fhnoeu

1. FRAME RELAY (2points)fhnoeu  fhnoeuRequires R15 to telnet to R13 and R14 loopbacksfhnoeu※SubInt無い版fhnoeuR13fhnoeufhnoeuinterface Serial0/0fhnoeuip address 172.16.13.2 255.255.255.248fhnoeuencapsulation frame-relayfhnoeuip ospf network broadcast or point-to-multipointfhnoeuframe-relay map ip 172.16.13.4 341 broadcastfhnoeuframe-relay map ip 172.16.13.3 345 broadcastfhnoeuframe-relay lmi-type ciscofhnoeuno frame-relay inverse arpfhnoeufhnoeufhnoeuR14fhnoeuinterface Serial0/0fhnoeuip address 172.16.13.4 255.255.255.248fhnoeuencapsulation frame-relayfhnoeuip ospf network broadcast or point-to-multipointfhnoeuframe-relay map ip 172.16.13.2 314 broadcastfhnoeuframe-relay map ip 172.16.13.3 315 broadcastfhnoeuframe-relay lmi-type ciscofhnoeuno frame-relay inverse arpfhnoeufhnoeufhnoeuR15fhnoeuinterface Serial1/0fhnoeuip address 172.16.13.3 255.255.255.248fhnoeuencapsulation frame-relayfhnoeuip ospf network broadcast or point-to-multipointfhnoeuframe-relay map ip 172.16.13.4 351 broadcastfhnoeuframe-relay map ip 172.16.13.2 354 broadcastfhnoeuframe-relay lmi-type ciscofhnoeuno frame-relay inverse arpfhnoeufhnoeuVerification steps:fhnoeufhnoeufhnoeushow frame‐relay map <--DLCI should be activefhnoeush run interface s0/0/0fhnoeuR15# telnet 10.1.1.14fhnoeu....openfhnoeufhnoeufhnoeuR15# telnet 10.1.1.14fhnoeu....openfhnoeufhnoeufhnoeufhnoeufhnoeufhnoeufhnoeu2. HRSP (2 points)fhnoeu  fhnoeuEnsure the output of "show standby" on R22 and R23 is the same as shown belowfhnoeufhnoeuR22 being the active unit with a priority configured of 100 (not by default), and also a track 1 configured and up, with a decrement value of 60.fhnoeuR23 is the standby unit, using the default priority value (100), no authentication, with preempt, track 1 configured and up, with a decrement value of 60.fhnoeufhnoeufhnoeufhnoeufhnoeuR22fhnoeuinterface Ethernet0/0fhnoeustandby 1 priority 100fhnoeustandby 1 track 1 decrement 60fhnoeuno standby 1 preemptfhnoeufhnoeufhnoeuR23fhnoeuinterface Ethernet0/0fhnoeuno standby 1 priority 150fhnoeuno standby 1 authentication md5 key-string ciscofhnoeustandby 1 track 1 decrement 60fhnoeufhnoeufhnoeuR21(1.1.70.0/24 だった場合)fhnoeurouter eigrp 200fhnoeuredistribute ospf 1 metric 10000 100 255 1 1500 route-map PREFIXfhnoeu!fhnoeuroute-map PREFIX permit 10fhnoeumatch ip address 1fhnoeu!fhnoeuaccess-list 1 permit 1.1.70.0 0.0.0.255fhnoeufhnoeufhnoeuR13(DefaultRouteだった場合)fhnoeu!fhnoeu!fhnoeurouter ospf 1fhnoeu area 1 nssa default-information originate allwaysfhnoeufhnoeufhnoeufhnoeufhnoeuVerification steps:fhnoeuR22/R23#show standby <--should match exactly the output givenfhnoeufhnoeufhnoeufhnoeufhnoeufhnoeufhnoeu3. NTP (2 points)fhnoeu  fhnoeuR13 NTP cannot synchronize with R5, Fix itfhnoeufhnoeufhnoeuR5fhnoeuntp authentication-key 1 md5 ciscofhnoeufhnoeufhnoeuR13fhnoeuntp authentication-key 1 md5 ciscofhnoeuntp server 10.1.1.5 key 1fhnoeuntp authentication fhnoeuntp trusted-keyfhnoeufhnoeufhnoeufhnoeufhnoeufhnoeuR9fhnoeuip access-list extended deny_udpfhnoeupermit ip  any anyfhnoeufhnoeufhnoeufhnoeufhnoeuR11fhnoeu!fhnoeuip access-list extended deny_udpfhnoeupermit ip  any anyfhnoeufhnoeufhnoeufhnoeufhnoeuVerification steps:fhnoeuR5/R13#show ntp association detail <--should be synchronized and sanefhnoeufhnoeufhnoeufhnoeufhnoeufhnoeufhnoeufhnoeu4. PPP/RIP (2 points)fhnoeuR24 cannot ping R29 192.168.20.1, Fix itfhnoeufhnoeuR25fhnoeuusername ccie password ciscofhnoeufhnoeuinterface Serial1/0 ---> connecting to R29fhnoeuip address 172.16.9.1 255.255.255.248fhnoeuclockrate 512000fhnoeu!fhnoeufhnoeufhnoeurouter eigrp 200fhnoeuredistribute rip metric 100000 100 255 1 1500fhnoeuno auto-summaryfhnoeu!fhnoeurouter ripfhnoeuversion 2fhnoeufhnoeufhnoeufhnoeufhnoeuR29fhnoeuinterface Serial1/0fhnoeuip address 172.16.9.2 255.255.255.248fhnoeuencapsulation pppfhnoeuppp chap hostname cciefhnoeuppp chap password 0 ciscofhnoeu!fhnoeurouter ripfhnoeuversion 2fhnoeunetwork 172.16.0.0fhnoeuno auto-summaryfhnoeufhnoeufhnoeufhnoeuVerification steps:fhnoeuR25/R29#show ip interface brief <--serial1/0 should be upfhnoeuR25#show ip route <--should see the network 192.168.20.0fhnoeuR24#telnet 192.168.20.1fhnoeuopen...fhnoeufhnoeufhnoeu5. OSPF (3 points)fhnoeuR18fhnoeuno ip route X.X.X.X 0.0.0.X.172.16.12.5 --->pointing toward R17fhnoeufhnoeufhnoeuR17fhnoeuinterface Ethernet1/0fhnoeuip ospf network broadcastfhnoeu!fhnoeuip access-list extended 111fhnoeu  permit icmp any anyfhnoeu!fhnoeuno ip route X.X.X.X 0.0.0.X 172.16.12.6--->pointing toward R18fhnoeufhnoeufhnoeufhnoeuR16fhnoeuinterface Ethernet2/0 ---> facing R17fhnoeuip ospf network broadcastfhnoeu!fhnoeurouter ospf 1fhnoeuarea 3 virtual-link 10.1.1.18 message-digest-key 1 md5 ciscofhnoeudistribute-list 12 in e1/0fhnoeu!fhnoeuaccess-list 12 permit anyfhnoeufhnoeufhnoeuR8fhnoeurouter ospf 1fhnoeuredistribute bgp 200 subnetsfhnoeufhnoeufhnoeuR27fhnoeurouter bgp 300fhnoeuneighbor 10.1.1.28 next-hop-selffhnoeufhnoeuSummary of issuesfhnoeuVerification steps:fhnoeufhnoeuR20#ping 10.1.1.28 source loopback0fhnoeutrying open 10.1.1.28fhnoeuuser verificationfhnoeupassword:fhnoeufhnoeufhnoeufhnoeufhnoeufhnoeufhnoeufhnoeu6. ZBFW (2 points)fhnoeuR29fhnoeuclass-map type inspect match-all telneticmpfhnoeuno match protocol icmpfhnoeufhnoeu!fhnoeuzone-pair security inbound source zoneout destination zoneinfhnoeuservice-policy type inspect inboundfhnoeuzone-pair security outbound source zonein destination zoneoutfhnoeuservice-policy type inspect outboundfhnoeu!fhnoeufhnoeuinterface Ethernet2/0<-- to R30fhnoeuzone-member security zoneinfhnoeu!fhnoeuinterface Ethernet2/1 <-- to R31fhnoeuzone-member security zoneoutfhnoeu!fhnoeuip route 10.1.1.30 255.255.255.255 172.16.39.30fhnoeuip route 10.1.1.31 255.255.255.255 172.16.129.31fhnoeufhnoeufhnoeuR30fhnoeuip route 0.0.0.0 0.0.0.0 172.16.39.29fhnoeufhnoeuR31fhnoeuip route 0.0.0.0 0.0.0.0 172.16.129.29fhnoeufhnoeuVerification steps:fhnoeufhnoeufhnoeufhnoeuR30#telnet 10.1.1.31fhnoeuTrying open 10.1.1.31fhnoeuUser verificationfhnoeu..... fhnoeuthen -->R29#show policy‐map type inspect zone-pair sessions  <-- should match exactly the given outputfhnoeufhnoeufhnoeufhnoeu7. BGP (2 points)fhnoeu R28 must see two next hop for the network 1.100.100.100 in show ip bgp tablefhnoeu R28 must see 2 paths in BGP tableｷ・
