CCIE R&S FULL LAB


 

Hello All !

This is a full blown CCIE lab I have created from my experience and notes I have been taking over the years. In future I will also provide a SOLUTION guide for this lab…

Fewer than 3 percent of all Cisco certified professionals actually achieve CCIE status. The majority of candidates who take the exam fail at the first attempt because they are not fully prepared. This practise exam will bring as close as possible to actual real CCIE lab.

I will be adding new questions to this topology so you can keep on practising and exploring.

Whenever I cerate a post like this one it takes me at 3 to 4 weeks to prepare all config files, netmaps , diagrams , questions etc …. therefore I would very much appreciate if some of you could kindly subscribe to the blog because firstly it is free and secondly you will be able to receive notifications about all important updates and new posts !

The more I study for my CCIE lab and the more I look into all technologies covered in the lab the more I realise that it is all about experience , I mean you can not expect take the LAB and pass it after completing your written exam , that just would not work at all ! You must spend countless of rack time hours configuring features and learning how protocols interact with one another.

ok let’s begin !

One tiny caveat :

Please not that on the diagram we have two separate connections  from R2 to the frame switch while provided GNS3 net file uses only one. Dirty fix is to use subinterfaces on R2 to remedy this but on the other hand this will introduce more issues when doing OSPF section so of course the easiest way is to amend you NETFILE and simply add another connection from R2 to the FRAME SWITCH , I’ll leave this for you to decide

I have used VISIO this time to create the topologies for the LAB so the following is what you are going to need for this LAB exam :

GNS3 SET UP

This GN3 lab set up is what we are going to use for this exam. In case you have not seen or come across my other post here is the details how to build it

lab_set

 

 

 

FRAME RELAY CONNECTIVITY

frame_connectivity_visio

 

 

 

IP ADDRESSING

ip_addressing diagram_visio

OSPF DIAGRAM

ospf_diagram_visio

 

 

EIGRP DIAGRAM

eigrp_diagram_visio

 

 

 

BGP DIAGRAM

bgp_diagram_visio

 

 

 

IPV6 DIAGRAM

ipv6_diagram_visio

 

 

INITIAL CONFIGS : INITIAL_CONFIGS (just like with my other posts , you build above GNS3 lab on your PC then copy and paste provided configs)

LOOPBACKS :
R1 Lo0 120.100.1.1/24
R2 Lo0 120.100.2.1/24
R3 Lo0 120.100.3.1/24
R4 Lo0 120.100.4.1/24
R5 Lo0 120.100.5.1/24
R6 Lo0 120.100.6.1/24
SW1 Lo0 120.100.7.1/24
SW2 Lo0 120.100.8.1/24
SW3 Lo0 120.100.9.1/24
SW4 Lo0 120.100.10.1/24

 

IPV6 IP ADDRESSES :

IPv6 addresses on your network as follows:
2007:Cl5:C0:l0::/64—R1 Fa0/0
20O7:Cl5:C0:ll::l/64—R1 S0/0
2007:CI5:C0:ll::2/64—R2 S0/0
2007:Cl5:C0:ll::3/64—R3 S1/0
2007:CI5:C0:l2::2/64—R2 Fa0/1
2007:CI5:C0:l4::2/64—R2 S0/0
2007:CI5:C0:l4::5/64—R5 S0/0
20O7:CI5:C0:l5::3/64—R3 Fa0/0
2007:C!5:C0:!5::4/64—R4 Fa0/0
2007:C!5:C0:!6::5/64—R5 Fa0/1
2007:CI5:CO:i6::6/64—R6 Fa0/1

 

VLANS :
34 , 45 , 46 , 100 , 200 , 300

 

QUESTIONS :

Section 1: LAN Switching and Frame Relay (28 Points)

1.1 Configure switches as collapsed backbone network with switches 1 and 2 performing core and distribution functionality and switches 3 and 4 as access switches in your topology. Switches 3 and 4 should connect only to the  core switches. (2 points)

1.2 Switches 1 and 2 should run spanning tree in 802.Iw. switches 3 and 4 should operate in their default spanning-tree mode. (2 points)

1.3 Configure switch l to be the root bridge and switch 2 to be the secondary root bridge for VLANs 1 and 300. (2 points)

1.4 Ensure that you fully utilize the available bandwidth between switches by grouping your inter-Switch Links (ISL) as trunks. Ensure that only dotlq and EtherChannel are supported. (3points)

1.5 Ensure that traffic is distributed on individual Ethernet trunks between switches based on the destination MAC address of individual flows. (2 points)

1.6 Ensure that user interfaces are shut down dynamically by all switches if they link-flap excessively. If they remain stable for 35 seconds, they should be re-enabled.

1.7 Fast Ethernet ports Fa1/0 – Fa1/1 and Fa1/2 will be used for future connectivity on each switch. Configure these ports as access ports  for the VLAN 300 , which should begin forwarding traffic immediately on connection. Devices connected to these ports will dynamically receive IP addresses from a DHCP server, which is due to be connected to port Fa1/0 on sw1 in the future. For security reasons this is the only port on the network where DHCP addresses should be allocated from. Ensure that the switches intercept the DHCP requests and add the ingress port. VLAN and switch MAC address prior to sending on to the DHCP server. Limit DHCP requests to 600 packets per minute per user port. (6 points)

1.8 For additional security, ensure that the user port on switches 1-4 (Fast Ethernet 1-17) can only communicate with the network with IP addresses gained from the DHCP feature configured previously. Use a dynamic feature to ensure that the only information forwarded upon connection is DHCP request packets and then any traffic that matches the DHCP IP information received from the DHCP binding for additional security. (3 points)

1.9 R5 and R6 have been preconfigured with IP addresses on their Ethernet interfaces. Configure R4 and its associated switch port accordingly without using secondary addressing to communicate with R5 and R6.Configure R4 with an IP address of 120.100.45.4/24 to communicate with R5 and configure R4 with an IP address of 120.100.46.4/24 to communicate with R6. Configure R4 Fa0/1 and switch 2 Fa1/4 only (3points)

1.10 Your initial Frame Relay configuration has been supplied for the R1-R2-R3 connectivity and R2-R5. Configure each device per Frame-relay Diagram  to ensure that each device is reachable over the Frame Relay network. Use only the indicated DLCIs. (2 points)

 

Section 2:IPv4 IGP Protocols (22 Points)

Section 2.1: OSPF

2.10 Configure OSPF per OSPF diagram. Use a process ID of 1. Where possible all OSPF configuration should not be configured under the process ID. Do not change the preconfigured interface types where applicable. Configure the loopback interfaces of routers R1 R2 and R3 to be in area O. R4 in area 34. and R5 in area 5. Ensure that the neighbour adjacencies are established throughout(2 points)

2.11 No loopback networks should be advertised as host routes. (1 point)

2.12 Ensure that R1 does not advertise the preconfigured secondary address under interface Fa0/1 of 120.100.100.1/24 to the OSPF network. Do not use any filtering techniques to achieve this. (2 points)

2.13 R5 should use the Frame Relay link within area 5 for its primary communication to the OSPF network. If this network should fail either at Layer 1 or Layer 2. R5 should form a neighbour relationship with R4 under area 5 to maintain connectivity. Your solution should be dynamic,   ensuring that while the area 5 frame relay link is operational no neighbour relationship exist between R4 and R5. However the ethernet interface of R4 and R5 is reachable by configuration of R5. You are permitted to define neighbour statements between R5 and R4 (4points)

Section 2.2:EIGRP

2.20 Configure Enhanced Interior Gateway Routing Protocol (EIGRP) per Eigrp diagram using an AS number of l. The loopback interfaces of all routers and switches should be advertised within EIGRP. (2 points)

2.21 Ensure that R4 does not install any of the EIGRP loopback routes from any of the switches into its routing table. As such these routes should also not be present in the OSPF network post redistribution. Do not use any route-filtering access control lists (ACL),prefix lists, or admin distance manipulation to achieve this, and perform configuration only on R4. (3 points)

2.22 R4 will have dual equal-cost routes to VLAN300 (network 150.100.3.0) from R5 and R6. Ensure that R4 sends traffic to this destination network to R5 rather than load sharing. Should the route from R5 become unavailable, traffic should be sent to R6. Do not policy route, alter the bandwidth or delay statement on R4 interfaces or use an offset list. Perform your configuration on R4 only. Your solution should be applied to all routes received from R5 and R6 as opposed to solely to the route to network VLAN300. (3 points)

Section 2.3: Redistribution

2.30 Perform mutual redistribution of IGP protocols on R4.All routes should be accessible with the exception of the switch loopback networks because these should not be visible via R4 as noted in an earlier question. EIGRP routes  redistributed within the OSPF network should remain with a fixed cost of 5000 throughout the network. (3 points)

2.31  Configure R4 to redistribute up to only five EIGRP routes and to generate a system warning when the fourth route is redistributed. Do not use any access lists in your solution. (2 points)

Section 3: BGP (14 Points)

3.1 Configure Internal Border Gateway Protocol (iBGP) peering as follow:R1-R3. R2-R3. R6-R5. Sw1-R6. Sw1-R5. Use minimal configuration and use loopback interfaces for your peering. Configure External Border Gateway Protocol (EBGP) peering as follows : R3-R4. R4-R6. R4-R5. R5-R2 Use minimal configuration and use loopback interfaces for your peering with the exception of R4 to R5. Use the AS numbers supplied in BGP diagram. (2 points)

3.2 AS200 is to be used as a backup transit network for traffic between AS100 and AS300. As such if the Frame Relay network between R5 and R2 fails ensure that the peering between R2 and R5 is not maintained via the Ethernet network. Do not use any ACL-type  restrictions or change the existing peering. (2 points)

3.3 Configure a new loopback interlace 2 on R2 of 130.I00.200.1/24 and advertise this into Border Gateway Protocol (BGP) using the network command. Configure R2 in such a way that if the Frame Relay connection between R2 and R5 fails AS300 no longer receives this route.  Do not use any filtering between neighbours or neighbour-specific commands to achieve this. (3 points)

3.4 Configure Hot Standby Router Protocol (HSRP) between R5 and R6 on VLAN300 with R5 the active for .1/24. If the network 130.100.200.0/24 is no longer visible to AS300. R6 should dynamically become the HSRP active Configure R5 to achieve this solution. (4 points)

3.5 Configure two new loopback interfaces on R1 and R2 of 126.1.1.1/24 and 130.1.1.1/24 respectively and advertise these into BGP using the network command. R3 should be configured to allow only BGP routes originated from R1 up to network 128.0.0.0 and from above network 128.0.0.0 only those originated from R2. Use only a single ACL on R3 as part of your solution. (3 points)

Section 4: IPv6 (14Points) 
Configure IPv6 addresses on your network as follows:
2007:Cl5:C0:l0::/64—R1 Fa0/0
20O7:Cl5:C0:ll::l/64—R1 S0/0
2007:CI5:C0:ll::2/64—R2 S0/0
2007:Cl5:C0:ll::3/64—R3 S1/0
2007:CI5:C0:l2::2/64—R2 Fa0/1
2007:CI5:C0:l4::2/64—R2 S0/0
2007:CI5:C0:l4::5/64—R5 S0/0
20O7:CI5:C0:l5::3/64—R3 Fa0/0
2007:C!5:C0:!5::4/64—R4 Fa0/0
2007:C!5:C0:!6::5/64—R5 Fa0/1
2007:CI5:CO:i6::6/64—R6 Fa0/1

Section 4.1: RIPn
4.10 Configure Rowing Information Protocol next generation (RIPng). ensuring that your IPv6 routes are visible throughout your RIPng domain. Do not disable split-horizon. (3 points)

Section 4.2: OSPFv3
4.20 Configure OSPFv3  with a process ID of 1 and with all OSPF interfaces assigned to area 0. (2 points)
4.21 The IPv6 network is deemed to be stable. As such, reduce the number of link-state advertisements (LSA) flooded within the OSPF domain. (2 points)

Section 4.3: Redistribution

4.30 Redistribute RIPng  routes into the OSPFv3 demand (one way). RIP routes should have a fixed cost of 5000 associated to them within the OSPF network. (1 point)

4.31 Ensure that the OSPFv3 network is reachable from the RIP network by a single route of 2007::/16. which should be seen within the RIP domain. Configure R5 only to achieve this. The OSPF domain should continue to receive specific RIPng subnets. (2 points)

4.32 If the serial link fails between the OSPF and RIPng domains, ensure that routing is still possible between R5 and R4 over VLAN45. Do not enable RIP on the VLAN45 interfaces of R4 and R5. Configure R4 and R5 to achieve this and this should be considered an alternative path only in the event of a failure. (3 points) 4.33 Ensure that the summary route configured previously is not seen back on the routing table of R5. Configure only R5 to achieve this. (1 point)

Section 5: QoS (8 Points)

5.1 You are required to configure quality of service (QoS) on switch 1 according to the Cisco QoS baseline model Create a Modular QoS configuration that facilitates the following requirements for all user ports (Fast Ethernet 1-24) (3 points): *** All ports should trust the Differentiated Services Code Point (DSCP) values received from their connecting devices. *** Packets received from the user ports with DSCP values of 10,16,24,28,32,34,46 and 48 should be remarked to DSCP 8 Per Hop Behaviour (PHB CS1) in the event of traffic flowing above 5Mbps on a per port basis. This traffic could be a combination of any of the earlier DSCP values with any source/destination combination. Ensure that a minimum burst value is configured above the 5 Mbps.

5.2 Switch 1 will be connected to a new trusted domain in the future using interface Fa1/0. A DSCP value of AF43 received locally on sw1 should be mapped to AF42 when destined for the new domain. (2 points)

Section 6: Security (8 Points)

6.1 Configure R3 to identify and discard the following custom virus. The virus is characterized by the ASCII characters “VIRUS IS BAD” within the payload and utilizes User Datagram Protocol (UDP) ports 11664 to 11666. The ID of the virus begins on the third character of the payload. The virus originated on VLAN34. (3 points)

6.2 An infected host is on VLAN200 of 150.100.2.100. Ensure that only within BGPAS10 traffic destined for this host is directed to NullO of each local router. You cannot use any ACLs to block traffic to this host specifically, but you can use a static route pointing to NullO for traffic destined to 192.0.2.0/24 on routers within ASI0. R2 can have an additional static route pointing to NullO. Use a BGP feature on R2 to ensure that traffic to this source is blocked. Prevent unnecessary replies when traffic is passed to the NullO interface for users residing on VLAN100. (3 points)

Section 7: Multicast (6 Points)

7.1 Configure routers R1.R2.R3. and R4 for IPv4 Multicast. Configure R3 to send multicast advertisements of its own time by use of Network Time Protocol (NTP) sourced from interface Fa0/0. Configure Protocol Independent Multicast (PIM) spare mode on all required interfaces. R3 should also be used to advertise its own Fastethernet interface IP address as a rendevous point (RP). R3 should also advertise the IP address you are using for the NTP advertisements which is to be 224.0.1.1. Do not use the command ntp server in any configurations. Routers R1. R2.and R4 should all show a clock synchronized to that of R3. (5 points)

 

How did you do ? What was your score ? If you scored over 80 and accomplished this within the time frame , well done !!

As soon as I have more time I will add some new questions !!

Please let me know if you spot any mistakes with the config or anything and go ahead as questions !

 

Enjoy !

Tom

 

 

Advertisements

About ccie4all
Hello, and welcome to the first post of my CCIE blog This blog has got one simple goal and that is to improve our skills in Cisco Networking field so we can become best engineers on a job market. Wordpress Blog https://ccie4all.wordpress.com/ information about the changes made to Gns3 BGP , MPLS and R&S CCIE labs. In order to access and download all provided materials and receive important updates from Gns3 BGP , MPLS and R&S CCIE labs under GNS3 tab in the main header please go ahead and subscribe to https://ccie4all.wordpress.com/ ! All other posts have not been affected and can be accessed at any given time. Enjoy ! Tom

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: