.1.1.3 route-reflector-clientjoawjeioneighbor 10.1.1.4 activatejoawjeioneighbor 10.1.1.4 send-communityjoawjeioneighbor 10.1.1.4 route-reflector-clientjoawjeioneighbor 10.1.1.5 activatejoawjeioneighbor 10.1.1.5 send-communityjoawjeioneighbor 10.1.1.5 route-reflector-clientjoawjeioneighbor 10.1.1.6 activatejoawjeioneighbor 10.1.1.6 send-communityjoawjeioneighbor 10.1.1.6 route-reflector-clientjoawjeionetwork 10.1.1.1 mask 255.255.255.255joawjeioexit-address-familyjoawjeio!joawjeioaddress-family vpnv4joawjeioneighbor 10.1.1.3 activatejoawjeioneighbor 10.1.1.3 send-community bothjoawjeioneighbor 10.1.1.3 route-reflector-clientjoawjeioneighbor 10.1.1.4 activatejoawjeioneighbor 10.1.1.4 send-community bothjoawjeioneighbor 10.1.1.4 route-reflector-clientjoawjeioneighbor 10.1.1.6 activatejoawjeioneighbor 10.1.1.6 send-community extendedjoawjeioneighbor 10.1.1.6 route-reflector-clientjoawjeioexit-address-familyjoawjeio!joawjeioaccess-list 1 permit 10.1.1.0 0.0.0.255joawjeioaccess-list 1 deny anyjoawjeioaccess-list 14 permit 10.1.1.3joawjeioaccess-list 14 permit 10.1.1.6joawjeioaccess-list 14 permit 10.1.1.4joawjeioaccess-list 100 permit icmp host 10.1.1.5 anyjoawjeioaccess-list 100 permit icmp host 172.14.8.18 anyjoawjeioaccess-list 100 permit icmp host 172.14.8.22 anyjoawjeio!joawjeiompls ldp advertise-labels for 14joawjeiojoawjeiojoawjeiojoawjeiojoawjeioR2joawjeiorouter bgp 3joawjeiobgp cluster-id 12joawjeiobgp log-neighbor-changesjoawjeioneighbor 10.1.1.3 remote-as 3joawjeioneighbor 10.1.1.3 update-source Loopback0joawjeioneighbor 10.1.1.4 remote-as 3joawjeioneighbor 10.1.1.4 update-source Loopback0joawjeioneighbor 10.1.1.5 remote-as 3joawjeioneighbor 10.1.1.5 update-source Loopback0joawjeioneighbor 10.1.1.6 remote-as 3joawjeioneighbor 10.1.1.6 update-source Loopback0joawjeio!joawjeioaddress-family ipv4joawjeioneighbor 10.1.1.3 activatejoawjeioneighbor 10.1.1.3 send-communityjoawjeioneighbor 10.1.1.3 route-reflector-clientjoawjeioneighbor 10.1.1.4 activatejoawjeioneighbor 10.1.1.4 send-communityjoawjeioneighbor 10.1.1.4 route-reflector-clientjoawjeioneighbor 10.1.1.5 activatejoawjeioneighbor 10.1.1.5 send-communityjoawjeioneighbor 10.1.1.5 route-reflector-clientjoawjeioneighbor 10.1.1.6 activatejoawjeioneighbor 10.1.1.6 send-communityjoawjeioneighbor 10.1.1.6 route-reflector-clientjoawjeiono auto-summaryjoawjeiono synchronizationjoawjeionetwork 10.1.1.2 mask 255.255.255.255joawjeioexit-address-familyjoawjeio!joawjeioaddress-family vpnv4joawjeioneighbor 10.1.1.3 activatejoawjeioneighbor 10.1.1.3 send-community bothjoawjeioneighbor 10.1.1.3 route-reflector-clientjoawjeioneighbor 10.1.1.4 activatejoawjeioneighbor 10.1.1.4 send-community bothjoawjeioneighbor 10.1.1.4 route-reflector-clientjoawjeioneighbor 10.1.1.6 activatejoawjeioneighbor 10.1.1.6 send-community extendedjoawjeioneighbor 10.1.1.6 route-reflector-clientjoawjeioexit-address-familyjoawjeio!joawjeiojoawjeio!joawjeioip access-list extended ALLOWjoawjeiopermit esp host 172.14.8.34 host 172.14.8.23joawjeiopermit udp host 172.14.8.34 host 172.14.8.33 eq ntpjoawjeiopermit udp host 172.14.8.34 host 10.1.1.2 eq ntpjoawjeiopermit udp host 172.14.8.34 host 10.1.1.2 eq tftpjoawjeiopermit tcp host 172.14.8.34 host 10.1.1.2 eq tacacsjoawjeiopermit ospf any anyjoawjeiopermit tcp any host 10.1.1.2 eq bgpjoawjeiopermit tcp host 10.1.1.2 any eq bgpjoawjeiopermit eigrp any anyjoawjeiopermit icmp any anyjoawjeiojoawjeiojoawjeiointerface Ethernet0/2joawjeioip address 172.14.8.29 255.255.255.252joawjeioip ospf message-digest-key 1 md5 ciscojoawjeiohalf-duplexjoawjeioipv6 address 2001:100::2/64joawjeioipv6 enablejoawjeioipv6 ospf 1 area 0joawjeiojoawjeiojoawjeiojoawjeiojoawjeiojoawjeioR3 (It can be confusing)<-- No change to be performed here, just for awareness (as R7).joawjeiojoawjeiojoawjeiointerface Serial2/0 <-- to R15joawjeioip vrf forwarding SITE-Bjoawjeioip address 1.1.10.1 255.255.255.252joawjeioserial restart-delay 0joawjeiono dce-terminal-timing-enablejoawjeiojoawjeiorouter bgp 3joawjeio.....joawjeioaddress-family ipv4 vrf SITE-Bjoawjeioredistribute connected route-map SRjoawjeioredistribute static metric 20joawjeiono auto-summaryjoawjeiono synchronizationjoawjeioexit-address-familyjoawjeio!joawjeiojoawjeiojoawjeioR5joawjeiojoawjeiojoawjeiojoawjeioip vrf Site-Ajoawjeiord 10:10joawjeioroute-target export 10:10joawjeioroute-target import 10:10joawjeioroute-target import 10:20joawjeio!joawjeiompls label protocol ldpjoawjeio!joawjeiorouter ospf 101 vrf Site-Ajoawjeiorouter-id 5.5.5.5joawjeiolog-adjacency-changesjoawjeionetwork 10.10.10.5 0.0.0.0 area 0joawjeiodistance ospf external 220joawjeio!joawjeiorouter ospf 1joawjeiorouter-id 10.1.1.5joawjeiolog-adjacency-changesjoawjeioarea 0 authentication message-digestjoawjeionetwork 10.1.1.5 0.0.0.0 area 0joawjeionetwork 172.14.8.18 0.0.0.0 area 0joawjeionetwork 172.14.8.22 0.0.0.0 area 0joawjeio!joawjeiorouter bgp 3joawjeiobgp log-neighbor-changesjoawjeioneighbor 10.1.1.1 remote-as 3joawjeioneighbor 10.1.1.1 update-source Loopback0joawjeioneighbor 10.1.1.2 remote-as 3joawjeioneighbor 10.1.1.2 update-source Loopback0joawjeio!joawjeioaddress-family ipv4joawjeioneighbor 10.1.1.1 activatejoawjeioneighbor 10.1.1.1 send-communityjoawjeioneighbor 10.1.1.2 activatejoawjeioneighbor 10.1.1.2 send-communityjoawjeionetwork 10.1.1.5 mask 255.255.255.255joawjeioexit-address-familyjoawjeio!joawjeioaddress-family vpnv4joawjeioneighbor 10.1.1.1 activatejoawjeioneighbor 10.1.1.1 send-community extendedjoawjeioneighbor 10.1.1.2 activatejoawjeioneighbor 10.1.1.2 send-community extendedjoawjeioexit-address-familyjoawjeio!joawjeioaddress-family ipv4 vrf vrf Site-Ajoawjeioexit-address-familyjoawjeio!joawjeiompls ldp router-id Loopback0joawjeiojoawjeioTroubleshooting commands (same as R4)joawjeiojoawjeioR7joawjeiojoawjeiointerface Loopback171joawjeiodescription ##### VPN site-B2 ####joawjeioip address 171.2.2.2 255.255.255.0joawjeiojoawjeioR8joawjeiojoawjeiojoawjeiointerface Loopback1joawjeioip address 171.1.1.1 255.255.255.0joawjeio!joawjeiorouter ospf 101joawjeiorouter-id 10.1.1.8joawjeiolog-adjacency-changesjoawjeionetwork 10.10.10.6 0.0.0.0 area 0joawjeiojoawjeioVerification stepsjoawjeioR1/R2/R4/R5#clear ip route *joawjeioR1/R2/R4/R5#clear ip bgp * very important!!joawjeiojoawjeioR20# ping 171.1.1.1 source loopback171joawjeiojoawjeioType escape sequence to abort.joawjeioSending 5, 100-byte ICMP Echos to 171.1.1.1, timeout is 2 seconds:joawjeioPacket sent with a source address of 171.2.2.2joawjeio!!!!!joawjeioSuccess rate is 100 percent (5/5), round-trip min/avg/max = 32/59/104 msjoawjeiojoawjeioR8# ping 171.2.2.2 source loopback171joawjeiojoawjeioType escape sequence to abort.joawjeioSending 5, 100-byte ICMP Echos to 171.2.2.2, timeout is 2 seconds:joawjeioPacket sent with a source address of 171.1.1.1joawjeio!!!!!joawjeioSuccess rate is 100 percent (5/5), round-trip min/avg/max = 28/64/102 msjoawjeiojoawjeiojoawjeio2. EEM(2 points)joawjeiojoawjeioOn R27, Interface Ethernet0/0 was shutdown by someone.joawjeioFix the problem so that EEM can be triggered with "no shutdown" actionjoawjeiojoawjeioInitial Configs ()joawjeioR27joawjeiojoawjeioevent manager applet EEMjoawjeioevent syslog pattern "Interface Ethernet0/0, changed state to down"joawjeioaction 2.0 cli command "configure"joawjeioaction 3.0 cli command "interface e0/0"joawjeioaction 5.0 cli command "exit"joawjeiojoawjeiojoawjeiojoawjeiojoawjeio3. OSPF (3 points) joawjeioR20 200.20.20.20 can not ping the host 192.168.20.1 in RIPjoawjeiojoawjeioInitial Configs ()joawjeioR20joawjeiojoawjeiointerface Loopback0joawjeioip address 10.1.1.20 255.255.255.255joawjeio!joawjeiointerface Loopback1joawjeioip address 171.2.2.2 255.255.255.255joawjeio!joawjeiointerface Loopback100joawjeioip address 200.20.20.20 255.255.255.255joawjeio!joawjeiojoawjeiointerface Ethernet1/0joawjeioip address 172.14.9.1 255.255.255.252joawjeioaccess-group 1 injoawjeiohalf-duplexjoawjeio!joawjeiorouter ospf 100joawjeiorouter-id 20.20.20.20joawjeiolog-adjacency-changesjoawjeioarea 101 virtual-link 4.4.4.4joawjeionetwork 10.1.1.20 0.0.0.0 area 0joawjeionetwork 172.14.9.1 0.0.0.0 area 0joawjeionetwork 172.29.7.2 0.0.0.0 area 101joawjeionetwork 172.29.7.5 0.0.0.0 area 2joawjeionetwork 200.20.20.20 0.0.0.0 area 0joawjeio!joawjeioaccess-list 1 deny 198.168.0.0 0.0.255.255joawjeioaccess-list 1 permit anyjoawjeiojoawjeiojoawjeioTroubleshooting commandsjoawjeiojoawjeioshow ip interface briefjoawjeioshow ip ospf njoawjeiosh ip route 192.168.20.1joawjeioshow run | se ospfjoawjeiojoawjeioR21joawjeiojoawjeiojoawjeiointerface Ethernet0/0joawjeioip address 172.14.9.2 255.255.255.252joawjeiohalf-duplexjoawjeio!joawjeiointerface Serial1/0joawjeioip address 172.14.11.1 255.255.255.248joawjeioip access-group 100 injoawjeioencapsulation frame-relayjoawjeioip ospf message-digest-key 1 md5 ciscojoawjeioip ospf network point-to-multipointjoawjeioserial restart-delay 0joawjeiono arp frame-relayjoawjeioframe-relay map ip 172.14.11.2 314 joawjeioframe-relay map ip 172.14.11.3 315 joawjeiono frame-relay inverse-arpjoawjeioframe-relay lmi-type ciscojoawjeio!joawjeiorouter ospf 100joawjeiolog-adjacency-changesjoawjeioarea 1 authentication message-digestjoawjeioarea 1 filter-list prefix 10joawjeionetwork 10.1.1.21 0.0.0.0 area 0joawjeionetwork 172.14.9.2 0.0.0.0 area 0joawjeionetwork 172.14.11.1 0.0.0.0 area 1joawjeio!joawjeioaccess-list 100 deny ospf any anyjoawjeioaccess-list 100 permit ip any anyjoawjeio!joawjeioip prefix-list 10 seq 10 deny 192.168.20.1/32joawjeioip prefix-list 10 seq 20 permit 0.0.0.0/0 le 32joawjeiojoawjeiojoawjeioTroubleshooting commandsjoawjeiojoawjeioshow ip interface briefjoawjeioshow ip ospf njoawjeioshow frame-relay pvcjoawjeioshow frame-relay mapjoawjeiosh run int s1/0joawjeiosh ip route 192.168.20.1joawjeiosh ip ospf database network 192.168.20.1joawjeiosh ip route 200.20.20.20joawjeioshow run | se ospfjoawjeiojoawjeiojoawjeiojoawjeiojoawjeioR24joawjeiointerface Loopback0joawjeioip address 10.1.1.24 255.255.255.255joawjeio!joawjeiointerface Ethernet0/0joawjeioip address 172.14.11.9 255.255.255.248joawjeioip ospf message-digest-key 1 md5 ciscojoawjeioip policy route-map PBRjoawjeiohalf-duplexjoawjeio!joawjeiointerface Serial1/0joawjeioip address 172.14.11.2 255.255.255.248joawjeioencapsulation frame-relayjoawjeioip ospf message-digest-key 1 md5 ciscojoawjeioip ospf network point-to-multipointjoawjeioserial restart-delay 0joawjeiono arp frame-relayjoawjeioframe-relay map ip 172.14.11.1 341 joawjeioframe-relay map ip 172.14.11.3 345 joawjeiono frame-relay inverse-arpjoawjeioframe-relay lmi-type ciscojoawjeio!joawjeiorouter ospf 100joawjeiolog-adjacency-changesjoawjeioarea 1 authentication message-digestjoawjeioarea 1 nssajoawjeionetwork 10.1.1.24 0.0.0.0 area 1joawjeionetwork 172.14.11.2 0.0.0.0 area 1joawjeionetwork 172.14.11.9 0.0.0.0 area 1joawjeio!joawjeioip access-list extended PBRjoawjeiopermit ip host 10.1.1.26 host 200.20.20.20joawjeiopermit ip host 200.20.20.20 host 10.1.1.26joawjeio!joawjeioroute-map PBR permit 10joawjeiomatch ip address PBRjoawjeioset ip next-hop 172.14.11.10joawjeiojoawjeiojoawjeioTroubleshooting commandsjoawjeiojoawjeioshow ip interface briefjoawjeioshow ip ospf njoawjeioshow frame-relay pvcjoawjeioshow frame-relay mapjoawjeiosh run int s1/0joawjeiosh run int e0/0joawjeiosh ip route 192.168.20.1joawjeiosh ip ospf database network 192.168.20.1joawjeiosh ip route 200.20.20.20joawjeioshow run | se ospfjoawjeiojoawjeiojoawjeiojoawjeioR25joawjeiointerface Loopback0joawjeioip address 10.1.1.25 255.255.255.255joawjeio!joawjeiointerface Loopback100joawjeioip address 198.168.20.2 255.255.255.128joawjeio!joawjeiointerface Serial1/0joawjeioip address 172.14.11.3 255.255.255.248joawjeioencapsulation frame-relayjoawjeioip ospf message-digest-key 1 md5 ciscojoawjeioip ospf network point-to-multipointjoawjeioserial restart-delay 0joawjeiono arp frame-relayjoawjeioframe-relay map ip 172.14.11.1 351 broadcastjoawjeioframe-relay map ip 172.14.11.2 354 broadcastjoawjeiono frame-relay inverse-arpjoawjeioframe-relay lmi-type ciscojoawjeio!joawjeiorouter ospf 100joawjeiolog-adjacency-changesjoawjeioarea 1 authentication message-digestjoawjeionetwork 10.1.1.25 0.0.0.0 area 1joawjeionetwork 172.14.11.3 0.0.0.0 area 1joawjeionetwork 192.168.20.0 0.0.0.255 