sjdaiojfrea

Section 1 Layer 2sjdaiojfreasjdaiojfrea1.1 Initial Faultssjdaiojfrea" Guard root on SW1 trunk portssjdaiojfrea" DHCP snooping/ARP inspection on VLAN17 on SW2sjdaiojfrea" Portfast trunk on SW4 trunk interfacessjdaiojfrea" Root Guardon interfaces connected to backbonesjdaiojfrea" ip cef disabled on few routerssjdaiojfrea" vtp version, domain name, password differencesjdaiojfrea1.2 Implement Access Switch Ports of Switched NetworksjdaiojfreasjdaiojfreaConfigure all of the appropriate non-trunking switch ports on SW1-SW4 according to the following requirementsjdaiojfrea" VTP domain should be CCIE and password ciscosjdaiojfrea" VTP mode on all switches should be configures to transparent modesjdaiojfrea" Configure the VLAN ID and Name according to the table belowsjdaiojfrea" Configure the access ports for each VLAN as per the DiagramsjdaiojfreaVlanssjdaiojfreaVlan17 - Between R1 & SW2sjdaiojfreaVlan29 - Between R2 & SW4sjdaiojfreaVlan34 - Between R3 & R4sjdaiojfreaVlan38 - Between R3 & SW3sjdaiojfreaVlan45 - Between R4 & R5sjdaiojfreaVlan56 - Between R5 & SW1sjdaiojfreaVlan67 - SVI Between SW1 & SW2sjdaiojfreaVlan89 - SVI Between SW3 & SW4sjdaiojfreaVlan100 - Between R1 & BB1sjdaiojfreaVlan200 - Between R2 & BB2sjdaiojfreaVlan300 - Between SW3 & BB3sjdaiojfreaVlan333 - Customer VlansjdaiojfreaVlan500 - User VlansjdaiojfreaVlan666 - Carrier VlansjdaiojfreaVlan999 - Unused ports VlansjdaiojfreasjdaiojfreaOn SW1 - SW4sjdaiojfreasjdaiojfreavlan 17sjdaiojfreaname VLAN_17sjdaiojfreavlan 29sjdaiojfreaname VLAN_29sjdaiojfreavlan 34sjdaiojfreaname VLAN_34sjdaiojfreavlan 38sjdaiojfreaname VLAN_38sjdaiojfreavlan 45sjdaiojfreaname VLAN_45sjdaiojfreavlan 56sjdaiojfreaname VLAN_56sjdaiojfreavlan 67sjdaiojfreaname VLAN_67sjdaiojfreavlan 89sjdaiojfreaname VLAN_89sjdaiojfreavlan 100sjdaiojfreaname VLAN_BB1sjdaiojfreavlan 200sjdaiojfreaname VLAN_BB2sjdaiojfreavlan 300sjdaiojfreaname VLAN_BB3sjdaiojfreavlan 500sjdaiojfreaname VLAN_USERsjdaiojfreavlan 666sjdaiojfreaname VLAN_CARRIERsjdaiojfreavlan 999sjdaiojfreaname VLAN_NATIVEsjdaiojfreasjdaiojfreavtp domain CCIEsjdaiojfreavtp mode transparentsjdaiojfreavtp password ciscosjdaiojfreavtp version 2sjdaiojfreasjdaiojfreaOn SW1sjdaiojfreasjdaiojfreainterface FastEthernet0/1sjdaiojfreaswitchport access vlan 17sjdaiojfreaswitchport mode accesssjdaiojfreasjdaiojfreainterface FastEthernet0/2sjdaiojfreaswitchport access vlan 200sjdaiojfreaswitchport mode accesssjdaiojfreasjdaiojfreainterface FastEthernet0/3sjdaiojfreaswitchport access vlan 34sjdaiojfreaswitchport mode accesssjdaiojfreasjdaiojfreainterface FastEthernet0/4sjdaiojfreaswitchport access vlan 45sjdaiojfreaswitchport mode accesssjdaiojfreasjdaiojfreainterface FastEthernet0/5sjdaiojfreaswitchport access vlan 56sjdaiojfreaswitchport mode accesssjdaiojfreasjdaiojfreainterface FastEthernet0/10sjdaiojfreaswitchport access vlan 100sjdaiojfreaswitchport mode accesssjdaiojfreasjdaiojfreainterface Vlan56sjdaiojfreaip address 13.13.56.6 255.255.255.0sjdaiojfreasjdaiojfreainterface Vlan67sjdaiojfreaip address 13.13.67.6 255.255.255.0sjdaiojfreasjdaiojfreaOn SW2sjdaiojfreasjdaiojfreainterface FastEthernet0/1sjdaiojfreaswitchport access vlan 100sjdaiojfreaswitchport mode accesssjdaiojfreasjdaiojfreainterface FastEthernet0/2sjdaiojfreaswitchport access vlan 29sjdaiojfreaswitchport mode accesssjdaiojfreasjdaiojfreainterface FastEthernet0/3sjdaiojfreaswitchport access vlan 38sjdaiojfreaswitchport mode accesssjdaiojfreasjdaiojfreainterface FastEthernet0/4sjdaiojfreaswitchport access vlan 34sjdaiojfreaswitchport mode accesssjdaiojfreasjdaiojfreainterface FastEthernet0/5sjdaiojfreaswitchport access vlan 45sjdaiojfreaswitchport mode accesssjdaiojfreasjdaiojfreainterface FastEthernet0/10sjdaiojfreaswitchport access vlan 200sjdaiojfreaswitchport mode accesssjdaiojfreasjdaiojfreainterface Vlan17sjdaiojfreaip address 13.13.17.7 255.255.255.0sjdaiojfreasjdaiojfreainterface Vlan67sjdaiojfreaip address 13.13.67.7 255.255.255.0sjdaiojfreasjdaiojfreaOn SW3sjdaiojfreasjdaiojfreainterface FastEthernet0/10sjdaiojfreaswitchport access vlan 300sjdaiojfreaswitchport mode accesssjdaiojfreasjdaiojfreainterface Vlan38sjdaiojfreaip address 13.13.38.8 255.255.255.0sjdaiojfreasjdaiojfreainterface Vlan89sjdaiojfreaip address 13.13.89.8 255.255.255.0sjdaiojfreasjdaiojfreainterface Vlan300sjdaiojfreaip address 150.3.13.1 255.255.255.0sjdaiojfreasjdaiojfreaOn SW4sjdaiojfreasjdaiojfreainterface Vlan29sjdaiojfreaip address 13.13.29.9 255.255.255.0sjdaiojfreasjdaiojfreainterface Vlan89sjdaiojfreaip address 13.13.89.9 255.255.255.0sjdaiojfreasjdaiojfreasjdaiojfreaverifysjdaiojfrea
sjdaiojfreasjdaiojfrea
sjdaiojfreasjdaiojfreaMultiple Spanning TreesjdaiojfreasjdaiojfreaConfigure the switches according to the following requirementssjdaiojfrea" Each of the following sets of VLAN must share a common Spanning-Tree topologysjdaiojfreao Spanning-Tree Topology 1: all odd VLANs used throughout your examsjdaiojfreao Spanning-Tree Topology 2: all even VLANs used throughout your examsjdaiojfreao Spanning-Tree Topology 3: all other VLANs must be explicitly put into instance 3sjdaiojfrea" Use domain name as ciscosjdaiojfrea" Ensure SW1 is root switch for Instance 1 and CIST VLANs and backup root switch for instance 2sjdaiojfrea" Ensure SW2 is root switch for Instance 2 and backup root switch for instance 1 and CIST VLANssjdaiojfrea" Configure native vlan to vlan 999. Ensure that it is tagged.sjdaiojfrea" All unused ports should be shutdown and defined as access ports on VLAN 999. Don't forget gigaethernet ports (2 ports)sjdaiojfreaOn all Switchessjdaiojfreasjdaiojfreaspanning-tree mode mstsjdaiojfreasjdaiojfreaspanning-tree mst configurationsjdaiojfreaname ciscosjdaiojfrearevision 1sjdaiojfreasjdaiojfreainstance 3 vlan 1-4094 sjdaiojfreainstance 1 vlan 17,29,45,67,89,333,999sjdaiojfreainstance 2 vlan 34,38,56,100,200,300,500,666sjdaiojfreasjdaiojfreainterface range fastethernet 0/19-24sjdaiojfreaswitchport trunk encapsulation dot1qsjdaiojfreaswitchport mode trunksjdaiojfreaswitchport trunk native vlan 999sjdaiojfreaexitsjdaiojfreasjdaiojfreavlan dot1q tag nativesjdaiojfreasjdaiojfreasjdaiojfreaOn SW1sjdaiojfreasjdaiojfreaspanning-tree mst 0 root primarysjdaiojfreaspanning-tree mst 1 root primarysjdaiojfreaspanning-tree mst 2 root secondarysjdaiojfreasjdaiojfreasjdaiojfreainterface range fa0/6-9, fa0/11-18, g0/1-2sjdaiojfreaswitchport mode accesssjdaiojfreaswitchport access vlan 999sjdaiojfreashutdown sjdaiojfreaexit sjdaiojfreasjdaiojfreaOn SW2sjdaiojfreasjdaiojfreaspanning-tree mst 0 root secondarysjdaiojfreaspanning-tree mst 1 root secondarysjdaiojfreaspanning-tree mst 2 root primarysjdaiojfreasjdaiojfreainterface range fa0/6-9, fa0/11-18, g0/1-2sjdaiojfreaswitchport mode accesssjdaiojfreaswitchport access vlan 999sjdaiojfreashutdownsjdaiojfreaexitsjdaiojfreasjdaiojfreasjdaiojfreaOn SW3sjdaiojfreasjdaiojfreainterface range fa0/1-9, fa0/11-18, g0/1-2sjdaiojfreaswitchport mode accesssjdaiojfreaswitchport access vlan 999sjdaiojfreashutdownsjdaiojfreaexitsjdaiojfreasjdaiojfreaOn SW4sjdaiojfreasjdaiojfreainterface range fa0/1-18, g0/1-2sjdaiojfreaswitchport mode accesssjdaiojfreaswitchport access vlan 999sjdaiojfreashutdownsjdaiojfreaexitsjdaiojfreasjdaiojfreaverifysjdaiojfrea
sjdaiojfreasjdaiojfrea