 R28 must select path through R26ｷ・
 Not allowed to touch AS100ｷ・& 300 configuration (variable depending on the Lab)fhnoeufhnoeufhnoeufhnoeuR6fhnoeurouter bgp 200fhnoeuno synchronizationfhnoeuneighbor 10.1.1.8 route-reflector-clientfhnoeuneighbor 10.1.1.8 password cisco  fhnoeuno auto-summaryfhnoeufhnoeufhnoeufhnoeuR7fhnoeurouter bgp 200fhnoeuno synchronizationfhnoeubgp default local-preference 200fhnoeuno bgp maxas-limit 1fhnoeu!fhnoeuroute-map toas300 permit 10fhnoeuset metric 100fhnoeu!fhnoeufhnoeufhnoeuR8fhnoeurouter bgp 200fhnoeubgp default local-preference 200fhnoeuneighbor 10.1.1.6 password ciscofhnoeuneighbor 10.1.1.6 route-reflector-clientfhnoeu!fhnoeuroute-map toas300 permit 10fhnoeuset metric 100fhnoeu!fhnoeufhnoeufhnoeufhnoeuR26fhnoeurouter bgp 300fhnoeubgp default local-preference 200fhnoeufhnoeufhnoeufhnoeuR27fhnoeurouter bgp 300fhnoeubgp default local-preference 200fhnoeufhnoeufhnoeufhnoeuVerification steps:fhnoeuR28# sh ip bgp 1.100.100.100 <-- should see two possible next hops R26 & R2R with R26 being the preferred next hopfhnoeufhnoeufhnoeufhnoeufhnoeu8. IPv6 (2 points)fhnoeuR1 can not telnet R4 IPv6 address 2011:ABC:34::4, fix the problemfhnoeufhnoeufhnoeufhnoeuR1fhnoeuipv6 router ospf 1fhnoeurouter-id 10.1.1.1fhnoeufhnoeufhnoeuR3fhnoeuinterface Ethernet1/0fhnoeuipv6 traffic-filter filter infhnoeu!fhnoeuipv6 access-list filterfhnoeupermit 89 any host FF02::5 seq 1  <-- OSPFv3 Multicast dest IPfhnoeupermit 89 any host FF02::6 seq 2fhnoeupermit 89 host <R1 link local> host <R3 link local> seq 3fhnoeupermit icmp any any seq 4fhnoeudeny ipv6 any any fhnoeufhnoeufhnoeufhnoeuR4fhnoeuipv6 router ospf 1fhnoeurouter-id 10.1.1.4fhnoeuSummary of issuesfhnoeufhnoeuVerification steps:fhnoeufhnoeufhnoeufhnoeuR1# ping 2011:ABC:34::4fhnoeufhnoeufhnoeufhnoeufhnoeufhnoeu9. MST (2 points)fhnoeuR10 must reach R9 in a single hop, SW1 (or SW2) is not allowed to be touchedfhnoeufhnoeufhnoeuSW2fhnoeuint e0/1fhnoeuspanning-tree mst 1 port-priority 0fhnoeu!fhnoeufhnoeuR9fhnoeuでroute-map が入ってる場合は新しいのをもうひとつつくること。fhnoeub. R9 Exiting route-map dropping some traffic <-- the  route map selects certain traffic and has an explicit deny. Put another route‐map with the permit statementfhnoeuroute-map kakuninnhituyoufhnoeumatch ip add 1fhnoeufhnoeufhnoeufhnoeufhnoeu10. MSDP (3 points)fhnoeuR13 cannot ping R28 group 224.8.8.8 in AS 200, Fix itfhnoeu(R8->R6->R2)->(R1->R3->R5)->R9->R11->R13fhnoeuAS200 AS100fhnoeufhnoeuR8fhnoeuinterface Ethernet0/0fhnoeuip pim sparse-dense-modefhnoeufhnoeufhnoeufhnoeuR6fhnoeuinterface Ethernet0/0fhnoeuip pim sparse-dense-modefhnoeu!fhnoeuip pim rp-address 10.1.1.2fhnoeufhnoeufhnoeufhnoeuR2fhnoeuip msdp peer 200.0.0.3 connect-source Loopback1 remote-as 100fhnoeu!fhnoeuip pim rp-address 10.1.1.2fhnoeufhnoeuR1fhnoeurouter bgp 100fhnoeuaddress-family  ipv4 multicastfhnoeu  redistribute ospf 1 fhnoeu  exit-address-familyfhnoeufhnoeufhnoeufhnoeuR3fhnoeuip msdp peer 200.0.0.3 connect-source loopback 1 remote-as 200fhnoeu!fhnoeuip pim rp-address 10.1.1.3fhnoeufhnoeufhnoeufhnoeufhnoeuR9fhnoeuaccess-list 10 permit any fhnoeuip pim rp-address 10.1.1.3fhnoeufhnoeufhnoeufhnoeu