area 1joawjeiojoawjeioR26joawjeiojoawjeiojoawjeiointerface Loopback0joawjeioip address 10.1.1.26 255.255.255.255joawjeio!joawjeiointerface Loopback100joawjeioip address 198.168.20.1 255.255.255.255joawjeio!joawjeiorouter ospf 100joawjeiorouter-id 10.1.1.24joawjeiolog-adjacency-changesjoawjeioarea 1 authentication message-digestjoawjeioarea 1 nssajoawjeioredistribute rip route-map connjoawjeionetwork 10.1.1.26 0.0.0.0 area 1joawjeionetwork 172.14.11.10 0.0.0.0 area 1joawjeio!joawjeiorouter ripjoawjeioversion 2joawjeionetwork 198.168.20.0joawjeiono auto-summaryjoawjeio!joawjeioip prefix-list RIP seq 5 permit 198.168.20.1/32joawjeio!joawjeioroute-map conn permit 10joawjeiomatch ip address prefix-list RIPjoawjeiojoawjeiojoawjeiojoawjeiojoawjeiojoawjeio4. DHCP/EIGRP (2 points)joawjeiojoawjeioR16 loopback0 cannot ping R19 loopback0 , Fix itjoawjeiojoawjeioInitial Configs ()joawjeioR16joawjeio!joawjeiointerface Loopback0joawjeioip address 10.1.1.16 255.255.255.255joawjeio!joawjeiointerface Ethernet1/0joawjeioip address 172.14.12.12 255.255.255.248joawjeiohalf-duplexjoawjeio!joawjeiorouter eigrp 200joawjeionetwork 10.1.1.16 0.0.0.0joawjeionetwork 172.14.12.0 0.0.0.3joawjeionetwork 172.14.12.8 0.0.0.7joawjeiono auto-summaryjoawjeiojoawjeiojoawjeiojoawjeioR17joawjeio!joawjeiointerface Ethernet0/0joawjeioip address 172.14.12.10 255.255.255.248joawjeiohalf-duplexjoawjeio!joawjeiointerface Ethernet0/1joawjeioip address dhcpjoawjeiohalf-duplexjoawjeio!joawjeiorouter eigrp 200joawjeionetwork 10.1.1.17 0.0.0.0joawjeionetwork 172.14.12.8 0.0.0.7joawjeionetwork 172.14.12.16 0.0.0.7joawjeiono auto-summaryjoawjeiojoawjeiojoawjeiojoawjeioR18joawjeio!joawjeiointerface Ethernet0/0joawjeioip address 172.14.12.11 255.255.255.248joawjeiohalf-duplexjoawjeio!joawjeiointerface Ethernet0/1joawjeioip address dhcpjoawjeiohalf-duplexjoawjeio!joawjeiorouter eigrp 200joawjeionetwork 10.1.1.18 0.0.0.0joawjeionetwork 172.14.12.8 0.0.0.7joawjeionetwork 172.14.12.16 0.0.0.7joawjeiono auto-summaryjoawjeiojoawjeiojoawjeiojoawjeioR19joawjeioip dhcp excluded-address 172.14.12.14joawjeioip dhcp excluded-address 172.14.12.15joawjeio!joawjeioip dhcp pool r17r18joawjeio network 172.14.12.16 255.255.255.240joawjeio domain-name cisco.com joawjeio default-router 172.14.12.22joawjeio!joawjeioclass-map match-all udpjoawjeiomatch access-group 101joawjeioclass-map match-all tcpjoawjeiomatch access-group 102joawjeio!joawjeiopolicy-map coppjoawjeioclass tcpjoawjeio police cir 8000joawjeioconform-action transmitjoawjeioexceed-action dropjoawjeioclass udpjoawjeio police cir 8000joawjeioconform-action dropjoawjeioexceed-action dropjoawjeio!joawjeiointerface Loopback0joawjeioip address 10.1.1.19 255.255.255.255joawjeio!joawjeiointerface Ethernet0/0 <--to R17/R18joawjeiohalf-duplexjoawjeio!joawjeiointerface Ethernet0/1joawjeioip address 192.168.14.1 255.255.255.252joawjeiohalf-duplexjoawjeio!joawjeiorouter eigrp 200joawjeionetwork 10.1.1.0 0.0.0.255joawjeionetwork 172.14.12.16 0.0.0.7joawjeionetwork 192.168.14.0 0.0.0.3joawjeiono auto-summaryjoawjeio!joawjeioaccess-list 101 deny udp any anyjoawjeioaccess-list 102 permit tcp any anyjoawjeio!joawjeio!joawjeio!joawjeiocontrol-planejoawjeioservice-policy output coppjoawjeiojoawjeioTroubleshooting commandsjoawjeiojoawjeioshow ip int briefjoawjeioshow ip eigrp njoawjeiosh run | se dhcpjoawjeioshow access-listjoawjeioshow run | se policy-mapjoawjeiodebug ip dhcp packetsjoawjeiojoawjeiojoawjeio5. QoS MQC (2 points)joawjeioR12 can not ping R7 loopback 0 with ToS 128, Fix this problemjoawjeiojoawjeioR12joawjeiointerface Loopback0joawjeioip address 10.1.1.12 255.255.255.255joawjeio!joawjeiointerface Ethernet0/0joawjeioip address 10.10.10.38 255.255.255.252joawjeiohalf-duplexjoawjeio!joawjeiorouter ospf 10joawjeiolog-adjacency-changesjoawjeionetwork 10.1.1.12 0.0.0.0 area 0joawjeionetwork 10.10.10.38 0.0.0.0 area 0joawjeiojoawjeiojoawjeiojoawjeiojoawjeioR9joawjeioclass-map match-all GOLDjoawjeiomatch access-group 101joawjeioclass-map match-all BRONZEjoawjeiomatch access-group 102joawjeioclass-map match-all SILVERjoawjeiomatch access-group 103joawjeiomatch access-group 104joawjeio!joawjeiopolicy-map CPPjoawjeioclass GOLDjoawjeio bandwidth percent 20joawjeioclass SILVERjoawjeio police cir 1000000joawjeioconform-action dropjoawjeioexceed-action drop joawjeioclass BRONZEjoawjeio shape average 300000joawjeio!joawjeiojoawjeiointerface Ethernet0/0 <-- connected to R12joawjeioip address 10.10.10.37 255.255.255.252joawjeiohalf-duplexjoawjeio!joawjeiointerface Ethernet0/2 <-- connected to R7joawjeioip address 10.10.10.10 255.255.255.252joawjeiohalf-duplexjoawjeio!joawjeiointerface Ethernet0/3 <-- connected to R8joawjeioip address 10.10.10.22 255.255.255.252joawjeiohalf-duplexjoawjeio!joawjeioip access-list extended PBRjoawjeiopermit ip host 10.1.1.11 anyjoawjeiopermit ip host 10.1.1.12 anyjoawjeio!joawjeioaccess-list 101 permit ip any any precedence immediatejoawjeioaccess-list 102 permit ip any any precedence criticaljoawjeioaccess-list 103 permit ip any any precedence flashjoawjeio!joawjeioroute-map PBR permit 10joawjeiomatch ip address PBRjoawjeioset ip next-hop 10.10.10.21 <-- R8 joawjeiojoawjeiojoawjeiojoawjeioR7joawjeiointerface Ethernet0/1 <--- connected to R9joawjeioip address 10.10.10.9 255.255.255.252joawjeioip access-group 130 injoawjeiohalf-duplexjoawjeio!joawjeioaccess-list 130 deny ip any host 10.1.1.7joawjeiojoawjeiojoawjeiojoawjeiojoawjeiojoawjeiojoawjeiojoawjeio6. NAT (2 points)joawjeiojoawjeioTelnet traffic from R20 to host 10.1.1.28 (R28-loopback0) should be translated with the Ethernet IP address of R22 as NAT source address.joawjeioHTTP traffic from R20 to host 10.1.1.28 (R28-loopback0) should be translated with the Loopback0 IP address of R22 as NAT source address.joawjeioFix the problem so that can be meetjoawjeioInitial Configs ()joawjeioR22joawjeiojoawjeio!joawjeiointerface Loopback0joawjeioip address 10.1.1.22 255.255.255.255joawjeioip nat outsidejoawjeioip virtual-reassemblyjoawjeio!joawjeiointerface Ethernet0/0 <-- connected to R20joawjeioip address 172.16.12.22 255.255.255.252joawjeiohalf-duplexjoawjeio!joawjeiointerface