sjdaiojfreasjdaiojfreasjdaiojfrea1.3 Switch Trunking and EtherchannelsjdaiojfreasjdaiojfreaRefer to the diagram . Configure the dual trunk ports between SW1, SW2, SW3 and SW4 according to the following requirementssjdaiojfrea" Use encapsulation 802.1qsjdaiojfrea" Disable DTP on the six distribution ports for each switchsjdaiojfrea" Configure an 802.3ad 200 Mbps Etherchannel between SW1 and SW2sjdaiojfrea" SW2 should not actively start itsjdaiojfrea" Ether channel load balancing should be accomplished by source and destination mac addresssjdaiojfrea" In future if more links (ports) are added to the bundle, make sure that interface fa0/24 is always chosen first for traffic flow along with the channelsjdaiojfreaOn all Switchessjdaiojfreasjdaiojfreainterface range fastethernet 0/19-24sjdaiojfreaswitchport trunk encapsulation dot1qsjdaiojfreaswitchport nonegotiatesjdaiojfreaexitsjdaiojfreasjdaiojfreaOn SW1sjdaiojfreasjdaiojfreainterface range fastethernet 0/23-24sjdaiojfreachannel-group 1 mode activesjdaiojfreaexitsjdaiojfreasjdaiojfreaport-channel load-balance src-dst-macsjdaiojfreasjdaiojfreainterface range fastethernet 0/24sjdaiojfrealacp port-priority 1sjdaiojfreaexitsjdaiojfreasjdaiojfreaOn SW2sjdaiojfreasjdaiojfreainterface range fastethernet 0/23-24sjdaiojfreachannel-group 1 mode passivesjdaiojfreaexitsjdaiojfreasjdaiojfreaport-channel load-balance src-dst-macsjdaiojfreasjdaiojfrea1.4 Implement Frame RelaysjdaiojfreasjdaiojfreaUse the following requirements to configure R1 and R2 for Frame-Relaysjdaiojfrea" use static frame relay maps with the broadcast capabilitysjdaiojfrea" do not use dynamic ARP mappingsjdaiojfrea" do not change anything in the frame-relay switch (R4)sjdaiojfrea" use RFC1490/RFC2427 encapsulationsjdaiojfrea" use the DLCI assignments from the table belowsjdaiojfrea" use the IP addressing as documented insjdaiojfrea" Set the bandwidth administrative to 50000 Kb in the interfaces.sjdaiojfrea" R1 and R2 must be able to ping self interfacesjdaiojfreao R1 100sjdaiojfreao R2 200sjdaiojfreaOn R1sjdaiojfreasjdaiojfreainterface serial 1/0sjdaiojfreaip add 13.13.12.1 255.255.255.0sjdaiojfreabandwidth 50000sjdaiojfreaencapsulation frame-relay ietfsjdaiojfreano frame-relay inverse-arpsjdaiojfreaframe-relay lmi-type ansisjdaiojfreaframe-relay map ip 13.13.12.1 100sjdaiojfreaframe-relay map ip 13.13.12.2 100 broadcastsjdaiojfreasjdaiojfreaOn R2sjdaiojfreasjdaiojfreainterface serial 1/0sjdaiojfreabandwidth 50000sjdaiojfreaencapsulation frame-relay ietfsjdaiojfreano frame-relay inverse-arpsjdaiojfreaframe-relay lmi-type ansisjdaiojfreaframe-relay map ip 13.13.12.2 200sjdaiojfreaframe-relay map ip 13.13.12.1 200 broadcastsjdaiojfreasjdaiojfreaverifysjdaiojfrea
sjdaiojfreasjdaiojfreasjdaiojfrea1.5 Implement 802.1Q TunnelingsjdaiojfreaA dot1q tunnel needs to be configured from SW3 to SW4 via one of their trunk ports F0/19.sjdaiojfrea" Users connected to Vlan 333 on SW3 must be able to communicate with users connected to Vlan 333 on SW4 via their interface fa0/19sjdaiojfrea(respectively connected to SW1 and SW2)sjdaiojfrea" Use 13.13.33.8/24 on SW3 and 13.13.33.9/24 on SW4 for VLAN 333sjdaiojfrea" Vlan 333 must be allowed to flow only through SW3 and SW4 Fa0/19sjdaiojfrea" No other trunk links should allow VLAN 333sjdaiojfrea" SW1 and SW2 must carry the VLAN 333 data across the network using Vlan 666.sjdaiojfrea" Do not modify any spanning-tree cost or port-priority to achieve this task.sjdaiojfrea" Referring to exhibit below SW3 must see SW4 as a CDP neighbor via interface Fa0/19 and must be able to ping SW4's Vlan 333.sjdaiojfrea sjdaiojfreasjdaiojfreaOn Switches SW1 and SW2sjdaiojfreainterface range fastethernet 0/19-24sjdaiojfreaswitchport trunk allowed vlan remove 333sjdaiojfreaexitsjdaiojfreasjdaiojfreaOn Switches SW3 and SW4sjdaiojfreainterface range fastethernet 0/20-24sjdaiojfreaswitchport trunk allowed vlan remove 333sjdaiojfreaexitsjdaiojfreasjdaiojfreainterface fastethernet 0/19sjdaiojfreaswitchport trunk allowed vlan 333sjdaiojfreaexitsjdaiojfreasjdaiojfreaOn SW1sjdaiojfreasystem mtu 1504sjdaiojfreasystem mtu routing 1500sjdaiojfreasjdaiojfreainterface fastethernet 0/19sjdaiojfreaswitchport access vlan 666sjdaiojfreaswitchport mode dot1q-tunnelsjdaiojfreal2protocol-tunnel vtpsjdaiojfreal2protocol-tunnel cdpsjdaiojfreano l2protocol-tunnel stpsjdaiojfreaexitsjdaiojfreasjdaiojfreaOn SW2sjdaiojfreasystem mtu 1504sjdaiojfreasystem mtu routing 1500 sjdaiojfreasjdaiojfreainterface fastethernet 0/19sjdaiojfreaswitchport access vlan 666sjdaiojfreaswitchport mode dot1q-tunnelsjdaiojfreal2protocol-tunnel vtpsjdaiojfreal2protocol-tunnel cdpsjdaiojfreano l2protocol-tunnel stpsjdaiojfreaexitsjdaiojfreasjdaiojfreaOn SW3sjdaiojfreainterface vlan 333sjdaiojfreaip address 13.13.33.8 255.255.255.0sjdaiojfreaexitsjdaiojfreasjdaiojfreaOn SW4sjdaiojfreainterface vlan 333sjdaiojfreaip address 13.13.33.9 255.255.255.0sjdaiojfreaexitsjdaiojfreasjdaiojfreasjdaiojfreaOn Switches SW3 and SW4sjdaiojfreano vlan 666sjdaiojfreainterface range fastethernet 0/20-24sjdaiojfreaswitchport trunk allowed vlan remove 333,666sjdaiojfreaexitsjdaiojfrea!sjdaiojfreainterface fastethernet 0/19sjdaiojfreaswitchport trunk allowed vlan 333sjdaiojfreasjdaiojfreaOn Switches SW1 and SW2sjdaiojfreasystem mtu 1504sjdaiojfreano vlan 333sjdaiojfreainterface range fastethernet 0/20-22sjdaiojfreaswitchport trunk allowed vlan remove 333,666sjdaiojfrea!sjdaiojfreainterface Po12sjdaiojfreaswitchport trunk allowed vlan remove 333  //*Only this link needs to carry vlan 666 *//sjdaiojfreainterface fastethernet 0/19sjdaiojfreaswitchport access vlan 666sjdaiojfreaswitchport mode dot1q-tunnelsjdaiojfreal2protocol-tunnel cdpsjdaiojfreano cdp enablesjdaiojfreasjdaiojfreaSW3sjdaiojfreaInterface vlan 333sjdaiojfreaip address 13.13.33.8 255.255.255.0sjdaiojfreasjdaiojfreaSW4sjdaiojfreaInterface vlan 333sjdaiojfreaip address 13.13.33.9 255.255.255.0sjdaiojfreasjdaiojfreaverifysjdaiojfrea sjdaiojfreasjdaiojfreasjdaiojfrea1.6 PPP over EthernetsjdaiojfreasjdaiojfreaConfigure R3 as the PPPoE Server and R4 as the PPPoE Clientsjdaiojfrea" Ensure R4 always gets the same IP address 13.13.34.4 from serversjdaiojfrea" you are not allowed to use DHCPsjdaiojfrea" Avoid unnecessary fragmentation on the PPPoE link.sjdaiojfrea" The link must be up even when there is no interesting traffic.sjdaiojfrea" R3 must authenticate using CHAP but R4 must not require R3 to authenticate.sjdaiojfrea" Use the device's host name as CHAP username and CISCO as password.sjdaiojfrea" All password should appear in clear text in the configurationsjdaiojfreaOn R3sjdaiojfreasjdaiojfreausername Rack13R4 password 0 CISCOsjdaiojfreasjdaiojfreabba-group pppoe CISCOsjdaiojfreavirtual-template 1sjdaiojfreasjdaiojfreainterface fastethernet 0/0sjdaiojfreano ip addresssjdaiojfreapppoe enable group CISCOsjdaiojfreasjdaiojfreainterface virtual-template 1sjdaiojfreaip address 13.13.34.3 255.255.255.0sjdaiojfreapeer default ip address pool POOLsjdaiojfreappp authentication chapsjdaiojfreasjdaiojfreaip local pool POOL 13.13.34.4sjdaiojfreasjdaiojfreaOn R4sjdaiojfreasjdaiojfreainterface fastethernet 0/1sjdaiojfreano ip addresssjdaiojfreapppoe enablesjdaiojfreapppoe-client dial-pool-number 1sjdaiojfreasjdaiojfreainterface dialer 1sjdaiojfreaip address negotiatedsjdaiojfreaip mtu 1492sjdaiojfreaencapsulation pppsjdaiojfreadialer pool 1sjdaiojfreadialer idle-timeout 0sjdaiojfreadialer persistentsjdaiojfreappp chap password 0 CISCOsjdaiojfreasjdaiojfreaNOTE :sjdaiojfreasjdaiojfreaWhile labbing it up in GNS3 its better to use 7200 series for this to work properly... Not all routers supports PPPoE to its full functionality... Dont have to worry about the lab exam... PPPoE is supported on those routers...sjdaiojfreasjdaiojfreaCheck documentation for knowing which routers supports PPPoE...sjdaiojfreasjdaiojfreaverifysjdaiojfrea
sjdaiojfreasjdaiojfreasjdaiojfreaSection 2 Layer 3sjdaiojfrea" All the subnets need to be reachable from R3.sjdaiojfrea sjdaiojfreasjdaiojfrea2.1 Implement IPv4 OSPFsjdaiojfreasjdaiojfreaConfigure OSPF area 0, 1, 2 as per IGP topology diagram and the following requirementssjdaiojfrea" The OSPF process ID can be any numbersjdaiojfrea" OSPF router-id must be stable and must be configured using the IP address of interface Loopback 0sjdaiojfrea" Loopback 0 interfaces should be advertised in the OSPF area as shown in the IGP topology diagram and must appear as /32 host routessjdaiojfrea" Updates should be advertised only out of the interfaces that indicated in the IGP topology diagramsjdaiojfrea" Establish neighbor-ship between R1 and R2 without changing the OSPF network typesjdaiojfrea" Ensure that R4 can still reach all OSPF networks via R3 in case R1 or R5 goes downsjdaiojfrea" Do not create additional OSPF areassjdaiojfrea" Do not use any IP address not listed in diagramsjdaiojfreaNote: SW1, SW2, R1, R5 Loopback 0 in Area 0. R2, R3 Loopback 0 in Area 1, R4 loopback in area 2. Backbone 1 and 2 facing interface of R1 and R2 should also be advertised in OSPF. BB1 interface in Area 0 and BB2 interface in Area 1 (Not redistribute connected)sjdaiojfreasjdaiojfreaOn R1sjdaiojfreasjdaiojfrearouter ospf 13sjdaiojfrearouter-id 13.13.1.1sjdaiojfreanetwork 13.13.1.1 0.0.0.0 area 0sjdaiojfreanetwork 150.1.13.1 0.0.0.0 area 0sjdaiojfreanetwork 13.13.17.1 0.0.0.0 area 0sjdaiojfreanetwork 13.13.15.1 0.0.0.0 area 0sjdaiojfreanetwork 13.13.12.1 0.0.0.0 area 1sjdaiojfreaarea 1 virtual-link 13.13.3.3sjdaiojfreaneighbor 13.13.12.2sjdaiojfreaexitsjdaiojfreasjdaiojfreaOn R2sjdaiojfreasjdaiojfrearouter ospf 13sjdaiojfrearouter-id 13.13.2.2sjdaiojfreasjdaiojfreanetwork 150.2.13.1 0.0.0.0 area 1sjdaiojfreanetwork 13.13.12.2 0.0.0.0 area 1sjdaiojfreanetwork 13.13.2.2 0.0.0.0 area 1sjdaiojfreanetwork 13.13.23.2 0.0.0.0 area 1sjdaiojfreaneighbor 13.13.12.1sjdaiojfreaexitsjdaiojfreasjdaiojfreaOn R3sjdaiojfreasjdaiojfrearouter ospf 13sjdaiojfrearouter-id 13.13.3.3sjdaiojfreanetwork 13.13.23.3 0.0.0.0 area 1sjdaiojfreanetwork 13.13.3.3 0.0.0.0 area 1sjdaiojfreanetwork 13.13.35.3 0.0.0.0 area 1sjdaiojfreanetwork 13.13.34.3 0.0.0.0 area 2sjdaiojfreaarea 1 virtual-link 13.13.1.1sjdaiojfreaarea 1 virtual-link 13.13.5.5sjdaiojfreasjdaiojfreainterface fastethernet 0/0sjdaiojfreaip ospf network point-to-point sjdaiojfreaexitsjdaiojfreasjdaiojfreaOn R4sjdaiojfreasjdaiojfrearouter ospf 13sjdaiojfrearouter-id 13.13.4.4sjdaiojfreanetwork 13.13.4.4 0.0.0.0 area 2sjdaiojfreanetwork 13.13.34.4 0.0.0.0 area 2sjdaiojfreasjdaiojfreainterface fastethernet 0/1sjdaiojfreaip ospf network point-to-pointsjdaiojfreaexitsjdaiojfreasjdaiojfreaOn R5sjdaiojfreasjdaiojfrearouter ospf 13sjdaiojfrearouter-id 13.13.5.5sjdaiojfreanetwork 13.13.5.5 0.0.0.0 area 0sjdaiojfreanetwork 13.13.15.5 0.0.0.0 area 0sjdaiojfreanetwork 13.13.56.5 0.0.0.0 area 0sjdaiojfreanetwork 13.13.35.5 0.0.0.0 area 1sjdaiojfreaarea 1 virtual-link 13.13.3.3sjdaiojfreaexitsjdaiojfreasjdaiojfreaOn SW1sjdaiojfreasjdaiojfreaip routingsjdaiojfrearouter ospf 13sjdaiojfrearouter-id 13.13.6.6sjdaiojfreanetwork 13.13.6.6 0.0.0.0 area 0sjdaiojfreanetwork 13.13.56.6 0.0.0.0 area 0sjdaiojfreanetwork 13.13.67.6 0.0.0.0 area 0sjdaiojfreaexitsjdaiojfreasjdaiojfreaOn SW2sjdaiojfreasjdaiojfreaip routingsjdaiojfrearouter ospf 13sjdaiojfrearouter-id 13.13.7.7sjdaiojfreanetwork 13.13.7.7 0.0.0.0 area 0sjdaiojfreanetwork 13.13.17.7 0.0.0.0 area 0sjdaiojfreanetwork 13.13.67.7 0.0.0.0 area 0sjdaiojfreaexitsjdaiojfreasjdaiojfreaverifysjdaiojfrea
sjdaiojfreasjdaiojfrea sjdaiojfreasjdaiojfreasjdaiojfrea2.2 Implement IPv4 EIGRPsjdaiojfreasjdaiojfreaConfigure EIGRP 100 and EIGRP 13 per the topology diagramsjdaiojfrea" Backbone 3 has the IP address 150.3.13.254 and is using AS number 100sjdaiojfrea" EIGRP updates should be advertised only out to the interface per the topology diagramsjdaiojfrea" On SW3 redistribute from EIGRP 100 into EIGRP 13sjdaiojfrea" Do not use auto summarization for any EIGRP processsjdaiojfreaOn SW3sjdaiojfreasjdaiojfreaip routingsjdaiojfrearouter eigrp 100sjdaiojfreano auto-summarysjdaiojfreanetwork 150.3.13.1 0.0.0.0sjdaiojfreasjdaiojfrearouter eigrp 13sjdaiojfreano auto-summarysjdaiojfreanetwork 13.13.89.8 0.0.0.0sjdaiojfreanetwork 13.13.38.8 0.0.0.0sjdaiojfreanetwork 13.13.8.8 0.0.0.0sjdaiojfrearedistribute eigrp 100sjdaiojfreaexitsjdaiojfreasjdaiojfreaOn SW4sjdaiojfreasjdaiojfreaip routingsjdaiojfrearouter eigrp 13sjdaiojfreano auto-summarysjdaiojfreanetwork 13.13.89.9 0.0.0.0sjdaiojfreanetwork 13.13.9.9 0.0.0.0sjdaiojfreanetwork 13.13.29.9 0.0.0.0sjdaiojfreaexitsjdaiojfreasjdaiojfreaOn R2sjdaiojfreasjdaiojfrearouter eigrp 13sjdaiojfreano auto-summarysjdaiojfreanetwork 13.13.29.2 0.0.0.0sjdaiojfreaexitsjdaiojfreasjdaiojfreaOn R3sjdaiojfreasjdaiojfrearouter eigrp 13sjdaiojfreano auto-summarysjdaiojfreanetwork 13.13.38.3 0.0.0.0sjdaiojfreaexitsjdaiojfreasjdaiojfreasjdaiojfreaverifysjdaiojfrea sjdaiojfreasjdaiojfreasjdaiojfrea2.3 Implement IPv4 RIPsjdaiojfreasjdaiojfreaConfigure RIPv2 per IGP topology diagramsjdaiojfrea" RIP updates must be advertised only out to the interface per the IGP topology diagramsjdaiojfrea" Disable auto-summarization in the RIP domainsjdaiojfrea" Redistribute OSPF into RIP on R5sjdaiojfrea" Ensure that R4 should access SW1 loopback 0 via R5 but all other routes should go through R3sjdaiojfreaOn R4sjdaiojfreasjdaiojfrearouter ripsjdaiojfreaversion 2sjdaiojfreapassive-interface defaultsjdaiojfreanetwork 13.13.0.0sjdaiojfreano passive-interface fastethernet 0/0sjdaiojfreadistance 100 13.13.45.5 0.0.0.0 10sjdaiojfreano auto-summarysjdaiojfreasjdaiojfreaaccess-list 10 permit 13.13.6.6sjdaiojfreasjdaiojfreaOn R5sjdaiojfreasjdaiojfrearouter ripsjdaiojfreaversion 2sjdaiojfreano auto-summarysjdaiojfreapassive-interface defaultsjdaiojfreanetwork 13.13.0.0sjdaiojfreano passive-interface fastethernet 0/1sjdaiojfrearedistribute ospf 13 metric 5sjdaiojfreasjdaiojfreasjdaiojfreasjdaiojfreaverifysjdaiojfrea
