cisco 360 ccie r&s workshop 2 assessment lab 2 ... · pdf fileworkshop 2 assessment lab 2...

CIERSASSESS-6

Cisco 360 CCIE R&S Workshop 2 Assessment Lab 2 Configuration Section

Cisco 360 CCIE® Routing and Switching (R&S) Advanced Workshop 2 is a five-day course for CCIE candidates who are ready to attempt the Cisco CCIE lab. Advanced Workshop 2 is not an entry-level course. You should take this course only if you are close to passing the actual CCIE lab.

Advanced Workshop 2 further develops such high-level candidates by presenting learners with five multitopic labs at CCIE level that simulate the actual Cisco CCIE lab experience (four of these labs are eight hours long; one is four hours long).

A lab is administered on each day of the course. On the first four days, you will perform an eight-hour lab. On the fifth, and last, day of the course, you will perform the four-hour lab. During each lab, you will be tested on your knowledge of complex internetworking subjects, your problem solving skills, and your test-taking strategies.

After each of these labs, you will get a detailed assessment score report combined with an answer key and Mentor Guide support. To supplement this feedback, Cisco CCIE instructors will provide review sessions after each lab and directed instruction during each lab if necessary. These resources provide feedback that maximizes the learning experience of each lab.

2 Cisco 360 CCIE R&S Workshop 2 Assessment Lab 2 © 2009 Cisco Systems, Inc.


Note COPYRIGHT. 2008. CISCO SYSTEMS, INC. ALL RIGHTS RESERVED. ALL CONTENT AND MATERIALS, INCLUDING WITHOUT LIMITATION, RECORDINGS, COURSE MATERIALS, HANDOUTS AND PRESENTATIONS AVAILABLE ON THIS PAGE, ARE PROTECTED BY COPYRIGHT LAWS. THESE MATERIALS ARE LICENSED EXCLUSIVELY TO REGISTERED STUDENTS FOR THEIR INDIVIDUAL PARTICIPATION IN THE SUBJECT COURSE. DOWNLOADING THESE MATERIALS SIGNIFIES YOUR AGREEMENT TO THE FOLLOWING: (1) YOU ARE PERMITTED TO PRINT THESE MATERIALS ONLY ONCE, AND OTHERWISE MAY NOT REPRODUCE THESE MATERIALS IN ANY FORM, OR BY ANY MEANS, WITHOUT PRIOR WRITTEN PERMISSION FROM CISCO; AND (2) YOU ARE NOT PERMITTED TO SAVE ON ANY SYSTEM, MODIFY, DISTRIBUTE, REBROADCAST, PUBLISH, TRANSMIT, SHARE OR CREATE DERIVATIVE WORKS ANY OF THESE MATERIALS. IF YOU ARE NOT A REGISTERED STUDENT THAT HAS ACCEPTED THESE AND OTHER TERMS OUTLINED IN THE STUDENT AGREEMENT OR OTHERWISE AUTHORIZED BY CISCO, YOU ARE NOT AUTHORIZED TO ACCESS THESE MATERIALS.

© 2009 Cisco Systems, Inc. Cisco 360 CCIE R&S Workshop 2 Assessment Lab 2 3

Table of Contents Cisco 360 CCIE R&S Workshop 2 Assessment Lab 2 Configuration Section ............ 1

Cisco 360 CCIE R&S Workshop 2 Assessment Lab 2 Configuration Section ..................... 2Table of Contents ................................................................................................................................. 3Activity Objectives ................................................................................................................................. 4General Lab Instructions ....................................................................................................................... 4Difficulty Levels ..................................................................................................................................... 5

Cisco 360 CCIE R&S Workshop 2 Assessment Lab 2 Configuration Section ..................... 6Grading and Duration ........................................................................................................................... 6Difficulty Level ....................................................................................................................................... 6Restrictions and Goals .......................................................................................................................... 6

1. Frame Relay and Serial Communications Section Total: 4 points ................................................. 121.1. Configure Frame Relay Interfaces (Basic: 1 point) .................................................................................. 121.2. Control the Full Mesh with Static Maps (Basic: 2 points) ......................................................................... 121.3. Verify Layer 3 Connectivity (Basic: 1 point) ............................................................................................. 12

2. Catalyst Switch Configuration Section Total: 13 points .................................................................. 122.1. Configure VLANs on SW1 and SW2 (Intermediate: 2 points) ................................................................. 122.2. Configure VLANs on SW3 and SW4 (Intermediate: 2 points) ................................................................. 132.3. Configure Switch-to-Router Links (Basic: 2 points) ................................................................................. 132.4. Control Switch-to-Switch Links (Basic: 2 points) ..................................................................................... 132.5. Native VLANs and Greeting Message (Intermediate: 2 points) ............................................................... 142.6. Tuning Ports (Intermediate: 2 points) ...................................................................................................... 142.7. Control VLANs (Intermediate: 1 point) ..................................................................................................... 14

3. IPv4 OSPF Section Total: 12 points .............................................................................................. 153.1. Create OSPF Areas (Basic: 2 points) ...................................................................................................... 153.2. OSPF Authentication (Intermediate: 2 points) ......................................................................................... 153.3. OSPF Advertisements (Basic: 3 points) .................................................................................................. 153.4. Control OSPF Advertisements (Intermediate: 3 points) ........................................................................... 153.5. OSPF Forwarding (Intermediate: 2 points) .............................................................................................. 15

4. IPv4 EIGRP Section Total: 5 points ............................................................................................... 164.1. EIGRP IP Subnet (Intermediate: 1 point) ................................................................................................. 164.2. EIGRP AS1 (Basic: 2 points) ................................................................................................................... 164.3. Control EIGRP Bandwidth and Advertisements (Advanced: 2 points) .................................................... 16

5. IPv4 RIP Section Total: 4 points .................................................................................................... 165.1. RIP and Backbone (Intermediate: 2 points) ............................................................................................. 165.2. Internal RIP (Basic: 2 points) ................................................................................................................... 16

6. Border Gateway Protocol Section Total: 8 points .......................................................................... 166.1. Configure Processes and Peers with the Backbone (Basic: 2 points) ..................................................... 166.2. Configure Processes and Peers Within Your Network (Intermediate: 2 points) ...................................... 176.3. BGP Adjustments (Intermediate: 2 points) .............................................................................................. 176.4. BGP Decision Process (Advanced: 2 points) .......................................................................................... 17

7. IPv6 Routing Section Total: 4 points .............................................................................................. 177.1. Configure IPv6 Addresses for RIP (Basic: 2 points) ................................................................................ 177.2. Configure IPv6 NAT (Advanced: 2 points) ............................................................................................... 17

8. Security Section Total: 3 points ..................................................................................................... 178.1. Security Policy (Intermediate: 3 points) ................................................................................................... 17

9. QoS Section Total: 4 points ........................................................................................................... 179.1. Configure Policy Maps, Part 1 (Advanced: 2 points) ............................................................................... 189.2. Configure Policy Maps, Part 2 (Advanced: 2 points) ............................................................................... 18

10. Network Time Section Total: 5 points .......................................................................................... 1810.1. Enable NTP (Intermediate: 2 points) ..................................................................................................... 1810.2. Adjust Clock (Intermediate: 2 points) ..................................................................................................... 1810.3. Synchronize the Backbone (Advanced: 1 point) .................................................................................... 18

11. Cisco IOS Software Services Section Total: 2 points .................................................................. 1911.1. Enable SSH (Intermediate: 2 points) ..................................................................................................... 19

12. Multicast Configuration Section Total: 6 points ............................................................................ 1912.1. Enable PIM, Part 1 (Intermediate: 2 points) ........................................................................................... 1912.2. Enable PIM, Part 2 (Intermediate: 2 points) ........................................................................................... 1912.3. Join Multicast Group (Intermediate: 2 point) .......................................................................................... 19

13. Address Administration Section Total: 2 points ............................................................................ 1913.1. NAT (Advanced: 2 points) ...................................................................................................................... 19

14. Catalyst Specialties Section Total: 3 points ................................................................................. 2014.1. RSPAN (Advanced: 3 points) ................................................................................................................ 20


Activity Objectives When performing any assessment lab, you will encounter a multitopic-practice Cisco CCIE Routing and Switching lab. Each lab consists of a range of internetworking topics. You have a predetermined set of hours to complete each assessment lab.

When performing any assessment lab, formulate a test-taking strategy that includes the following activities. These same activities should be conducted in the actual Cisco CCIE lab:

Create a strategy for how to begin an assessment lab

Create a checklist of best general practices to observe during the assessment lab

Create a strong set of issue-spotting skills to be able to uncover hidden and complex internetworking issues

Develop time-management techniques

General Lab Instructions Read the instructions carefully. If you misinterpret any directions, very likely you will lose points. After you have read the General Lab Instructions section, read all the other sections of the lab. Pay very close attention to the Restrictions and Goals section.

Your pod is cabled according to the Ethernet Cabling Topology and the Frame Relay and Serial Cabling Topology diagrams.

All routers should have an initial IP configuration loaded.

Frame Relay switching and the terminal server are preconfigured.

If you experience any connectivity problems to the terminal server using multiple Telnet sessions, try to access the routers through the terminal server with Ctrl-Shift-6-x.

Review all the tasks in the scenario.


Difficulty Levels Tasks are categorized as follows:

Basic: These fundamental tasks are generally those that are needed to provide the basic functions of the protocol or feature. You must complete these tasks to provide reachability and to move forward in the lab.

Intermediate: These tasks include protocol features like routing optimization, route filtering, optimal path selection, load sharing, and summarization. Failure to complete these tasks will usually not affect later lab sections.

Advanced: This category includes new Cisco IOS Software features and IP services, complex optimizations, and fine-tuning.

Scenarios are categorized as follows based on task classifications:

Basic

Basic to intermediate

Intermediate

Intermediate to advanced

Advanced



Grading and Duration Configuration lab duration: 8 hours

Configuration lab maximum score: 75 points

Troubleshooting lab duration: 2 hours

Troubleshooting lab maximum score: 25 points

Minimum passing score (after troubleshooting and configuration): 80 points

Difficulty Level Difficulty: Intermediate

Restrictions and Goals Note Note: Read this section carefully.

To receive any credit for a subsection you must fully complete the subsection. You will not get partial credit for partially completed subsections.

IP subnets on the Lab IPv4 IGP diagram belong to network 172.16.0.0/16.

Do not introduce any new IP addresses and do not create any tunnel links.

Do not use any static routes, unless specifically specified.

Do not use the ip default-network or default-information originate commands.

Advertise loopback interfaces with their original masks.

The backbone router BB1 is reachable via 192.40.100.10.



All IP version 4 (IPv4) IP addresses involved in this scenario must be reachable, except for the prefixes advertised from the backbone and interfaces connected to the shared equipment.

N represents the group number; X represents the pod number. Check your online instructions for your number NX. Failure to assign the correct IP address could result in losing points in multiple sections.


Do not modify the hostname, console, or vty configuration unless you are specifically asked to do so.

Do not modify the initial interface or IP address numbering.

Ethernet Cabling Topology

R12811

R22811

R32811

R42811

R52811

R62811

BACKBONE

Fa0/10

TRUNK

Fa0/23Fa0/24

Fa0/23Fa0/24

Fa0/19

Fa0/19

Fa0/23Fa0/24

Fa0/23Fa0/24

Fa0/21

Fa0/21

Fa0/22Fa0/21

Fa0/21Fa0/22

Fa0/22 Fa0/20

Fa0/20

Fa0/19

Fa0/19

Fa0/20

Fa0/20

Fa0/1Fa0/2 Fa0/2

Fa0/1Fa0/4

Fa0/3

Fa0/0

Fa0/0

Fa0/5 Fa0/3 Fa0/5Fa0/4 Fa0/6Fa0/6

Fa0/1

Fa0/1Fa0/0

Fa0/1Fa0/0

Fa0/1Fa0/0

Fa0/1Fa0/0

Fa0/1

Fa0/22



Frame Relay and Serial Cabling Topology

Frame Relay DLCI Assignments

Router DLCI Assignments

R1 Frame Relay interface 102 103 104



401 R4 Frame Relay interface 402

403

Lab IPv4 IGP

Lo101:101.1/24

R1

104

401

14.4/24

14.1/24

123.3/24

R4Fa0/0

123.1/24

R2 123.2/24

172.30.4.NX/24

Lo104:104.1/24Lo49:4.49/28Lo65:4.65/28Lo81:4.81/28

VLAN13

102103

301

201

R6Fa0/0

VLAN999

VLAN888

BB1192.40.100.10/24

Lo103:103.1/24Lo97:4.97/29

172.40.10.NX/24

26.3

Lo102:102.1/24Lo5:53.5/30Lo9:53.9/30

Lo106:106.1/24Lo10:10.10.10.1/24Lo10:10.10.20.1/24

R4

10.11/24

VLAN11

172.30.4.10/24

Lo107:107.1/24

Lo110:110.1/24

R4Lo120:120.1/24

21.10/24

21.20/24

VLAN998

A0

A41

A1

RIPv2

A22

RIPv2

A0

12.1/24

12.2/24

VLAN14

A12

A115

AS1

172.40.10.10/24

A4

Lo113:113.1/24

R5Fa0/0116.1/24

VLAN15

35.5/24

VLAN12

Fa0/1

Fa0/1S0/0/0 S0/0/0

Fa0/0

S0/0/0

R3Fa0/0

S0/0/0 S0/0/0

Fa0/0

Fa0/0

Fa0/0

192.40.100.NX/24

35.3/24

26.2

10.7/24

Fa0/110.1/24

BB3Lo105:105.1/24Lo115:115.1/24Lo53:53.1/30

BB2



Lab IPv6 IGP


1. Frame Relay and Serial Communications Section Total: 4 points

1.1. Configure Frame Relay Interfaces (Basic: 1 point) R1, R2, and R3 should be in the same subnet. R1 and R4 should be in the same subnet.

Configure a physical interface on router R3 and logical interfaces on all other Frame Relay interfaces.

Use point-to-point logical interfaces wherever possible.

1.2. Control the Full Mesh with Static Maps (Basic: 2 points) The Frame Relay switch router is configured for a “full mesh.”

Make sure that only the permanent virtual circuits (PVCs) listed on the Lab IPv4 interior gateway protocol (IGP) diagram are used for user traffic.

No dynamic entries are allowed in the Frame Relay map tables.

1.3. Verify Layer 3 Connectivity (Basic: 1 point) Supply IPv4 addresses on all required Frame Relay interfaces.

Make sure that routers R2, R3, and R4 can ping R1 over respective Frame Relay PVCs.

2. Catalyst Switch Configuration Section Total: 13 points

Note Port 0/10 on SW4 is connected to the backbone. The configuration of this port should be trunk encapsulation dot1q. Healthy trunk status is displayed as following:

Mode Encapsulation Status on 802.1q trunking

Do not change any initially configured link speeds.

2.1. Configure VLANs on SW1 and SW2 (Intermediate: 2 points) Create the VLANs referenced in the VLANs table and the IPv4 IGP diagram. The domain name is ciers2lab02.

VLANs

VLAN VLAN NAME

VLAN11 A

VLAN12 B

VLAN13 C

VLAN14 D

VLAN15 E

VLAN998 VLANBB1

VLAN888 VLANBB2

VLAN999 VLANBB3

When creating VLANs, allow the VLANs to be advertised from SW2 to SW1 only.


2.2. Configure VLANs on SW3 and SW4 (Intermediate: 2 points) SW3 and SW4 should operate in transparent VTP mode. Configure VLANs according to the following table.

Switch VLAN VLAN NAME

SW3VLAN15 E

VLAN1234 ODD?

SW4

VLAN998 VLANBB1

VLAN888 VLANBB2

VLAN999 VLANBB3

VLAN1234 ODD?

Make sure that only these VLANs are configured on SW3 and SW4.

2.3. Configure Switch-to-Router Links (Basic: 2 points) Configure the following switch-to-router connections.

Use the IEEE tagging method on the trunk links where necessary and be sure that they will not conflict with other lab requirements.

Switch-to-Router Connections

Switch Router VLAN

SW2 R1 VLAN13, VLAN14, VLAN998

SW1 R2 VLAN11, VLAN14

SW1 R3 VLAN12

SW1 R4 VLAN999



Create the necessary switched virtual interfaces (SVIs) and assign the IP addresses specified in the Lab IPv4 IGP diagram.

2.4. Control Switch-to-Switch Links (Basic: 2 points) Make sure that the ports specified in the following table are shut down:


Switch Port

SW10/19 0/21 0/22

SW20/21 0/22

SW30/19 0/21 0/22

SW40/21 0/22 0/24

Configure switch-to-switch links according to the following table. Use the Cisco proprietary tagging method on the trunk links where necessary:

Switch-to-Switch Connections

Switch Port Switch Port Mode

SW1 0/23 SW2 0/23 Routed

SW1 0/24 SW2 0/24 Trunk

SW1 0/20 SW3 0/20 Access VLAN15

SW2 0/19 SW4 0/19 TBD

SW2 0/20 SW4 0/20 Trunk

SW3 0/23 SW4 0/23 Trunk

Note TBD = To be determined

SW4 port 0/10 is your connection to the backbone. Verify that it is a dot1q trunk.

2.5. Native VLANs and Greeting Message (Intermediate: 2 points) Set the native VLAN to 11 for the link between R6 and SW1. Configure an appropriate trunk encapsulation.

Configure a message of the day Welcome to CIERS2-GA-LAB02! on SW1.

2.6. Tuning Ports (Intermediate: 2 points) Configure the link 172.16.21.0/24 between SW1 and SW2 using the interface 0/23 on both switches. See the IPv4 IGP diagram.

Assign an IPv4 address on SW4 according to the IPv4 IGP diagram.

2.7. Control VLANs (Intermediate: 1 point) Allow only VLAN 1234 on the link between SW3 and SW4.

Allow only backbone VLAN 888, VLAN 998 and VLAN 999 on the link between ports 0/20 of SW2 and SW4.


3. IPv4 OSPF Section Total: 12 points

Note Configure all Open Shortest Path First (OSPF) routers with only one OSPF process ID (PID). You will lose points from multiple sections for failing to assign one and only one OSPF PID on each specified router. Use your IGP diagram to help guide configuration.

3.1. Create OSPF Areas (Basic: 2 points) Configure the Frame Relay network between R1, R2, and R3 as the OSPF backbone area. Automatically discover neighbors. The 172.16.123.0/24 subnet should be advertised by OSPF in a network link-state advertisement (LSA).

Configure OSPF on the link between R1 and R4. Place this link in OSPF Area 41.

Make R4 the designated router for the R1/R4 link. The OSPF packets carried on the link between R4 and R1 must have a unicast IP address in the destination field.

3.2. OSPF Authentication (Intermediate: 2 points) Configure OSPF Message Digest 5 (MD5) authentication for Area 0 using password cisco.

Configure authentication type only at the area level.

3.3. OSPF Advertisements (Basic: 3 points) On R4, place the loopback interfaces with a 28-bit prefix and loopback 172.16.104.0/24 into OSPF Area 4. Summarize the /28 networks with the most optimal mask.

Advertise the following loopbacks from R2 as Area 22:

— 172.16.102.1/24

— 172.16.53.5/30

— 172.16.53.9/30

Summarize the /30 networks with the mask /24.

Advertise the network between R1, SW1, and SW4 in OSPF Area 1.

Configure OSPF Area 0 between router R3 and R5.

Place the loopback networks 172.16. 53.0/30, 172.16.105.0/24, and 172.16.115.0/24 in OSPF Area 115.

3.4. Control OSPF Advertisements (Intermediate: 3 points) Do not allow any external or interarea OSPF routing information to enter Area 1 from R1. Do not use any prefix-based filtering techniques.

Advertise the loopback 107 interface on the SW4 router into OSPF as an internal OSPF route.

On R3, advertise the loopback with a 29-bit mask as a type 1 OSPF external route with the minimal possible metric. Advertise loopback 103 as a type 2 OSPF external route with the maximum possible metric.

3.5. OSPF Forwarding (Intermediate: 2 points) Place the VLAN 14 link between the router R1 and R2 in the OSPF Area 12.


Make sure that R2 prefers a next hop of 172.16.12.1 instead of 172.16.123.1 for interarea and external routes. Do not change any interface-to-area assignments.

4. IPv4 EIGRP Section Total: 5 points

4.1. EIGRP IP Subnet (Intermediate: 1 point) Only two devices with the IP addresses displayed on the IPv4 IGP diagram must be on the subnet and form Enhanced Interior Gateway Routing Protocol (EIGRP) adjacency. Do not use any filtering technique to accomplish this task.

4.2. EIGRP AS1 (Basic: 2 points) Configure EIGRP AS 1 between R2 and R6.

Create one and only one loopback 10 on router R6 and assign the following two addresses to the single loopback interface: 10.10.10.1/24 and 10.10.20.1/24. Advertise these addresses and 172.16.106.0/24 through EIGRP as internal EIGRP prefixes.

4.3. Control EIGRP Bandwidth and Advertisements (Advanced: 2 points) Make sure that EIGRP advertises only over the interfaces that are connected to VLAN 11.

Restrict the bandwidth use to half the default value for EIGRP traffic on VLAN 11.

5. IPv4 RIP Section Total: 4 points

5.1. RIP and Backbone (Intermediate: 2 points) Configure Routing Information Protocol (RIP) version 2 over the VLAN 998 connection between R1 and BB1. Make R1 a silent RIP router.

Allow only the 192.168.105.0/24 and 192.168.107.0/24 subnets in from BB1. Configure the access list BB1-RIP-IN for this task. This access list must contain the minimal number of statements to complete this task.

Add the network 172.16.101.0/24 to the RIP process on R1 with the network statement.

5.2. Internal RIP (Basic: 2 points) Configure RIP between SW1 and SW2.

Routers R1 and SW1 must not communicate through RIP.

Note Perform redistribution as necessary to provide universal unicast connectivity

6. Border Gateway Protocol Section Total: 8 points

Note The Border Gateway Protocol (BGP) table must display only networks that are advertised according to the BGP section specifications.

6.1. Configure Processes and Peers with the Backbone (Basic: 2 points) Configure BGP peering between BB2 (autonomous system [AS] 1581) and R6 (AS 800) and BB3 (AS 1771) and R4 (AS 800). Assign the IP address 172.40.10.NX/24 to Fa0/0 on R6.

Allow only the prefixes 140.10.2.0/24, 140.10.3.0/24, 140.10.4.0/24, and 140.10.5.0/24 into AS 800. Use the minimum number of standard access list filtering entries to accomplish this task.


6.2. Configure Processes and Peers Within Your Network (Intermediate: 2 points) Configure R1 and R4 in AS 65001. Configure R2, R3, R5, and R6 in AS 65000. Do not form a full mesh of internal BGP peer relationships; exchange BGP updates through R3 within AS 65000.

Only one peering relationship can exist between AS 65000 and AS 65001. This peering must be established between R3 and R4.

6.3. BGP Adjustments (Intermediate: 2 points) Do not redistribute the BGP learned prefixes into any IGP on any router.

Make R1, R2, R3, R4, R5, and R6 BGP speakers within AS 800.

6.4. BGP Decision Process (Advanced: 2 points) Make AS 1771 the preferred AS over AS 1581 for all outbound traffic destined to the 140.10.2.0/24 to 140.10.5.0/24 subnets.

7. IPv6 Routing Section Total: 4 points

7.1. Configure IPv6 Addresses for RIP (Basic: 2 points) Configure the IPv6 addresses in accordance with the IPv6 diagram and this table.

Router Interface with IPv4 Address IPv6 Address

R3 172.16.35.3 3500::35:3/96

R5 172.16.35.5 3500::35:5/96

Configure an IPv6 RIP process named IPV6RIP on routers R3 and R5.

7.2. Configure IPv6 NAT (Advanced: 2 points) Provide connectivity between the R5 IPv6 address and the IPv4 address 172.16.123.1/24 by configuring router R3.

Use the following addresses to accomplish this task: 3555::35:3 and 172.16.123.10. No IPv6 static and default routes are permitted in this scenario.

Note Perform redistribute connected where required and when the lab does not restrict it.

8. Security Section Total: 3 points

8.1. Security Policy (Intermediate: 3 points) According to your company's security policy, between 10:00 p.m. and 11:00 p.m. traffic that pertains to time synchronization that is sourced from the loopback interface of R5 (172.16.105.1) and destined to the loopback interface of R6 (172.16.106.1) must be forwarded by R1 across the Frame Relay link. Other traffic should be unaffected.

9. QoS Section Total: 4 points

Note Note The quality of service (QoS) configuration must be applied on R2 using only one policy-map.


9.1. Configure Policy Maps, Part 1 (Advanced: 2 points) Set the IP precedence to 4 for traffic with packet sizes in the range between 1000 and 1300 bytes entering R2 through the interface connected to VLAN 11.

If the same size packets are Internet Control Message Protocol (ICMP) packets originated from the VLAN11 connected interface of R6 and destined to 172.16.103.1, the packets must be unconditionally discarded.

9.2. Configure Policy Maps, Part 2 (Advanced: 2 points) Make sure that you allow IP traffic with packet sizes in the range between 300 and 500 bytes that are entering router R2 through VLAN 11 at the leak rate of 8 kb/s, allowing bursts for 2000 bytes and excess bursts for 1000 bytes. If this type of traffic still exceeds the allowed buffers, drop it.

Do not restrict ICMP packets of sizes between 300 and 500 bytes entering R2 through the interface on VLAN 11, originated from the VLAN 11 interface of R6 and destined to 172.16.103.1. Instead, change the differentiated services code point (DSCP) value of these packets to AF22.

10.Network Time Section Total: 5 points

10.1. Enable NTP (Intermediate: 2 points) All routers and switches specified in the following table must obtain time from the R6 loopback interface, 172.16.106.1, without attempting to adjust the R6 clock. All time synchronization packets within your pod must be terminated between the R6 loopback interface (172.16.106.1) and the IP addresses listed for each device in the following table.

Router IP Address

R1 172.16.101.1

R2 172.16.102.1

R3 172.16.103.1

R4 172.16.104.1

R5 172.16.105.1

R6 172.16.106.1

SW4 172.16.107.1

SW1 172.16.110.1

SW2 172.16.120.1

10.2. Adjust Clock (Intermediate: 2 points) All devices in the preceding table must show the current real time in Eastern Standard Time (EST) format with five hours offset.

Enable daylight saving time on SW1 and SW2.

10.3. Synchronize the Backbone (Advanced: 1 point) Configure R6 to get the time from BB2. R6 should not attempt to provide time to the BB2. Use only Network Time Protocol (NTP) configuration commands to accomplish this task.


11.Cisco IOS Software Services Section Total: 2 points

11.1. Enable SSH (Intermediate: 2 points) On R5, configure the domain name lab02.com and generate an RSA key pair. Make R5 accessible through only version 2 of the Secure Shell (SSH) protocol from the user admin, using the password cisco.

12.Multicast Configuration Section Total: 6 points

12.1. Enable PIM, Part 1 (Intermediate: 2 points) Configure multicast routing between R1, SW4, SW1, and SW2 using a protocol that uses any unicast routing protocol for source address determination and applies a “flood and prune” mechanism.

12.2. Enable PIM, Part 2 (Intermediate: 2 points) Configure multicast routing on R1, R2, and R3 according to the following table.

Router Link

R1-R2 172.16.123.0/24

R1-R3 172.16.123.0/24

R3 172.16.35.3/24

Do not configure Protocol Independent Multicast (PIM) on the interfaces of subnet 172.16.12.0/24.

12.3. Join Multicast Group (Intermediate: 2 point) Join management loopback interfaces of R1, R2, R3, SW4, SW1, and SW2 to group 229.9.9.9.

Router Loopback

R1 172.16.101.0/24

R2 172.16.102.0/24

R3 172.16.103.0/24

SW4 172.16.107.0/24

SW1 172.16.110.0/24

SW2 172.16.120.0/24

Ping the multicast group 229.9.9.9 from R5 to all other multicast routers.

13.Address Administration Section Total: 2 points

13.1. NAT (Advanced: 2 points) IP packets sourced from the loopback 105 interface of R5 and destined to 172.16.107.1 IP address should be delivered to SW4 with a source IP address of 172.16.101.10.

IP packets sourced from the loopback 105 interface of R5 and destined to 172.16.120.1 IP address should be delivered to SW2 with a source IP address of 172.16.101.20.

Apply the solution on router R1. Verify with the ping utility, and make sure that the ICMP translation entry stays in the translation table for 10 minutes.


14.Catalyst Specialties Section Total: 3 points

14.1. RSPAN (Advanced: 3 points) Ping the IP address 172.16.10.255 from R1 and make sure that you get replies from 172.16.10.7, 172.16.10.11, and 172.16.116.1 only. ICMP echo request for 172.16.10.255 must be forwarded through SW2, SW4, SW3, and SW1, in this particular order. Do not use any bridging, VLAN mapping, or tunneling between the VLAN 13, VLAN 15, and VLAN 1234.

cisco 360 ccie r&s workshop 2 assessment lab 2 ... · pdf fileworkshop 2 assessment lab 2...

Documents