Ethernet0/1 <-- connected to R28joawjeioip address 172.29.7.6 255.255.255.252joawjeioip nat outsidejoawjeioip virtual-reassemblyjoawjeiohalf-duplexjoawjeio!joawjeioip nat inside source list NET_IN interface Ethernet0/1 overloadjoawjeioip nat inside source list NET_WWW interface Loopback0 overloadjoawjeio!joawjeio!joawjeioip access-list extended NET_INjoawjeioip access-list extended NET_WWWjoawjeioaccess-list 100 permit tcp 10.1.0.0 0.0.255.255 eq telnet anyjoawjeioaccess-list 101 permit tcp 10.1.0.0 0.0.255.255 eq www anyjoawjeio!joawjeioroute-map NAT_IN permit 10joawjeiomatch ip address 100joawjeio!joawjeioroute-map NAT_IN_HTTP permit 10joawjeiomatch ip address 101joawjeiojoawjeiojoawjeiojoawjeiojoawjeio7. Frame-Relay (2 points)joawjeiojoawjeioR22 can not telnet R23, fix this problem. (Frame-relay switch config is correct)joawjeiojoawjeioR22joawjeiojoawjeiointerface Serial0/0joawjeioip ospf message-digest-key 1 md5 ciscojoawjeioserial restart-delay 0joawjeiono arp frame-relayjoawjeiojoawjeiojoawjeioR23joawjeiojoawjeiointerface Serial0/0joawjeioip ospf message-digest-key 1 md5 ciscojoawjeioserial restart-delay 0joawjeiono arp frame-relayjoawjeiojoawjeioTroubleshooting commandsjoawjeiojoawjeioshow frame-relay pvc <--- to see if the pvc is activejoawjeioshow frame-relay mapping <-- the DLCI should be active, static, broadcastjoawjeioshow ip int briefjoawjeioshow ip ospf n joawjeioshow run int s0/0joawjeiojoawjeiojoawjeiojoawjeiojoawjeiojoawjeio8. MST (2 points)joawjeiojoawjeioR14 can not telnet R8, fix this problem.joawjeiojoawjeioInitial Configs ()joawjeioSW1 (root)joawjeiojoawjeiovtp domain CCIEjoawjeiovtp mode serverjoawjeiovtp password ciscojoawjeio!joawjeiospanning-tree mode mstjoawjeiospanning-tree mst configurationjoawjeio revision 1joawjeio name ciscojoawjeio instance 1 vlan 114,810joawjeio!joawjeiointerface f0/1 <-- R10joawjeio switchport access vlan 810joawjeio switchport mode accessjoawjeio!joawjeiointerface f0/3 <--R8joawjeio switchport mode trunkjoawjeio!joawjeiointerface f0/14 <-- connected to SW2joawjeio switchport trunk encapsulation dot1qjoawjeio switchport trunk allowed vlan 2-113,115-996,999-1005joawjeio switchport mode trunkjoawjeio!joawjeiojoawjeiointerface f0/15 <-- connected to SW2joawjeio switchport trunk encapsulation dot1qjoawjeio switchport mode trunkjoawjeiojoawjeiojoawjeioSW2 joawjeiojoawjeiovtp domain Ciscojoawjeiovtp mode clientjoawjeiovtp password cisc0joawjeio!joawjeiospanning-tree mode mstjoawjeiospanning-tree mst configurationjoawjeio revision 1joawjeio name ciscojoawjeiojoawjeio!joawjeiointerface f0/1 <-- R14joawjeio switchport access vlan 114joawjeio switchport mode accessjoawjeio!joawjeiointerface f0/14 <-- connected to SW1joawjeio switchport trunk encapsulation dot1qjoawjeio switchport mode trunkjoawjeio!joawjeiojoawjeiointerface f0/15 <-- connected to SW1joawjeio switchport trunk encapsulation dot1qjoawjeio switchport mode trunkjoawjeiojoawjeioTroubleshooting commandsjoawjeiojoawjeioshow vtp statusjoawjeioshow vtp passwordjoawjeioshow interface trunkjoawjeioshow spanning-tree mst 1joawjeioshow interface statusjoawjeiojoawjeiojoawjeiojoawjeiojoawjeiojoawjeio9. BGP (2 points)joawjeiojoawjeioAll PE routers can not see loopback 0 addresses of the other PE from two next-hop in their BGP table.joawjeioFix the problem so that the BGP neighbor relationship is restored accordinglyjoawjeiojoawjeioInitial Configs ()joawjeioR3joawjeiointerface Loopback0joawjeioip address 10.1.1.3 255.255.255.255joawjeio!joawjeiojoawjeiojoawjeiorouter ospf 1joawjeiorouter-id 10.1.1.3joawjeiolog-adjacency-changesjoawjeioarea 0 authentication message-digestjoawjeionetwork 10.1.1.3 0.0.0.0 area 0joawjeionetwork 172.14.8.6 0.0.0.0 area 0joawjeionetwork 172.14.8.34 0.0.0.0 area 0joawjeio!joawjeiorouter bgp 3joawjeiobgp log-neighbor-changesjoawjeioneighbor 10.1.1.1 remote-as 3joawjeioneighbor 10.1.1.1 update-source Loopback0joawjeioneighbor 10.1.1.2 remote-as 3joawjeioneighbor 10.1.1.2 update-source Loopback0joawjeio!joawjeioaddress-family ipv4joawjeionetwork 10.1.1.3 mask 255.255.255.128joawjeioneighbor 10.1.1.1 activatejoawjeioneighbor 10.1.1.1 send-communityjoawjeioneighbor 10.1.1.1 weight 1joawjeioneighbor 10.1.1.2 activatejoawjeioneighbor 10.1.1.2 send-communityjoawjeiono auto-summaryjoawjeiono synchronizationjoawjeioexit-address-familyjoawjeio!joawjeioaddress-family vpnv4joawjeioneighbor 10.1.1.1 activatejoawjeioneighbor 10.1.1.1 send-community extendedjoawjeioneighbor 10.1.1.2 activatejoawjeioneighbor 10.1.1.2 send-community extendedjoawjeioexit-address-familyjoawjeio!joawjeioaddress-family ipv4 vrf site-bjoawjeiono synchronizationjoawjeioexit-address-familyjoawjeiojoawjeio!joawjeiojoawjeioR1joawjeiojoawjeiorouter ospf 1joawjeiorouter-id 10.1.1.1joawjeiolog-adjacency-changesjoawjeioarea 0 authentication message-digestjoawjeionetwork 10.1.1.1 0.0.0.0 area 0joawjeionetwork 172.14.8.5 0.0.0.0 area 0joawjeionetwork 172.14.8.9 0.0.0.0 area 0joawjeionetwork 172.14.8.13 0.0.0.0 area 0joawjeionetwork 172.14.8.17 0.0.0.0 area 0joawjeio!joawjeiorouter bgp 3joawjeiobgp cluster-id 12joawjeiobgp log-neighbor-changesjoawjeioneighbor 10.1.1.3 remote-as 3joawjeioneighbor 10.1.1.3 update-source Loopback0joawjeioneighbor 10.1.1.4 remote-as 3joawjeioneighbor 10.1.1.4 update-source Loopback0joawjeioneighbor 10.1.1.5 remote-as 3joawjeioneighbor 10.1.1.5 update-source Loopback0joawjeioneighbor 10.1.1.6 remote-as 3joawjeioneighbor 10.1.1.6 update-source Loopback0joawjeio!joawjeioaddress-family ipv4joawjeioneighbor 10.1.1.3 activatejoawjeioneighbor 10.1.1.3 send-community joawjeioneighbor 10.1.1.4 activatejoawjeioneighbor 10.1.1.4 send-communityjoawjeioneighbor 10.1.1.4 route-reflector-clientjoawjeioneighbor 10.1.1.5 activatejoawjeioneighbor 10.1.1.5 send-communityjoawjeioneighbor 10.1.1.5 route-reflector-clientjoawjeioneighbor 10.1.1.6 activatejoawjeioneighbor 10.1.1.6 send-communityjoawjeioneighbor 10.1.1.6 route-reflector-clientjoawjeiono auto-summaryjoawjeionetwork 10.1.1.1 mask 255.255.255.128joawjeioexit-address-familyjoawjeio!joawjeioaddress-family vpnv4joawjeioneighbor 10.1.1.3 activatejoawjeioneighbor 10.1.1.3 send-community