sjdaiojfreasjdaiojfreasjdaiojfreasjdaiojfrea2.4 Redistribution between OSPF and EIGRPsjdaiojfreasjdaiojfreaRedistribute mutually between OSPF and EIGRP 13 on R2 and R3 according to the following requirementssjdaiojfrea" On R2 and R3 ensure that all prefixes learned from OSPF should be seen as OSPF route and that the prefixes learned from EIGRP 100 should be seen as EIGRP External Route (D EX).sjdaiojfrea" Only external route in R2 and R3 should be the EIGRP 100 routes.sjdaiojfrea" No default route should be seen in this networksjdaiojfrea" No route tagging permitted on SW3sjdaiojfrea" You are not allowed to use any access-lists, prefix-lists or AD value to accomplish this requirementsjdaiojfreaOn R2 and R3sjdaiojfreasjdaiojfrearouter eigrp 13sjdaiojfrearedistribute ospf 13 metric 10000 100 255 1 1500 route-map OSPF_TO_EIGRPsjdaiojfreadistribute-list route-map NO_OSPF insjdaiojfreasjdaiojfrearouter ospf 13sjdaiojfrearedistribute eigrp 13 subnets route-map EIGRP_TO_OSPFsjdaiojfreadistribute-list route-map NO_EIGRP_100 insjdaiojfreasjdaiojfrearoute-map EIGRP_TO_OSPF permit 10sjdaiojfreamatch source-protocol eigrp 13sjdaiojfreamatch route-type externalsjdaiojfreaset tag 100sjdaiojfrearoute-map EIGRP_TO_OSPF permit 20sjdaiojfreasjdaiojfrearoute-map NO_EIGRP_100 deny 10sjdaiojfreamatch tag 100sjdaiojfrearoute-map NO_EIGRP_100 permit 20sjdaiojfreasjdaiojfrearoute- OSPF_TO_EIGRP permit 10sjdaiojfreamatch source-protocol ospf 13sjdaiojfreaset tag 200sjdaiojfrearoute- OSPF_TO_EIGRP permit 20sjdaiojfreasjdaiojfrearoute-map NO_OSPF deny 10sjdaiojfreamatch tag 200sjdaiojfrearoute-map NO_OSPF permit 20sjdaiojfreasjdaiojfrea2.5 Implement IPv4 iBGPsjdaiojfreasjdaiojfrea sjdaiojfreasjdaiojfreaConfigure iBGP between R1, R2, R3, R4 and R5 according to the following requirementsjdaiojfrea" Where possible failure of a physical interface should not permanently affect BGP peer connectionssjdaiojfrea" Use only the Loopback 0 IP Addresses to propagate BGP route information within your BGP domainsjdaiojfrea" Configure R3 as route-reflector. Minimize the number of BGP peering sessions and all BGP speakers in AS 13sjdaiojfrea" you are not allowed to use BGP peer groupssjdaiojfreaOn R1sjdaiojfreasjdaiojfrearouter bgp 13sjdaiojfreabgp router-id 13.13.1.1sjdaiojfreaneighbor 13.13.3.3 remote-as 13sjdaiojfreaneighbor 13.13.3.3 up lo0sjdaiojfreaexitsjdaiojfreasjdaiojfreaOn R2sjdaiojfreasjdaiojfrearouter bgp 13sjdaiojfreabgp router-id 13.13.2.2sjdaiojfreaneighbor 13.13.3.3 remote-as 13sjdaiojfreaneighbor 13.13.3.3 up lo0sjdaiojfreasjdaiojfreaOn R4sjdaiojfreasjdaiojfrearouter bgp 13sjdaiojfreabgp router-id 13.13.4.4sjdaiojfreaneighbor 13.13.3.3 remote-as 13sjdaiojfreaneighbor 13.13.3.3 up lo0sjdaiojfreasjdaiojfreaOn R5sjdaiojfreasjdaiojfrearouter bgp 13sjdaiojfreabgp router-id 13.13.5.5sjdaiojfreaneighbor 13.13.3.3 remote-as 13sjdaiojfreaneighbor 13.13.3.3 up lo0sjdaiojfreasjdaiojfreaOn R3sjdaiojfreasjdaiojfrearouter bgp 13sjdaiojfreabgp router-id 13.13.3.3sjdaiojfreasjdaiojfreaneighbor 13.13.1.1 remote-as 13sjdaiojfreaneighbor 13.13.1.1 up lo0sjdaiojfreaneighbor 13.13.1.1 route-reflector-clientsjdaiojfreasjdaiojfreaneighbor 13.13.2.2 remote-as 13sjdaiojfreaneighbor 13.13.2.2 up lo0sjdaiojfreaneighbor 13.13.2.2 route-reflector-clientsjdaiojfreasjdaiojfreaneighbor 13.13.4.4 remote-as 13sjdaiojfreaneighbor 13.13.4.4 up lo0sjdaiojfreaneighbor 13.13.4.4 route-reflector-clientsjdaiojfreasjdaiojfreaneighbor 13.13.5.5 remote-as 13sjdaiojfreaneighbor 13.13.5.5 up lo0sjdaiojfreaneighbor 13.13.5.5 route-reflector-clientsjdaiojfreasjdaiojfrea2.6 Implement IPv4 eBGPsjdaiojfreasjdaiojfreaConfigure eBGP on R1 and R2 according to the following requirementsjdaiojfrea" R1 eBGP peers with the router 150.1.13.254 on Backbone 1 AS 254sjdaiojfrea" R2 eBGP peers with the router 150.2.13.254 on Backbone 2 AS 254sjdaiojfrea" R2 and R3 should have capability to signalize End of RIB Markersjdaiojfrea" Do not change the BGP next-hop anywheresjdaiojfrea" maximum 5 prefix is allowed otherwise it should generate a messagesjdaiojfreaNote : R1 routes as as-path 253 254 - R2 routes have as-path 254sjdaiojfreasjdaiojfreaR1sjdaiojfreasjdaiojfrearouter bgp 13sjdaiojfreaneighbor 150.1.13.254 remote-as 254sjdaiojfreaneighbor 150.1.13.254 send-communitysjdaiojfreaneighbor 150.1.13.254 maximum-prefix 5 100 warning-onlysjdaiojfreasjdaiojfreaR2sjdaiojfreasjdaiojfrearouter bgp 13sjdaiojfreabgp graceful-restartsjdaiojfreaneighbor 150.2.13.254 remote-as 254sjdaiojfreaneighbor 150.2.13.254 send-communitysjdaiojfreaneighbor 150.2.13.254 maximum-prefix 5 100 warning-onlysjdaiojfreasjdaiojfreado clear ip bgp * soft insjdaiojfreado clear ip bgp * soft outsjdaiojfreasjdaiojfreasjdaiojfreaR3sjdaiojfreasjdaiojfrearouter bgp 13sjdaiojfreabgp graceful-restartsjdaiojfreasjdaiojfreado clear ip bgp * soft insjdaiojfreado clear ip bgp * soft outsjdaiojfreasjdaiojfrea2.7advanced bgpsjdaiojfreaAdvanced BGP (OSPF->BGP)sjdaiojfreasjdaiojfrea" Configure BGP path selection as per the following requirements:sjdaiojfrea" The routes from OSPF should be redistributed into BGP AS 254 on R1 and R2.sjdaiojfrea" R1 must prefer the external path to reach destination in AS 254 and the tie breaker in the BGP best path selection algorithm must be the “External vs Internal” criteriasjdaiojfrea" R3 must prefer the path via R1 and the change must not impact any other routerssjdaiojfrea" R4 must be able to successfully ping to host 197.68.1.254 on AS 254sjdaiojfrea" Traffic sent from R4 to destinations in AS 254 must be routed through R1sjdaiojfrea" BGP attributes of AS-Path, Local Preference and Weight cannot be changed on either R4 or R5.sjdaiojfrea" OSPF costs may be changed for only one interface if needed.sjdaiojfreasjdaiojfreasjdaiojfreaR1sjdaiojfrearouter BGP 13sjdaiojfrearedistribute ospf 13 match internal external 1 external 2sjdaiojfreasjdaiojfreasjdaiojfreaR2sjdaiojfrearouter BGP 13sjdaiojfrearedistribute ospf 13 match internal external 1 external 2sjdaiojfreaneighbor 150.2.13.254 route-map FROM_BB2 insjdaiojfreasjdaiojfrearoute-map FROM_BB2 permit 10sjdaiojfreaset as-path prepend 254sjdaiojfreasjdaiojfreaR3sjdaiojfrearouter BGP 13sjdaiojfreaneighbor 13.13.1.1 route-map FROM_R1 insjdaiojfreasjdaiojfrearoute-map FROM_R1 permit 10sjdaiojfreamatch as-path 1sjdaiojfreaset weight 1000sjdaiojfrearoute-map FROM_R1 permit 20sjdaiojfreasjdaiojfreaip as-path access-list 1 permit _254_sjdaiojfreasjdaiojfreasjdaiojfreainterface Serial1/0sjdaiojfreaip ospf cost 2000sjdaiojfreasjdaiojfreasjdaiojfreasoln 2:oiram83sjdaiojfreasjdaiojfreaR1sjdaiojfrearouter bgp 7sjdaiojfrearedistribute ospf 7sjdaiojfreasjdaiojfreaR2sjdaiojfrearouter bgp 7sjdaiojfrearedistribute ospf 7sjdaiojfreaneighbor 150.2.7.254 route-map AS insjdaiojfreasjdaiojfrearoute-map AS permit 10sjdaiojfreaset as-path prepend 253sjdaiojfreasjdaiojfreaR3sjdaiojfrearouter bgp 7sjdaiojfreaneighbor 7.7.1.1 weight 1000sjdaiojfreasjdaiojfreaR5sjdaiojfreainterface Serial0/0/0  **// R5 interface facing R1 //**sjdaiojfreaip ospf cost 1sjdaiojfrea2.8 Implement IPv6 addressingsjdaiojfreasjdaiojfrea sjdaiojfreasjdaiojfreaThe administrator has started to configure Global unicast IPv6 addresses in your network according to the Diagram 3 IPv6 Routingsjdaiojfrea" Configure Global unicast IP's on every interface on R1, R5, SW1 and SW2sjdaiojfrea" Ensure that all routes and switches can ping each other using IPv6sjdaiojfrea" Configure IPv6 address Number as followsjdaiojfreao (13 - Rack number, HH - interface ipv4 3rd octet, ZZ - interface ipv4 4th octet)sjdaiojfreao Interfaces - 2001:13:HH::ZZ/64sjdaiojfreao Loopbacks - 2001:13:HH::ZZ/128sjdaiojfrea2.9 Implement IPv6 OSPF v3 RoutingsjdaiojfreasjdaiojfreaContinue configuring IPv6 OSPFv3 according to the Diagram as per the following requirementsjdaiojfrea" Process ID has to be 2001sjdaiojfrea" OSPFv3 router IDs must be stable and identical to the OSPFv2 router IDssjdaiojfrea" Do no create any additional OSPFv3 areassjdaiojfrea" Ensure that periodic Router Advertisements should be disabled on the IPv6 enabled interfacessjdaiojfrea" Ensure that all IPv6 networks on all routes and switches can ping each other using IPv6sjdaiojfrea" Make sure the routers use cisco proprietary forwarding mechanismsjdaiojfreaOn R1sjdaiojfreasjdaiojfreaipv6 unicast-routingsjdaiojfreaipv6 cefsjdaiojfreasjdaiojfreaipv6 router ospf 2001sjdaiojfrearouter-id 13.13.1.1sjdaiojfreasjdaiojfreainterface Loopback0sjdaiojfreaipv6 address 2001:13:1::1/128sjdaiojfreaipv6 ospf 2001 area 0sjdaiojfreasjdaiojfreainterface FastEthernet0/0sjdaiojfreaIpv6 address 2001:13:17::1/64sjdaiojfreaipv6 ospf 2001 area 0sjdaiojfreaipv6 nd ra suppresssjdaiojfreasjdaiojfreainterface Serial1/1sjdaiojfreaipv6 address 2001:13:15::1/64sjdaiojfreaipv6 ospf 2001 area 0sjdaiojfreaipv6 nd ra suppresssjdaiojfreasjdaiojfreaOn R5sjdaiojfreaipv6 unicast-routingsjdaiojfreaipv6 cefsjdaiojfreasjdaiojfreaipv6 router ospf 2001sjdaiojfrearouter-id 13.13.5.5sjdaiojfreasjdaiojfreainterface Loopback0sjdaiojfreaipv6 address 2001:13:5::5/128sjdaiojfreaipv6 ospf 2001 area 0sjdaiojfreasjdaiojfreainterface FastEthernet0/0sjdaiojfreaIpv6 address 2001:13:56::5/64sjdaiojfreaipv6 ospf 2001 area 0sjdaiojfreaipv6 nd ra suppresssjdaiojfreasjdaiojfreainterface Serial1/0sjdaiojfreaipv6 address 2001:13:15::5/64sjdaiojfreaipv6 ospf 2001 area 0sjdaiojfreaipv6 nd ra suppresssjdaiojfreasjdaiojfreaOn SW1sjdaiojfreasdm prefer dual-ipv4-and-ipv6 defaultsjdaiojfreasjdaiojfreaipv6 unicast-routingsjdaiojfreaipv6 cef distributesjdaiojfreasjdaiojfreaipv6 router ospf 2001sjdaiojfrearouter-id 13.13.6.6sjdaiojfreasjdaiojfreainterface Loopback0sjdaiojfreaipv6 address 2001:13:6::6/128sjdaiojfreaipv6 ospf 2001 area 0sjdaiojfreasjdaiojfreainterface Vlan56sjdaiojfreaIpv6 address 2001:13:56::6/64sjdaiojfreaipv6 ospf 2001 area 0sjdaiojfreaipv6 nd ra suppresssjdaiojfreasjdaiojfreainterface Vlan67sjdaiojfreaipv6 address 2001:13:67::6/64sjdaiojfreaipv6 ospf 2001 area 0sjdaiojfreaipv6 nd ra suppresssjdaiojfreasjdaiojfreaOn SW2sjdaiojfreasdm prefer dual-ipv4-and-ipv6 defaultsjdaiojfreasjdaiojfreaipv6 unicast-routingsjdaiojfreaipv6 cef distributesjdaiojfreasjdaiojfreaipv6 router ospf 2001sjdaiojfrearouter-id 13.13.7.7sjdaiojfreasjdaiojfreainterface Loopback0sjdaiojfreaipv6 address 2001:13:7::7/128sjdaiojfreaipv6 ospf 2001 area 0sjdaiojfreasjdaiojfreainterface Vlan17sjdaiojfreaIpv6 address 2001:13:17::7/64sjdaiojfreaipv6 ospf 2001 area 0sjdaiojfreaipv6 nd ra suppresssjdaiojfreasjdaiojfreainterface Vlan67sjdaiojfreaipv6 address 2001:13:67::7/64sjdaiojfreaipv6 ospf 2001 area 0sjdaiojfreaipv6 nd ra suppresssjdaiojfreasjdaiojfreaSection 3 IP Multicastsjdaiojfreasjdaiojfrea3.1 Implement IPv4 Multicast -1sjdaiojfreasjdaiojfreaConfigure IPv4 Multicast Routing between R3 Serial 0/0/0 and R5 Serial 0/0/1 according to the following requirementssjdaiojfrea" Do not user any RPsjdaiojfrea" Interfaces Loopback 0 of R3 video server simulated in R5 clientsjdaiojfrea" Multicast is sourced from on Loopback 0 R3 and receiver was R5 Fa 0/0 (225.1.1.1)sjdaiojfrea" Ensure that unnecessary flooding/pruning does not occursjdaiojfreaOn R3sjdaiojfreasjdaiojfreaip multicast-routingsjdaiojfreasjdaiojfreaaccess-list 10 permit 225.1.1.1sjdaiojfreaaccess-list 10 permit 225.1.1.2sjdaiojfreaaccess-list 10 permit 225.1.1.3sjdaiojfreasjdaiojfreaip pim ssm range 10sjdaiojfreasjdaiojfreainterface loopback 0sjdaiojfreaip pim sparse-modesjdaiojfreasjdaiojfreaint serial 1/0 sjdaiojfreaip pim sparse-modesjdaiojfreasjdaiojfreaOn R5sjdaiojfreasjdaiojfreaip multicast-routingsjdaiojfreasjdaiojfreaaccess-list 10 permit 225.1.1.1sjdaiojfreaaccess-list 10 permit 225.1.1.2sjdaiojfreaaccess-list 10 permit 225.1.1.3sjdaiojfreasjdaiojfreaip pim ssm range 10sjdaiojfreasjdaiojfreaint serial 1/1sjdaiojfreaip pim sparse-modesjdaiojfreasjdaiojfreainterface fastethernet 0/0sjdaiojfreasjdaiojfreaip pim sparse-modesjdaiojfreaip igmp version 3sjdaiojfreaip igmp join-group 225.1.1.1 source 13.13.3.3sjdaiojfreasjdaiojfrea3.2 Implement IPv4 Multicast 2sjdaiojfrea" Ensure that only R3 lo0 (13.13.3.3) is allowed to send multicast 225.1.1.1sjdaiojfrea" Others users in R5 are planning to join 225.1.1.2 and 225.1.1.3 in near futuresjdaiojfrea" These users will use IGMP v2.sjdaiojfrea" Ensure that these users can only access the two multicast streams (only for a given source)sjdaiojfrea" Routers should not use DNS query for mapping the source.sjdaiojfreaR3sjdaiojfreasjdaiojfreano ip igmp ssm-map query dnssjdaiojfreasjdaiojfreaR5sjdaiojfreasjdaiojfreaaccess-list 15 permit 225.1.1.2sjdaiojfreaaccess-list 15 permit 225.1.1.3sjdaiojfreasjdaiojfreaip igmp ssm-map enablesjdaiojfreano ip igmp ssm-map query dnssjdaiojfreaip igmp ssm-map static 15 13.13.3.3sjdaiojfreasjdaiojfrea4.1 Implement Routing Protocol Authentication 1sjdaiojfreasjdaiojfreaSecure the RIP domain according to the following requirementsjdaiojfrea§ The key chain for RIP authentication is pre-configured on R4sjdaiojfrea§ Do not reconfigure on R4sjdaiojfrea§ Complete RIP authentication between R4 and R5sjdaiojfrea§ Password on R5 must be seen in clear textsjdaiojfreasjdaiojfreasjdaiojfreaOn R4sjdaiojfreasjdaiojfrea# show key-chain RIPsjdaiojfreasjdaiojfreaKey-chain RIP:sjdaiojfreakey 1 -- text "HiddenKey"sjdaiojfreaaccept lifetime (always valid) - (always valid) [valid now]sjdaiojfreasend lifetime (always valid) - (always valid) [valid now]sjdaiojfreasjdaiojfreainterface FastEthernet 0/0sjdaiojfreaip rip authentication mode md5sjdaiojfreaip rip authentication key-chain RIPsjdaiojfreasjdaiojfreaOn R5sjdaiojfreasjdaiojfreano service password-encryptionsjdaiojfreasjdaiojfreakey chain RIPsjdaiojfreakey 1sjdaiojfreakey-string HiddenKeysjdaiojfreasjdaiojfreainterface FastEthernet 0/1sjdaiojfreaip rip authentication mode md5sjdaiojfreaip rip authentication key-chain RIPsjdaiojfreasjdaiojfreasjdaiojfrea4.2 Implement ZBFsjdaiojfreasjdaiojfreaConfigure ZBF on R1 using the exact naming convention as following outputsjdaiojfrea" Ping from R5 and SW2 to the backbone interface or networksjdaiojfrea" Make sure that when you input the show command, it must show the same outputsjdaiojfreaOutput :sjdaiojfreasjdaiojfrea# show policy-map type inspect zone-pairsjdaiojfreasjdaiojfrea sjdaiojfreasjdaiojfreaOn R1sjdaiojfreasjdaiojfreaclass-map type inspect match-all A_Bsjdaiojfreamatch protocol icmpsjdaiojfreasjdaiojfreapolicy-map type inspect A_Bsjdaiojfreaclass type inspect A_Bsjdaiojfreapasssjdaiojfreaclass class-defaultsjdaiojfreapasssjdaiojfreasjdaiojfreazone security Asjdaiojfreazone security Bsjdaiojfreasjdaiojfreazone-pair security A_B source A destination Bsjdaiojfreaservice-policy type inspect A_Bsjdaiojfreazone-pair security B_A source B destination Asjdaiojfreaservice-policy type inspect A_Bsjdaiojfreasjdaiojfreainterface serial 0/0/0 /* interface facing R2 */sjdaiojfreazone-member security Asjdaiojfreasjdaiojfreainterface serial 0/0/1 /* interface facing R5 */sjdaiojfreazone-member security Asjdaiojfreasjdaiojfreainterface fastethernet 0/0 /* interface facing SW2 */sjdaiojfreazone-member security Asjdaiojfreasjdaiojfreainterface fastethernet 0/0 /* interface facing BB1 */sjdaiojfreazone-member security Bsjdaiojfreasjdaiojfrea4.3 QoSsjdaiojfreasjdaiojfreaPart 1sjdaiojfrea" Traffic from 197.68.1.0/24 from BB1 is attacking host in OSPF Area 0 it should be limited to 128k on each interface on R1 when it goes to ospf area. Use MQC and do not use policing.sjdaiojfreaOn R1sjdaiojfreasjdaiojfreaaccess-list 2 permit 197.68.1.0 0.0.0.255sjdaiojfreasjdaiojfreaclass-map match-all Limit_BB1sjdaiojfreamatch access-group 2sjdaiojfreamatch input-interface fastethernet 0/1sjdaiojfreasjdaiojfreapolicy-map Limit_BB1sjdaiojfreaclass Limit_BB1sjdaiojfreashape average 128000sjdaiojfreasjdaiojfreainterface fastethernet 0/0 /* interface facing SW2 */sjdaiojfreaservice-policy output Limit_BB1sjdaiojfreasjdaiojfreainterfaceserial 0/0/1 /* interface facing R5 */sjdaiojfreaservice-policy output Limit_BB1sjdaiojfreasjdaiojfreaPart 2sjdaiojfreasjdaiojfreaConfigure MQC on R5 link to R3sjdaiojfrea" Create classes for each type of traffic with different precedencesjdaiojfreao Network control precedence value 6, 7sjdaiojfreao Voice precedence value 5sjdaiojfreao Critical precedence value 4sjdaiojfreao Video precedence value 3sjdaiojfreao Business precedence value 2sjdaiojfreao Internet precedence 0sjdaiojfrea" You are allowed to use only match-all in class-mapsjdaiojfrea" In case of congestion, the Voice traffic must be sent in priority over all other trafficsjdaiojfrea" The low latency queue may never use more than 20% of the available bandwidthsjdaiojfrea" In case of congestion, reserve 100Kbps of the available 2000Kbps for the Network Control trafficsjdaiojfrea" Only in case of congestion the Video traffic may not exceed 30% of the available bandwidthsjdaiojfrea" Only in case of congestion the Business traffic may not exceed 30% of the available bandwidthsjdaiojfrea" Enable the congestion avoidance mechanism for the Business traffic using a weight factor of 10 for the average queue size calculationsjdaiojfrea" The Internet traffic should use the remaining bandwidth with no other guaranteesjdaiojfreaR5sjdaiojfreasjdaiojfreaclass-map controlsjdaiojfreamatch ip precedence 6 7sjdaiojfreasjdaiojfreaclass-map voicesjdaiojfreamatch ip precedence 5sjdaiojfreasjdaiojfreaclass-map videosjdaiojfreamatch ip precedence 4sjdaiojfreasjdaiojfreaclass-map businesssjdaiojfreamatch ip precedence 3sjdaiojfreasjdaiojfreaclass-map internetsjdaiojfreamatch ip precedence 0sjdaiojfreasjdaiojfreapolicy-map MQCsjdaiojfreaclass voicesjdaiojfreapriority percent 20sjdaiojfreapolice rate percent 20sjdaiojfreasjdaiojfreaclass controlsjdaiojfreabandwidth per 5sjdaiojfreasjdaiojfreaclass videosjdaiojfreabandwidth per 30sjdaiojfreasjdaiojfreaclass businesssjdaiojfreabandwidth percent 30sjdaiojfrearandom-detectsjdaiojfrearandom-detect exponential-weighting-constant 10sjdaiojfreaclass internetsjdaiojfreabandwidth percent 15sjdaiojfreasjdaiojfreaint s0/0/1sjdaiojfreabandwidth 2000sjdaiojfreamax-reserved-bandwidth 100sjdaiojfreaservice-policy output MQC sjdaiojfreasjdaiojfrea4.4 Implement Routing Protocol Authentication 1sjdaiojfreasjdaiojfreaSecure the RIP domain according to the following requirementsjdaiojfrea" The key chain for RIP authentication is pre-configured on R4sjdaiojfrea" Do not reconfigure on R4sjdaiojfrea" Complete RIP authentication between R4 and R5sjdaiojfreaNote: the key chain pre-configured can be found using show key-chain rip on R4sjdaiojfreasjdaiojfreaOn R4sjdaiojfreasjdaiojfrea# show key-chain RIPsjdaiojfreasjdaiojfreaKey-chain RIP:sjdaiojfreakey 1 -- text "HiddenKey"sjdaiojfreaaccept lifetime (always valid) - (always valid) [valid now]sjdaiojfreasend lifetime (always valid) - (always valid) [valid now]sjdaiojfreasjdaiojfreainterface FastEthernet 0/0sjdaiojfreaip rip authentication mode md5sjdaiojfreaip rip authentication key-chain RIPsjdaiojfreasjdaiojfreaOn R5sjdaiojfreasjdaiojfreano service password-encryptionsjdaiojfreasjdaiojfreakey chain RIPsjdaiojfreakey 1sjdaiojfreakey-string HiddenKeysjdaiojfreasjdaiojfreainterface FastEthernet 0/1sjdaiojfreaip rip authentication mode md5sjdaiojfreaip rip authentication key-chain RIPsjdaiojfreasjdaiojfrea4.5 Implement Routing Protocol Authentication 2sjdaiojfreasjdaiojfreaSecure the OSPFv3 between R1 and R5 according to the following requirementsjdaiojfrea" Use the authentication type with MD5sjdaiojfrea" key string 1234567890abcdef1234567890abcdefsjdaiojfrea" you are not allowed to use any commands under router configuration mode to accomplish this tasksjdaiojfreaOn R1sjdaiojfreasjdaiojfreaInterface serial0/0/1 /* Interface facing R5 */sjdaiojfreaipv6 ospf authentication ipsec spi 500 md5 1234567890abcdef1234567890abcdefsjdaiojfreasjdaiojfreaOn R5sjdaiojfreasjdaiojfreaInterface serial0/0/0 /* Interace facing R1*/sjdaiojfreaipv6 ospf authentication ipsec spi 500 md5 1234567890abcdef1234567890abcdefsjdaiojfreasjdaiojfrea4.6 Implement Layer 2 Security - Private VLANsjdaiojfreasjdaiojfreaConfigure Private VLAN according to the following requirementsjdaiojfrea" R4 and R5 should be able to communicate only with each other in vlan 45. No other host is allowed to communicate with them in vlan 45.sjdaiojfrea" Hosts connected to port fa0/6 on SW1 and SW2 should be a part of vlan 45, and should only communicate with each other. Must not be able to communicate with any other host in vlan 45.sjdaiojfrea" Hosts connected to port fa0/7 on SW1 and SW2 should not be able to communicate with any host.sjdaiojfrea" SW1 fa0/8 as promiscuous portsjdaiojfrea" Use only odd vlans ranging from 334-some vlan, if you need to create new vlans.sjdaiojfreaSW1/SW2/SW3/SW4sjdaiojfreasjdaiojfreaspanning-tree mst configsjdaiojfreainstance 1 vlan 335, 337, 339sjdaiojfreaexitsjdaiojfreasjdaiojfreavlan 335sjdaiojfreaprivate-vlan communitysjdaiojfreasjdaiojfreavlan 337sjdaiojfreaprivate-vlan communitysjdaiojfreasjdaiojfreavlan 339sjdaiojfreaprivate-vlan isolatedsjdaiojfreasjdaiojfreavlan 45sjdaiojfreaprivate-vlan primarysjdaiojfreaprivate-vlan association 335,337,339sjdaiojfreasjdaiojfreaSW1sjdaiojfreasjdaiojfreainterface fastethernet 0/4sjdaiojfreano switchport access vlan 45sjdaiojfreaswitchport private-vlan host-association 45 335sjdaiojfreaswitchport mode private-vlan hostsjdaiojfreano shutdownsjdaiojfreasjdaiojfreainterface Fastethernet 0/6sjdaiojfreano switchport access vlan 999sjdaiojfreaswitchport private-vlan host-association 45 337sjdaiojfreaswitchport mode private-vlan hostsjdaiojfreano shutdownsjdaiojfreasjdaiojfreainterface Fastethernet 0/7sjdaiojfreano switchport access vlan 999sjdaiojfreaswitchport private-vlan host-association 45 339sjdaiojfreaswitchport mode private-vlan hostsjdaiojfreano shutdownsjdaiojfreasjdaiojfreainterface Fastethernet 0/8sjdaiojfreano switchport access vlan 999sjdaiojfreaswitchport private-vlan mapping 45 335,337,339sjdaiojfreaswitchport mode private-vlan promiscuoussjdaiojfreano shutdownsjdaiojfreasjdaiojfreaSW2sjdaiojfreasjdaiojfreainterface Fastethernet 0/5sjdaiojfreano switchport access vlan 45sjdaiojfreaswitchport private-vlan host-association 45 335sjdaiojfreaswitchport mode private-vlan hostsjdaiojfreano shutdownsjdaiojfreasjdaiojfreainterface Fastethernet 0/6sjdaiojfreano switchport access vlan 999sjdaiojfreaswitchport private-vlan host-association 45 337sjdaiojfreaswitchport mode private-vlan hostsjdaiojfreano shutdownsjdaiojfreasjdaiojfreainterface Fastethernet 0/7sjdaiojfreano switchport access vlan 999sjdaiojfreaswitchport private-vlan host-association 45 339sjdaiojfreaswitchport mode private-vlan hostsjdaiojfreano shutdownsjdaiojfreasjdaiojfreaNote: no shut on all these interfaces as all these are shut check if any other configuration exist in the interface other than needed.sjdaiojfreasjdaiojfreasjdaiojfreasjdaiojfrea4.7 HSRP sjdaiojfreaConfigure HSRP between SW1 and SW2 under VLAN 500sjdaiojfrea" Define user gateway for VLAN 500 as 13.13.100.254:sjdaiojfrea" The IP 13.13.100.1 should be assigned to the primary HSRP gateway and 13.13.100.2 should be assigned to the secondary HSRP gateway.sjdaiojfrea" Active group gateway assignment should comply with active root of spanning tree of VLAN 500.sjdaiojfrea" Active Gateway Priority 120 and the Standby is left at the default.sjdaiojfrea" Define track object for group, which is the reachability of one network 150.1.13.0/24sjdaiojfrea" Standby will take up active role in a second if 5 hello packets not receivedsjdaiojfrea" Authentication between both switches - md5 password ciscosjdaiojfrea" The primary gateway should have the ability to resume the Primary role once the tracked object is reachablesjdaiojfrea" Make sure IGP is not running in this subnetsjdaiojfreasjdaiojfreasjdaiojfreaOn SW1sjdaiojfreasjdaiojfreainterface vlan 500sjdaiojfreaip address 13.13.100.2 255.255.255.0sjdaiojfreasjdaiojfreastandby 0 ip 13.13.100.254sjdaiojfreastandby 0 preemptsjdaiojfreastandby 0 timers 3 16sjdaiojfreastandby 0 authentication md5 key-string ciscosjdaiojfreasjdaiojfreaOn SW2sjdaiojfreasjdaiojfreatrack 1 ip route 150.1.13.0/24 reachabilitysjdaiojfreasjdaiojfreainterface vlan 500sjdaiojfreaip address 13.13.100.1 255.255.255.0sjdaiojfreasjdaiojfreastandby 0 ip 13.13.100.254sjdaiojfreastandby 0 preemptsjdaiojfreastandby 0 timers 3 16sjdaiojfreastandby 0 authentication md5 key-string ciscosjdaiojfreastandby 0 priority 120sjdaiojfreastandby 0 track 1 decrement 30sjdaiojfreasjdaiojfreasjdaiojfrea4.8 Time based ACLsjdaiojfreaConfigure SW1 and SW2 in order to restrict access for VLAN 500 users as per the following requirements.sjdaiojfrea" HTTP (from any user workstation to any remote server) is not allowed during office hours (from 09:00 to 16:59,Monday to Friday)sjdaiojfrea" FTP (from any user workstation to any remote server) is allowed only during every night for Backup between 22:00 to 23:59 and is not allowed all any other time.sjdaiojfrea" UDP traffic is allowed only outside of the office hours (everyday from 17:00 to 8:59)sjdaiojfrea" Any required control traffic must be allowed all any time and the ACL entries must be specific as possible (i.e specify the Layer 4 with the connect port number on the destination)sjdaiojfrea" Sources in all ACL entries must be explicitly configured to 13.13.100.0/24.sjdaiojfreasjdaiojfreaSw1sjdaiojfreainterface Vlan500sjdaiojfreaip address 13.13.100.2 255.255.255.0sjdaiojfreaip access-group TBACL insjdaiojfrea!sjdaiojfreaip access-list extended TBACLsjdaiojfreadeny tcp 13.13.100.0 0.0.0.255 any eq www time-range HTTPsjdaiojfreapermit tcp 13.13.100.0 0.0.0.255 any eq wwwsjdaiojfreapermit tcp 13.13.100.0 0.0.0.255 any eq ftp ftp-data time-range FTPsjdaiojfreadeny tcp 13.13.100.0 0.0.0.255 any eq ftp ftp-datasjdaiojfreapermit udp 13.13.100.0 0.0.0.255 host 224.0.0.2 eq 1985sjdaiojfreadeny udp 13.13.100.0 0.0.0.255 any time-range UDPsjdaiojfreapermit udp 13.13.100.0 0.0.0.255 anysjdaiojfreadeny ip any any logsjdaiojfrea!sjdaiojfreatime-range FTPsjdaiojfreaperiodic daily 22:00 to 23:59sjdaiojfrea!sjdaiojfreatime-range HTTPsjdaiojfreaperiodic weekdays 9:00 to 16:59sjdaiojfrea!sjdaiojfreatime-range UDPsjdaiojfreaperiodic daily 9:00 to 16:59sjdaiojfreasjdaiojfreasjdaiojfreasjdaiojfreasjdaiojfreaSW2sjdaiojfreainterface Vlan500sjdaiojfreaip address 13.13.100.1 255.255.255.0sjdaiojfreaip access-group TBACL insjdaiojfrea!sjdaiojfreaip access-list extended TBACLsjdaiojfreadeny tcp 13.13.100.0 0.0.0.255 any eq www time-range HTTPsjdaiojfreapermit tcp 13.13.100.0 0.0.0.255 any eq wwwsjdaiojfreapermit tcp 13.13.100.0 0.0.0.255 any eq ftp ftp-data time-range FTPsjdaiojfreadeny tcp 13.13.100.0 0.0.0.255 any eq ftp ftp-datasjdaiojfreapermit udp 13.13.100.0 0.0.0.255 host 224.0.0.2 eq 1985sjdaiojfreadeny udp 13.13.100.0 0.0.0.255 any time-range UDPsjdaiojfreapermit udp 13.13.100.0 0.0.0.255 anysjdaiojfreadeny ip any any logsjdaiojfrea!sjdaiojfreatime-range FTPsjdaiojfreaperiodic daily 22:00 to 23:59sjdaiojfrea!sjdaiojfreatime-range HTTPsjdaiojfreaperiodic weekdays 9:00 to 16:59sjdaiojfrea!sjdaiojfreatime-range UDPsjdaiojfreaperiodic daily 9:00 to 16:59sjdaiojfreasjdaiojfreasjdaiojfreatime-range FTPsjdaiojfreaperiodic daily 0:00 to 21:59sjdaiojfrea!sjdaiojfreatime-range HTTPsjdaiojfreaperiodic weekdays 9:00 to 16:59sjdaiojfrea!sjdaiojfreatime-range UDPsjdaiojfreaperiodic daily 9:00 to 16:59sjdaiojfrea!sjdaiojfreaip access-list extended HTTP_FTP_UDPsjdaiojfreapermit udp 13.13.100.0 0.0.0.255 eq 1985 host 224.0.0.2 eq 1985sjdaiojfreadeny   tcp 13.13.100.0 0.0.0.255 any eq www time-range HTTPsjdaiojfreadeny   tcp 13.13.100.0 0.0.0.255 any eq ftp time-range FTPsjdaiojfreadeny   tcp 13.13.100.0 0.0.0.255 any eq ftp-data time-range FTPsjdaiojfreadeny   udp 13.13.100.0 0.0.0.255 any time-range UDPsjdaiojfreapermit ip 13.13.100.0 0.0.0.255 anysjdaiojfrea!sjdaiojfreaint vlan 500sjdaiojfreaip access-group HTTP_FTP_UDP insjdaiojfreasjdaiojfreaSection 5 Optimize the Networksjdaiojfreasjdaiojfrea5.1 Implement SNMPsjdaiojfreaConfigure SNMP on R3 as per the following requirementssjdaiojfrea" Use location San Jose, USAsjdaiojfrea" Use contact ccie@cisco.comsjdaiojfrea" Use R3 loopback0 interface for SNMP trap as sourcesjdaiojfrea" A SNMPv3 group admin has a user with a view privilege adminview and must view only ISO mib.sjdaiojfrea" A SNMPv3 group admin has a user with a view privilege adminwrite and must write only system mib.sjdaiojfrea" Ensure that group admin should be set with strongest security mechanism.sjdaiojfrea" A user ccie should be from group admin and use md5 password of cisco (case sensitive)sjdaiojfrea" Ensure that admin group only allow users access from 13.13.17.0/24sjdaiojfrea" Use a SNMP v2c instance for NMS in 13.13.67.0/24 to accomplish this task.sjdaiojfrea" Note: All view name, group, username and community should be case-sensitive sjdaiojfreaOn R3sjdaiojfreasjdaiojfreasjdaiojfreaaccess-list 17 permit 13.13.17.0 0.0.0.255sjdaiojfreasjdaiojfreaaccess-list 67 permit 13.13.67.0 0.0.0.255sjdaiojfreasjdaiojfreasnmp-server location San Jose, USAsjdaiojfreasnmp-server contact ccie@cisco.comsjdaiojfreasjdaiojfreasnmp-server enable trapssjdaiojfreasnmp-server trap-source Loopback0sjdaiojfreasjdaiojfreasnmp-server view ciscoview iso includedsjdaiojfreasnmp-server view ciscowrite system includedsjdaiojfreasjdaiojfreasnmp-server group admin v3 priv read ciscoview write ciscowrite access 17sjdaiojfreasnmp-server user ccie admin v3 auth md5 ciscosjdaiojfreasjdaiojfreasnmp-server community nms ro 67sjdaiojfreasjdaiojfreasjdaiojfrea5.2 Implement NetflowsjdaiojfreasjdaiojfreaConfigure Netflow on R1 according to the following requirementssjdaiojfreaｧ・Enable Netflow on R1 to monitor the traffic entering and leaving Area 0 from BB1sjdaiojfreaｧ・Export the flows to the server 13.13.56.100port 2222sjdaiojfreaｧ・In case the export to server fails, the accounting information should be exported to backup server 13.13.56.101 with the same port numbersjdaiojfreaｧ・Generate netflow sample one out-of-every 1000 packetssjdaiojfreaｧ・Use R1 Loopback as source address for the exportssjdaiojfreaｧ・Use Netflow version 9 with reliable transfersjdaiojfreaｧ・Do not use policy-mapsjdaiojfreasjdaiojfrea- the only difference here was, the question explicitly asks to configure the netflow on the BB1 facing interface of R1. I used below config which is exactly same as what we already had discussed here.sjdaiojfreasjdaiojfreasjdaiojfreaOn R1sjdaiojfreasjdaiojfreaip cefsjdaiojfreasjdaiojfreaip flow-export source Loopback0sjdaiojfreaip flow-export version 9 sjdaiojfreaip flow-export destination 13.13.56.100 2222 sctpsjdaiojfreabackup destination 13.13.56.101 2222sjdaiojfreabackup mode fail-over sjdaiojfreasjdaiojfreaflow-sampler-map FLOWsjdaiojfreamode random one-out-of 1000sjdaiojfreasjdaiojfreainterface fastethernet 0/1sjdaiojfreaflow-sampler FLOWsjdaiojfreaflow-sampler FLOW egresssjdaiojfreasjdaiojfreaip flow-export template options sampler sjdaiojfreasjdaiojfreasjdaiojfreasjdaiojfreasjdaiojfreasjdaiojfrea

aaa

Question

CISCO 892 ROUTER
HQ_BACKUP_CONNECTION_ROUTER#show run
Building configuration...

Current configuration : 6487 bytes
!
! Last configuration change at 15:30:45 EST Thu Mar 17 2011 by coxma
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname HQ_BACKUP_CONNECTION_ROUTER
!
boot-start-marker
boot-end-marker
!
aaa new-model
!
!
aaa authentication password-prompt "Enter local password:"
aaa authentication username-prompt "Enter local username:"
aaa authentication login default local group tacacs+
aaa authentication enable default enable group tacacs+
aaa authorization console
aaa authorization exec default local group tacacs+
aaa authorization network default local group tacacs+
!
!
!
!
!
aaa session-id common
!
!
!
clock timezone EST -5
clock summer-time EST recurring
!
crypto pki trustpoint TP-self-signed-92435657
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-92435657
 revocation-check none
 rsakeypair TP-self-signed-92435657
!
!

ip source-route
!
!
!
!
ip cef
ip domain
ip name-server 199.129.247.145
ip name-server 199.129.207.34
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO892-K9 sn FHK145170ME
!
!
archive
 log config
  hidekeys
!
!
!
!
!
!
!
!
!
interface Loopback0
 no ip address
 !
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
 isdn termination multidrop
 !
!
interface FastEthernet0
 shutdown
 !
!
interface FastEthernet1
 !
!
interface FastEthernet2
 !
!
interface FastEthernet3
 !
!
interface FastEthernet4
 !
!
interface FastEthernet5
 !
!
interface FastEthernet6
 !
!
interface FastEthernet7
 !
!
interface FastEthernet8
 description CONNECTION_TO_NEW_EDGE
 ip address 10.10.1.2 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
 !
!
interface GigabitEthernet0
 description CONNECTION_TO_HQ_Core
 ip address 199.129.156.2 255.255.255.0
 ip virtual-reassembly
 ip nat outside
duplex full
 speed 100
 !
!
interface Vlan1
 no ip address
 !
!
interface Vlan5
 ip address 199.129.205.170 255.255.255.0
 !
!
ip forward-protocol nd
ip http server
ip http access-class 5
ip http authentication aaa
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip flow-export version 5
ip flow-export destination 199.129.206.88 2055
!
ip nat log translations syslog
ip nat pool BacUp 199.129.156.3 199.129.156.254 netmask 255.255.255.0
ip nat source list 7 pool BacUp
ip route 0.0.0.0 0.0.0.0 199.129.156.1
ip route 10.10.0.0 255.255.0.0 10.10.1.1
ip route 199.129.0.0 255.255.0.0 199.129.156.1
!
access-list 5 permit 199.129.0.0 0.0.255.255
access-list 5 permit 10.0.0.0 0.255.255.255
access-list 5 deny   any
access-list 6 permit 199.129.0.0 0.0.255.255
access-list 6 permit 10.0.0.0 0.255.255.255
access-list 6 deny   any
access-list 7 permit 10.10.0.0 0.0.255.255
!
!
!
!
snmp-server community C0mm$$l@nw@n RO 6
snmp-server community Kw2004R!pe@c RW 6
snmp-server community public-y9M5&e#U-h RO 6
snmp-server community private-5Ebrewr@XA RW 6
snmp-server enable traps tty
snmp-server host 199.129.206.14 C0mm$$l@nw@n
snmp-server host 199.129.206.88 C0mm$$l@nw@n
snmp-server host 199.129.206.96 Kw2004R!pe@c
snmp-server host 199.129.208.103 Kw2004R!pe@c
!
tacacs-server host 199.129.247.180
tacacs-server host 199.129.208.10
tacacs-server directed-request
tacacs-server key 7 12170453565B59142B6F60
!
control-plane
 !
!
!
line con 0
line aux 0
 speed 38400
line vty 0 4
 access-class 5 in
 privilege level 15
 login authentication local
 transport input ssh
line vty 5 15
 access-class 5 in
 privilege level 15
 login authentication local
 transport input ssh
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
ntp access-group peer 7
ntp server 199.129.247.145
ntp server 199.129.207.34
end
=================================================
Router 2 Cisco 1841


OMS363560#show run
Building configuration...

Current configuration : 2526 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname _OMS363560
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 10000
!
no aaa new-model
dot11 syslog
ip source-route
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!

archive
 log config
  hidekeys
!
!
!
!
!
!
class-map match-any C5_QUEUE
 match  dscp cs5
 match  dscp ef
 match  dscp cs6
 match  dscp cs7
 match ip precedence 5
class-map match-any C4_QUEUE
 match  dscp cs4
 match  dscp af41
 match  dscp af42
 match  dscp af43
 match ip precedence 4
class-map match-any C1_QUEUE
 match  dscp cs1
 match  dscp af11
 match  dscp af12
 match  dscp af13
 match ip precedence 1
class-map match-any C3_QUEUE
 match  dscp cs3
 match  dscp af31
 match  dscp af32
 match  dscp af33
 match ip precedence 3
class-map match-any C2_QUEUE
 match  dscp cs2
 match  dscp af21
 match  dscp af22
 match  dscp af23
 match ip precedence 2
!
!
policy-map QUEUE
 description Product 4
 class C2_QUEUE
    bandwidth percent 5
 class C3_QUEUE
    bandwidth percent 15
 class C4_QUEUE
    bandwidth percent 40
 class C5_QUEUE
    priority percent 15
 class class-default
    fair-queue
!
!
!
!
interface FastEthernet0/0
 ip address 10.10.1.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 172.30.228.14 255.255.255.252
 speed 100
 full-duplex
 service-policy output QUEUE
!
router ospf 4589
 router-id 10.10.1.1
 log-adjacency-changes
 passive-interface default
 no passive-interface FastEthernet0/0
 network 10.10.1.0 0.0.0.255 area 0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 172.30.228.13
ip route 10.10.230.0 255.255.255.0 172.30.228.13
ip route 10.10.250.0 255.255.255.0 172.30.228.13
ip route 172.30.255.0 255.255.255.0 172.30.228.13
ip route 199.129.0.0 255.255.0.0 10.10.1.2
no ip http server
no ip http secure-server
!
!
!
logging trap notifications
!
!
!
!
!
snmp-server view noSysOr internet included
snmp-server view noSysOr ip excluded
snmp-server view noSysOr system.9 excluded
snmp-server community th3l04n3r view noSysOr RO
snmp-server community 79joliet view noSysOr RO
snmp-server location New Edge Networks
snmp-server contact noc@newedgenetworks.com
snmp-server enable traps tty
!
control-plane
!
!
!
line con 0
 login local
line aux 0
line vty 0 4
 login local
!
scheduler allocate 20000 1000
end