GNS3 TEST FOR EMPLOYEES


This one is  a great concept !

Originally posted on http://mycciegeekblog.wordpress.com/2011/07/06/gns3-my-technical-test-for-employers/

GNS TEST FOR EMPLOYEESjpg Configure the network as per the diagram and complete the tasks below

•Do NOT create any additional interfaces
•Do NOT use any static routes or policy-based routes unless asked.
•Ignore any duplex mismatch messages and do NOT modify any of the ports speed or duplex configurations

Task 1: Configure an 802.1q trunk between SW1 fa1/15 interface and SW2 fa1/15 interface.

Task 2: Configure a static ether-channel 802.1Q trunk between SW1 and SW2. Both switches fa1/10 and fa1/11 interfaces should be members of the same LAG.

Task 3: Ensure all VLAN traffic successfully goes over the fa1/15 trunk and NOT the ether-channel trunk unless the fa1/15 trunk is down. Do NOT use backup interface to accomplish this.

Task 4: R1 and R2 should be put into VLAN 10 and should be able to ping each other fa0/0 interface. You must use the legacy vlan database command to create the VLAN.

Task 5: Ensure VLAN 20 traffic is never permitted to traverse the fa1/15 trunk should that trunk link become the active trunk link

Task 6: Ensure SW1 has the highest probability of always being the root bridge for VLAN 10, even if another switch is introduced into the network.

Task 7: Configure OSPF area 0 between R1 and R2. OSPF hellos should only be sent out their connected subnet interface ONLY. Ensure R1 loopback 0 interface can ping R2 loopback interface.

Task 8: Configure EIGRP 100 between the connected links of R1 & R3 and R2 & R3 ONLY. Ensure R3 REDISTRIBUTE its loopback 0 interface ONLY.

Task 9: Mutually redistribute between OSPF and EIGRP on R1 and R2. All routers (R1, R2, and R3) should be able to ping each others loopback 0 interfaces.

Task 10: Without using static routes or policy-based routing, ensure R2 is able to traceroute to R3 loopback 0 interface over its directly connected link. Don’t worry about affecting the optimal routing of other routes.

Task 11: You must deny R1 from being able to telnet to R2 only if R1 sources the telnet request from its fa0/0 IP address.

 

All 11 tasks are relatively easy to do until you hit the one below which will make you think hard for a minute or two

Bonus Task: on R2, Redistribute RIP into OSPF and RIP into EIGRP. Ensure you account for any potential loops. All routers should have full reachability to each other loopback 0 interfaces including R4 Loopback 0 interface.

 

Advertisements

About ccie4all
Hello, and welcome to the first post of my CCIE blog This blog has got one simple goal and that is to improve our skills in Cisco Networking field so we can become best engineers on a job market. Wordpress Blog https://ccie4all.wordpress.com/ information about the changes made to Gns3 BGP , MPLS and R&S CCIE labs. In order to access and download all provided materials and receive important updates from Gns3 BGP , MPLS and R&S CCIE labs under GNS3 tab in the main header please go ahead and subscribe to https://ccie4all.wordpress.com/ ! All other posts have not been affected and can be accessed at any given time. Enjoy ! Tom

2 Responses to GNS3 TEST FOR EMPLOYEES

  1. Seamus Greenan says:

    Hi Tom. Great posts. Have you completed TEST FOR EMPLOYEES lab in GNS3? I am stuck at the bonus task. I did the mutual redistribution of OSPF and EIGRP. I think I solved the suboptimal routing by the distance eigrp 90 105 eigrp 100 subcommand on R1 and R2.
    R1
    router eigrp 100
    redistribute ospf 1 metric 100000 10 255 1 1500
    network 192.168.13.0
    distance eigrp 90 105
    no auto-summary
    redistribute eigrp 100 subnets

    router ospf 1
    log-adjacency-changes
    redistribute eigrp 100 subnets
    passive-interface Loopback0
    network 1.1.1.1 0.0.0.0 area 0
    network 192.168.12.0 0.0.0.255 area 0
    R2
    router eigrp 100
    redistribute ospf 1 metric 100000 10 255 1 1500
    network 192.168.23.0
    distance eigrp 90 105
    no auto-summary
    redistribute eigrp 100 subnets

    router ospf 1
    log-adjacency-changes
    redistribute eigrp 100 subnets
    passive-interface Loopback0
    network 2.2.2.2 0.0.0.0 area 0
    network 192.168.12.0 0.0.0.255 area 0

    However when I redistributed RIP int OSPF and EIGRP at R2, I got an eternal loop. Any Ideas ??