bothjoawjeioneighbor 10.1.1.3 route-reflector-clientjoawjeioneighbor 10.1.1.4 activatejoawjeioneighbor 10.1.1.4 send-community bothjoawjeioneighbor 10.1.1.4 route-reflector-clientjoawjeioneighbor 10.1.1.5 activatejoawjeioneighbor 10.1.1.5 send-community bothjoawjeioneighbor 10.1.1.5 route-reflector-clientjoawjeioneighbor 10.1.1.6 activatejoawjeioneighbor 10.1.1.6 send-community extendedjoawjeioneighbor 10.1.1.6 route-reflector-clientjoawjeioexit-address-familyjoawjeio!joawjeioip route 10.1.1.6 255.255.255.255 Null0joawjeiojoawjeiojoawjeiojoawjeiojoawjeiojoawjeiojoawjeiojoawjeio10. IPv6 (2 points)joawjeiojoawjeioR8 can not ping R4 loopback100 in IPv6, FIX ITjoawjeioYou can not enable ipv6 unicast-routing on R8joawjeiojoawjeioR8joawjeiojoawjeiointerface Ethernet0/2joawjeioip address 10.10.10.6 255.255.255.252joawjeioip ospf authentication message-digestjoawjeioip ospf message-digest-key 1 md5 ciscojoawjeiohalf-duplexjoawjeioipv6 address autoconfig joawjeiojoawjeiojoawjeiojoawjeioR5joawjeiojoawjeioipv6 unicast-routingjoawjeio!joawjeiointerface Ethernet0/0 <-- to R1joawjeioip address 172.14.8.18 255.255.255.252joawjeioip ospf message-digest-key 1 md5 ciscojoawjeiohalf-duplexjoawjeioipv6 address 2002:15::5/64joawjeioipv6 traffic-filter CC1Ejoawjeioipv6 enablejoawjeioipv6 ospf 1 area 0joawjeio!joawjeiointerface Ethernet0/2 <-- to R8joawjeioip vrf forwarding site-ajoawjeioip address 10.10.10.5 255.255.255.252joawjeioip ospf authentication message-digestjoawjeioip ospf message-digest-key 1 md5 ciscojoawjeiohalf-duplexjoawjeioipv6 address 2002:58::5/64joawjeioipv6 enablejoawjeioipv6 nd suppressjoawjeio!joawjeiointerface Ethernet0/3 <- to R2joawjeioip address 172.14.8.22 255.255.255.252joawjeioip ospf message-digest-key 1 md5 ciscojoawjeioipv6 address 2001:200::5/64joawjeioipv6 ospf 1 area 0joawjeioipv6 traffic-filter CC1Ejoawjeiohalf-duplexjoawjeio!joawjeioroute-map conn permit 10joawjeio match interface e0/2joawjeio!joawjeioipv6 router ospf 1joawjeiolog-adjacency-changesjoawjeioredistribute connected route-map connjoawjeio!joawjeio!joawjeio!joawjeioipv6 access-list CC1Ejoawjeiodeny ipv6 any anyjoawjeiojoawjeioR1joawjeio!joawjeiointerface Ethernet0/0joawjeioip address 172.14.8.17 255.255.255.252joawjeiorate-limit input access-group 100 8000 1500 2000 conform-action transmit exceed-action dropjoawjeioip ospf message-digest-key 1 md5 ciscojoawjeiohalf-duplexjoawjeioipv6 address 2002:15::1/64joawjeioipv6 enablejoawjeioipv6 ospf 1 area 0joawjeiompls ipjoawjeio!joawjeiointerface Ethernet0/1joawjeioip address 172.14.8.9 255.255.255.252joawjeioip ospf message-digest-key 1 md5 ciscojoawjeiohalf-duplexjoawjeioipv6 address 2002:14::1/64joawjeioipv6 enablejoawjeiompls ipjoawjeio!joawjeiojoawjeioipv6 router ospf 1joawjeiorouter-id 10.1.1.1joawjeiolog-adjacency-changesjoawjeiojoawjeioR2joawjeiojoawjeiojoawjeiojoawjeiointerface Ethernet0/2joawjeioip address 172.14.8.29 255.255.255.252joawjeioip access-group ALLOW injoawjeioip ospf message-digest-key 1 md5 ciscojoawjeiohalf-duplexjoawjeioipv6 address 2001:100::2/64joawjeioipv6 enablejoawjeioipv6 ospf 1 area 0joawjeiompls ipjoawjeio!joawjeiointerface Ethernet0/3joawjeioip address 172.14.8.21 255.255.255.252joawjeioip ospf message-digest-key 1 md5 ciscojoawjeiohalf-duplexjoawjeioipv6 address 2001:200::2/64joawjeioipv6 enablejoawjeioipv6 ospf 1 area 0joawjeiompls ipjoawjeio!joawjeiojoawjeioipv6 router ospf 1joawjeiorouter-id 10.1.1.2joawjeiolog-adjacency-changesjoawjeiojoawjeioR4joawjeiojoawjeioipv6 unicast-routingjoawjeio!joawjeiointerface lo 0joawjeio!joawjeiointerface Loopback1joawjeioip address 172.1.1.4 255.255.255.255joawjeio!joawjeiointerface Loopback100joawjeiono ip addressjoawjeioipv6 address CC1E:100::100/64joawjeio!joawjeiointerface Ethernet0/1 <--to R1joawjeioip address 172.14.8.10 255.255.255.252joawjeioip ospf message-digest-key 1 md5 ciscojoawjeiohalf-duplexjoawjeioipv6 address 2002:14::4/64joawjeioipv6 enablejoawjeioipv6 ospf 1 area 0joawjeiompls ipjoawjeio!joawjeiointerface Ethernet0/2 <-- to R2joawjeioip address 172.14.8.30 255.255.255.252joawjeioip ospf message-digest-key 1 md5 ciscojoawjeiohalf-duplexjoawjeioipv6 address 2001:100::4/64joawjeioipv6 enablejoawjeioipv6 ospf 1 area 0joawjeiompls ipjoawjeio!joawjeioipv6 router ospf 1joawjeiolog-adjacency-changesjoawjeiorouter-id 10.1.1.1joawjeiojoawjeiojoawjeioemdjoawjeiojoawjeio##################################################################################joawjeio##################################################################################joawjeio##################################################################################joawjeio##################################################################################joawjeio##################################################################################joawjeio##################################################################################joawjeio##################################################################################joawjeio##################################################################################joawjeio##################################################################################joawjeio##################################################################################joawjeio##################################################################################joawjeio##################################################################################joawjeio##################################################################################joawjeio##################################################################################joawjeio##################################################################################joawjeio##################################################################################joawjeio##################################################################################joawjeio##################################################################################joawjeio##################################################################################joawjeio##################################################################################joawjeio##################################################################################joawjeio##################################################################################joawjeio##################################################################################joawjeio##################################################################################joawjeio##################################################################################joawjeio##################################################################################joawjeio##################################################################################joawjeio##################################################################################joawjeio##################################################################################joawjeio##################################################################################joawjeio##################################################################################joawjeio##################################################################################joawjeio##################################################################################joawjeio##################################################################################joawjeio##################################################################################joawjeio##################################################################################joawjeio##################################################################################joawjeiojoawjeiojoawjeiojoawjeiojoawjeio1. MPLS/BGP (3points)joawjeiojoawjeioR20 Host 171.2.2.2 in VPN Site-A2 cannot ping R8 host 171.1.1.1. Fix the problem so that the packet can be 100% successful.joawjeiojoawjeioR20joawjeiointerface Loopback171joawjeioip address 171.2.2.2 255.255.255.0joawjeio!joawjeiorouter ospf 101joawjeioarea 101 virtual-link 4.4.4.4 authentication message-digestjoawjeioarea 101 virtual-link 4.4.4.4 message-digest-key 1 md5 ciscojoawjeionetwork 172.29.7.2 0.0.0.0 area 101joawjeionetwork 171.2.2.2 0.0.0.0 area 0joawjeiojoawjeiojoawjeioR4joawjeiono route-target export 10:10joawjeio!joawjeiono mpls label protocol tdpjoawjeiompls label protocol ldpjoawjeio!joawjeiointerface Loopback0joawjeioip address 10.1.1.4 255.255.255.255joawjeio!joawjeiointerface Loopback1joawjeioip address 172.1.1.4 255.255.255.255joawjeio!joawjeiointerface Ethernet0/1 <--R1joawjeiompls ipjoawjeio!joawjeiointerface Ethernet0/2 <--R2joawjeiompls ipjoawjeio!joawjeiorouter ospf 101 vrf Site-Ajoawjeioredistribute bgp 3 metric 10 metric-ty 1 subnetsjoawjeioarea 101 virtual-link 20.20.20.20 authentication message-digestjoawjeioarea 101 virtual-link 20.20.20.20 message-digest-key 1 md5 ciscojoawjeio!joawjeiorouter bgp 3joawjeio!joawjeioaddress-family ipv4joawjeiono auto-summaryjoawjeiono synchronizationjoawjeio!joawjeio!joawjeioaddress-family ipv4 vrf Site-Ajoawjeioredistribute ospf 101 vrf Site-A mutch internal external 1 external 2joawjeiono auto-summaryjoawjeiono synchronizationjoawjeioexit-address-familyjoawjeio!joawjeiompls ldp router-id Loopback0joawjeio!joawjeioip prefix-list 171 seq 10 permit 171.1.1.1joawjeioip prefix-list 171 seq 20 permit 171.2.2.2joawjeio!joawjeioroute-map cisco permit 10joawjeiomatch ip address prefix 171joawjeiojoawjeiojoawjeiojoawjeioR1joawjeioip cefjoawjeio!joawjeiompls label protocol ldpjoawjeio!joawjeiointerface Ethernet0/0joawjeiompls ipjoawjeio!joawjeiorouter bgp 3joawjeiobgp log-neighbor-changesjoawjeioneighbor 10.1.1.3 route-reflector clientjoawjeioneighbor 10.1.1.4 route-reflector clientjoawjeioneighbor 10.1.1.5 route-reflector clientjoawjeioneighbor 10.1.1.6 route-reflector clientjoawjeio!joawjeioaddress-family ipv4joawjeiono auto-summaryjoawjeiono synchronizationjoawjeioexit-address-familyjoawjeio!joawjeioaddress-family vpnv4joawjeioneighbor 10.1.1.5 activatejoawjeioneighbor 10.1.1.5 send-community bothjoawjeioneighbor 10.1.1.5 route-reflector-clientjoawjeioexit-address-familyjoawjeio!joawjeioaccess-list 14 permit 10.1.1.5joawjeiojoawjeiojoawjeiojoawjeioR2joawjeiorouter bgp 3joawjeioneighbor 10.1.1.3 route-reflector-clientjoawjeioneighbor 10.1.1.4 route-reflector-c1ientjoawjeioneighbor 10.1.1.5 route-reflector-clientjoawjeioneighbor 10.1.1.6 route-reflector-clientjoawjeio!joawjeioaddress-family ipv4joawjeiono auto-summaryjoawjeiono synchronizationjoawjeioexit-address-familyjoawjeio!joawjeioaddress-family vpnv4joawjeioneighbor 10.1.1.5 activatejoawjeioneighbor 10.1.1.5 send-community bothjoawjeioneighbor 10.1.1.5 route-reflector-clientjoawjeioexit-address-familyjoawjeio!joawjeioexit-address-familyjoawjeio!joawjeioip access-list extended ALLOWjoawjeiopermit ip any any joawjeio!joawjeio!joawjeiointerface Ethernet0/2joawjeioip access-group ALLOW injoawjeiompls ipjoawjeiojoawjeioTroubleshooting commands (same as R1)joawjeiojoawjeiojoawjeioR3 joawjeioip route vrf SITE-B 171.1.1.0 255.255.255.0 1.1.10.2joawjeiojoawjeiojoawjeiojoawjeioR5joawjeiono route-target import 10:10joawjeio!joawjeiompls label protocol ldpjoawjeio!joawjeiorouter ospf 101 vrf Site-Ajoawjeioredistribute bgp 3 metric 10 metric-type 1 subnetsjoawjeioarea 101 virtual-link 10.1.1.8 authentication message-digestjoawjeioarea 101 vittual-link 10.1.1.8 message-digestkey 1 md5 ciscojoawjeio!joawjeiorouter bgp 3joawjeioaddress-family ipv4joawjeiono auto-summaryjoawjeiono synchronizationjoawjeioexit-address-familyjoawjeio!joawjeioaddress-family ipv4 vrf vrf Site-Ajoawjeioredistribute ospf 101 vrf site-a match internal external 1 external 2joawjeiono synchronizationjoawjeiono auto-summaryjoawjeio!joawjeiompls ldp router-id Loopback0joawjeiojoawjeiojoawjeiojoawjeioR7joawjeioとくになしjoawjeiojoawjeiojoawjeiojoawjeioR8joawjeiorouter ospf 101joawjeiorouter-id 10.1.1.8joawjeioarea 101 virtual-link 5.5.5.5 authentication message-digest joawjeioarea 101 virtual-link 5.5.5.5 message-digest-key 1 md5 ciscojoawjeionet 171.1.1.1 0.0.0.0. area 0joawjeiojoawjeiojoawjeiojoawjeio2. EEM(2 points)joawjeiojoawjeioOn R27, Interface Ethernet0/0 was shutdown by someone.joawjeioFix the problem so that EEM can be triggered with "no shutdown" actionjoawjeiojoawjeioR27joawjeioevent manager applet EEMjoawjeioevent syslog pattern "Interface Ethernet0/0, changed state to administratively down"joawjeioaction 1.0 cli command "enable"joawjeioaction 2.0 cli command "configure terminal"joawjeioaction 3.0 cli command "interface e0/0"joawjeioaction 4.0 cli command "no shutdown"joawjeioaction 5.0 cli command "exit"joawjeiojoawjeiojoawjeioVerification steps:joawjeioR27(config)#interface e0/0joawjeioR27(config-if)#shutjoawjeioR27(config-if)#joawjeio*Mar 1 02:22:15.719: %OSPF-5-ADJCHG: Process 27, Nbr 10.1.1.26 on Ethernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detachedjoawjeio*Mar 1 02:22:15.723: %OSPF-5-ADJCHG: Process 27, Nbr 10.10.10.24 on Ethernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detachedjoawjeio*Mar 1 02:22:17.703: %LINK-5-CHANGED: Interface Ethernet0/0, changed state to administratively downjoawjeio*Mar 1 02:22:18.375: %SYS-5-CONFIG_I: Configured from console by vty0joawjeio*Mar 1 02:22:20.039: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to upjoawjeio*Mar 1 02:22:28.231: %OSPF-5-ADJCHG: Process 27, Nbr 10.10.10.24 on Ethernet0/0 from LOADING to FULL, Loading Donejoawjeio*Mar 1 02:22:33.595: %OSPF-5-ADJCHG: Process 27, Nbr 10.1.1.26 on Ethernet0/0 from LOADING to FULL, Loading Donejoawjeiojoawjeio...joawjeiojoawjeiojoawjeiojoawjeio3. OSPF (3 points) joawjeioR20 200.20.20.20 can not ping the host 192.168.20.1 in RIPjoawjeiojoawjeioR20joawjeiono access-list 1 deny 198.168.0.0 0.0.255.255joawjeioaccess-list 1 permit any anyjoawjeiojoawjeiojoawjeiojoawjeioR21joawjeiointerface Serial1/0joawjeioframe-relay map ip 172.14.11.2 314 broadcastjoawjeioframe-relay map ip 172.14.11.3 315 broadcastjoawjeio!joawjeiorouter ospf 100joawjeioarea 1 nssa joawjeio!joawjeiono access-list 100 deny ospf any anyjoawjeioaccess-list 100 permit ip any anyjoawjeio!joawjeioip prefix-list 10 seq 10 permit 192.168.20.1/32joawjeioip prefix-list 10 seq 20 permit 0.0.0.0/0 le 32joawjeiojoawjeiojoawjeiojoawjeiojoawjeiojoawjeioR24joawjeiointerface Ethernet0/0joawjeiono ip policy route-map PBRjoawjeiojoawjeiojoawjeiojoawjeiojoawjeiojoawjeioR25joawjeio!joawjeiointerface Loopback100joawjeioip address 198.168.20.2 255.255.255.0joawjeioip ospf network point-to-pointjoawjeiojoawjeiojoawjeioR26joawjeiorouter ospf 100joawjeiono router-id 10.1.1.24joawjeiorouter-id 10.1.1.26joawjeioarea 1 nssajoawjeioredistribute rip route-map conn subnetsjoawjeiojoawjeioVerification steps:joawjeiojoawjeioR20#ping 192.168.20.1 source loopback100joawjeiojoawjeioType escape sequence to abort.joawjeioSending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:joawjeioPacket sent with a source address of 200.20.20.20joawjeio!!!!!joawjeioSuccess rate is 100 percent (5/5), round-trip min/avg/max = 22/41/101 msjoawjeiojoawjeiojoawjeiojoawjeiojoawjeiojoawjeio4. DHCP/EIGRP (2 points)joawjeiojoawjeioR16 loopback0 cannot ping R19 loopback0 , Fix itjoawjeiojoawjeioR16joawjeiokey chain eigrpjoawjeiokey 1joawjeio key-string ciscojoawjeio!joawjeiointerface Ethernet1/0joawjeioip authentication mode eigrp 200 md5joawjeioip authentication key-chain eigrp 200 eigrpjoawjeiohalf-duplexjoawjeiojoawjeiojoawjeioR17joawjeiokey chain eigrpjoawjeiokey 1joawjeio key-string ciscojoawjeio!joawjeiointerface Ethernet0/0joawjeioip authentication mode eigrp 200 md5joawjeioip authentication key-chain eigrp 200 eigrpjoawjeiohalf-duplexjoawjeio!joawjeiojoawjeiojoawjeiojoawjeioR18joawjeiojoawjeiokey chain EIGRP_KEYjoawjeiokey 1joawjeio key-string ciscojoawjeiohalf-duplexjoawjeio!joawjeiointerface Ethernet0/1joawjeioip authentication mode eigrp 200 md5joawjeioip authentication key-chain eigrp 200 EIGRP_KEYjoawjeio!joawjeiojoawjeiojoawjeioR19joawjeiono ip dhcp excluded-address 172.14.12.14joawjeiono ip dhcp excluded-address 172.14.12.15joawjeio!joawjeioip dhcp pool r17r18joawjeio network 172.14.12.16 255.255.255.248joawjeio domain-name cisco.comjoawjeio dns-server 172.14.12.22 joawjeio default-router 172.14.12.19joawjeio!joawjeiokey chain eigrpjoawjeiokey 1joawjeio key-string ciscojoawjeio!joawjeiopolicy-map coppjoawjeioclass tcpjoawjeio police cir 8000joawjeioconform-action transmitjoawjeioexceed-action dropjoawjeioclass udpjoawjeio police cir 8000joawjeioconform-action transmitjoawjeioexceed-action dropjoawjeio!joawjeiointerface Ethernet0/0 <--to R17/R18joawjeioip address 172.14.12.19 255.255.255.248joawjeioip authentication mode eigrp 200 md5joawjeioip authentication key-chain eigrp 200 eigrpjoawjeio!joawjeioaccess-list 101 permit udp any anyjoawjeioaccess-list 102 permit tcp any anyjoawjeio!joawjeio!joawjeio!joawjeiocontrol-planejoawjeioservice-policy output coppjoawjeiojoawjeioTroubleshooting commandsjoawjeiojoawjeioVerification steps:joawjeiojoawjeioR16#ping 10.1.1.19 source loopback0joawjeiojoawjeioType escape sequence to abort.joawjeioSending 5, 100-byte ICMP Echos to 10.1.1.19, timeout is 2 seconds:joawjeioPacket sent with a source address of 10.1.1.16joawjeio!!!!!joawjeioSuccess rate is 100 percent (5/5), round-trip min/avg/max = 28/47/115 msjoawjeiojoawjeiojoawjeiojoawjeiojoawjeiojoawjeio5. QoS MQC (2 points)joawjeiojoawjeioR12 can not ping R7 loopback 0 with ToS 128, Fix this problemjoawjeiojoawjeiojoawjeioR12joawjeioとくになしjoawjeiojoawjeioR9joawjeioとくになしjoawjeiojoawjeioclass-map match-any SILVERjoawjeiomatch access-group 103joawjeiomatch access-group 104joawjeio!joawjeiopolicy-map CPPjoawjeioclass GOLDjoawjeio bandwidth percent 20joawjeioclass SILVERjoawjeio set ip precedence 5joawjeio police cir 1000000joawjeioconform-action transimitjoawjeioexceed-action drop joawjeioclass BRONZEjoawjeio shape average 300000joawjeio!joawjeiojoawjeiointerface Ethernet0/0 <-- connected to R12joawjeiono ip policy route-map PBRjoawjeio!joawjeiointerface Ethernet0/2 <-- connected to R7joawjeioip policy route-map PBRjoawjeiohalf-duplexjoawjeio!joawjeiointerface Ethernet0/3 <-- connected to R8joawjeioservice-policy output CPPjoawjeio!joawjeioaccess-list 104 permit ip any any precedence flash-override <-- ToS 128 (IP Prec.= 3)joawjeio!joawjeiojoawjeiojoawjeioR7joawjeioaccess-list 130 permit ip any any precedence critical <-- precedence=5joawjeiojoawjeiojoawjeiojoawjeioVerification steps:joawjeiojoawjeioR12#pingjoawjeioProtocol [ip]:joawjeioTarget IP address: 10.1.1.7joawjeioRepeat count [5]:joawjeioDatagram size [100]:joawjeioTimeout in seconds [2]:joawjeioExtended commands [n]: yjoawjeioSource address or interface:joawjeioType of service [0]: 128joawjeioSet DF bit in IP header? [no]:joawjeioValidate reply data? [no]:joawjeioData pattern [0xABCD]:joawjeioLoose, Strict, Record, Timestamp, Verbose[none]:joawjeioSweep range of sizes [n]:joawjeioType escape sequence to abort.joawjeioSending 5, 100-byte ICMP Echos to 10.1.1.7, timeout is 2 seconds:joawjeioPacket sent with a source address of 10.1.1.12joawjeio!!!!!joawjeioSuccess rate is 100 percent (5/5), round-trip min/avg/max = 12/19/65 msjoawjeiojoawjeiojoawjeiojoawjeiojoawjeiojoawjeiojoawjeio6. NAT (2 points)joawjeiojoawjeioTelnet traffic from R20 to host 10.1.1.28 (R28-loopback0) should be translated with the Ethernet IP address of R22 as NAT source address.joawjeioHTTP traffic from R20 to host 10.1.1.28 (R28-loopback0) should be translated with the Loopback0 IP address of R22 as NAT source address.joawjeioFix the problem so that can be meetjoawjeiojoawjeiojoawjeiojoawjeioR22joawjeiojoawjeio!joawjeiointerface Loopback0joawjeiono ip nat outsidejoawjeio!joawjeiointerface Ethernet0/0 <-- connected to R20joawjeioip address 172.16.12.22 255.255.255.252joawjeioaccess-list 100 permit tcp 10.1.0.0 0.0.255.255 any eq telnet joawjeioaccess-list 101 permit tcp 10.1.0.0 0.0.255.255 any eq www joawjeio!joawjeioSummary of issuesjoawjeiojoawjeioa.Missing "ip nat inside" command on the interface connected to R20<- add itjoawjeiob. Incomplete and Wrong ACLs with wrong mask... <-- joawjeio ip access-list extended NET_IN permit tcp 10.1.0.0 0.0.255.255 any eq telnet <-- 10.1.0.0/16 represents the loopback trafficsjoawjeio ip access-list extended NET_WWW permit tcp 10.1.0.0 0.0.255.255 any eq wwwjoawjeioc.In some cases we have a "ip nat outside" command using route-map (not the case in this initial config)<-- Just make sure to the route-map is matching the correct ACLjoawjeioroute-map NAT_IN permit 10joawjeiomatch ip address NET_INjoawjeio!joawjeioroute-map NAT_IN_HTTP permit 10joawjeiomatch ip address NET_WWWjoawjeio!joawjeioip nat inside source list route-map NAT_IN interface Ethernet0/1 overloadjoawjeioip nat inside source list NAT_IN_HTTP interface Loopback0 overloadjoawjeiod. ip nat outside" configured on loopback0 <--remove itjoawjeiojoawjeiojoawjeioVerification steps:joawjeiojoawjeioR20#telnet 10.1.1.28 /source-interface Loopback 0joawjeiojoawjeioR22#show ip nat translationjoawjeiojoawjeioR20#telnet 10.1.1.28 www /source-interface Loopback 0joawjeiojoawjeioR22#show ip nat translationjoawjeiojoawjeiojoawjeio7. Frame-Relay (2 points)joawjeiojoawjeioR22 can not telnet R23, fix this problem. (Frame-relay switch config is correct)joawjeiojoawjeioR22joawjeiojoawjeiointerface Serial0/0joawjeioip address 172.16.12.1 255.255.255.252joawjeioencapsulation frame-relayjoawjeioip ospf network point-to-pointjoawjeioframe-relay map ip 172.16.12.2 23 broadcastjoawjeioframe-relay map ip 172.16.12.1 23 broadcastjoawjeiono frame-relay inverse-arpjoawjeioframe-relay lmi-type ciscojoawjeiojoawjeiojoawjeioR23joawjeiojoawjeiointerface Serial0/0joawjeioip address 172.16.12.2 255.255.255.252joawjeioencapsulation frame-relayjoawjeioip ospf network point-to-pointjoawjeioframe-relay map ip 172.16.12.2 22joawjeioframe-relay map ip 172.16.12.1 22joawjeiono frame-relay inverse-arpjoawjeioframe-relay lmi-type ciscojoawjeiojoawjeioVerification steps:joawjeiojoawjeioR22#telnet 10.1.1.23 /source-interface Loopback 0joawjeiojoawjeiojoawjeiojoawjeiojoawjeiojoawjeio8. MST (2 points)joawjeiojoawjeioR14 can not telnet R8, fix this problem.joawjeioSW1 (root)joawjeiojoawjeiointerface f0/1 <-- R10joawjeio no switchport access vlan 810joawjeio switchport access vlan 114joawjeio switchport mode accessjoawjeio!joawjeiointerface f0/14 <-- connected to SW2joawjeio switchport trunk encapsulation dot1qjoawjeio no switchport trunk allowed vlan 2-113,115-996,999-1005joawjeio or switchport trunk allowed vlan 2-996,999-100joawjeio switchport mode trunkjoawjeio!joawjeiojoawjeiojoawjeiojoawjeiojoawjeioSW2 joawjeiojoawjeiovtp password ciscojoawjeio!joawjeiospanning-tree mode mstjoawjeiospanning-tree mst configurationjoawjeio instance 1 vlan 114,810joawjeio!joawjeiojoawjeioVerification steps:joawjeiojoawjeioR14#telnet 10.1.1.0 /source-interface Loopback 0joawjeiojoawjeiojoawjeiojoawjeio9. BGP (2 points)joawjeiojoawjeioAll PE routers can not see loopback 0 addresses of the other PE from two next-hop in their BGP table.joawjeioFix the problem so that the BGP neighbor relationship is restored accordinglyjoawjeiojoawjeiojoawjeioR3joawjeiorouter bgp 3joawjeioaddress-family ipv4joawjeionetwork 10.1.1.3 mask 255.255.255.255joawjeiono neighbor 10.1.1.1 weight 1joawjeiojoawjeiojoawjeioR1joawjeiorouter bgp 3joawjeioaddress-family ipv4joawjeioneighbor 10.1.1.3 send-community <-- missing route reflector commandjoawjeioneighbor 10.1.1.3 route-reflector-clientjoawjeiono auto-summary <-- Missing ' no synchronization' commandjoawjeiono synchronizationjoawjeioexit-address-familyjoawjeio!joawjeioip route 10.1.1.6 255.255.255.255 Null0joawjeiojoawjeiojoawjeiojoawjeiojoawjeiojoawjeio10. IPv6 (2 points)joawjeiojoawjeioR8 can not ping R4 loopback100 in IPv6, FIX ITjoawjeioYou can not enable ipv6 unicast-routing on R8joawjeiojoawjeioR8joawjeiointerface Ethernet0/2joawjeioipv6 address autoconfig <-- missing default keyword. It allows to create a static default route on R8 pointing to R5 so it knows how to get to R4joawjeiojoawjeiojoawjeioR5joawjeioipv6 unicast-routingjoawjeio!joawjeiono ipv6 nd suppressjoawjeio!joawjeioipv6 access-list CC1Ejoawjeiopermit ipv6 any anyjoawjeiojoawjeioR1joawjeioとくになしjoawjeio!joawjeioR2joawjeioとくになしjoawjeiojoawjeiojoawjeiojoawjeioR4joawjeioint lo 0joawjeioip add 10.1.1.4 255.255.255.255joawjeio!joawjeiointerface Loopback100joawjeioipv6 ospf 1 area 0joawjeiojoawjeio!joawjeioipv6 router ospf 1joawjeiolog-adjacency-changesjoawjeiorouter-id 10.1.1.4joawjeiojoawjeiojoawjeioendjoawjeiojoawjeio
登録:
投稿 (Atom)