    R1#trace 4.4.4.4

    Type escape sequence to abort.
    Tracing the route to 4.4.4.4

    1 192.168.12.2 60 msec 28 msec 32 msec
    2 192.168.23.3 64 msec 48 msec 44 msec
    3 192.168.13.1 60 msec 36 msec 56 msec
    4 192.168.12.2 68 msec 76 msec 80 msec
    5 192.168.23.3 84 msec 96 msec 84 msec
    6 192.168.13.1 100 msec 88 msec 104 msec
    R3#trace 4.4.4.4

    Type escape sequence to abort.
    Tracing the route to 4.4.4.4

    1 192.168.13.1 36 msec 24 msec 36 msec
    2 192.168.12.2 64 msec 56 msec 36 msec
    3 192.168.23.3 64 msec 60 msec 48 msec
    4 192.168.13.1 104 msec 96 msec 76 msec
    5 192.168.12.2 84 msec 84 msec 108 msec

    R1#sho ip route | i 4.4.4.4
    O E2 4.4.4.4 [110/20] via 192.168.12.2, 00:05:15, FastEthernet0/0

    R2#sho ip route | i 4.4.4.4
    D EX 4.4.4.4 [105/33280] via 192.168.23.3, 00:03:48, FastEthernet0/1

    R3#sho ip route | i 4.4.4.4
    D EX 4.4.4.4 [170/30720] via 192.168.13.1, 00:05:45, FastEthernet0/0

    Sorry for the long post, but I’d be interested if you could shed some light on this
    Rgds
    Seamus

    • ccie4all says:

      Hey Seamus,

      Firstly I do apologize for not replying earlier , so much to deal with at work !

      This is definitely a tricky one but relatively easy to fix with very careful route tagging. Distance command under any of these protocols won’t help us much in this case as whenever you use it , it will most likely affect other redistributed routes also looping occurs clearly due to admin distance of these protocols, so the easiest way to fix this is to use route maps and route tags.

      As we are redistribution from RIP to EIGRP on R2 (don’t worry about the metric ive used) :

      R2(config-router)#do sh run | se router
      router eigrp 100
      redistribute rip metric 1 1 1 1 1 route-map RIP_EIG
      redistribute ospf 1 metric 1 1 1 1 1
      network 192.168.23.0
      distance eigrp 90 109
      no auto-summary

      route-map RIP_EIG, permit, sequence 10
      Match clauses:
      Set clauses:
      tag 999
      Policy routing matches: 0 packets, 0 bytes

      I have tagged RIP routes with 999 (does not matter what number you use) value. Now when you check on R3 you should see below

      R3(config)#do sh ip route 192.168.24.0
      Routing entry for 192.168.24.0/24
      Known via “eigrp 100”, distance 170, metric 2560025856
      Tag 999, type external
      Redistributing via eigrp 100
      Last update from 192.168.23.2 on FastEthernet0/1, 00:15:23 ago
      Routing Descriptor Blocks:
      * 192.168.23.2, from 192.168.23.2, 00:15:23 ago, via FastEthernet0/1
      Route metric is 2560025856, traffic share count is 1
      Total delay is 1010 microseconds, minimum bandwidth is 1 Kbit
      Reliability 1/255, minimum MTU 1 bytes
      Loading 1/255, Hops 1
      Route tag 999

      R3(config)#do sh ip route 192.168.44.0
      Routing entry for 192.168.44.0/24
      Known via “eigrp 100”, distance 170, metric 2560025856
      Tag 999, type external
      Redistributing via eigrp 100
      Last update from 192.168.23.2 on FastEthernet0/1, 00:10:06 ago
      Routing Descriptor Blocks:
      * 192.168.23.2, from 192.168.23.2, 00:10:06 ago, via FastEthernet0/1
      Route metric is 2560025856, traffic share count is 1
      Total delay is 1010 microseconds, minimum bandwidth is 1 Kbit
      Reliability 1/255, minimum MTU 1 bytes
      Loading 1/255, Hops 1
      Route tag 999

      by the way 192.168.44.0 is my loopback on R4

      Now as we are redistributing from EIGRP to OSPF on R1 block all routes with tag 999

      R1(config-router)#do sh route-map
      route-map BLOCKTAG999, deny, sequence 10
      Match clauses:
      tag 999
      Set clauses:
      Policy routing matches: 0 packets, 0 bytes

      router ospf 1
      log-adjacency-changes
      redistribute eigrp 100 subnets route-map BLOCKTAG999
      network 10.10.10.1 0.0.0.0 area 0
      network 192.168.12.1 0.0.0.0 area 0

      Go back to R2 and let’s redistribute from RIP into OSPF

      R2(config-router)#
      router ospf 1
      log-adjacency-changes
      redistribute rip subnets route-map RIP_OSP
      redistribute eigrp 100 subnets
      network 20.20.20.2 0.0.0.0 area 0
      network 192.168.12.2 0.0.0.0 area 0

      route-map RIP_OSP, permit, sequence 10
      Match clauses:
      Set clauses:
      tag 998
      Policy routing matches: 0 packets, 0 bytes

      Ive used tag 998 for these routes so on R1 let’s block all route with tag 998 while redistributing from OSPF to EIGRP

      R1(config-router)#do sh route-map
      route-map BLOCKTAGRIP, deny, sequence 10
      Match clauses:
      tag 998
      Set clauses:
      Policy routing matches: 0 packets, 0 bytes

      router eigrp 100
      redistribute ospf 1 metric 1 1 1 1 1 route-map BLOCKTAGRIP
      network 192.168.13.0
      distance eigrp 90 109
      no auto-summary

      do clear ip route *
      on all routes to rebuild the routing table and issue show ip route on R2

      R2(config-router)#do sh ip route | be Gat
      Gateway of last resort is not set

      C 192.168.12.0/24 is directly connected, FastEthernet0/0
      D 192.168.13.0/24 [90/307200] via 192.168.23.3, 00:33:15, FastEthernet0/1
      R 192.168.44.0/24 [120/1] via 192.168.24.4, 00:00:27, Serial0/0
      C 192.168.24.0/24 is directly connected, Serial0/0
      20.0.0.0/24 is subnetted, 1 subnets
      C 20.20.20.0 is directly connected, Loopback0
      10.0.0.0/32 is subnetted, 1 subnets
      O 10.10.10.1 [110/11] via 192.168.12.1, 01:42:41, FastEthernet0/0
      C 192.168.23.0/24 is directly connected, FastEthernet0/1
      30.0.0.0/24 is subnetted, 1 subnets
      D EX 30.30.30.0
      [109/2560025856] via 192.168.23.3, 00:33:14, FastEthernet0/1

      as you can see R2 is now learning 192.168.44.0 directly from its connected neighbour R4 which means that R1 is doing a great job for us and blocks routes with previously specified tags so logically R2 will now learn RIP routes only from its directly connected neighbour R4 and nobody else also everytime R2 redistributes those routes into different domains which in our case is OSPF and EIGRP , it will tag them and R1 will filter those tags so they do not go back to R2.

      There may be some suboptimal routing still for instance when R3 wants to reach some of the rip routes it may want to go via R1 instead of R2 but that’s to do with the metric when we’re doing redistribution and of course we can play with it under either redistribution command or call a route map.

      R3(config)#do sh ip rout | be Gat
      Gateway of last resort is not set

      D EX 192.168.12.0/24
      [170/2560025856] via 192.168.23.2, 00:36:31, FastEthernet0/1
      C 192.168.13.0/24 is directly connected, FastEthernet0/0
      D EX 192.168.44.0/24
      [170/2560025856] via 192.168.23.2, 00:31:39, FastEthernet0/1
      33.0.0.0/24 is subnetted, 1 subnets
      C 33.33.33.0 is directly connected, Loopback10
      D EX 192.168.24.0/24
      [170/2560025856] via 192.168.23.2, 00:36:31, FastEthernet0/1
      20.0.0.0/24 is subnetted, 1 subnets
      D EX 20.20.20.0
      [170/2560025856] via 192.168.23.2, 00:43:23, FastEthernet0/1
      10.0.0.0/32 is subnetted, 1 subnets
      D EX 10.10.10.1
      [170/2560025856] via 192.168.23.2, 00:43:23, FastEthernet0/1
      C 192.168.23.0/24 is directly connected, FastEthernet0/1
      30.0.0.0/24 is subnetted, 1 subnets
      C 30.30.30.0 is directly connected, Loopback0

      now R3 to reach 192.168.24.0 and 192.168.44.0 goes via R2 as it should

      R3(config)#do ping 192.168.44.4
      Type escape sequence to abort.
      Sending 5, 100-byte ICMP Echos to 192.168.44.4, timeout is 2 seconds:
      !!!!!
      Success rate is 100 percent (5/5), round-trip min/avg/max = 16/44/76 ms

      R1(config-router)#do ping 192.168.44.4
      Type escape sequence to abort.
      Sending 5, 100-byte ICMP Echos to 192.168.44.4, timeout is 2 seconds:
      !!!!!
      Success rate is 100 percent (5/5), round-trip min/avg/max = 52/66/104 ms

      R2(config-router)#do ping 192.168.44.4
      Type escape sequence to abort.
      Sending 5, 100-byte ICMP Echos to 192.168.44.4, timeout is 2 seconds:
      !!!!!
      Success rate is 100 percent (5/5), round-trip min/avg/max = 1/21/48 ms

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: