Uploaded by rhhher

ipexpertx27s-ccie-ramps-v5-technology-workbook-vol-1pdf

advertisement
for Cisco's CCIE Routing & Switching Lab Exam, Volume 1
(v5)
F
a
l
l
CCIE Routing & Switching
Volume 1 Workbook
Version 5.2C
0
8
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Table of Contents
iPexpert's End-User License Agreement ...............................................................................................................................12
Welcome, and Thank You! ....................................................................................................................................................14
Feedback ...............................................................................................................................................................................14
Technical Support and Freebies ............................................................................................................................................14
Cisco's New Retake Policy .....................................................................................................................................................16
Cisco R&S V5 Blueprint (Primary Sections w/ Assigned Point Values) .................................................................................16
About This Lab Preparation Workbook .................................................................................................................................16
Additional Information Pertaining to Cisco's CCIE R&S Lab Exam ........................................................................................16
Section 1: Layer 2 Technologies .................................................................................................................................................... 19
Lab 1: Configure and Troubleshoot Switch Port Modes........................................................................................................... 20
iPexpert’s Recommended Reading Material ........................................................................................................................21
iPexpert’s Recommended Video Training .............................................................................................................................21
Topology Details ....................................................................................................................................................................21
Diagram 1.1: Switch Port Modes Topology...........................................................................................................................22
Lab 1 Setup ............................................................................................................................................................................22
Configuration Tasks ...............................................................................................................................................................22
Table 1.2 ................................................................................................................................................................................23
Table 1.3 ................................................................................................................................................................................23
Table 1.4 ................................................................................................................................................................................23
Helpful Verification Commands ............................................................................................................................................24
Lab 2: Configure and Troubleshoot VTP ................................................................................................................................... 25
iPexpert’s Recommended Reading Material ........................................................................................................................26
iPexpert’s Recommended Video Training .........................................................................................................................26
Topology Details ....................................................................................................................................................................26
Diagram 2.1: VTP Topology ...................................................................................................................................................27
Lab 2 Setup ............................................................................................................................................................................27
Configuration Tasks ...............................................................................................................................................................27
Helpful Verification Commands ............................................................................................................................................28
Lab 3: Configure and Troubleshoot Portchannels .................................................................................................................... 29
iPexpert’s Recommended Reading Material ........................................................................................................................30
iPexpert’s Recommended Video Training .............................................................................................................................30
Topology Details ....................................................................................................................................................................30
Diagram 3.1: Portchannels Topology ....................................................................................................................................31
Lab 3 Setup ............................................................................................................................................................................31
Configuration Tasks ...............................................................................................................................................................31
Helpful Verification Commands ............................................................................................................................................32
Lab 4: Configure and Troubleshoot Spanning-tree Protocol .................................................................................................... 33
iPexpert’s Recommended Reading Material ........................................................................................................................34
iPexpert’s Recommended Video Training .............................................................................................................................34
Topology Details ....................................................................................................................................................................35
Diagram 4.1: Spanning Tree Topology ..................................................................................................................................35
2|Page
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 4 Setup ............................................................................................................................................................................35
Configuration Tasks ...............................................................................................................................................................35
Helpful Verification Commands .........................................................................................................................................37
Lab 5: Configure and Troubleshoot Multi-Instance Spanning-tree Protocol (MST) ................................................................. 38
iPexpert’s Recommended Reading Material ........................................................................................................................39
iPexpert’s Recommended Video Training .............................................................................................................................39
Topology Details ....................................................................................................................................................................39
Diagram 5.1: MST Topology ..................................................................................................................................................40
Lab 5 Setup ............................................................................................................................................................................40
Configuration Tasks ...............................................................................................................................................................41
Helpful Verification Commands ............................................................................................................................................41
Lab 6: Miscellaneous Layer 2 Topics ........................................................................................................................................ 43
iPexpert’s Recommended Reading Material ........................................................................................................................44
iPexpert’s Recommended Video Training .............................................................................................................................44
Topology Details ....................................................................................................................................................................44
Diagram 6.1: SPAN and RSPAN Topology..............................................................................................................................45
Lab 6 Setup ............................................................................................................................................................................45
Configuration Tasks ...............................................................................................................................................................45
Helpful Verification Commands ............................................................................................................................................46
Lab 7: HDLC and PPP/PPPoE..................................................................................................................................................... 47
iPexpert’s Recommended Reading Material ........................................................................................................................48
iPexpert’s Recommended Video Training .............................................................................................................................48
Topology Details ....................................................................................................................................................................48
Diagram 7.1: HDLC and PPP/PPoE Topology.........................................................................................................................49
Lab 7 Setup ............................................................................................................................................................................49
Configuration Tasks ...............................................................................................................................................................49
Helpful Verification Commands ............................................................................................................................................50
Section 2: Layer 3 Technologies .................................................................................................................................................... 53
Lab 8: Configure and Troubleshoot Basic IP Routing................................................................................................................ 53
iPexpert’s Recommended Reading Material ........................................................................................................................54
iPexpert’s Recommended Video Training .............................................................................................................................54
Topology Details ....................................................................................................................................................................54
Diagram 8.1: Basic IP Routing Topology ...............................................................................................................................55
Lab 8 Setup ............................................................................................................................................................................55
Configuration Tasks ...............................................................................................................................................................56
Helpful Verification Commands ............................................................................................................................................57
Lab 9: Configure and Troubleshoot Routing Information Protocol (Part 1) ............................................................................. 58
iPexpert’s Recommended Reading Material ........................................................................................................................59
iPexpert’s Recommended Video Training .............................................................................................................................59
Topology Details ....................................................................................................................................................................60
Diagram 9.1: RIP Version 2 Topology ....................................................................................................................................60
Lab 9 Setup ............................................................................................................................................................................60
Configuration Tasks ...............................................................................................................................................................61
3|Page
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Helpful Verification Commands ............................................................................................................................................62
Lab 10: Configure and Troubleshoot Routing Information Protocol (Part 2) ........................................................................... 63
iPexpert’s Recommended Reading Material ........................................................................................................................64
iPexpert’s Recommended Video Training .............................................................................................................................64
Topology Details ....................................................................................................................................................................64
Diagram 10.1: RIP Version 2 Topology ..................................................................................................................................65
Lab 10 Setup ..........................................................................................................................................................................65
Configuration Tasks ...............................................................................................................................................................66
Helpful Verification Commands ............................................................................................................................................67
Lab 11: Configure and Troubleshoot EIGRP (Part 1) ................................................................................................................ 68
iPexpert’s Recommended Reading Material ........................................................................................................................69
iPexpert’s Recommended Video Training .............................................................................................................................69
Topology Details ....................................................................................................................................................................70
Diagram 11.1: EIGRP Topology .............................................................................................................................................70
Lab 11 Setup ..........................................................................................................................................................................71
Configuration Tasks ...............................................................................................................................................................71
Table 11.2 ..............................................................................................................................................................................71
Helpful Verification Commands ............................................................................................................................................72
Lab 12: Configure and Troubleshoot EIGRP (Part 2) ................................................................................................................ 73
iPexpert’s Recommended Reading Material ........................................................................................................................74
iPexpert’s Recommended Video Training .............................................................................................................................74
Topology Details ....................................................................................................................................................................75
Diagram 12.1: EIGRP Topology .............................................................................................................................................75
Lab 12 Setup ..........................................................................................................................................................................76
Configuration Tasks ...............................................................................................................................................................76
Helpful Verification Commands ............................................................................................................................................77
Lab 13: Configure and Troubleshoot EIGRP (Part 3) ................................................................................................................ 78
iPexpert’s Recommended Reading Material ........................................................................................................................79
iPexpert’s Recommended Video Training .............................................................................................................................79
Topology Details ....................................................................................................................................................................80
Diagram 13.1: EIGRP Topology .............................................................................................................................................80
Lab 13 Setup ..........................................................................................................................................................................80
Configuration Tasks ...............................................................................................................................................................81
Helpful Verification Commands ............................................................................................................................................82
Lab 14: Configure and Troubleshoot OSPF (Part 1) .................................................................................................................. 83
iPexpert’s Recommended Reading Material ........................................................................................................................84
iPexpert’s Recommended Video Training .............................................................................................................................84
Topology Details ....................................................................................................................................................................84
Diagram 14.1: EIGRP Topology .............................................................................................................................................85
Lab 14 Setup ..........................................................................................................................................................................85
Configuration Tasks ...............................................................................................................................................................86
Table 14.2 ..............................................................................................................................................................................86
Table 14.3 ..............................................................................................................................................................................87
4|Page
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Table 14.4 ..............................................................................................................................................................................87
Table 14.5 ..............................................................................................................................................................................87
Helpful Verification Commands ............................................................................................................................................87
Lab 15: Configure and Troubleshoot OSPF (Part 2) .................................................................................................................. 89
iPexpert’s Recommended Reading Material ........................................................................................................................90
iPexpert’s Recommended Video Training .............................................................................................................................90
Topology Details ....................................................................................................................................................................91
Diagram 15.1: OSPF Topology ...............................................................................................................................................92
Lab 15 Setup ..........................................................................................................................................................................92
Configuration Tasks ...............................................................................................................................................................93
Table 15.2 ..............................................................................................................................................................................94
Helpful Verification Commands ............................................................................................................................................95
Lab 16: Configure and Troubleshoot OSPF (Part 3) .................................................................................................................. 96
iPexpert’s Recommended Reading Material ........................................................................................................................97
iPexpert’s Recommended Video Training .............................................................................................................................98
Topology Details ....................................................................................................................................................................98
Diagram 16.1: OSPF Topology ...............................................................................................................................................99
Lab 16 Setup ..........................................................................................................................................................................99
Configuration Tasks .............................................................................................................................................................100
Helpful Verification Commands ..........................................................................................................................................101
Lab 17: Configure and Troubleshoot OSPF (Part 4) ................................................................................................................102
iPexpert’s Recommended Reading Material ......................................................................................................................103
iPexpert’s Recommended Video Training ...........................................................................................................................103
Topology Details ..................................................................................................................................................................103
Diagram 17.1: OSPF Topology .............................................................................................................................................104
Lab 17 Setup ........................................................................................................................................................................104
Configuration Tasks .............................................................................................................................................................105
Table 17.2 ............................................................................................................................................................................105
Table 17.3 ............................................................................................................................................................................106
Table 17.4 ............................................................................................................................................................................106
Helpful Verification Commands ..........................................................................................................................................107
Lab 18: Configure and Troubleshoot BGP (Part 1) .................................................................................................................108
iPexpert’s Recommended Reading Material ......................................................................................................................109
iPexpert’s Recommended Video Training ...........................................................................................................................109
Topology Details ..................................................................................................................................................................110
Diagram 18.1: BGP Topology ..............................................................................................................................................110
Lab 18 Setup ........................................................................................................................................................................110
Configuration Tasks .............................................................................................................................................................110
Helpful Verification Commands ..........................................................................................................................................112
Lab 19: Configure and Troubleshoot BGP (Part 2) .................................................................................................................113
iPexpert’s Recommended Reading Material ......................................................................................................................114
iPexpert’s Recommended Video Training ...........................................................................................................................114
Topology Details ..................................................................................................................................................................114
5|Page
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Diagram 19.1: BGP Topology ..............................................................................................................................................115
Lab 19 Setup ........................................................................................................................................................................115
Configuration Tasks .............................................................................................................................................................115
Helpful Verification Commands ..........................................................................................................................................117
Lab 20: Configure and Troubleshoot BGP (Part 3) .................................................................................................................118
iPexpert’s Recommended Reading Material ......................................................................................................................119
iPexpert’s Recommended Video Training ...........................................................................................................................119
Topology Details ..................................................................................................................................................................119
Diagram 20.1: BGP Topology ..............................................................................................................................................120
Lab 20 Setup ........................................................................................................................................................................120
Configuration Tasks .............................................................................................................................................................120
Helpful Verification Commands ..........................................................................................................................................122
Lab 21: Configure and Troubleshoot BGP (Part 4) .................................................................................................................124
iPexpert’s Recommended Reading Material ......................................................................................................................125
iPexpert’s Recommended Video Training ...........................................................................................................................125
Topology Details ..................................................................................................................................................................125
Diagram 21.1: BGP Topology ..............................................................................................................................................126
Lab 21 Setup ........................................................................................................................................................................126
Configuration Tasks .............................................................................................................................................................126
Helpful Verification Commands ..........................................................................................................................................128
Lab 22: Configure and Troubleshoot BGP (Part 5) .................................................................................................................129
iPexpert’s Recommended Reading Material ......................................................................................................................130
iPexpert’s Recommended Video Training ...........................................................................................................................130
Topology Details ..................................................................................................................................................................131
Diagram 22.1: BGP Topology ..............................................................................................................................................131
Lab 22 Setup ........................................................................................................................................................................131
Configuration Tasks .............................................................................................................................................................132
Helpful Verification Commands ..........................................................................................................................................133
Lab 23: Configure and Troubleshoot Protocol Independent Multicast Operations (Part 1) ..................................................135
iPexpert’s Recommended Reading Material ......................................................................................................................136
iPexpert’s Recommended Video Training ...........................................................................................................................136
Topology Details ..................................................................................................................................................................136
Diagram 23.1: Multicast Operations Topology ...................................................................................................................137
Lab 23 Setup ........................................................................................................................................................................137
Configuration Tasks .............................................................................................................................................................138
Helpful Verification Commands ..........................................................................................................................................139
Lab 24: Configure and Troubleshoot Protocol Independent Multicast Operations (Part 2) ..................................................140
iPexpert’s Recommended Reading Material ......................................................................................................................141
iPexpert’s Recommended Video Training ...........................................................................................................................141
Topology Details ..................................................................................................................................................................141
Diagram 24.1: Multicast Operations Topology ...................................................................................................................142
Lab 24 Setup ........................................................................................................................................................................142
Configuration Tasks .............................................................................................................................................................142
6|Page
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Helpful Verification Commands ..........................................................................................................................................144
Lab 25: Configure and Troubleshoot Protocol Independent Multicast Operations (Part 3) ..................................................146
iPexpert’s Recommended Reading Material ......................................................................................................................147
iPexpert’s Recommended Video Training ...........................................................................................................................147
Topology Details ..................................................................................................................................................................147
Diagram 25.1: Multicast Operations Topology ...................................................................................................................148
Lab 25 Setup ........................................................................................................................................................................148
Configuration Tasks .............................................................................................................................................................148
Helpful Verification Commands ..........................................................................................................................................150
Lab 26: Configure and Troubleshoot Protocol Independent Multicast Operations (Part 4) ..................................................152
iPexpert’s Recommended Reading Material ......................................................................................................................153
iPexpert’s Recommended Video Training ...........................................................................................................................153
Topology Details ..................................................................................................................................................................153
Diagram 26.1: Multicast Operations Topology ...................................................................................................................154
Lab 26 Setup ........................................................................................................................................................................154
Configuration Tasks .............................................................................................................................................................154
Helpful Verification Commands ..........................................................................................................................................156
Lab 27: Configure and Troubleshoot IP Version 6 (Part 1) .....................................................................................................157
iPexpert’s Recommended Reading Material ......................................................................................................................158
iPexpert’s Recommended Video Training ...........................................................................................................................158
Topology Details ..................................................................................................................................................................158
Diagram 27.1: IPv6 Routing Topology .................................................................................................................................159
Lab 27 Setup ........................................................................................................................................................................159
Configuration Tasks .............................................................................................................................................................160
Table 27.2 ............................................................................................................................................................................160
Table 27.3 ............................................................................................................................................................................160
Table 27.4 ............................................................................................................................................................................160
Table 27.5 ............................................................................................................................................................................161
Table 27.6 ............................................................................................................................................................................161
Table 27.7 ............................................................................................................................................................................161
Table 27.8 ............................................................................................................................................................................162
Table 27.9 ............................................................................................................................................................................162
Table 27.10 ..........................................................................................................................................................................162
Helpful Verification Commands ..........................................................................................................................................163
Lab 28: Configure and Troubleshoot IP Version 6 (Part 2) .....................................................................................................164
iPexpert’s Recommended Reading Material ......................................................................................................................165
iPexpert's Recommended Video Trainig .............................................................................................................................163
Topology Details ..................................................................................................................................................................165
Diagram 28.1: IPv6 Routing Topology .................................................................................................................................166
Lab 28 Setup ........................................................................................................................................................................166
Configuration Tasks .............................................................................................................................................................167
Table 28.2 ............................................................................................................................................................................167
Table 28.3 ............................................................................................................................................................................167
Table 28.4 ............................................................................................................................................................................167
7|Page
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Table 28.5 ............................................................................................................................................................................168
Table 28.6 ............................................................................................................................................................................168
Table 28.7 ............................................................................................................................................................................168
Table 28.8 ............................................................................................................................................................................169
Helpful Verification Commands ..........................................................................................................................................169
Lab 29: Configure and Troubleshoot IP Version 6 (Part 3) .....................................................................................................170
iPexpert’s Recommended Reading Material ......................................................................................................................171
iPexpert's Recommended Video Trainig .............................................................................................................................169
Topology Details ..................................................................................................................................................................171
Diagram 29.1: IPv6 Version 6 Topology ..............................................................................................................................172
Lab 29 Setup ........................................................................................................................................................................172
Configuration Tasks .............................................................................................................................................................172
Table 29.2 ............................................................................................................................................................................173
Table 29.3 ............................................................................................................................................................................173
Table 29.4 ............................................................................................................................................................................173
Table 29.5 ............................................................................................................................................................................174
Table 29.6 ............................................................................................................................................................................174
Table 29.7 ............................................................................................................................................................................174
Table 29.8 ............................................................................................................................................................................174
Table 29.9 ............................................................................................................................................................................175
Table 29.10 ..........................................................................................................................................................................175
Table 29.11 ..........................................................................................................................................................................175
Table 29.12 ..........................................................................................................................................................................176
Helpful Verification Commands ..........................................................................................................................................176
Section 3: VPN Technologies .......................................................................................................................................................178
Lab 30: Configure and Troubleshoot Multiprotocol Label Switching (Part 1) ........................................................................179
iPexpert’s Recommended Reading Material ......................................................................................................................180
iPexpert’s Recommended Video Training ...........................................................................................................................180
Topology Details ..................................................................................................................................................................180
Diagram 30.1: MPLS L3 VPN Topology................................................................................................................................181
Lab 30 Setup ........................................................................................................................................................................181
Configuration Tasks .............................................................................................................................................................181
Table 30.2 ............................................................................................................................................................................182
Table 30.3 ............................................................................................................................................................................182
Diagram 30.4: VRF Customer_A and VRF Customer _B Topology......................................................................................183
Table 30.5 ............................................................................................................................................................................183
Table 30.6 ............................................................................................................................................................................183
Diagram 30.7: Full-Mesh Peering Topology ........................................................................................................................184
Helpful Verification Commands ..........................................................................................................................................184
Lab 31: Configure and Troubleshoot Multiprotocol Label Switching (Part 2) ........................................................................186
iPexpert’s Recommended Reading Material ......................................................................................................................187
iPexpert’s Recommended Video Training ...........................................................................................................................187
Topology Details ..................................................................................................................................................................187
Diagram 31.1: MPLS L3 VPN Topology................................................................................................................................188
Lab 31 Setup ........................................................................................................................................................................188
8|Page
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Configuration Tasks .............................................................................................................................................................188
Table 31.2 ............................................................................................................................................................................189
Table 31.3 ............................................................................................................................................................................189
Helpful Verification Commands ..........................................................................................................................................190
Lab 32: Configure and Troubleshoot IPsec Virtual Private Networks (Part 1) ........................................................................192
iPexpert’s Recommended Reading Material ......................................................................................................................193
iPexpert’s Recommended Video Training ...........................................................................................................................193
Topology Details ..................................................................................................................................................................193
Diagram 32.1: IPsec Virtual Private Network Topology ......................................................................................................194
Lab 32 Setup ........................................................................................................................................................................194
Configuration Tasks .............................................................................................................................................................195
Helpful Verification Commands ..........................................................................................................................................196
Lab 33: Configure and Troubleshoot IPsec Virtual Private Networks (Part 2) ........................................................................197
iPexpert’s Recommended Reading Material ......................................................................................................................198
iPexpert’s Recommended Video Training ...........................................................................................................................198
Topology Details ..................................................................................................................................................................198
Diagram 33.1: IPsec Virtual Private Network Topology ......................................................................................................199
Lab 33 Setup ........................................................................................................................................................................199
Configuration Tasks .............................................................................................................................................................200
Table 33.2 ............................................................................................................................................................................200
Table 33.3 ............................................................................................................................................................................200
Table 33.4 ............................................................................................................................................................................201
Table 33.5 ............................................................................................................................................................................201
Table 33.6 ............................................................................................................................................................................201
Table 33.7 ............................................................................................................................................................................202
Table 33.8 ............................................................................................................................................................................202
Table 33.9 ............................................................................................................................................................................202
Helpful Verification Commands ..........................................................................................................................................203
Section 4: Infrastructure Security................................................................................................................................................204
Lab 34: Security (Part I) ..........................................................................................................................................................205
iPexpert’s Recommended Reading Material ......................................................................................................................206
iPexpert’s Recommended Video Training ...........................................................................................................................207
Topology Details ..................................................................................................................................................................207
Diagram 34.1: Security Topology ........................................................................................................................................208
Lab 34 Setup ........................................................................................................................................................................208
Table 34.2 ............................................................................................................................................................................209
Configuration Tasks .............................................................................................................................................................210
Helpful Verification Commands ..........................................................................................................................................214
Lab 35: Security (Part 2) .........................................................................................................................................................216
iPexpert’s Recommended Reading Material ......................................................................................................................217
iPexpert’s Recommended Video Training ...........................................................................................................................217
Topology Details ..................................................................................................................................................................217
Diagram 35.1: Security Topology ........................................................................................................................................218
Lab 35 Setup ........................................................................................................................................................................218
9|Page
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Table 35.2 ............................................................................................................................................................................219
Configuration Tasks .............................................................................................................................................................220
Helpful Verification Commands ..........................................................................................................................................222
Lab 36: Security (Part 3) .........................................................................................................................................................223
iPexpert’s Recommended Reading Material ......................................................................................................................224
iPexpert’s Recommended Video Training ...........................................................................................................................224
Topology Details ..................................................................................................................................................................225
Diagram 36.1: Security Topology ........................................................................................................................................225
Lab 36 Setup ........................................................................................................................................................................226
Table 36.2 ............................................................................................................................................................................227
Configuration Tasks .............................................................................................................................................................228
Helpful Verification Commands ..........................................................................................................................................229
Section 5: Infrastructure Services ...............................................................................................................................................231
Lab 37: Configure and Troubleshoot Quality of Service Mechanisms (Part 1) .......................................................................232
iPexpert’s Recommended Reading Material ......................................................................................................................233
iPexpert’s Recommended Video Training ...........................................................................................................................233
Topology Details ..................................................................................................................................................................234
Diagram 37.1: Quality of Service Mechanisms Topology ...................................................................................................234
Lab 37 Setup ........................................................................................................................................................................234
Configuration Tasks .............................................................................................................................................................234
Helpful Verification Commands ..........................................................................................................................................235
Lab 38: Configure and Troubleshoot Quality of Service Mechanisms (Part 2) .......................................................................237
iPexpert’s Recommended Reading Material ......................................................................................................................238
iPexpert’s Recommended Video Training ...........................................................................................................................239
Topology Details ..................................................................................................................................................................239
Diagram 38.1: Quality of Service Mechanisms Topology ...................................................................................................239
Lab 38 Setup ........................................................................................................................................................................240
Configuration Tasks .............................................................................................................................................................240
Helpful Verification Commands ..........................................................................................................................................241
Lab 39: Configure and Troubleshoot IP/IOS Services (Part 1) ................................................................................................242
iPexpert’s Recommended Reading Material ......................................................................................................................243
iPexpert’s Recommended Video Training ...........................................................................................................................243
Topology Details ..................................................................................................................................................................243
Diagram 39.1: IP/IOS Services Topology .............................................................................................................................244
Lab 39 Setup ........................................................................................................................................................................244
Configuration Tasks .............................................................................................................................................................244
Helpful Verification Commands ..........................................................................................................................................245
Lab 40: Configure and Troubleshoot IP/IOS Services (Part 2) ................................................................................................246
iPexpert’s Recommended Reading Material ......................................................................................................................247
iPexpert’s Recommended Video Training ...........................................................................................................................247
Topology Details ..................................................................................................................................................................247
Diagram 40.1: IP/IOS Services Topology .............................................................................................................................248
Lab 40 Setup ........................................................................................................................................................................248
10 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Configuration Tasks .............................................................................................................................................................248
Helpful Verification Commands ..........................................................................................................................................250
Lab 41: Configure and Troubleshoot IP/IOS Services (Part 3) ................................................................................................251
iPexpert’s Recommended Reading Material ......................................................................................................................252
iPexpert’s Recommended Video Training ...........................................................................................................................252
Topology Details ..................................................................................................................................................................252
Diagram 41.1: IP/IOS Services Topology .............................................................................................................................253
Lab 41 Setup ........................................................................................................................................................................253
Configuration Tasks .............................................................................................................................................................253
Helpful Verification Commands ..........................................................................................................................................254
Lab 42: Configure and Troubleshoot IP/IOS Services (Part 4) ................................................................................................255
iPexpert’s Recommended Reading Material ......................................................................................................................256
iPexpert’s Recommended Video Training ...........................................................................................................................256
Topology Details ..................................................................................................................................................................256
Diagram 42.1: IP/IOS Services Topology .............................................................................................................................257
Lab 42 Setup ........................................................................................................................................................................257
Configuration Tasks .............................................................................................................................................................257
Helpful Verification Commands ..........................................................................................................................................259
Lab 43: Configure and Troubleshoot IP/IOS Services (Part 5) ................................................................................................260
iPexpert’s Recommended Reading Material ......................................................................................................................261
iPexpert’s Recommended Video Training ...........................................................................................................................261
Topology Details ..................................................................................................................................................................261
Diagram 43.1: IP/IOS Services Topology .............................................................................................................................262
Lab 43 Setup ........................................................................................................................................................................262
Configuration Tasks .............................................................................................................................................................262
Helpful Verification Commands ..........................................................................................................................................263
Lab 44: Configure and Troubleshoot IP/IOS Services (Part 6) ................................................................................................265
iPexpert’s Recommended Reading Material ......................................................................................................................266
iPexpert’s Recommended Video Training ...........................................................................................................................266
Topology Details ..................................................................................................................................................................266
Diagram 44.1: IP/IOS Services Topology .............................................................................................................................267
Lab 44 Setup ........................................................................................................................................................................267
Configuration Tasks .............................................................................................................................................................267
Table 44.2 ............................................................................................................................................................................267
Helpful Verification Commands ..........................................................................................................................................268
Lab 45: Configure and Troubleshoot IP/IOS Services (Part 7) ................................................................................................269
iPexpert’s Recommended Reading Material ......................................................................................................................270
iPexpert’s Recommended Video Training ...........................................................................................................................270
Topology Details ..................................................................................................................................................................270
Diagram 45.1: IP/IOS Services Topology .............................................................................................................................271
Lab 45 Setup ........................................................................................................................................................................271
Configuration Tasks .............................................................................................................................................................271
Helpful Verification Commands ..........................................................................................................................................272
11 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert's End-User License Agreement
END USER LICENSE FOR ONE (1) PERSON ONLY
IF YOU DO NOT AGREE WITH THESE TERMS AND CONDITIONS,
DO NOT OPEN OR USE THE TRAINING MATERIALS.
This is a legally binding agreement between you and IPEXPERT, the “Licensor,” from whom you have licensed the IPEXPERT training
materials (the “Training Materials”). By using the Training Materials, you agree to be bound by the terms of this License, except to the
extent these terms have been modified by a written agreement (the “Governing Agreement”) signed by you (or the party that has licensed
the Training Materials for your use) and an executive officer of Licensor. If you do not agree to the License terms, the Licensor is unwilling to
license the Training Materials to you. In this event, you may not use the Training Materials, and you should promptly contact the Licensor
for return instructions.
The Training Materials shall be used by only ONE (1) INDIVIDUAL who shall be the sole individual authorized to use the Training Materials
throughout the term of this License.
Copyright and Proprietary Rights
The Training Materials are the property of IPEXPERT, Inc. ("IPEXPERT") and are protected by United States and International copyright laws.
All copyright, trademark, and other proprietary rights in the Training Materials and in the Training Materials, text, graphics, design
elements, audio, and all other materials originated by IPEXPERT at its site, in its workbooks, scenarios and courses (the "IPEXPERT
Information") are reserved to IPEXPERT.
The Training Materials cannot be used by or transferred to any other person. You may not rent, lease, loan, barter, sell or time-share the
Training Materials or accompanying documentation. You may not reverse engineer, decompile, or disassemble the Training Materials. You
may not modify, or create derivative works based upon the Training Materials in whole or in part. You may not reproduce, store, upload,
post, transmit, download or distribute in any form or by any means, electronic, mechanical, recording or otherwise any part of the Training
Materials and IPEXPERT Information other than printing out or downloading portions of the text and images for your own personal, noncommercial use without the prior written permission of IPEXPERT.
You shall observe copyright and other restrictions imposed by IPEXPERT. You may not use the Training Materials or IPEXPERT Information in
any manner that infringes the rights of any person or entity.
Exclusions of Warranties
THE TRAINING MATERIALS AND DOCUMENTATION ARE PROVIDED “AS IS.” LICENSOR HEREBY DISCLAIMS ALL OTHER WARRANTIES,
EXPRESS, IMPLIED, OR STATUTORY, INCLUDING WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW THE LIMITATION OF INCIDENTAL DAMAGES OR LIMITATIONS ON HOW LONG AN
IMPLIED WARRANTY LASTS, SO THE ABOVE LIMITATIONS OR EXCLUSIONS MAY NOT APPLY TO YOU. This agreement gives you specific legal
rights, and you may have other rights that vary from state to state.
Choice of Law and Jurisdiction
This Agreement shall be governed by and construed in accordance with the laws of the State of Michigan, without reference to any conflict
of law principles. You agree that any litigation or other proceeding between you and Licensor in connection with the Training Materials shall
be brought in the Michigan state or courts located in Port Huron, Michigan, and you consent to the jurisdiction of such courts to decide the
matter. The parties agree that the United Nations Convention on Contracts for the International Sale of Goods shall not apply to this
License. If any provision of this Agreement is held invalid, the remainder of this License shall continue in full force and effect.
12 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Limitation of Claims and Liability
ANY ACTION ON ANY CLAIM AGAINST IPEXPERT MUST BE BROUGHT BY THE USER WITHIN ONE (1) YEAR FOLLOWING THE DATE THE CLAIM
FIRST ACCRUED, OR SHALL BE DEEMED WAIVED. IN NO EVENT WILL THE LICENSOR’S LIABILITY UNDER, ARISING OUT OF, OR RELATING TO
THIS AGREEMENT EXCEED THE AMOUNT PAID TO LICENSOR FOR THE TRAINING MATERIALS. LICENSOR SHALL NOT BE LIABLE FOR ANY
SPECIAL, INCIDENTAL, INDIRECT, OR CONSEQUENTIAL DAMAGES, HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, REGARDLESS OF
WHETHER LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. WITHOUT LIMITING THE FOREGOING, LICENSOR WILL
NOT BE LIABLE FOR LOST PROFITS, LOSS OF DATA, OR COSTS OF COVER.
Entire Agreement
This is the entire agreement between the parties and may not be modified except in writing signed by both parties.
U.S. Government - Restricted Rights
The Training Materials and accompanying documentation are “commercial computer Training Materials” and “commercial computer
Training Materials documentation,” respectively, pursuant to DFAR Section 227.7202 and FAR Section 12.212, as applicable. Any use,
modification, reproduction release, performance, display, or disclosure of the Training Materials and accompanying documentation by the
U.S. Government shall be governed solely by the terms of this Agreement and shall be prohibited except to the extent expressly permitted
by the terms of this Agreement.
IF YOU DO NOT AGREE WITH THE ABOVE TERMS AND CONDITIONS, DO NOT OPEN OR USE THE TRAINING MATERIALS AND CONTACT
LICENSOR FOR INSTRUCTIONS ON RETURN OF THE TRAINING MATERIALS.
13 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Welcome, and Thank You!
On behalf of the entire iPexpert team, I'd personally like to thank you for putting your greatest
certification journey in our hands, and trusting us to deliver cutting-edge training to help you
accomplish this goal. Although there is no way to guarantee a 100% pass rate on the CCIE Lab, my
team and I feel extremely confident that your chances of passing will improve dramatically with
the use of our training materials.
-Respectfully, Wayne A. Lawson II, CCIE #5244 (Emeritus) / Founder & CEO - iPexpert, Inc.
Feedback
At iPexpert, we value the feedback (both positive and constructive) offered by our clientele. Our
dedication to offering the best tools and content to help students succeed could not be possible
without your comments and suggestions. Your feedback is what continually keeps us enhancing
our product portfolio, and it is greatly appreciated. If there is anything you'd like us to know,
please do so via the feedback@ipexpert.com alias.
In addition, when you pass your CCIE Lab Exam, we want to hear about it! Please email your Full
Name (used in the CCIE Verification Tool), CCIE number and the track to success@ipexpert.com
and let us know how iPexpert played a role in your success. We would like to be sure you're
welcomed into the "CCIE Club" appropriately, send you a gift for your accomplishment.
Technical Support and Freebies
To conclude, we are also proud to lead the industry with multiple support options at your
disposal, free of charge. Our online support community has attracted a membership of your
peers from around the world, and is monitored on a daily basis by our instructors and our
students. We also consistently publish technical articles / papers on our blog. You can also follow
up on Facebook, Twitter, LinkedIn, Google+ and YouTube for more in-depth discussion on current
industry trends and CCIE preparation tips.
Lastly, referrals are very important to us. It tells us that; 1) you like, value, and approve of our
training and 2) it helps us to continue to grow as a company. If you have any of your peers who
you feel will value by the use of any of our training materials, please send us their name, email
address, telephone number and what certification and track you feel that they're interested in. If
your referral makes a purchase, we will provide you with in-house credit that can be used at any
time. If your referrals exceed a certain threshold, we will also include a gift card of your choice
(either an American Express or Amazon gift card).
14 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
How to Use This Lab Preparation Workbook
In 2014 Cisco announced a new CCIE Routing & Switching blueprint for their V5 of the Lab Exam.
This change was one of the biggest changes we've seen the over 14 years since we've been
delivering cutting-edge CCIE training materials. The changes consisted of a modification of the lab
structure to now include:

A restructure of the way the lab is delivered. You will first have to complete a Troubleshooting
section where you'll have access to the rack that Cisco provides you to do so. The next section
consists of the Diagnostics section, which is done without access to your rack. The third section is
the Configuration section, which is the actual "lab" that most people focus on, and have been
primarily concerned about in the past. With this new lab structure, it's VERY IMPORTANT that you
are well-prepared for all three Sections of the Lab Exam. At any point, you could fail the Lab Exam
if you don't receive enough points in 1 of the 3 sections.

Cisco has also made a drastic change in the topology that you'll be given. It's common knowledge
at the time of this book's publication that the topology you're given has gone from their previous
6 to 8 router / 4 switch topology (seen in the labs previous to V4), to a topology that could
potentially consist of up to 40 routers and 8 switches. It's imperative that you work through
practice scenarios on a large topology, so you're familiar with the intricacies and technological
specifics that can be introduced with a topology that large.

Cisco has also changed their retake policy which now requires their CCIE candidates to wait
longer durations before their next attempt(s). Below we have listed Cisco's new policy.

And, finally, Cisco has created this impressive blueprint and broken it into sections. Cisco provides
you with the 5 section titles and the number of points so you're able to understand how their
grading works and how much focus and attention is placed on that various section. The primary
section outline is provided below; however, we have not provided all of the topics and subtopics
that Cisco has provided. We recommend that you reference Cisco's website URL, which provides
these details for the Routing & Switching V5 Lab, which will require you to have a CCO and Cisco
Learning Network login prior to being given access. That URL was found here at the date of this
book's publication.
15 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Cisco's New Retake Policy
Cisco R&S V5 Blueprint (Primary Sections w/ Assigned Point Values)





Layer 2 Technologies: 20%
Layer 3 Technologies: 40%
VPN Technologies: 20%
Infrastructure Security: 5%
Infrastructure Services: 15%
About This Lab Preparation Workbook
Throughout this workbook, you'll be asked to reference various diagrams and to pre-load
configurations. These pre-loaded configurations will be automatically loaded when you're utilizing
our online rack rental solution. All diagrams are provided in a .zip file that's accessed when you're
logged into your iPexpert's Member's Area. If you're asked to reference a table, it will be located
within this actual workbook, unless otherwise noted.
Additional Information Pertaining to Cisco's CCIE R&S Lab Exam
NOTE
The following information has been obtained from Cisco's Learning Network. We are not affiliated
with, or endorsed in any way by Cisco.
16 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
About the CCIE Lab Exam
The CCIE Lab Exam is an eight-hour, hands-on exam which requires you to configure and
troubleshoot a series of complex networks to given specifications. Knowledge of troubleshooting
is an important skill and candidates are expected to diagnose and solve issues as part of the CCIE
Lab Exam. You will not configure end-user systems, but are responsible for all devices residing in
the network (hubs, etc.). Point values and testing criteria are provided. More detail is found on
the Routing & Switching Lab Exam Blueprint and the list of Lab Equipment and IOS Versions.
Cost
The Lab Exam cost does not include travel and lodging expenses. Costs may vary due to exchange
rates and local taxes (VAT, GST). You are responsible for any fees your financial institution charges
to complete the payment transaction. Price not confirmed and is subject to change until full
payment is made. For more information on the Lab Exam Registration please reference the Take
Your Lab Exam tab.
Lab Environment
The Cisco documentation is available in the lab room, but the exam assumes knowledge of the
more common protocols and technologies. The documentation can be navigated using the index.
No outside reference materials are permitted in the lab room. You must report any suspected
equipment issues to the proctor during the exam; adjustments cannot be made once the exam is
over.
Lab Exam Grading
The labs are graded by proctors who ensure that all the criteria have been met. They will use
automatic tools to gather data from the routers in order to perform preliminary evaluations.
Candidates must reach a minimum threshold in all three sections and achieve an overall passing
score.
Lab Format
The CCIE Routing & Switching Lab Exam consist of a 2 hour Troubleshooting section, a 30 minute
Diagnostic section, and a 5 hour Configuration section. Candidates may choose to borrow up to
30 minutes from the Configuration section and use it in the Troubleshooting section.
17 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Results
You can review your Lab Exam results online (login required), usually within 48 hours. Results are
Pass/Fail and failing score reports indicate major topic areas where additional study and
preparation may be useful.
Reevaluation of Lab Results
A Reread involves having a second proctor load your configurations into a rack to re-create the
test and re-score the entire exam. Rereads are available for the Routing & Switching, and Service
Provider technology tracks.
A Review involves having a second proctor verify your answers and any applicable systemgenerated debug data saved from your exam. Reviews are available for all other tracks.
Payment Terms
Make your request within 14 days following your exam date by using the "Request for Reread"
link next to your lab record. A Reread costs $1000.00 USD and a Review costs $400.00 USD.
Payment is made online via credit card and your Reread or Review will be initiated upon
successful payment. You may not cancel the appeal request once the process has been initiated.
Refunds are given only when results change from fail to pass.
Troubleshooting
The CCIE Routing & Switching Lab Exam features a 2 hour troubleshooting section. Candidates
will be presented with a series of trouble tickets for preconfigured networks and need to
diagnose and resolve the network fault or faults. As with the configuration section, the network
must be up and running for a candidate to receive credit. Candidates who finish the
Troubleshooting section early may proceed on to the Diagnostic section, but they will not be
allowed to go back to Troubleshooting.
NOTE
This concludes any referenced content seen or found on Cisco's Learning Network.
18 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Section 1: Layer 2 Technologies
19 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 1: Configure and Troubleshoot Switch
Port Modes
Technologies Covered











CDP
Access ports
VLAN database
VLAN
Trunking
dot1Q
Native VLAN
Manual pruning
Layer 3 native interfaces
SVIs
Router-on-a-stick
Overview
You have been tasked to configure the Layer 2 part of the network and to enable the routing
between 2 VLANs in a router-on-a-stick topology. You will be configuring VLANs, CDP and some
other related features.
Estimated Time to Complete: 2 hours
20 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

Cisco Discovery Protocol Version 2:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/cdp/configuration/15-mt/cdp-15-mtbook/nm-cdp-discover.html

Configuring Access and Trunk Interfaces:
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide
/cli_rel_4_0_1a/CLIConfigurationGuide/AccessTrunk.html

Configuring InterVLAN Routing on Layer 3 Switches:
http://www.cisco.com/c/en/us/support/docs/lan-switching/inter-vlan-routing/41860-howto-L3intervlanrouting.html
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching Lab Exam. We recommend watching the following learning videos which
cover the topics seen in this lab scenario.

Video Title: CDP Theory

Video Title: CDP Demo

Video Title: VLANS and Trunking Theory

Video Title: VLANS and Trunking Demo

Video Title: Multilayer Switching
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
21|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Diagram 1.1: Switch Port Modes Topology
Lab 1 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
Configuration Tasks
1. Disable CDP on R2.
2. Disable CDP on the connection between R6 and Cat2.
3. Between Cat1 and Cat2, CDP should only be running on the E3/1 and E3/2 interfaces. The
updates should be sent every 20 seconds, and the neighbor should be declared lost after 6
missing updates.
4. Between Cat1 and Cat2, the broadcasted CDP packets should not report mismatched native VLAN
IDs.
22 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
5. Configure VLAN 101, 102, 103, and 999 in the VLAN local database of Cat1 and Cat2 with the
respective name of VLAN101, VLAN102, VLAN103, VLAN999. The configuration of the VLANs
should appear in the running-configuration and no VLAN distribution protocol should be running.
6. Configure interface E3/0 in access mode VLAN 101 on Cat1 and Cat2.
7. Configure the following IP addresses under the following interfaces:
Table 1.2
Cat1 E0/2
10.1.0.1/24
R2 E0/0
10.1.0.2/24
Make sure that ping between the two Interfaces above is working.
8. Configure an ISL trunk between Cat1 and Cat2 on E3/1. Allow VLAN 102. Allow DTP to negotiate
whether a trunk forms. VLAN 999 should be the native VLAN.
9. Configure a dot1q trunk between Cat1 and Cat2, on E3/2. Allow only VLAN 103 on the trunk.
VLAN 103 should be sent untagged.
10. Configure only the following SVIs:
Table 1.3
Cat1 Vlan 103
10.103.0.1/24
Cat2 Vlan 101
10.101.0.2/24
11. Configure the following sub-interfaces on E0/0 of R6:
Table 1.4
E0/0.101
10.101.0.6/24
E0/0.103
10.103.0.6/24
12. Ensure that you can ping from interface Vlan 103 on Cat1 to interface Vlan 101 on Cat2 by using
R6 as the inter-VLAN routing point. Do not use the ip route command.
23|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Helpful Verification Commands




Show
Show
Show
Show
Show

cdp
cdp neighbor
vtp status
interface trunk
interface Ethernet 1/2 switchport
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 1 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 1
Copyright© iPexpert. All Rights Reserved.
24 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 2: Configure and Troubleshoot VTP
Technologies Covered




VTPv1
VTPv2
VTPv3
VTP pruning
Overview
You have been tasked to automatically distribute the VLANs in the network using VTP. You have
to propagate normal VLANs, as well as extended VLANs. Your VTP set-up should be secured and
highly available.
Estimated Time to Complete: 2 hours
25|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

Understanding VLAN Trunk Protocol:
http://www.cisco.com/c/en/us/support/docs/lan-switching/vtp/10558-21.html

VTP Version 3:
http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-seriesswitches/solution_guide_c78_508010.html
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching Lab Exam. We recommend watching the following learning videos which
cover the topics seen in this lab scenario.

Video Title: VTP v1/v2 Theory

Video Title: VTP v1/v2 Demo
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
26 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Diagram 2.1: VTP Topology
0
Lab 2 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
Configuration Tasks
1. Configure a dot1q trunk allowing all VLANs on all the connections between Cat1 and Cat2,
between Cat2 and Cat3, and between Cat3 and Cat4.
27|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
2. Configure Cat4 as the server of the VTP domain iPexpert.
3. Configure Cat3 not to update its VLAN database. Cat3 should silently forward VTP packets.
4. Configure Cat1 and Cat2 as client of Cat4.
5. Add VLAN 150 and 151 on Cat4, and check that those VLANs are now present on Cat1 and Cat2,
but not on Cat3.
6. Add VLAN 1500 on Cat4, and make sure that it is propagated to Cat1 and Cat2, but not to Cat3.
7. Configure the VTP domain with a password of "090909". This password should be stored in the
NVRAM database.
8. Ensure that the next VLAN created will not be propagated to switches where this VLAN is not
allowed on any trunks.
9. Ensure that Cat2 can take over the server role in the case of a failure of Cat4.
10. Configure R2 in VLAN 150 and R5 in VLAN 1500 as client ports. Since Cat1 does not have any
client ports in VLAN 151, make sure that broadcast packets in VLAN 151 will never be transmitted
to Cat1.
Helpful Verification Commands




Show
Show
Show
Show
interface trunk
interface Ethernet 1/2 switchport
VTP status
VLAN
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 2 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 1
Copyright© iPexpert. All Rights Reserved.
28 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 3: Configure and Troubleshoot
Portchannels
Technologies Covered







LACP etherchannel
PagP etherchannel
Manual etherchannel
L2 etherchannel
L3 etherchannel
Load-balancing
Etherchannel misconfiguration guard
Overview
You have been tasked to configure seamless redundancy in the network by bundling several
physical connections into a logical connection called port-channel. In addition, you should trafficengineer the way that traffic is distributed on the different members of those port-channels.
Estimated Time to Complete: 3 hours
29|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

Configuring EtherChannels:
http://www.cisco.com/c/en/us/td/docs/switches/metro/me3600x_3800x/software/release/154_3_S/configuration/guide/3800x3600xscg/swethchl.html

EtherChannel Misconfiguration Guard:
http://www.cisco.com/c/en/us/td/docs/switches/metro/me3600x_3800x/software/release/154_1_S/configuration/guide/3800x3600xscg/swstpopt.html - wp1113708

Configuring EtherChannel Load Balancing:
http://www.cisco.com/c/en/us/td/docs/switches/metro/me3600x_3800x/software/release/154_3_S/configuration/guide/3800x3600xscg/swethchl.html
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching Lab Exam. We recommend watching the following learning videos which
cover the topics seen in this lab scenario.

Video Title: Ethernet Channels

Video Title: Ethernet Link Aggregation

Video Title: EtherChannel Configuration
Topology Details
Logically connect and configure your network as displayed in the topology drawing. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
30 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Diagram 3.1: Portchannels Topology
Lab 3 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
Configuration Tasks
1. Between Cat2 and Cat3, configure a static port-channel Po23 dot1q trunk and allow only VLAN
101.
2. Between Cat3 and Cat4, configure a PagP port-channel Po34 ISL trunk, and allow only VLAN 101.
Cat3 should not start the trunk negotiation. Configure PagP to protect the port-channel against
unidirectional failure and assume both switches are PAgP-capable.
3. Between Cat2 and Cat4, configure a LACP port-channel Po24 trunk, and allow only VLAN 102.
Cat2 should never start the negotiation.
31|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
4. Ensure that Cat4 controls LACP negotiation.
5. Ensure that E5/0 will be used as LACP failover if 9 members are present in the Port-channel.
Create a static redundant routed port, Po14, between, Cat1 and Cat2. Use the subnet
10.14.0.x/24 where x is the device.
6. On the Port-channel between the Cat2 and the Cat4, all the TCP flows from a source MAC
address to the same destination MAC address should use the same member in all the portchannels just configured.
7. On the Port-channel between the Cat3 and the Cat4, make sure that all the flows coming from a
MAC address are using the same PagP member when the packet returns to this MAC address.
8. Configure the four switches with a mechanism to disable the port-channel in the case of a misconfiguration that leads to the port-channel receiving Spanning-Tree BPDUs on two different
members.
Helpful Verification Commands



Show etherchannel summary
Show etherchannel port-channel
Show etherchannel load-balance
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific commands
were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our interactive
support community that’s accessible from the Member’s Area.
This concludes Lab 3 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 1
Copyright© iPexpert. All Rights Reserved.
32 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 4: Configure and Troubleshoot
Spanning-tree Protocol
Technologies Covered












PVST+
Switch priority
Port priority
Path cost
STP timers
Port fast
BPDUguard, BPDUfilter
Loopguard
Rootguard
Backbonefast
Loopfast
UDLD
Overview
You have been tasked to guarantee in a redundant L2 network a loop-free topology by
configuring the Spanning Tree protocol. Traffic engineering and optimization is also required. The
2 routers R6 and R9 will be considered as hosts that should not make part of the spanning-tree
topology.
Estimated Time to Complete: 4 hours
33|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

Configuring Spanning-Tree Protocol:
http://www.cisco.com/c/en/us/td/docs/switches/metro/me1200/controller/guide/b_nid_control
ler_book/b_nid_controller_book_chapter_0111.html

Configuring Optional Spanning-Tree Features:
http://www.cisco.com/c/en/us/td/docs/switches/metro/me3600x_3800x/software/release/154_1_S/configuration/guide/3800x3600xscg/swstpopt.html
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching Lab Exam. We recommend watching the following learning videos which
cover the topics seen in this lab scenario.
34 | P a g e

Video Title: Introduction To Spanning-Tree

Video Title: Traditional and Per-VLAN Spanning-Tree

Video Title: Configuring Per-VLAN Spanning-Tree

Video Title: Advanced Spanning-Tree Features (Multiple)
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
Diagram 4.1: Spanning Tree Topology
Lab 4 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
Configuration Tasks
1. Configure the 4 Catalysts to run PVST+ (and not rapid PVST+).
2. Configure all the inter-switch connections as dot1q trunks, allowing all VLANs.
35|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
3. Configure Cat1 as a VTP server for the domain iPexpert and configure VLAN 21 and 22.
4. Configure Cat2 as the primary root bridge for VLAN 21. Configure Cat4 as the secondary root
bridge for VLAN 21. Do not use a command containing priority in order to achieve this.
Optimize the timers to the number of switches.
5. Configure Cat3 as the primary root bridge on for VLAN 22. Configure Cat1 as the secondary root
bridge for VLAN 22. Do not use a command containing root in order to achieve this.
6. In VLAN 22, make sure that Cat2 and Cat4 will be the least preferable switches to become the
root of this network.
7. On VLAN 22, change the hello timer to 5s, the max aging time to 20s and the forward delay to
15s.
8. With all connections up on VLAN 21, the traffic from R6 to R9 should be forwarded using the
following path: Cat2-Cat1-Cat3-Cat4.
9. With all connections up on VLAN 22, the traffic from R6 to R9 should be forwarded using the
following path: Cat2-Cat3-Cat4.
10. With all connections up on VLAN 21, the traffic from Cat1 to Cat2 and from Cat3 and Cat4 should
flow over the E3/0 connections.
11. With all connections up on VLAN 22, the traffic from Cat1 to Cat2 and from Cat3 and Cat4 should
flow over the E3/0 connections.
12. Reduce the convergence time associated with indirect failures in the network. Enable Rootguard
on the e3/1 interface of Cat1.
13. Enable the Uplinkfast feature on the switches where it cannot create loops. When a failure occurs
on a switch with Uplinkfast feature on, a maximum of 100 dummy multicast packets have to
generate every second in order to update the rest of the network bridging tables.
14. Configure R6 as a client in VLAN 21 in access mode.
15. Configure R9 as a client with a trunk connection allowing VLAN 22. VLAN 22 should be native of
the dot1q trunk.
16. Configure the ports connected to the routers to transition immediately from blocked to
forwarding.
17. If R6 sends BPDUs, configure the switch port to transition to error-disabled when it happens.
Configure the port to re-enable itself automatically after 1 minute.
18. If R9 sends BPDUs, configure the switch port to ignore and silently drop them.
36 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
19. The link between Cat1 and Cat3 should be protected from a loop caused by a unidirectional link.
Do not use UDLD.
20. If UDLD puts Cat1’s or Cat4’s E4/0 into the error-disable state, re-enable that port automatically
after 5 minutes.
Helpful Verification Commands




Show
Show
Show
Show
spanning-tree
spanning-tree summary
spanning-tree VLAN x
spanning-tree root
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 4 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 1
Copyright© iPexpert. All Rights Reserved.
37|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 5: Configure and Troubleshoot MultiInstance Spanning-tree Protocol (MST)
Technologies Covered




MST
MST region
CST
RPVST+
Overview
The switches in this lab are experiencing very high CPU utilization. You have been tasked to
optimize the spanning-tree protocol in order to reduce the load on the CPU of the switches.
Multi-instance Spanning-tree (MST) allows a switch to run one STP instance for a group of VLANs.
Estimated Time to Complete: 2 hours
38 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

Configuring MSTP:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/122_55_se/configuration/guide/3750xscg/swmstp.html

Spanning-Tree from PVST+ to Rapid-PVST+:
http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/72836rapidpvst-mig-config.html
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching Lab Exam. We recommend watching the following learning videos which
cover the topics seen in this lab scenario.

Video Title: Rapid PVST+

Video Title: Rapid and Per-VLAN Spanning-Tree Convergence

Video Title: Multiple Spanning-Tree
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
39|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Diagram 5.1: MST Topology
Lab 5 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
40 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Configuration Tasks
1. Configure Cat1, Cat2, and Cat3 to run the MST protocol with the name iPexpertRegion. Configure
VLAN 100, 110, 200, and 210 on Cat1, Cat2, and Cat3.
2. MST instance 10 will encompass the VLAN range 100-150.
3. MST instance 20 will encompass the VLANs 200, 210, 220, 230, 240, and 250.
4. Configure all the inter-switch connection as trunk dot1q trunking all the VLANs.
5. For MST instance 10, configure Cat2 to be the root primary and Cat3 to be the root secondary. Do
not use the priority command.
6. For MST instance 20, configure Cat3 to always be the root primary and Cat2 to be the root
secondary.
7. Between Cat1 and Cat2, make sure that the STP blocked path is on the E3/0 for instance 10.
8. Configure VLAN 100, 110, 200, and 210 on Cat4.
9. Configure the MST region iPexpertRegion to always be the root of the CST.
10. Ensure that port E4/0 on Cat4 is in BLK state.
11. Ensure that port E3/0 on the Cat4 is in BLK state.
12. Make sure that the spanning-tree reconfiguration on Cat4 occurs in less than one second with
802.1w.
Helpful Verification Commands



41|P a g e
Show spanning-tree detail
Show spanning-tree mst configuration
Show spanning-tree vlan X
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 5 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 1
Copyright© iPexpert. All Rights Reserved.
42 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 6: Miscellaneous Layer 2 Topics
Technologies Covered




Managing MAC address table
Voice VLANs
Smartports Macros
Private VLAN
Overview
This lab focuses on several miscellaneous Layer 2 Topics, such as CAM table management, Voice
VLAN, Macros and Private VLANs.
Estimated Time to Complete: 2 hours
43|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

Configuring Private VLANS:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/122_53_se/configuration/guide/3750xscg/swpvlan.html

Configuring Auto Smartport Macros:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/122_53_se/configuration/guide/3750xscg/swmacro.html
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching Lab Exam. We recommend watching the following learning videos which
cover the topics seen in this lab scenario.

Video Title: Switch Operations Part 1

Video Title: Switch Operation Part 2

Video Title: Security Private VLANs
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
44 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Diagram 6.1: Layer 2 Topology Miscellaneous
Lab 6 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
Configuration Tasks
1. On Cat1, the dynamic MAC-address table entries should be removed from the table when they
are not re-learned after 10 seconds.
2. On Cat1 configure interface E1/1 as an access port in VLAN 120.
3. On Cat1, add a static entry that indicates the MAC address of the interface E0/0 of R5 is located
in VLAN 120 behind interface E1/1.
4. Configure a dot1q trunk between Cat2 and R6. This trunk should be allowed on VLAN 121 and
VLAN 122.
45|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
5. A laptop called "Laptop1" with a Wireshark sniffer is connected on Cat2 on the port E1/3.
Configure this port with dot1q trunk encapsulation allowing all the VLANs.
6. Configure a LACP port-channel between Cat1 and Cat2. Bundle interface E3/0 with E3/1 on both
sides. This port-channel is a dot1q trunk allowing VLAN 121, VLAN 122, and VLAN 500.
7. A laptop called "Laptop2" with a Wireshark sniffer is connected on Cat1 on the port E0/3.
Configure this port with an access port in VLAN 1.
8. Configure a VLAN of 33 reserved for voice traffic on Cat3. The voice traffic on E1/0 should use this
voice VLAN.
9. On Cat3, configure a macro called “Bounce-int” to bounce (shut followed by a no shut) an
interface. Use a variable called $int. Test and run the macro for E1/0.
10. On Cat1 and on Cat4, configure VLAN 120 as the primary VLAN, VLAN 130 as the isolated VLAN,
and VLAN 140 as the community VLAN. Configure E4/1 Cat1 as the PVLAN promiscuous port.
Configure interface E4/0 and int E5/0 Cat1 as the PVLAN host port for VLAN 130, interface E5/1,
and interface E3/0 Cat1 as the PVLAN host port for VLAN 140. The connection between Cat1 and
Cat4 has to be configured as a trunk port that will support the setup.
Helpful Verification Commands



Show macro auto device
Show interface private-vlan mapping
Show monitor session
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 6 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 1
Copyright© iPexpert. All Rights Reserved.
46 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 7: HDLC and PPP/PPPoE
Technologies Covered







HDLC
PPP PAP, CHAP
PPPoE
MLPPP
PPP inter-leaving
RTP reserve
Virtual-assembly
Overview
You have been tasked to configure the serial connections of your network with HDLC and PPP
encapsulation. PPP connection may have to be authenticated or aggregated in a bundle. You will
also have to deal with fragmentation, inter-packet delay and basic queuing mechanisms.
Estimated Time to Complete: 2 hours
47|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

Configuring Authentication:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/15-mt/sec-usraaa-15-mt-book/sec-cfg-authentifcn.html

PPP over Ethernet Client:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/bbdsl/configuration/15-mt/bba-15-mtbook/bba-ppoe-client.html

PPPoE Server :
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/bbdsl/configuration/15-mt/bba-15-mtbook/bba-ppoe-client.html - GUID-CEEDEFE1-326B-4D1B-AB06-4290FDF04F53
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching Lab Exam. We recommend watching the following learning videos which
cover the topics seen in this lab scenario.

Video Title: L2 Introduction

Video Title: PPP Configuration

Video Title: PPP and AAA
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
48 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Diagram 7.1: HDLC and PPP/PPoE Topology
Lab 7 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
Configuration Tasks
1. The link between R3 and R4 should be using the HDLC encapsulation. Check that you can ping
from R3 to R4.
2. The link between R3 and R5 should be using the PPP encapsulation. Turn on the CHAP
authentication with the password of “Password35”. Check that you can ping from R3 to R5.
3. The link between R3 and R6 should be using the PPP encapsulation. Turn on the PAP
authentication with the password of “Password361”. If the PAP authentication is unsuccessful,
CHAP authentication has to kick in with a password of “Password362”. Check that you can ping
from R3 to R6.
4. Configure PPPoE between the R6 and the R2 routers. R6 is the server side and R2 is the client
side. On the server side, a BBA is called “iPexpertgroup”. The IP pool is called “iPexpertpool” and
the range is from 10.1.26.10 to 10.1.26.20. The virtual-template number should use id 23 and the
IP address configured on the virtual template is 10.1.26.6 255.255.255.0.
5. Limit the number of sessions established (per client MAC address) to 3.
49|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
6. On the client side, use the ID 26 for both the dialer interface and the dialer-pool-number
interface. Check that you can ping from R6 to R2.
7. Make sure that unnecessary fragmentation is avoided.
8. The client R2 should authenticate when connecting on the server. Create a local account
username called R2 with the password "Password26".
9. Bundle with PPP multilink the two serial connections between R6 and R9. Use a group ID of 69.
10. Configure the IP address of 10.1.69.6/24 on the R6 PPP multilink69. Configure the ip address of
10.1.69.9/24 on the R9 PPP multilink69. Check that you can ping from R6 to R9.
11. Ensure that it is checked on the PPP multilink interfaces that all the fragments of an IP datagram
are received on the virtual interfaces before forwarding them.
12. There will be voice traffic running over the multilink PPP connection. Ensure that a small voice
packet is delayed a maximum of 20 ms because of the transmission of a big data packet.
13. Reserve 1 Mbps in a special queue for real-time packet flows designated to the UDP port starting
32768 and ending 32867.
Helpful Verification Commands





50 | P a g e
Show
Show
Show
Show
Show
ppp interface
pppoe summary
pppoe statistics
vpdn
vpdn session all
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 7 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 1
Copyright© iPexpert. All Rights Reserved.
51|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Section 2: Layer 3 Technologies
52 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 8: Configure and Troubleshoot Basic IP
Routing
Technologies Covered






Static route
Traffic engineering
Floating static route
Object tracking
PBR
GRE
Overview
You have been tasked to configure basic routing in your network. Knowledge of routing-related
concepts will be critical in this lab; Proxy ARP, Static Routing, GRE tunnels and (Local) Policy Based
routing will have to be configured.
Estimated Time to Complete: 4 hours
53|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

Policy-based Routing:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_pi/configuration/15-mt/iri-15-mtbook/iri-pbr.html

Basic IP Routing:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_pi/configuration/15-mt/iri-15-mtbook/iri-iprouting.html

Configuring a GRE Tunnel:
https://supportforums.cisco.com/document/13576/how-configure-gre-tunnel

How GRE Keepalives Work:
http://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/118370technote-gre-00.html
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching Lab Exam. We recommend watching the following learning videos which
cover the topics seen in this lab scenario.

Video Title: IP Routing

Video Title: Policy-based Routing

Video Title: Tunneling & GRE

Video Title: GRE tunnels

Video Title: Service Level Agreement (SLA) and Object Tracking
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
54 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Diagram 8.1: Basic IP Routing Topology
Lab 8 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
55|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Configuration Tasks
1. R1, R2, and R3 are in a hub and spoke topology where R1 is the hub and R2 and R3 are the
spokes. Configure DMVPN phase 2 as the underlying technology. Multicast support has to be
configured.
2. On R1, configure a static route to the loopback0 of R3. Check that you can ping the loopback0 of
R3 with a ping sourcing on the tunnel interface of R1.
3. On R2 tunnel interface, disable proxy-arp.
4. On R1, configure a static route to the loopback0 of R2 using the tunnel interface on R2 as the
egress interface.
5. On R1, ensure that you can ping the loopback0 of R2 with a ping sourcing on the tunnel interface
of R1. Create a static ARP entry to achieve this task.
6. On R6, configure a static route to network 10.1.0.0/16 pointing to E0/0. Check that you can ping
the loopback0 of R2 and R3.
7. Disable proxy-ARP on E0/1 of R2 and R3. Ensure that you can ping the loopback0 of R2 and R3
with a ping sourcing from the E0/0 ip address of R6.
8. Configure a GRE tunnel interface Tunnel0 between the loopback0 of R6 and the loopback0 of R3.
Use ip address 36.0.0.3/24 on R3 and 36.0.0.6/24 on R6. Configure default routes on R6 and R3
to each other with an AD of 250.
9. On R6, configure a static route to the loopback network of router R3 using the Tunnel 0 as egress
with an AD of 5. The tunnel0 interface should go down because of a recursion issue. Leave this
tunnel0 down as it is.
10. Configure static routing so that you can ping the loopback0 of R1 with a ping sourcing from the
loopback0 IP address of R6. The ping should follow the R6-R3-R1 route and use the DMVPN
tunnel.
11. Configure a GRE tunnel interface Tunnel16 between the loopback0 of R6 and the loopback0 of
R1. Use ip address 16.0.0.1/24 on R1 and 16.0.0.6/24 on R6.
12. On R3, configure a floating default route that will be used in the case that the tunnel interface to
R1 goes down. This floating route should not point to R1, but to R5 as a next-hop. At this point,
you are not asked to configure all the static routing that will make the backup path operational.
13. On R4, configure a default-route using the next-hop of R1. On R1, configure a static route to the
network 10.1.4.0/24 pointing to the next-hop on R4.
14. On R4, configure a default-route using the next-hop of R5 with an AD of 5.
56 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
15. The default-route using the next-hop of R5 should be used when the loopback0 of R1 has become
unreachable. Use object tracking and IP SLA.
16. On R5, configure default routing using policy-based routing. This default routing should be
pointing to a next-hop of R3 IP address using PBR. When CDP detects that R5 to R3 connectivity is
down, the traffic should be routed over R4. Do not use local policy-base routing.
17. On R9, use local-policy based routing to route to the loopback interface of R6.
18. On R6, use local-policy based routing to route to the loopback interface of R9. You should be able
to ping the loopback0 of R6 with a ping sourcing from the loopback0 of R9.
Helpful Verification Commands




Show
Show
Show
Show
route-map
policy-map interface x/x
ip route
interface tunnel x
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 8 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 2
Copyright© iPexpert. All Rights Reserved.
57|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 9: Configure and Troubleshoot Routing
Information Protocol (Part 1)
Technologies Covered









RIP version 2
Split-horizon
Auto-summarization
Send and receive version
Manual summarization
Convergence timers
Offset-list
Distribute-list
Per neighbor AD filtering
Overview
You have been tasked to configure routing in your network using the RIP version 2 protocol. Full
IP reachability in Hub & Spoke topology must be accomplished in this lab and some of the devices
must exchange routing updates in a secure way. Summarization will have to be enabled in certain
places and RIP timers will have to be tuned.
Estimated Time to Complete: 2 hours
58 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

Administrative Distance :
http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/15986-admindistance.html

Configuring RIPv2:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_rip/configuration/15-mt/irr-15-mtbook/irr-cfg-info-prot.html

RIP Commands and Features:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_rip/command/irr-cr-book/irr-crrip.html
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching Lab Exam. We recommend watching the following learning videos which
cover the topics seen in this lab scenario.
59|P a g e

Video Title: Basic RIP Configuration

Video Title: RIPv2 Split Horizon Part I and II

Video Title: RIPv2 Authentication

Video Title: RIPv2 Auto-Summary

Video Title: RIPv2 Manual Summarization

Video Title: RIPv2 Convergence and Convergence Timers

Video Title: RIPv2 Standard ACL Distribution-List

Video Title: RIPv2 Extended ACL Distribution-List

Video Title: RIPv2 Prefix-List Distribution List

Video Title: RIPv2 Offset-Lists

Video Title: Passive Interface RIP

Video Title: RIPv2 Filtering via Administrative Distance
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
Diagram 9.1: RIP Version 2 Topology
Lab 9 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
60 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Configuration Tasks
1. R1, R2, and R3 are in a hub and spoke topology where R1 is the hub and R2 and R3 are the
spokes. DMVPN is the underlying used technology. Configure RIP version 2 in this DMVPN
network.
2. Advertise the loopbacks 10 of R1, R2, and R3 in the RIP process.
3. Ensure full reachability in this hub and spoke technology. On R2, check that you can ping the
loopback10 of R3 sourcing from the loopback10 of R2.
4. Configure RIP version 2 between R5 and R3. Advertise the loopbacks of R5 in the RIP process.
5. Ensure that there is a single 10.0.0.0/8 entry in the routing table of R5. Use manual
summarization.
6. Ensure that the network 200.0.0.0/24 is advertised to the router R3. Do not use manual
summarization.
7. Enable RIP on the 172.16.236.0/24 network.
8. Advertise loopbacks of R6 in the RIP process. R6 is running version 1.
9. Make sure that the interfaces part of network 172.16.236.0/24 can send and receive either
version 1 or version 2 packets.
10. Configure RIP MD5 authentication on the 11.1.1.0/24 network. Use a key chain of
“iPexpertchain”, a key number 1, and a key-string of “iPpassword”.
11. On R2, the network 200.0.0.0/24 received on Ethernet0/0 should be rejected, and the network
201.0.0.0/24 received on Ethernet0/1 should be rejected. Do not use distribute-list or
administrative distance poisoning.
12. On R1, all the traffic should be sent to R2, and R3 should never be used as a next hop. Do not use
offset-list or administrative distance poisoning. Configure 2 Prefix-lists.
13. On R1, the network 23.0.0.0/8 should be routed via the tu23 and the network 24.0.0.0/8 should
be routed via the E0/1. Use administrative distance poisoning.
14. Configure RIP filtering so that R3 does not learn 5.0.0.0/8. Do not use any access-list, distributelist, and do not change AD values. R5 should learn all RIP subnets.
15. Configure the RIP timers on R1, R2, and R3 to 20 second updates, 40 second invalid, 10 second
hold, and 80 second flush.
16. On R3, configure Serial4/0 to send updates every 6 seconds towards R5.
61|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Helpful Verification Commands



Show ip protocols
Show ip route rip
Show ip rip database
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 9 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 2
Copyright© iPexpert. All Rights Reserved.
62 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 10: Configure and Troubleshoot
Routing Information Protocol (Part 2)
Technologies Covered






RIP default route
RIP update
Unicast update
Broadcast update
Triggered update
Source validation
Overview
You have been tasked to configure routing in your network using the RIP version 2 protocol. Full
IP reachability in Hub & Spoke topology must be accomplished in this lab and some of the devices
must exchange routing updates as unicast. Triggered Updates, Source Validation and PPP with
IPCP for address allocation will have to be configured.
Estimated Time to Complete: 2 hours
63|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

Configuring RIPv2:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_rip/configuration/15-mt/irr-15-mtbook/irr-cfg-info-prot.html

Advanced RIP Features:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_rip/configuration/15-mt/irr-15-mtbook/irr-adv-rip.html

RIP Commands and Features:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_rip/command/irr-cr-book/irr-crrip.html
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching Lab Exam. We recommend watching the following learning videos which
cover the topics seen in this lab scenario.

Video Title: RIPv2 Split-Horizon

Video Title: RIPv2 Update Operations and Manipulations

Video Title: RIPv2 Basic Default Routing

Video Title: RIPv2 Advanced Default Routing

Video Title: RIPv2 Offset-lists
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
64 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Diagram 10.1: RIP Version 2 Topology
Lab 10 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
65|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Configuration Tasks
1. R1, R2, and R3 are in a hub and spoke topology where R1 is the hub and R2 and R3 are the
spokes. DMVPN is the underlying used technology. Configure RIP version 2 in this DMVPN
network.
2. The RIP updates have to be sent as unicast packets on the DMVPN tunnels.
3. Advertise the loopbacks 0 of R1, R2, and R3 in the RIP process.
4. Ensure full reachability in this hub and spoke technology. On R2, check that you can ping the
loopback of R3 sourcing from the loopback of R2.
5. Configure RIP version 2 between R1 and R4. Advertise the loopback of R4 into the RIP process.
6. R1 should advertise a default route to all its RIP neighbors with the exception of R4.
7. If the E0/0 interface is going down, R1 will stop advertising this default route.
8. Configure RIP version 2 on the LAN connecting R2, R3, and R6. Advertise the loopback of R6 into
the RIP process.
9. The RIP updates should be broadcasted on the LAN 10.1.236.0/24.
10. Configure RIP version 2 on the serial connection between R3 and R5. Advertise the loopback 0 of
R5 into the RIP process.
11. The RIP updates between R3 and R5 should stay silent. Updates should be sent only when there is
a change in the topology.
12. Configure RIP version 2 on the serial connection between R6 and R9. Advertise the loopback of
R9 into the RIP process.
13. Configure PPP encapsulation on the serial connection between R6 and R9. Use IPCP for address
allocation with PPP. R6 is the server side (IP address 10.1.69.6/24) and R9 is client side (IP address
10.1.69.9/32 assigned by server). Ensure that R6 is getting the RIP updates from R9 and that you
can ping the loopback of R9 sourcing from the loopback of R6.
14. R5 should advertise a default-route to R3. This default-route should only be advertised if the
network 10.1.2.2/32 is present in the routing table.
66 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Helpful Verification Commands



Show ip protocols
Show ip route rip
Show ip rip database
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 10 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 2
Copyright© iPexpert. All Rights Reserved.
67|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 11: Configure and Troubleshoot EIGRP
(Part 1)
Technologies Covered







EIGRP AS mode
EIGRP named mode
Stub
Summarization
Authentication
Key chain rotation
Prefix number limiting
Overview
You have been tasked to configure the routing reachability in your network using the EIGRP
protocol. Two ways of configuring EIGRP (AS vs Named mode) will be tested in this lab. Loopback
interfaces of DMVPN devices must be reachable within the Cloud and more advanced topics,
such as EIGRP Stub or Prefix Limiting, will have to be configured.
Estimated Time to Complete: 3 hours
68 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

Introduction to EIGRP :
http://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocoleigrp/13669-1.html

EIGRP:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/configuration/15-mt/ire-15-mtbook/ire-enhanced-igrp.html

EIGRP Prefix Limit Support:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/configuration/15-mt/ire-15-mtbook/ire-pre-ls.html

EIGRP Stub Routing:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/configuration/15-mt/ire-15-mtbook/ire-eigrp-stub-rtg.html

EIGRP Wide Metrics:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/configuration/15-mt/ire-15-mtbook/ire-wid-met.html

EIGRP Commands :
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/command/ire-cr-book.html
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching Lab Exam. We recommend watching the following learning videos which
cover the topics seen in this lab scenario.
69|P a g e

Video Title: EIGRP

Video Title: EIGRP Neighbor Formation and Maintenance

Video Title: EIGRP Named Operation

Video Title: EIGRP Named Operation Authentication, Part 1 and Part 2

Video Title: Classic EIGRP Authentication

Video Title: Classic EIGRP Key Chain Operations
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1

Video Title: EIGRP Summarization (Classic)

Video Title: EIGRP Stub Routing

Video Title: EIGRP Stub Routing with Leak Maps
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
Diagram 11.1: EIGRP Topology
70 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 11 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
Configuration Tasks
1. R1, R2, and R3 are in a hub and spoke topology where R1 is the hub and R2 and R3 are the
spokes. DMVPN is the underlying used technology. Setup EIGRP routing in autonomous
configuration mode with AS11 in this DMVPN network.
2. Advertise the loopbacks of R2 and R3 in the EIGRP process. Only the 12.1.x.x/24 networks should
be redistributed from connected into the routing protocol.
3. Redistribute only the loopback0 on R1 in the EIGRP process.
4. Make sure that there is full connectivity between loopbacks with the DMVPN network.
5. Make sure that the traffic from the spoke to spoke is not transiting by the hub.
6. R2 should advertise the 12.1.0.0/16 network out to R1 with a metric using the following
parameters:
Table 11.2
bandwidth
100 000 kilobits per s
delay
5 tens of microsecond
reliability
255
load
20
mtu
1500 bytes
7. R2 is not transiting any traffic, so R2 should not receive EIGRP query packets anymore.
Configuration for this task should be performed on R2, and loopbacks of R2 should stay
reachable.
8. On R6 and R9, setup EIGRP routing in named configuration mode using AS11 and the name of
“iPexpert”. Advertise the loopbacks of R6 and R9 in the EIGRP process. On R9, ensure that you
can ping the loopback1 of R2 from the loopback0 of R9.
71|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
9. Configure EIGRP authentication between R6 and R3. Use a key chain called “keyiPexpert1” with 2
keys. Key 1 with a key-string of “Password1” is used since 03:00:00 Jan 1 2014 until 03:00:00 Jan
1 2015, but can already be used one month before and is still valid one month after. Key 2 with a
key-string of “Password2” will be used from 03:00:00 Jan 1 2015 onwards, but can be used since
03:00:00 Dec 15 2014.
10. Configure EIGRP HMAC-SHA-256 authentication between R6 and R9. Use a key-string of
“Password3”.
11. On R6, generate a syslog message when the maximum prefix limit of 10 has been accepted from
the neighbor R9. Do not take any other action when this max limit of 10 is exceeded.
12. On R6, tear down the EIGRP neighborship relations when more than 20 prefixes are received by
the EIGRP process, and generate a syslog message when more than 10 prefixes have been
accepted.
Helpful Verification Commands






Show
Show
Show
Show
Show
Show
ip eigrp interfaces [detail]
ip eigrp neighbors [detail]
ip eigrp topology
ip protocols
eigrp protocols
ip eigrp traffic
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 11 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 2
Copyright© iPexpert. All Rights Reserved.
72 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 12: Configure and Troubleshoot EIGRP
(Part 2)
Technologies Covered







Summarization with default routing
Summarization with leak-map
Summarization with floating default routing
EIGRP metric weights
TE
Unequal cost load balancing
EIGRP timers
Overview
You have been tasked to configure the routing reachability in your network using the EIGRP
protocol. The focus of this lab includes some more advanced EIGRP features, such as
Summarization (with/without leak-maps), metric calculations and Traffic Engineering (e.g. Load
Balancing).
Estimated Time to Complete: 3 hours
73|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

EIGRP:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/configuration/15-mt/ire-15mt-book/ire-enhanced-igrp.html

EIGRP Support for Route Map Filtering:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/configuration/15-mt/ire-15mt-book/ire-sup-routemap.html

EIGRP Route Tag Enhancements:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/configuration/15-mt/ire-15mt-book/ire-en-rou-tags.html - GUID-C35AF8A8-B927-4A98-8EB9-D0E38A68CBBC
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching Lab Exam. We recommend watching the following learning videos which
cover the topics seen in this lab scenario.
74 | P a g e

Video Title: Classic EIGRP Metrics

Video Title: EIGRP Wide Metrics and Diagnostics

Video Title: EIGRP Summarization (Default Routing)

Video Title: EIGRP Summarization (Leak Maps)

Video Title: EIGRP Summarization (Selective Leak Maps), Part 1 and Part 2

Video Title: EIGRP Unequal Cost Load Sharing

Video Title: EIGRP Hello Hold Timers

Video Title: EIGRP SIA Timer

Video Title: EIGRP Feasibility Condition and the Topology Table

Video Title: EIGRP Metric Manipulation for Traffic Engineering
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
Diagram 12.1: EIGRP Topology
75|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 12 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
Configuration Tasks
1. R1, R2, and R3 are in a hub and spoke topology where R1 is the hub and R2 and R3 are the
spokes. DMVPN is the underlying used technology. Setup EIGRP routing in autonomous
configuration mode with AS4 in this DMVPN network.
2. Advertise loopback0 on R1, R2, and R3 in the EIGRP process using network statements.
3. Setup EIGRP routing between R3 and R5. Advertise the loopback0 into the EIGRP process.
4. On R3, configure summarization in a way that R5 only receives a default-route from R3. Leak also
the loopback 10.1.4.4.
5. Setup EIGRP routing between R3 and R6, and between the R6 and R9. Advertise the loopback0 of
R6 and R9 into the EIGRP process. On R3, check that you can ping the loopback of R9 using the
loopback of R3 as a source.
6. On R3, configure summarization in a way that R6 only receives a default-route from R3.
7. On R6, configure summarization in a way that R9 only receives a default-route from R6.
8. On R3, check that you can ping the loopback of R9 using the loopback of R3 as a source. Use a
floating route summarization.
9. Setup EIGRP routing between R1 and R4, and between the R4 and R7. Advertise the loopback0 of
R4 and R7 into the EIGRP process. On R1, check that you can ping the loopback of R7 using the
loopback of R1 as a source.
10. On R4, configure summarization in a way that R7 receives from R4 a default-route and the
loopback0 networks of R1, R2, and R3.
11. Setup EIGRP routing between R4 and R5.
12. In the whole EIGRP domain, configure the metric calculation to use K1=0, K2=0, K3=1, K4=0, and
K5=0.
76 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
13. Configure a delay of 512 on the link between R4 and R5, a delay of 256 on the link between R4
and R1, a delay of 256 on the link between R1 and R3, and a delay of 128 on the link between R3
and R5.
14. Configure bidirectional un-equal cost load-balancing between R4 and R5. Use off-set list when it
is necessary.
15. Configure R6 to send EIGRP hello packets every 1 s to R9.
16. In the EIGRP domain, ensure that a router that has not replied to an EIGRP Query packets for 2
minutes is declared Stuck in Active.
17. On R9, configure a NSF during 5 minutes when the R6 NSF-capable router is undertaking a
switchover.
Helpful Verification Commands






Show
Show
Show
Show
Show
Show
ip eigrp interfaces [detail]
ip eigrp neighbors [detail]
ip eigrp topology
ip protocols
eigrp protocols
ip eigrp traffic
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 12 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 2
Copyright© iPexpert. All Rights Reserved.
77|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 13: Configure and Troubleshoot EIGRP
(Part 3)
Technologies Covered










Stub routing with leak-map
Filtering with passive interfaces
Filtering with distribute-list
Filtering with offset-list
Filtering with AD
Filtering with route-maps
Bandwidth pacing
Neighbor logging
Router-id
Maximum hops
Overview
You have been tasked to configure the routing reachability in your network using the EIGRP
protocol. Specifically, route filtering will be tested along with some other EIGRP features such as
Bandwidth Pacing or redistribution.
Estimated Time to Complete: 3 hours
78 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

EIGRP Stub Routing:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/configuration/15-mt/ire-15mt-book/ire-eigrp-stub-rtg.html

EIGRP Support for Route Map Filtering:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/configuration/15-mt/ire-15mt-book/ire-sup-routemap.html

IP Routing - EIGRP:
http://www.cisco.com/c/en/us/tech/ip/enhanced-interior-gateway-routing-protocoleigrp/index.html
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching lab exam. We recommend watching the following learning videos which
cover the topics seen in this lab scenario.
79|P a g e

Video Title: EIGRP Stub Routing with Leak Maps

Video Title: EIGRP Equal Cost Load Sharing

Video Title: EIGRP Filtering (Standard ACLs)

Video Title: EIGRP Filtering (Extended ACLs)

Video Title: EIGRP Filter (Offset List)

Video Title: EIGRP Filter (Administrative Distance)

Video Title: EIGRP Filter (Route Maps)

Video Title: EIGRP Duplicate Router ID Detection

Video Title: EIGRP Filter (Maximum Hops)

Video Title: EIGRP Filter (Maximum Hops Named Operation)
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
Diagram 13.1: EIGRP Topology
Lab 13 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
80 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Configuration Tasks
1. R1, R2, and R3 are in a hub and spoke topology where R1 is the hub and R2 and R3 are the
spokes. DMVPN Phase II is the underlying used technology. Setup EIGRP routing in autonomous
configuration mode with AS33 in this DMVPN network.
2. Advertise the loopbacks of R1, R2, and R3 in the EIGRP process. Use network statements.
3. Configure EIGRP on the LAN between R3 and R6.
4. On R6, redistribute all connected interfaces into the EIGRP process.
5. Configure R2 and R3 as stub routers that advertise connected and summary routes.
6. R3 should still advertise towards R1 the network 10.11.6.0/24, 10.22.6.0/24, and 10.33.6.0/24.
7. Configure EIGRP on the serial connection between R3 and R6.
8. Configure EIGRP on the LAN between R1 and R4. Advertise the loopbacks of R4 in the EIGRP
process. Use the network statement.
9. Configure a distribute-list with prefix-list to prevent R1 from advertising the network 10.1.4.4/32.
10. Configure a distribute-list with prefix-list to prevent R1 from learning the network 10.33.6.0/24.
11. Configure EIGRP on the connection between R4 and R5. Advertise the loopbacks of R5 in the
EIGRP process. Use network statements. Make sure that the traffic is load-balanced on the 2
connections.
12. On R4, create a filter based on ACL. R4 should use the Ethernet connection to reach 10.1.5.5/32.
Use a standard access-list to achieve this.
13. On R4, create filters based on ACL. R4 should use the serial connection to reach 10.11.5.0/24. Use
an extended access-list to achieve this.
14. Configure EIGRP on the serial connection between R6 and R9. Advertise the loopbacks of R9 in
the EIGRP process except loopback 3. Use network statements. Between R3 and R6, make sure
that the traffic is load-balanced between the serial interface and the ethernet interface.
15. On R6, create a filter based on offset-list. R3 should use the serial 4/2 connection to reach
10.1.9.9/32.
16. On R3, create a filter based on offset-list. R3 should use the E0/1 connection to reach
10.11.9.0/24.
81|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
17. Configure R1 not to install the route 10.11.4.0/24. Manipulate AD.
18. On R9, there is a preconfigured static route to 172.16.1.0/24. Redistribute this static route into
EIGRP and tag this route with a tag of 666.
19. Filter this route out on R6 based on the tag 666.
20. On the serial connection between R4 and R5, make sure that EIGRP control traffic cannot exceed
25% of the bandwidth.
21. The R4 and R5 routers should log EIGRP neighbor relationship changes.
22. On R9, configure an EIGRP router-id as 9.9.9.9 and redistribute the loopback3 into EIGRP.
23. On R6, configure the EIGRP process to reject the 10.22.9.0/24 network. You are only allowed to
change the EIGRP router-id.
24. On R6 and R9, configure the EIGRP process to reject EIGRP packets that have transited over more
than 10 hops.
Helpful Verification Commands





Show
Show
Show
Show
Show
ip
ip
ip
ip
ip
eigrp interfaces
eigrp neighbors
eigrp topology
protocols
eigrp traffic
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 13 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 2
Copyright© iPexpert. All Rights Reserved.
82 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 14: Configure and Troubleshoot OSPF
(Part 1)
Technologies Covered






DR/BDR
OSPF network types
OSPF path selection
OSPF per neighbor cost
OSPF auto-cost reference bandwidth
OSPF version 3 address-family support
Overview
You have been tasked to configure routing in a network using OSPF. To properly solve this lab,
you will have to know how OSPF Network Types affect routing in a DMVPN Cloud and how to
correctly configure it given certain restrictions. In addition, you must also know how to
manipulate link cost in OSPF and how to use IPv6 OSPF (OSPFv3) to carry IPv4 prefixes.
Estimated Time to Complete: 4 hours
83|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

Configuring OSPF:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-mt/iro-15mt-book/iro-cfg.html

OSPF FAQ:
http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/9237-9.html

OSPF Neighbor States:
http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13685-13.html

OSPF Neighbor Problems:
http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13699-29.html

OSPF Design Guide:
http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/7039-1.html

OSPF Commands & Features:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/command/iro-cr-book.html
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching lab exam. We recommend watching the following learning videos which
cover the topics seen in this lab scenario.

Video Title: OSPF Introduction and Architecture

Video Title: OSPF Database and LSA Types

Video Title: OSPF Adjacencies, Authentication, and Network Types

Video Title: Adjacency Forming
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
84 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Diagram 14.1: EIGRP Topology
Lab 14 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
85|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Configuration Tasks
1. R1, R2, and R3 are in a hub and spoke topology where R1 is the hub and R2 and R3 are the
spokes. DMVPN is the underlying used technology. Configure OSPF process 1 area 0 in this
network. The election of a DR should not take place. On routers R2 and R3, you are not allowed
to change the default network type and not allowed to modify the timers.
2. R4, R5, and R1 are also in a hub and spoke topology where R4 is the hub and R1 and R5 are the
spokes. DMVPN is the underlying used technology. Configure OSPF process 1 area 0 in this
network. The election of a DR should take place in this network. The DR should always be on the
hub router. Multicast is not enabled on the DMVPN tunnels.
3. On R1, R2, R3, R4, and R5, configure loopbacks 0 as the OSPF router-ids and advertise loopback0
of the routers into OSPF in the following areas:
Table 14.2
R1
Area 1
R2
Area 2
R3
Area 3
R4
Area 4
R5
Area 5
Check that you have full reachability between the loopbacks, especially on R2, check that you can
ping the loopback of R5 sourcing from the loopback of R2.
4. Configure the network 10.1.236.0/24 into area 236 on R2, R3, and R6.
5. R2 should always be elected as the DR, and R3 should always be elected as the BDR.
6. Advertise only the loopback 0 of R6 into OSPF area 236. Do not use a network statement. On R5,
check that you can ping the loopback of R6 sourcing from the loopback of R5.
7. We are going to have links faster than 100M in the network. In the whole OSPF network, a
gigaethernet link should have a cost of 1 and a fast ethernet link should have a 10.
8. Manipulate the OSPF cost so that R1 prefers R2 over R3 to reach the loopback of R6. Do not
configure anything under the interfaces.
9. Configure OSPF version 3 area 0 for IPv4 between R6 and R9.
Use the following global unicast addresses:
86 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Table 14.3
R6 s3/0
2001::6/64
R9 s3/0
2001::9/64
10. Create the following IPv4 address loopback1:
Table 14.4
R6
20.1.6.6/32
R9
20.1.9.9/32
11. Advertise the IPv4 address loopback1 of R6 and R9 into area 0 of the OSPF version 3 processes.
If necessary, use the IPv6 following address for loopback0:
Table 14.5
R6
2001:bd8::6/64
R9
2001:bd8::9/64
12. On R6, make sure that you can ping the loopback of R9 sourcing from the loopback of R6.
Helpful Verification Commands





87|P a g e
Show
Show
Show
Show
Show
ip
ip
ip
ip
ip
protocols
ospf
ospf database
ospf interface [brief]
ospf neighbor
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 14 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 2
Copyright© iPexpert. All Rights Reserved.
88 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 15: Configure and Troubleshoot OSPF
(Part 2)
Technologies Covered










Discontiguous area
Virtual-links
GRE tunnels
Non-backbone transit area
OSPF authentication
Flood reduction
Demand circuit
Summarization
Discard-route
Flood reduction
Overview
You have been tasked to configure OSPF as the routing protocol of your network. The knowledge
of OSPF areas is required to successfully finish this lab. Other OSPF features, such as
Authentication, Summarization, Flood reduction, and more, will be also tested in this scenario.
Estimated Time to Complete: 4 hours
89|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

OSPF Database Explanation:
http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/16437ospfdbtoc.html

What are OSPF areas and Virtual Links:
http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13703-8.html

Configuring Route Summarization between OSPF Areas:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-mt/iro-15-mtbook/iro-cfg.html - GUID-F45462C5-D0CD-41AD-8D25-6E236494A9F6

Configuring OSPF Area Parameters:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-mt/iro15-mt-book/iro-cfg.html - GUID-E90BEE21-D50C-4D32-82F4-67C0C43543E1

Establishing Virtual Links:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-mt/iro-15-mtbook/iro-cfg.html - GUID-7E5D9BDB-F49C-49E6-9216-0566AB069269

OSPF Area Transit Capability:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-mt/iro-15mt-book/iro-area-trans.html

OSPF Demand Circuit Feature:
http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/5132-dc.html

OSPF Commands & Features:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/command/iro-cr-book.html
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching Technology Workbook. We recommend watching the following learning
videos prior to completing this lab scenario.
90 | P a g e

Video Title: OSPF Inter-Area Operations, Area Types, and External Routes

Video Title: OSPF Area Types

Video Title: LSA Types 1,2,3, and Virtual Links
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1

Video Title: OSPF Stub Area Configurations

Video Title: OSPF Adjacencies, Authentication and Network Types

Video Title: OSPF Summarization and Filtering

Video Title: OSPF Advanced Configuration and Filtering
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
91|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Diagram 15.1: OSPF Topology
Lab 15 Setup

92 | P a g e
This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
NOTE
Load the initial configuration files before starting to work on the tasks.
Configuration Tasks
1. R1, R2, and R3 are in a hub and spoke topology where R1 is the hub and R2 and R3 are the
spokes. DMVPN is the underlying used technology. Configure OSPF process 1 area 0 in this
network. The election of a DR should take place in this network. The DR should always be on the
hub router.
2. The loopback0 networks of R1, R2, and R3 should present in the OSPF database of R1 as LSAs
type 1.
3. Configure the network 10.1.236.0/24 into area 236 on R2, R3, and R6. Redistribute only the
loopback0 of R6 into the area 236.
4. Configure the network 10.1.69.0/24 into area 69 on R6 and R9. Add the loopback0 of R9 into the
area 69 process as a network statement.
5. Configure area 236 as a stub area.
6. Ensure that there is IP connectivity between loopback0 of R9 and the loopback0 of R1. Do not use
a virtual-link, as the transit area is a stub area. The path through R3 should be used. Use an IP
address of 36.0.0.3/24 and 36.0.0.6/24 when necessary.
7. Configure the network 10.1.14.0/24 into area 14 on R1 and R4. Add the loopback0 of R4 into the
area 14 process as a network statement.
8. Configure the network 10.1.47.0/24 into area 47 on R4 and R7. Add the loopback0 of R7 into the
area 47 process as a network statement.
9. Ensure that there is IP connectivity between loopback0 of R7 and the loopback0 of R2.
10. Configure the network 10.1.35.0/24 to be part of area 0.
11. Configure the network 10.1.45.0/24 and the network 10.1.5.5/32 to be part of area 45.
12. Configure an OSPF cost of 60000 on the interfaces belonging to the network 10.1.14.0/24.
13. On R7, when performing a trace route from the loopback of R7 to the loopback of R3, we can
observe that the trace route is following the path R7, R4, R5, and R3. The routing is using a nonbackbone area, that is to say area 45, as a transit. Without modifying any OSPF costs, ensure that
the trace route is using the R7, R4, R1, and R3 path.
93|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
14. OSPF should not exchange periodic hellos and periodic refreshes of LSAs over the point-to-point
connection between R6 and R9. Configuration can only be applied on R9.
15. Configure plain-text authentication on the connection between R6 and R9. The key value should
be set to “iPexpert”. Make sure that this authentication is enforced even if this is an on-demand
circuit.
16. Configure MD5 authentication only on the connection between R5 and R3. The key value should
be set to 2 and the password to “iPexpert2015”. On R5, configure authentication under the
routing process.
17. Protect the connection between R5 and R4 with the Null authentication.
18. OSPF process is reflooding by default every LSAs every 30 minutes. This should not be necessary
for LSAs sent out of the two serial interfaces on R5.
19. Configure the following loopbacks on R9:
Table 15.2
Loopback 8
10.8.9.9/16
Loopback 9
10.9.9.9/16
Loopback 10
10.10.9.9/16
20. Those 3 loopbacks should be seen in the area 0 routing table as a single summary network. Use
internal summary.
21. On R6, ensure that the summary route created in Task 20 is not present in the routing table
pointing to Null0.
22. On R9, redistribute the pre-configured routes into OSPF and make sure that they appear as one
routing entry in the routing table in all other OSPF routers.
23. Configure area 45 in a way that LSAs never age out in this area.
94 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Helpful Verification Commands





Show
Show
Show
Show
Show
ip
ip
ip
ip
ip
protocols
ospf
ospf database
ospf interface
ospf neighbor
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 15 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 2
Copyright© iPexpert. All Rights Reserved.
95|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 16: Configure and Troubleshoot OSPF
(Part 3)
Technologies Covered







Stub area
Totally not so stubby area
NSSA
NSSA type 5 to type 7 translation
LSA filtering
FA Suppression
Reliable conditional default routing
Overview
The knowledge of implementation OSPF Area Types is critical for this lab. You have to know the
differences between the Stub/Total Stub/NSSA areas and how they affect redistribution in
general. Other features, like LSA Filtering, FA Suppression and Reliable Conditional Default
Routing are also part of this lab.
Estimated Time to Complete: 4 hours
96 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

OSPF Areas and Virtual Links:
http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13703-8.html

OSPF NSSA:
http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/6208-nssa.html

Configuring OSPFv2 NSSA:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-mt/iro-15-mtbook/iro-cfg.html - GUID-9270D0BB-AE66-4589-B5A8-23DB1224EFF0

Reducing LSA Flooding:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-mt/iro-15-mtbook/iro-cfg.html - GUID-33666AA8-7396-4E2A-B5C2-69C2DF992FC6

OSPF Forwarding Address Suppression:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-mt/iro-15-mtbook/iro-for-add-sup.html

OSPF ABR Type 3 LSA Filtering:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-mt/iro-15-mtbook/iro-abr-type-3.html

How OSPF Injects a Default Route into a Normal Area:
http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/47868ospfdb9.html

How OSPF Injects a Default Route into a Stub or Totally Stub Area:
http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/47869ospfdb10.html

How OSPF Injects a Default Route into a Not So Stubby Area:
http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/47870ospfdb11.html

How does OSPFgenerate Default Routes:
http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/1369221.html

OSPF Commands & Features:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/command/iro-cr-book.html
97|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching lab exam. We recommend watching the following learning videos which
cover the topics seen in this lab scenario.

Video Title: OSPF Area Types

Video Title: OSPF Summarization and Filtering

Video Title: OSPF LSA Types 4,5, and 7

Video Title: OSPF Advanced Configuration and Filtering

Video Title: OSPF Stub Area Configurations

Video Title: OSPF Inter-Area and External Routes in the Database

Video Title: OSPF Forward Address
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
98 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Diagram 16.1: OSPF Topology
Lab 16 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
99|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Configuration Tasks
1. R1, R2, and R3 are in a hub and spoke topology where R1 is the hub and R2 and R3 are the
spokes. DMVPN is the underlying used technology. Get OSPF routing up and routing with process
1 area 0 in this DMVPN network. The election of a DR should not take place in this network. Do
not modify any OSPF timers.
2. Add the loopback0 of R1, R2, and R3 into the area 0 process as network statements.
3. On R2, R3, and R6, configure the network 10.1.236.0/24 as part of OSPF area 236. Add the
loopback0 of R6 into the area 236 process as a network statement.
4. In the R6 routing-table, the only IA OSPF-learned route should be a default route with the ABRs as
the next-hop.
5. On R6, configure static routing to ensure the reachability of the loopback0, loopback1, and
loopback2 networks of R9. R9 should be configured with a default route.
6. On R6, redistribute the static routes configured in Task 5 (except loopback2) into OSPF. In the
routing-table of R1, 10.1.9.0/24 should show as E1 and 10.11.9.0/24 should show as E2. On R1,
ensure that you can ping the loopback0 and loopback1 of R9 from the loopback0 of R1 as a
source.
7. Area 236 is a totally Not-so-stub area having two ABRs to area 0. By manipulating OSPF cost,
ensure that the default route in the R6 routing table is using R3 as a next hop. The cost of the
default route to R2 should be modified and this cost should be the default cost +1.
8. On R1 and R4, configure the network 10.1.14.0/24 as part of OSPF area 14. Add loopback0 of R4
into the area 14 process as a network statement.
9. Configure Area 14 in a way that it does not receive any LSA 5 updates. Ensure full reachability and
test that you can ping from R4 the loopback 0 of R9 from the loopback 0 of R4 as a source.
10. Area 35 is a totally NSSA area. On R3 and R5, configure the network 10.1.35.0/24 as part of OSPF
area 35. Inject the loopback0 of R5 into the area 35 process as a network statement.
11. Redistribute loopback1, loopback2, loopback3, and loopback4 of R5 into the area 35 each as a N2
route and each with a metric of 55. Make sure that on R5, you can ping to the loopback0 of R9
with the ping sourcing from loopback 4 of R5.
12. Block the LSA 7 to LSA 5 translation for the network 10.11.5.0/24 using a summary-address
command.
13. Filter the forwarding address for the type-7 LSAs originated at R5 using the area 35 range
not-advertise in command on the ABR.
100 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
14. Instruct R3 to become the forwarding address itself and check that the IP address reachability is
restored, that is to say check that you can ping to the loopback0 of R9 with the ping using as a
source the loopback4 of R5.
15. On R1, there is a default route pre-configured. This default route should be redistributed into
OSPF only if the network 10.21.5.0/24 is present in the routing table of R1. Use IP SLA to track, in
a reliable way, this network. You are allowed to add one static route in this task.
Helpful Verification Commands






Show
Show
Show
Show
Show
Show
ip
ip
ip
ip
ip
ip
protocols
ospf
ospf database
ospf interface
ospf neighbor
ospf border-routers
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 16 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 2
Copyright© iPexpert. All Rights Reserved.
101|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 17: Configure and Troubleshoot OSPF
(Part 4)
Technologies Covered









Filtering with distribute-lists
Filtering with discard-route
Filtering with administrative distance
Filtering with route-maps
NSSA ABR external prefix filtering
Database filtering
Stub router advertisement
OSPF timers optimization
Resource limiting
Overview
In the last lab for OSPF you will be mostly dealing with route filtering. Various filtering methods
(ACLs, prefix-lists, AD manipulations, route-maps) will be tested, along with other OSPF features
such as Timers Optimization and Resource Limiting.
Estimated Time to Complete: 4 hours
102 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

OSPF Inbound Filtering Using Route Map with a Distribute List:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-mt/iro-15-mtbook/iro-inbound.html

OSPF Link-State Database Overload Protection:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-mt/iro15-mt-book/iro-lk-state-db.html

OSPF Stub Router Advertisement:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-mt/iro-15-mtbook/iro-stub-router.html

OSPF Commands & Features:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/command/iro-cr-book.html
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching lab exam. We recommend watching the following learning videos that cover
the topics seen in this lab scenario.

Video Title: Area Types

Video Title: LSA Types 4,5, and 7

Video Title: OSPF Stub Area Configurations

Video Title: OSPF Summarization and Filtering

Video Title: OSPF Advanced Configurations and Filtering
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
103|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Diagram 17.1: OSPF Topology
Lab 17 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
104 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Configuration Tasks
1. R1, R2, and R3 are in a hub and spoke topology where R1 is the hub and R2 and R3 are the
spokes. DMVPN is the underlying used technology. Configure OSPF process 1 area 0 in this
network. Use point-to-multipoint network type on the hub and the 2 spokes.
2. Configure the network 10.1.36.0/24 into area 0 on R3 and R6.
3. The loopback 0 networks of R1, R2, R3, and R6 should present in the OSPF database of R1 as LSAs
type 1.
4. On R1, prevent the flooding of link-state advertisements to R2 by using the database-filter
all out command applied to a neighbor. Make sure that R2 is still having full reachability.
5. Configure network 10.1.69.0/24 into area 69 on R6 and R9. Use network statement to advertise
loopback0. Distribute loopback1, loopback2, loopback3, and loopback4 of R9 into the area 69
process as E2 type.
6. Configure the following router-ids and make sure that they are in use by the process.
Table 17.2
R1
1.1.1.1
R2
2.2.2.2
R3
3.3.3.3
R6
6.6.6.6
R9
9.9.9.9
7. Ensure that the loopback0 network of R1 is not included by the OSPF process in the routing table
of R9. Use prefix-list and distribute-list.
8. On R9, the network 10.21.9.9/32 should be filtered out and not be propagated. Use distribute-list
and access-list.
9. On R3, configure a default route pointing to R5. On R5, configure a default route pointing to R3.
Confirm that you can ping from R3 the loopback0 of R5 10.1.5.5 from the loopback 0 of R3.
10. Redistribute this default route into OSPF area 0.
11. On the ABR R6, configure the area 0 to advertise a summary network of 10.1.0.0/16 within the
area 69.
105|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
12. Try to ping loopback0 of R5 from loopback0 of R9. Because of the presence of a 10.1.0.0/16 route
on the ABR, the default route is not being used and the ping is failing. Ensure that this 10.1.0.0/16
is suppressed.
13. On R1, the network 10.41.9.9/32 should be present in the OSPF database but not in the routing
table. Manipulate the administrative distance to achieve this.
14. Configure R6 so that R1 doesn’t receive the 10.1.9.9/32 prefix. Use prefix-list and area filter-list.
15. Configure a NSSA area 14 between R1 and R4. On R4, redistribute all connected interfaces into
OSPF.
16. On R1, filter the 10.11.4.4/32 and 10.22.4.4/32 out and let the other networks coming from area
14 advertise to the area 0. Use summary-address command.
17. Configure on all the routers a feature that will remove the transit networks from the OSPF
database. Check that IP reachability is still working between the OSPF advertised prefixes once
this feature is enabled.
18. On R9, configure the minimum interval for accepting the same LSA to 80 ms.
19. On R9, set the following rate-limit values for LSA advertisement:
Table 17.3
Start-interval
10 ms
Hold-interval
100 ms
Max-interval
5000 ms
20. On R9, configure OSPF throttling timers:
Table 17.4
Spf-start
10 ms
Spf-hold
4800 ms
Spf-max-wait
90000 ms
21. On R9, configure OSPF Update flood packet-pacing to 5 ms.
22. On R9, in order to improve convergence, enable incremental SPF.
106 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
23. R9 should fire up a syslog message when more than 3 prefixes are redistributed. First warning
should be sent when 80% of the threshold is reached.
24. On R9, limit to 1000 the number of non-self-generated LSAs the OSPF routing process can keep in
the OSPF database.
Helpful Verification Commands





Show
Show
Show
Show
Show
ip
ip
ip
ip
ip
protocols
ospf
ospf database
ospf interface
ospf neighbor
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 17 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 2
Copyright© iPexpert. All Rights Reserved.
107|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 18: Configure and Troubleshoot BGP
(Part 1)
Technologies Covered






EBGP peering
EBGP multihop
EBGP Disable-connected-check
Update source
iBGP peering
Route Reflector
Overview
You have been tasked to configure routing in your network using multiple protocols - OSPF,
EIGRP, RIP, iBGP and eBGP. BGP is the focus of this lab – you will be asked to configure peerings
between directly and non-directly connected routers. Route Reflection will be also tested in this
scenario.
Estimated Time to Complete: 4 hours
108 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

Cisco BGP Overview:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/15-mt/irg-15-mtbook/cisco_bgp_overview.html

BGP 4:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/15-mt/irg-15-mtbook/irg-bgp4.html

Configuring a Basic BGP Network:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/15-mt/irg-15-mtbook/irg-basic-net.html

Configuring Internal BGP Features:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/15-mt/irg-15-mtbook/irg-int-features.html

Sample Configuration for iBGP and eBGP With or Without a Loopback Address:
http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13751-23.html

BGP FAQ:
http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/5816-bgpfaq5816.html

BGP Case Studies:
http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/26634-bgptoc.html
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching lab exam. We recommend watching the following learning videos which
cover the topics seen in this lab scenario.
109|P a g e

Video Title: BGP Overview and Architecture

Video Title: BGP Peering – External and Internal

Video Title: BGP Route Reflectors and Confederations

Video Title: BGP Lecture
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
Diagram 18.1: BGP Topology
Lab 18 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
Configuration Tasks
1. Routing between R1 and R5 should be configured with RIP version 2. Loopback0 reachability has
to be achieved thanks to this protocol.
2. Configure an eBGP peering between R1 in AS 1 and R5 in AS 65001. This peering should be
established between the loopback0 of each router.
110 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
3. On the peering between R1 and R5, do not use the ebgp multihop command.
4. Advertise the loopback1 of R1 in BGP using a network statement.
5. Routing between R3 and R5 should be configured with static routes. Loopback0 reachability has
to be achieved thanks to this method.
6. Configure an eBGP peering between R3 in AS 3 and R5 in AS 65001. This peering should be
established between the loopback0 of each router. On the peering between R3 and R5, use the
ebgp multihop command.
7. Advertise the loopback0 of R3 in BGP using a network statement.
8. Routing between R2 and R7 should be configured with EIGRP. Loopback0 reachability has to be
achieved thanks to this protocol.
9. Configure an eBGP peering between R2 in AS 65001 and R7 in AS 7. This peering should be
established between the loopback0 of each router. Use the minimum number of hops necessary
in the ebg-multihop command.
10. Advertise loopback1 of R7 in BGP using a network statement. Check that you can ping from R2 to
the loopback1 of R7. Use of static routes on R8 is required.
11. Configure OSPF area 0 on the R2 to R5 connection. Advertise the loopback0 of R2, R5, and into
OSPF.
12. Configure iBGP peering between R2 and R5. This peering should be established between the
loopback0 of each router. Make sure that the ping from R3 to R7 is up and running. You are not
allowed to use the redistribute command but you can add a single default route in this task.
13. Enable synchronization on R5. Make sure you can still ping from R3’s loopback0 to R7’s
loopback1.
14. Configure OSPF area 0 on R5 to R4 connection. Advertise the loopback0 of R4 into OSPF.
15. Routing between R4 and R9 should be configured with static routes. Loopback0 reachability has
to be achieved thanks to this method.
16. Configure an eBGP peering between R4 in AS 65001 and R9 in AS 9. This peering should be
established between the loopback0 of each router.
17. Advertise loopback0 of R9 into BGP using a network statement.
18. Configure iBGP peering between R4 and R2. This peering should be established between the
loopback0 of each router. Configure R2 as a route-reflector for R4 and R5.
111|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
19. On R7, make sure that you can ping from loopback1 to loopback0 of R3, and R9.
20. Configure OSPF area 0 on connections R2 - R6 and R4 - R6. Advertise loopback0 of R6 into OSPF.
21. For redundancy, configure R2 and R6 as part of a RR cluster with cluster-id 1.
Helpful Verification Commands





Show
Show
Show
Show
Show
ip
ip
ip
ip
ip
bgp
bgp
bgp
bgp
bgp
neighbor
protocols
paths
summary
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 18 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 2
Copyright© iPexpert. All Rights Reserved.
112 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 19: Configure and Troubleshoot BGP
(Part 2)
Technologies Covered




Next-hop-self
BGP next-hop with route-map
BGP Confederation
GRE tunnels
Overview
In the second lab for BGP you will be tasked to manipulate the Next Hop attribute.
Confederations will have to be deployed and connectivity restored with the aid of GRE.
Estimated Time to Complete: 4 hours
113|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

Configuring BGP Route Map with Next-Hop Self:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/15-mt/irg-15-mtbook/irg-int-features.html - reference_7C7E244EE3FF41E194AB15277BD80C90

Configuring Internal BGP Features:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/15-mt/irg-15-mtbook/irg-int-features.html

BGP Case Studies:
http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/26634-bgptoc.html
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching lab exam. We recommend watching the following learning videos which
cover the topics seen in this lab scenario.
 Video Title: BGP Introduction
 Video Title: BGP Route Reflectors and Confederation Configuration
 Video Title: BGP Peering – External and Internal
 Video Title: BGP Filtering and Manipulation
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
114 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Diagram 19.1: BGP Topology
Lab 19 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
Configuration Tasks
1. Routing between R4 and R7 should be configured with EIGRP. Loopback0 reachability has to be
achieved thanks to this protocol.
2. Configure an eBGP peering between R4 in AS 65019 and R7 in AS 7. This peering should be
established between the loopback0 of each router.
3. Advertise loopback0 of R7 into BGP using a network statement, but make sure that EIGRP route is
more preferred.
4. Routing between R6 and R9 should be configured with static routes. Loopback0 reachability has
to be achieved thanks to this method.
115|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
5. Configure an eBGP peering between R6 in AS 65019 and R9 in AS 9. This peering should be
established between loopback0 of each router.
6. Advertise loopback0 of R9 in BGP using a network statement.
7. Configure OSPF area 0 only between R4 and R6. Advertise the loopback0 of R4 and R6 into OSPF
using a network statement. Do not advertise anything else into OSPF.
8. Configure iBGP between R4 and R6.
9. Use next-hop-self to enable IP connectivity between loopback0 of R7 and the loopback0 of R9.
10. Routing between R5 and R1 should be configured with RIP. Loopback0 reachability has to be
achieved thanks to this protocol.
11. Configure eBGP peering between R1 in AS 1 and R5 in AS 65019. This peering should be
established between the loopback0 of each router.
12. Advertise loopback0 of R1 in BGP using a network statement.
13. Routing between R8 and R2 should be configured with EIGRP. Loopback0 reachability has to be
achieved thanks to this protocol.
14. Configure an eBGP peering between R2 in AS 65019 and R8 in AS 8. This peering should be
established between the loopback0 of each router.
15. Advertise loopback0 of R8 in BGP using a network statement.
16. Configure OSPF area 0 only between R5 and R2. Advertise the loopback0 of R5 and R2 into OSPF
using a network statement. Do not advertise anything else into OSPF.
17. Configure an OSPF cost of 10 on this link.
18. Configure iBGP between R5 and R2.
19. Use a route-map to enable the IP connectivity between the loopback0 of R1 and the loopback0 of
R8.
20. Configure OSPF area 0 between R5 and R4.
21. Reconfigure routers R2, R4, R5 and R6. R2 and R5 are part of confederation with ID 25, R6, and R4
are part of confederation with ID 46.
22. Ensure full reachability between R1, R7, R8, and R9. As an example, you should be able to ping
from R8 to the loopback0 of R7 with the ping sourced from the loopback0 of R8. Use of 2 static
routes is allowed.
116 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
23. Configure OSPF area 0 on the connection between R5 and R3 with an OSPF cost of 1.
24. Configure OSPF area 0 on the connection between R2 and R3 with an OSPF cost of 1.
25. Restore the IP connectivity between R8 and R1, R8 and R7, and R8 and R9. You are not allowed to
redistribute BGP routes into OSPF. Use the network 10.1.145.0/24 for the tunnel interfaces and
two static routes. Make sure that you are again able to ping from R8 to the loopback0 of R1 with
the ping sourced from the loopback0 of R8.
Helpful Verification Commands





Show
Show
Show
Show
Show
ip
ip
ip
ip
ip
bgp
bgp
bgp
bgp
bgp
neighbor
protocols
paths
summary
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 19 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 2
Copyright© iPexpert. All Rights Reserved.
117|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 20: Configure and Troubleshoot BGP
(Part 3)
Technologies Covered








Weight
Local Preference
As-path prepending
Origin
MED
Always compare MED
AS-path ignore
Maximum AS Limit
Overview
The focus of this lab is BGP Attribute manipulations. To successfully finish this scenario you have
to know what is the purpose of Weight, Local Preference, AS Path, Origin and MED attributes,
and how to configure/modify them.
Estimated Time to Complete: 4 hours
118 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

BGP Best Path Selection Algorithm:
http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13753-25.html

BGP MED for Path Selection:
http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13759-37.html
BGP Deterministic MED vs Always Compare MED:
http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/16046-bgpmed.html

BGP and Internet Connectivity:
http://www.ciscopress.com/articles/article.asp?p=1565538&seqNum=4

Connecting to a Service Provider using External BGP:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/15-mt/irg-15mt-book/connecting_to_a_service_provider_using_external_bgp.html
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching lab exam. We recommend watching the following learning videos that cover
the topics seen in this lab scenario.

Video Title: BGP Route Propagation Control

Video Title: BGP Filtering & Manipulations

Video Title: BGP Attributes and Best-path Selection Process
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
119|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Diagram 20.1: BGP Topology
Lab 20 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
Configuration Tasks
1. Configure an iBGP peering between R4 and R7 in AS 65001. Make sure that the 10.1.46.0/24
network and that the network 10.1.78.0/24 is carried in the BGP updates with an origin of i.
2. Configure an eBGP peering between R4 in AS 65001 and R6 in AS 65002.
3. Configure an eBGP peering between R6 in AS 65002 and R8 in AS 8.
120 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
4. Configure an eBGP peering between R8 in AS 8 and R7 in AS65001.
5. The loopback0 of R4 should be present in the BGP database with an origin attribute of
incomplete. The loopback0 of R7 should be present in the BGP database with an origin attribute
of internal.
6. On R8, manipulate the weight attribute so that the route to 10.1.4.4/32 is pointing towards R6.
Use a prefix-list called WEIGHT_PL and a route-map called WEIGHT_RM.
7. The loopback0 of R6 should be present in the BGP database with an origin attribute of
incomplete.
8. In order to reach the 10.1.6.6/32 loopback, routers in AS 65001 should route the traffic over R8
through AS 8. Change the configuration on R7 and use a route-map called LOCALPRF_RM. You
don’t have to test connectivity in this task.
9. The loopback0 of R8 should be present in the BGP database with an origin attribute of IGP.
10. Configure R8 so that the traffic originated on R6 is going through AS 65001 to reach the network
10.1.8.8/32. On R6, 10.1.8.8 route via R8 should have the following AS-path attribute: 8 8 8 8 i.
Use a prefix-list called PREPEND_PL and a route-map called PREPEND_RM.
11. Configure OSPF area 0 between R6 and R2.
12. Configure iBGP connection between R6 and R2 – use AS 65002.
13. The loopback0 of R2 should be present in the BGP database with an origin attribute of
incomplete.
14. Configure an eBGP connection between R6 and R3 in AS 3. Redistribute the EBGP next-hop into
OSPF area 0.
15. Configure an eBGP connection between R2 and R3 in AS 3. Redistribute the EBGP next-hop into
OSPF area 0.
16. Advertise loopback0 and loopback1 of R3 using network statements.
17. Ensure that the traffic is routed via R2 to reach network 10.1.3.3/32. Configure R3 and use the
prefix-list called MED_PL 2 and a route-map called MED_RM2. Use a MED value of 200.
18. Ensure that the traffic is routed via R6 to reach network 10.11.3.3. Configure R3 and use the
prefix-list called MED_PL 6 and a route-map called MED_RM6. Use a MED value of 300.
19. On R2 and R6, advertise the network 10.1.26.0/24 with a network statement.
20. On R3, modify the origin of route 10.1.26.0/24 and ensure that this route is reached primarily
through R6. Use a prefix-list called ORIGIN_PL and a route-map called ORIGIN_RM.
121|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
21. On R6, advertise the network 10.22.6.0/24 using a network statement.
22. This network should be advertised to router R4 using the MED 500 and prepending one more AS
in the AS-path. Use a prefix-list called ALWAYSCOMPMED_PL and a route-map called
ALWAYSCOMPMED_RM.
23. Configure R4 and ensure that R4 always prefers the route with the lowest MED, that is to say the
route to R6 is pointing to R7 on R4.
24. Configure an eBGP connection between R2 and R5 (AS 5) and between R4 and R5. Advertise the
loopback of R5 into BGP with an origin of “?”.
25. On R4, prepend the AS 65001 4 times when advertising the network 10.1.7.7/32 to R5. The route
from R5 to the loopback0 should now be transiting through AS 65002.
26. On R5, the AS-path attribute should be ignored and the route to the 10.1.7.7/32 network has to
point towards R4 and not transit through AS 65002 anymore. Use MED to achieve this.
27. On the peering between R2 and R5, shut down the peering if more than 50 BGP updates are
advertised from R5 to R2. A syslog message should be sent when more than 40 BGP updates are
advertised from R5 to R2.
Helpful Verification Commands




Show
Show
Show
Show
122 | P a g e
ip
ip
ip
ip
bgp
bgp paths
bgp summary
bgp neighbor
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specifi c
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 20 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 2
Copyright© iPexpert. All Rights Reserved.
123|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 21: Configure and Troubleshoot BGP
(Part 4)
Technologies Covered










Aggregation
Summary-only
Suppress-map
Unsuppress-map
AS-set
Attribute-map
Advertise-map
Community no-export
Community local-AS
Community no-advertise
Overview
Aggregation (along with suppress/unsuppress maps) is the main focus of this scenario. Other
advanced features will also have to be configured, such as Attribute/Advertise maps and
Communities.
Estimated Time to Complete: 4 hours
124 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

Configuring Internal BGP Features:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/15-mt/irg-15-mtbook/irg-int-features.html

Understanding Route Aggregation in BGP:
http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/5441aggregation.html

How to Block One or More Networks from a BGP Peer:
http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13750-22.html
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching lab exam. We recommend watching the following learning videos that cover
the topics seen in this lab scenario.

Video Title: BGP

Video Title: BGP Route Propagation Control

Video Title: BGP Aggregation and Filtering

Video Title: BGP Filtering Using ACLs and Prefix Lists
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
125|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Diagram 21.1: BGP Topology
Lab 21 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
Configuration Tasks
1. Configure an iBGP peering between R2 and R6 in AS 65001.
2. Configure an eBGP peering between R3 in AS 3 and R6.
3. Configure an eBGP peering between R3 in AS 3 and R2.
4. R3 has to advertise a summary route representing the loopback1, loopback2, loopback3 and the
loopback4 addresses of R3. The aggregate address command cannot be used.
126 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
5. R3 has to advertise a summary route representing the loopback11, loopback12, loopback13, and
the loopback14 addresses of R3. More specific networks should also be advertised. Use
redistribution and a prefix-list with one single line.
6. R3 has to advertise a summary route representing the loopback21, loopback22, loopback23 and
the loopback24 addresses of R3. Specific subnets should not be advertised. Use network
statements.
7. In the addition to the summary route, loopback21 network should be the only specific network
advertised towards R2. Use an unsuppress-map.
8. In the addition to the summary route, loopback22 network should be the only specific network
advertised towards R6. Use an unsuppress-map.
9. In the addition to the summary route, loopback14 network should be the only specific network
advertised towards R2. Use a suppress-map.
10. Configure an eBGP peering between R4 in AS 4 and R6 in AS 65001.
11. Configure an eBGP peering between R4 in AS 4 and R7 in AS 7. Advertise the network
200.1.1.0/24 into BGP using a network statement.
12. Configure an eBGP peering between R4 in AS 4 and R5 in AS 5. Advertise the network
200.2.1.0/24 into BGP using a network statement.
13. On R4, configure the aggregate 200.0.0.0/14. The more specific networks should not be
advertised to R6. This aggregate should have in its AS-path attribute all the ASs that were
contained in the AS-path attribute of the more specific networks.
14. On R3, advertise the networks 153.153.153.0/24 and 153.153.154.0/24 into BGP using network
statements.
15. On the peerings with R2 and R6, the network 153.153.153.0/24 has to be sent with the No-Export
community. Use a route-map called NOEXPORT_RM.
16. On R6, configure an aggregate for the network 153.153.152.0/22 with the summary-only and
with the AS-SET option on.
17. Ensure that this aggregate is advertised to R4. Use a route-map called ATTRIBUTEMAP_RM.
18. On R5, advertise the networks 200.200.0.0/16 and 200.201.0.0/16 into BGP using network
statements.
19. When advertising out the network 200.200.0.0/16 to R4, configure the community of noadvertise.
127|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
20. On R4, configure an aggregate for the network 200.0.0.0/8 with the summary-only and with the
AS-SET option on.
21. Ensure that the network 200.0.0.0/8 will be advertised to R7 and R6. You are not allowed to use
an attribute-map to remove the community. Use a route-map called ADVERTISEMAP_RM.
22. On R4, advertise the network 10.22.4.0/24 into BGP using a network statement.
23. Ensure that the network 10.22.4.0 will be advertised to R6 with a community that will prevent it
to be advertised to other eBGP peers.
Helpful Verification Commands






Show
Show
Show
Show
Show
Show
ip
ip
ip
ip
ip
ip
bgp
bgp
bgp
bgp
bgp
bgp
paths
summary
as-path access-list
filter-list
regexp
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 21 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 2
Copyright© iPexpert. All Rights Reserved.
128 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 22: Configure and Troubleshoot BGP
(Part 5)
Technologies Covered








Route Filtering
Local AS
Replace AS
Dual AS
Remove Private AS
Dampening
ORF
BGP allowas-in
Overview
In this last lab for BGP you will have to deal with Filtering, AS Path manipulations and other
advanced features (e.g. BGP dampening).
Estimated Time to Complete: 4 hours
129|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

BGP Route-Map Continue:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/15-mt/irg-15-mtbook/irg-route-map-continue.html

BGP Local-AS Feature:
http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13761-39.html

Removing Private AS Numbers:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/15-mt/irg-15-mtbook/removing_private_as_numbers_from_the_as_path_in_bgp___.html

Configuring BGP Route Filtering by Neighbor
http://www.cisco.com/c/en/us/td/docs/ios/12_2/ip/configuration/guide/fipr_c/1cfbgp.html

Allowas-in Feature in BGP:
http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/112236allowas-in-bgp-config-example.html

BGP Prefix-Based Outbound Route Filtering:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/15-mt/irg-15-mtbook/bgp_prefix-based_outbound_route_filtering.html
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching lab exam. We recommend watching the following learning videos that cover
the topics seen in this lab scenario.

Video Title: BGP Filtering and Manipulations

Video Title: BGP Aggregation and Filtering

Video Title: BGP Route Propagation Control
130 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
Diagram 22.1: BGP Topology
Lab 22 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
131|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Configuration Tasks
1. Configure an iBGP peering in AS 65001 between R2 and R6.
2. Configure an eBGP peering between R6 and R3 in AS 3.
3. Configure an eBGP peering between R2 and R3 in AS 3.
4. On R3, advertise networks 153.153.153.0/24 and 153.153.154.0/24 using network statements.
5. On R3, on the peering between R3 and R2, filter out 153.153.153.0/24. Use a prefix-list.
6. On R3, on the peering between R3 and R6, filter out 153.153.154.0/24. Use access-list.
7. R3 should appear to R2 and R6 as if it is using AS 65003 but R3 should still be in AS 3.
8. Regarding the routes advertised from R3 to R2 and R6, AS 3 should not appear in the AS-path.
9. Configure an eBGP peering between R2 and R5 in AS 5.
10. R5 should appear to R2 as if it is using AS 65005 but R5 should still be in AS 5.
11. Advertise the loopback0 of R5 into BGP. In routes received from R2, the AS 65005 should not
appear in the AS-path.
12. Configure an eBGP peering between R6 and R4 in AS 4.
13. On R6, in all advertisements sent towards R4, the private AS number 65003 have to be stripped
off from the AS-path before being sent.
14. On R3, configure the 153.153.153.0/24 network to use the following dampening parameters:

Max-Suppress=60 minutes

Suppress=2000 points

Reuse=800 points

Half-Time=15 minutes
15. On R3, configure the 153.153.154.0/24 network to use the following dampening parameters:
132 | P a g e

Max-Suppress=50 minutes

Suppress=2500 points
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1

Reuse=600 points

Half-Time=10 minutes
16. Between R6 and R4, configure the BGP peering to use fast session deactivation.
17. On R4, advertise the loopbacks in BGP using network statements.
18. On R6, filter network 10.11.4.0/24 inbound on the peering towards R4.
19. Make sure that the two routers exchange information via the ORF capability and that R4 will be
filtering the network 10.11.4.0/24 and not sending updates for networks that are filtered when
arriving on R6.
20. Configure an eBGP peering between R6 and R8 in AS 4.
21. On R8, advertise the loopback0 into BGP using a network statement.
22. Make sure that you can ping from loopback0 of R8 which is originated in AS 4 to the loopback0 of
R4 which is always originated in AS 4. Use the allowas-in command.
Helpful Verification Commands






133|P a g e
Show
Show
Show
Show
Show
Show
ip
ip
ip
ip
ip
ip
bgp
bgp
bgp
bgp
bgp
bgp
paths
summary
as-path access-list
filter-list
regexp
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 22 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 2
Copyright© iPexpert. All Rights Reserved.
134 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 23: Configure and Troubleshoot
Protocol Independent Multicast Operations
(Part 1)
Technologies Covered








PIM dense mode
PIM sparse-dense mode
PIM sparse mode
RPF failure
Accept RP
Accept Register
DR election
NMBA mode
Overview
Multicast routing will have to be configured in this lab. This includes PIM Dense and Sparse
Modes. For Sparse Mode, you have to understand the concept of a Rendezvous Point (RP) and
methods of configuring it. You also have to know how to deal with RPF failures.
Estimated Time to Complete: 3 hours
135|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

IP Multicast Technology Overview:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipmulti_pim/configuration/imc-pim-15-mtbook/imc_tech_oview.html

Configuring Basic IP Multicast:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipmulti_pim/configuration/imc-pim-15-mtbook/imc_basic_cfg.html
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching lab exam. We recommend watching the following learning videos that cover
the topics seen in this lab scenario.

Video Title: Multicast Operations Lecture

Video Title: Multicast Configuration

Video Title: IP Multicast

Video Title: IP Multicast Configuration and Troubleshooting
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
136 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Diagram 23.1: Multicast Operations Topology
Lab 23 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
137|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Configuration Tasks
1. R1, R2, and R3 are in a hub and spoke topology where R1 is the hub and R2 and R3 are the
spokes. DMVPN phase 2 without IPSec is the underlying used technology. Setup OSPF in area 0 in
this DMVPN network. Configure the OSPF network type as NBMA.
2. Advertise the loopbacks of R1, R2, and R3 in the OSPF process. Use network statements. Make
sure that you can ping from the loopback0 of R2 to the loopback0 of R3.
3. Configure OSPF in area 55 on all the connections between R1, R4, and R5. R1 is the ABR. Cost out
the network 10.1.45.0/24 with an OSPF cost of 2000.
4. Advertise the loopbacks of R4 and R5 in the OSPF process. Use network statements.
5. Configure OSPF in area 99 on all the connections between R2, R3, R6, and R9. R3 is the ABR. Cost
out the network 10.1.236.0/24 with an OSPF cost of 2000.
6. Advertise the loopbacks of R6 and R9 in the OSPF process. Use network statements.
7. There is a multicast server connected on R5 that is sending a stream with the IP address
225.5.5.5. The listeners for this group are located on R1 and R4 only. Configure the network to
route this multicast stream from the source to the listeners without the use of any RP. Do not
enable multicast on the 10.1.145.0/24 network.
8. Configure R1 E0/0 to join 225.5.5.5 and make sure that you can ping this multicast group from
R5. If necessary, the use of mroute is allowed.
9. There is a multicast server connected on R9 that is sending a stream with the IP address
229.9.9.9. The listeners for this group are located on R5 on network 10.1.45.0/24. Configure the
network to route this multicast stream from the source to the listeners with the use of a static RP.
Do not enable multicast on the 10.1.163.0/24 network.
10. Make sure that R1 is the RP only for the groups 225.5.5.5 and 229.9.9.9. Use the loopback0
interface for the RP IP address.
11. Configure R3 to send the PIM join message to the RP on behalf of the 10.1.236.0/24 network.
12. Configure R5 E0/1 to join 229.9.9.9 and make sure that you can ping this multicast group from
R9. The use of mroute is allowed.
13. There is a multicast server connected on R3 that is sending a stream with the IP address
233.3.3.3. The listeners for this group are located on R2. Shut down the interface e0/1 on R2.
Configure the network to route this multicast stream from the source to the listeners with the
use of a static RP.
138 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
14. Make sure that R1 is allowed to be the RP for the group 233.3.3.3. Use the loopback0 interface
for the RP IP address.
15. Ensure that R2 and R3 send registers (*,G) entries for the group 233.3.3.3 only to the router R1.
16. Make sure that you can ping multicast group 233.3.3.3 from R3.
17. There is a plan to add a new multicast datastream. The multicast group will be 227.7.7.7 and the
source is going to be the server 10.1.63.200. Configure the router R3 so that when he becomes
the RP for this multicast group, the only allowed source is the IP address 10.1.63.200. All other
servers trying to register this group should be denied.
Helpful Verification Commands






Show
Show
Show
Show
Show
Show
ip
ip
ip
ip
ip
ip
pim rp
pim rpf
pim interface
pim neighbor
mroute
igmp
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 23 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 2
Copyright© iPexpert. All Rights Reserved.
139|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 24: Configure and Troubleshoot
Protocol Independent Multicast Operations
(Part 2)
Technologies Covered







Auto-RP
Auto-RP filtering
Auto-RP listener
Multiple RP candidates
Multicast boundary
BSR
BSR Propagation filtering
Overview
The focus of this scenario is a RP configuration. Knowledge of Auto RP and BSR is required to
successfully finish this lab. In addition, you will be asked to limit propagation of multicast packets
in this network.
Estimated Time to Complete: 3 hours
140 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

Auto-RP Overview:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipmulti_pim/configuration/imc-pim-15-mtbook/imc_basic_cfg.html - GUID-08C0EDBD-4A85-4FC3-AF2C-AA930C578F3C

BSR Overview:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipmulti_pim/configuration/imc-pim-15-mtbook/imc_basic_cfg.html - GUID-D1656247-AFA8-4F67-8114-FB290E579FDD

IP Multicast Boundary:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipmulti_pim/configuration/imc-pim-15-mtbook/imc_basic_cfg.html - GUID-C55E3B04-9F79-48F9-AD66-665823A20D8B
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching lab exam. We recommend watching the following learning videos which
cover the topics seen in this lab scenario.

Video Title: Multicast Operations Lecture

Video Title: Multicast Configuration

Video Title: IP Multicast

Video Title: IP Multicast Configuration and Troubleshooting
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
141|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Diagram 24.1: Multicast Operations Topology
Lab 24 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
Configuration Tasks
1. R1, R2, and R3 are in a hub and spoke topology where R1 is the hub and R2 and R3 are the
spokes. DMVPN phase 1 without IPsec is the underlying used technology. Setup EIGRP AS 10 in
this DMVPN network.
142 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
2. Advertise the loopbacks of R1, R2, and R3 in the EIGRP process. Use network statements. Make
sure that you can ping from the loopback0 of R2 to loopback0 of R3.
3. Extend the EIGRP routing domain to include the network 10.1.14.0/24, the network
10.1.145.0/24, and the network 10.1.45.0/24. Advertise the loopbacks of R7, R8, R4, and R5 in
the EIGRP process using network statements.
4. Extend the EIGRP routing domain to include the network 10.1.36.0/24, the network 10.1.22.0/24,
the network 10.1.63.0/24, the network 10.1.169.0/24, and the network 10.1.69.0/24. Advertise
the loopbacks of R6 and R9 in the EIGRP process using network statements.
5. Configure PIM on the 10.1.14.0/24, the network 10.1.145.0/24, and the network 10.1.45.0/24.
Auto-RP will be used on those networks. You are not allowed to use ip pim auto-rp
listener command.
6. Enable R1, R7, and R8 as auto-RP candidates for the following multicast groups: 228.1.1.228,
228.2.2.228, and 228.3.3.228. Their loopback0 should be used in the advertisements.
7. Auto-RP advertisements should be sent every 5 seconds to R1, R7, and R8.
8. R4 should be configured as the mapping agent. The loopback0 has to be used in the
advertisements.
9. Configure E0/1 on R5 to join the group 228.1.1.228 and check that you can ping this multicast
group from R7, and that R8 has been chosen to be the PIM DR.
10. Create an “rp-announce-filter” that makes sure that R7 will never become a RP.
11. Create 2 “rp-announce-filters” that make sure that R8 will only become the RP for multicast
group 228.1.1.228, and that R1 will only become the RP for multicast groups 228.2.2.228 and
228.3.3.228.
12. Configure R1 so that it never sends and receives on interface E0/1 multicast traffic from group
228.1.1.228, 228.2.2.228, and 228.3.3.228. Make sure that the auto-RP advertisements regarding
those groups are also filtered.
13. Configure the interface E0/1 on R5 to join the group 228.2.2.228, and check that you can ping
this multicast group from R7, and that R1 has been chosen to be the RP for 228.2.2.228.
14. Ensure that the routers R1, R4, R5, R7, and R8 don’t fall back to PIM dense mode for unknown
multicast addresses.
15. The 2 connections between R9 and R6 have to be configured with PIM sparse-mode (no PIM
sparse-dense mode). R9 has to be configured as an auto-RP candidate for all multicast groups,
and R6 has to be configured as the mapping agent.
16. R9 should not become the RP for routers that are more than 1 hop away.
143|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
17. Configure the interface S3/0 on R9 to join the group 229.229.229.229, and check that you can
ping this multicast group from R6, and that R9 has been chosen to be the RP.
18. Enable PIM sparse mode on all interfaces on the network 11.1.1.0/24.
19. Configure R2 as the BSR. Use the interface that is always up on a router.
20. Configure R1 as the primary RP and configure R3 as a backup RP. One of the two should be
configured with the default priority. Use the interfaces that are always up on a router.
21. Enable PIM sparse mode on the network 10.1.36.0/24 and 10.1.63.0/24. Ensure that R6 doesn’t
receive information about RPs elected by PIM bootstrap router process.
22. Ensure that R7, R8, and R4 don’t receive information about RPs elected by PIM bootstrap router
process.
23. Configure the interface E0/1 on R2 to join the group 225.225.225.225 and check that you can
ping this multicast group from R1.
Helpful Verification Commands








Show
Show
Show
Show
Show
Show
Show
Show
144 | P a g e
ip
ip
ip
ip
ip
ip
ip
ip
pim rp [mapping]
pim rpf
pim interface
pim neighbor
mroute
pim bsr-router
pim autorp
pim interface detail
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 24 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 2
Copyright© iPexpert. All Rights Reserved.
145|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 25: Configure and Troubleshoot
Protocol Independent Multicast Operations
(Part 3)
Technologies Covered








Multicast stub routing
IP IGMP helper-address
SSM
IGMP filtering
IGMP timers
Multicast helper map
PIM bidirectional
Multicast rate limiting
Overview
Advanced multicast features are the main topics covered in this lab. You have to know how to
deploy Stub multicast routing, Source-Specific Multicast (SSM) and Bidirectional PIM. The
knowledge of IGMP is also required to successfully finish this scenario.
Estimated Time to Complete: 4 hours
146 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

SSM Overview:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipmulti_pim/configuration/imc-pim-15-mtbook/imc_basic_cfg.html - GUID-A21DDBAA-CFAA-4F48-8B4D-C4ACAE8061CB

Configuring Source Specific Multicast:
http://www.cisco.com/c/en/us/td/docs/ios/12_2/ip/configuration/guide/fipr_c/1cfssm.html

BSR Protocol:
https://learningnetwork.cisco.com/servlet/JiveServlet/previewBody/13600-102-152383/Chapter 9 BSR.pdf
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching lab exam. We recommend watching the following learning videos which
cover the topics seen in this lab scenario.

Video Title: IP Multicast

Video Title: IP Multicast Configuration and Troubleshooting
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
147|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Diagram 25.1: Multicast Operations Topology
Lab 25 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
Configuration Tasks
1. R1, R2, and R3 are in a hub and spoke topology where R1 is the hub and R2 and R3 are the
spokes. DMVPN phase 1 without IPsec is the underlying used technology. Setup OSPF area 0 in
this DMVPN network. Use the point-to-multipoint OSPF on the 2 two spokes.
148 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
2. Advertise the loopbacks of R1, R2, and R3 in the OSPF process. Use network statements. Make
sure that you can ping from the loopback0 of R2 to the loopback0 of R3.
3. Introduce R4, R5, R7, R8, R6, and R9 into the OSPF area 0. Advertise the loopbacks of R4, R5, R7,
R8, R6, and R9 in the OSPF process. Use network statements. Make sure that you can ping from
the loopback0 of R7 to the loopback0 of R9.
4. Advertise the networks 10.1.77.0/24 and 10.1.99.0/24 in the OSPF process. Use network
statements. Make sure that no OSPF neighborships will ever be formed on those networks.
5. Configure PIM sparse mode on the networks 10.1.69.0/24, 10.1.236.0/24, 11.1.1.0/24, and
10.1.148.0/24.
6. Configure IP PIM dense mode on network 10.1.47.0/24. No PIM adjacency should be formed over
this connection. Use the command ip pim neighbor-filter on R4.
7. The source of the multicast stream 224.2.2.2 is located on the VLAN 77. The receiver of this
multicast stream is on the VLAN 10.1.148.0/24. Enable multicast connectivity between this
source and this receiver. You are not allowed to remove the filter configured in the previous
question, and consequently not allowed to build a PIM adjacency over the connection between
R4 and R7. On R1, R4, R7, and R8, configure statically the loopback0 of R1 as the RP for all
multicast groups.
8. Configure the interface E0/1 on R7 to join the group 224.2.2.2 and check that you can ping this
multicast group from R8.
9. Make sure that interface E0/1 on R5 can receive traffic multicast for the group 224.3.3.3 only if it
is sourced from the loopback0 of R1. Do not enable PIM on this interface.
10. Verify that you can ping this multicast group 224.3.3.3 from R1 only when the ping is sourced
from the loopback0 of R1.
11. R9 has to be protected from an IGMP DOS attack. On the interface E0/0 of R9, allow the
maximum number of IGMP states to be 25.
12. R6 should only accept on the interface E0/1 multicast clients that want to join a group in the
range 225.0.0.0/8.
13. Configure interface E0/1 of R9 to join multicast groups 225.2.2.2 and 226.2.2.2. Check on R6 that
the filtering configured in the previous question is working.
14. On the network 10.1.99.0, there is only one client receiving several multicast streams. As soon as
this client is sending an IGMP leave group message, the router should immediately stop
forwarding this multicast stream on the LAN and not try to send a group-specific query for this
multicast group.
149|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
15. On the VLAN 136, configure IGMP to send membership queries every 30 seconds. The backup
querier should become the querier for this LAN if it hasn’t seen a query packet within 1 minute.
16. On R9, IGMP protocol should communicate to the multicast clients that they should report their
group’s membership in a maximum of 30 seconds after receiving a query.
17. There is a server that is connected to the network 10.1.136.0/24. This server is sending broadcast
UDP traffic to port 2500 to a client connected to the network 10.1.148.0/24. This broadcast
traffic should be transported by the multicast group 227.7.7.7 when crossing the connection
between R2 and R1, and the connection between R3 and R1.
18. The multicast traffic should be converted back to a broadcast when reaching the network
10.1.148.0/24.
19. Configure bidirectional PIM for a multicast stream of 224.22.22.22 on the network 11.1.1.0/24
and 10.1.148.0/24. The loopback0 of the R1 has to be configured as the RP and the mapping
agent in this PIM bidirectional setup.
20. Configure R6 to limit to total bandwidth for multicast traffic to 20 M on all its interfaces in the
egress direction.
21. Configure R1 to limit to 5M the bandwidth that the multicast stream with a destination of
224.22.22.22 can use out of the tunnel interface.
Helpful Verification Commands






Show
Show
Show
Show
Show
Show
150 | P a g e
ip pim int
ip pim neigh
ip pim rp [mapping]
ip igmp int
ip igmp groups
policy-map interface
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 25 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 2
Copyright© iPexpert. All Rights Reserved.
151|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 26: Configure and Troubleshoot
Protocol Independent Multicast Operations
(Part 4)
Technologies Covered




RPF failure
Multicast BGP extension
BSR propagation filtering
MSDP
Overview
Multicast troubleshooting is included in this scenario. The ability of finding and fixing RPF failures
is essential for this lab. In addition, you also have to know how to deploy MSDP and be familiar
with L2 multicast related topics.
Estimated Time to Complete: 3 hours
152 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

Configuring Multiprotocol BGP Extensions for IP Multicast:
http://www.cisco.com/c/en/us/td/docs/ios/12_2/ip/configuration/guide/fipr_c/1cfmbgp.html

Using MSDP to Interconnect Multiple PIM-SM Domains:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipmulti_pim/configuration/imc-pim-15-mtbook/imc_msdp_im_pim_sm.html
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching lab exam. We recommend watching the following learning videos that cover
the topics seen in this lab scenario.

Video Title: IP Multicast

Video Title: IP Multicast Configuration and Troubleshooting

Video Title: MSDP Multicast Part 1

Video Title: MSDP Multicast Part 2
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
153|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Diagram 26.1: Multicast Operations Topology
Lab 26 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
Configuration Tasks
1. Configure OSPF area 0 routing on the ethernet connections between R5 and R4, R4 and R3, and
on the serial connection between R3 and R6. Advertise the loopbacks of R5, R4, R3, and R6 in the
OSPF process. Use network statements.
2. Configure PIM sparse-mode on the ethernet connections between R5 and R4, R4 and R3, and R3
and R6.
154 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
3. R3 should be configured as the BSR and the RP for the all multicast groups. Use the PIM bootstrap
router solution to advertise the RP. Use the loopback 0 of R3 as the RP IP address.
4. On R5, configure on the interface E0/0 an IGMP join for the group 225.7.7.7. Verify that you can
ping from R6 to the multicast group 225.7.7.7.
5. Configure OSPF area 0 routing on the serial connection between R5 and R3. Do not enable PIM
on this link.
6. Manipulate this OSPF cost to ensure that the direct link between R5 and R3 is the preferred path
for OSPF.
7. Verify that you cannot ping from R6 to the multicast group 225.7.7.7 because of a RPF failure. To
solve the RPF failure, you are not allowed to configure ip mroutes.
8. We are going to use multicast BGP. Remove OSPF from all the routers where it is running and
shut down the direct connection between R5 and R3.
9. Configure an iBGP peering between R5 and R4 in AS20. Use the Physical IP addresses for the
peering’s.
10. Configure an iBGP peering between R3 and R6 in AS10. Use the Physical IP addresses for the
peering’s.
11. Configure an eBGP peering between R4 and R3. Use the Physical IP addresses for the peering’s.
12. Configure on each BGP router an “address-family ipv4 multicast”. Advertise all the circuits where
there is a PIM neighborship into BGP with network statements.
13. Advertise The RP IP address into the address-family used for multicast.
14. Verify that the feed from R6 to the multicast group 225.7.7.7 is again reaching R5 after the
migration from OSPF to BGP.
15. Configure OSPF area 0 routing on the connection between R5 and R8, on the connection
between R8 and R2, and on the connection between R1 and R2. Advertise loopback0 networks.
16. Configure PIM in sparse mode on the connection between R5 and R8, on the connection between
R8 and R2, and on the connection between R1 and R2.
17. R2 should be configured as the BSR and the RP for the all multicast groups. Use the PIM bootstrap
router solution to advertise the RP. Use the loopback 0 of R2 as the RP IP address.
18. Separate the two BSR domains and make sure that the propagation of the BSR packets is filtered
on the connection between R5 and R8.
19. On R6, configure on the interface E0/0 an IGMP join for the group 228.7.7.7.
155|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
20. On R1, configure on the interface E0/0 an IGMP join for the group 228.7.7.7. Make sure that
when you ping from R4 to the group 228.7.7.7, the router R6 and R1 are replying. Use MSDP.
Enable OSPF process 2 on the R3, R4, and R5 path. You can add 1 static route.
21. Configure R3 as the PIM DR for the network 10.1.179.0/24.
22. On R7, configure on the interface E0/0 an IGMP join for the group 229.7.7.7. On R9, configure on
the interface E0/0 an IGMP join for the group 229.7.7.7. On Cat2, verify that the IGMP filtering
configured in the previous question is working.
Helpful Verification Commands







Show
Show
Show
Show
Show
Show
Show
ip msdp
ip msdp count
ip msdp peer
ip msdp summary
ip msdp sa-cache
bgp ipv4 multicast
ip rpf
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 26 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 2
Copyright© iPexpert. All Rights Reserved.
156 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 27: Configure and Troubleshoot IP
Version 6 (Part 1)
Technologies Covered







IPv6 addressing
DMVPN for IPv6
RIPng
RIPng prefix filtering
RIPng summarization
RIPng offset-list
RIPng default route
Overview
In this scenario you will be tasked to configure IPv6 addresses and routing. You have to know how
IPv6 works with DMVPN and for this lab specifically, how to deploy RIPng along with certain
protocol features, like Filtering and Summarization.
Estimated Time to Complete: 4 hours
157|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

RIP for IPV6:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_rip/configuration/15-mt/irr-15-mtbook/ip6-rip.html

Configuring Routing Information Protocol:
http:/www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_rip/configuration/15-mt/irr-15-mtbook/irr-cfg-info-prot.html

IPv6 Routing: Route Redistribution:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_rip/configuration/15-mt/irr-15mt-book/ip6-rip-route-redist.html
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching lab exam. We recommend watching the following learning videos that cover
the topics seen in this lab scenario.

Video Title: IPv6 Lecture

Video Title: IPv6 Configuration

Video Title: RIPng Basic Setup

Video Title: RIPng across DMVPN

Video Title: RIPng Filtering with IPv6 Prefix-Lists

Video Title: RIPng Manual Summarization

Video Title: RIPng Default Routes

Video Title: RIPng Filtering and Traffic Engineering via Metric Manipulation
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
158 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Diagram 27.1: IPv6 Routing Topology
Lab 27 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
159|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Configuration Tasks
1. R1, R2, and R3 are in a hub and spoke topology where R1 is the hub and R2 and R3 are the
spokes. Configure the DMVPN phase 3 tunnel infrastructure for IPv6. Do not implement
encryption. Use the following addresses:
Table 27.2
R1
E0/1
10.1.123.1/24
R2
E0/0
10.1.123.2/24
R3
E0/0
10.1.123.3/24
Table 27.3
Link Local Unicast
Global Unicast
R1 interface Tunnel23
FE80::1
2001:DB8:AAAA:1::1/64
R2 interface Tunnel23
FE80::2
2001:DB8:AAAA:1::2/64
R3 interface Tunnel23
FE80::3
2001:DB8:AAAA:1::3/64
2. Configure the following IPv6 addresses:
Table 27.4
Link Local Unicast
Global Unicast
R1 interface E0/0
EUI-64 format
2001:DB8:BBBB:1::/64 EUI-64 format
R2 interface E0/1
EUI-64 format
2001:DB8:CCCC:1::/64 EUI-64 format
3. Use RIPng with the identifier of “iPexpert” to enable IP routing between the interface E0/0 of R1
and the interface E0/1 of R2.
4. On R1, create an IP host mapping called R2LAN for the IPv6 global address of the E0/1 of R2.
Check that you can ping R2LAN from R1.
5. On R2, create an IP host mapping called R1LAN for the IPv6 global address of the E0/0 of R1.
Check that you can ping R1LAN from R2.
6. Configure the following interfaces to automatically assign IPv6 addresses to their interfaces:
160 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Table 27.5
R6
E0/1
R8
E0/1
R9
E0/1
7. Enable RIPng with the identifier “iPexpert” on R6, R8, and R9. Check that R8 can reach the IPv6
global address that has been previously assigned to the E0/1 of R6 and to the E0/1 of R9.
8. Configure the following IPv6 address on the connection between R6 and R7:
Table 27.6
Link Local Unicast
Global Unicast
R6 interface E0/0
FE80::1
2001:DB8:DDDD:1::6/64
R7 interface E0/0
FE80::2
2001:DB8:DDDD:1::7/64
9. On R7, configure the following IPv6 loopback addresses:
Table 27.7
Global Unicast
R7 interface Loopback4
2001:DB8:EEEE:4::7/64
R7 interface Loopback5
2001:DB8:EEEE:5::7/64
R7 interface Loopback6
2001:DB8:EEEE:6::7/64
R7 interface Loopback7
2001:DB8:EEEE:7::7/64
10. Enable RIPng with the identifier of “iPexpert” on the connection between R6 and R7, and on the 4
loopbacks on R7.
11. Ensure that R6 receives from R7 a summary route encompassing all the loopbacks.
12. Enable RIPng on the tunnel interface of the router R3. Ensure that R3 is able to ping the IPv6
address of loopback4 of R7.
13. Configure the following IPv6 addresses on the connection between R3 and R4:
161|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Table 27.8
Link Local Unicast
Global Unicast
R3 interface S4/3
FE80::1
2001:DB8:1111:1::3/64
R4 interface S4/0
FE80::2
2001:DB8:1111:1::4/64
14. Configure the following IPv6 addresses on the connection between R3 and R5:
Table 27.9
Link Local Unicast
Global Unicast
R3 interface S4/0
FE80::1
2001:DB8:2222:1::3/64
R5 interface S4/0
FE80::2
2001:DB8:2222:1::5/64
15. Configure the following IPv6 addresses on the connection between R4 and R5:
Table 27.10
Link Local Unicast
Global Unicast
R4 interface E0/0
FE80::1
2001:DB8:FFFF:1::4/64
R5 interface E0/0
FE80::2
2001:DB8:FFFF:1::5/64
16. Enable RIPng with the identifier of 345 on the connections between R3 and R4, on the connection
between R3 and R5, and on the connection between R4 and R5.
17. Enable full IPv6 connectivity between the 2 RIPng domains, iPexpert and 345.
18. Ensure that R4 and R5 have a default route pointing towards R3. You have to configure R3 only to
complete this task and you are not allowed to configure static routes.
19. The default route and the summarized route for the loopbacks of R7 should be the 2 only RIP
process iPexpert entries in the IPv6 routing table of R4 and R5. Configure R3 to achieve this task.
Use an IPv6 prefix-list called “SUMMARYR7”.
20. The clients on VLAN 2001:DB8:FFFF:1::/64 should be always routed over the connection R5-R3.
The connection R4-R3 should only be used in case the connection R5-R3 is going down.
162 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Helpful Verification Commands



Show ipv6 rip
Show ipv6 route[rip]
Show ipv6 rip database
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 27 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 2
Copyright© iPexpert. All Rights Reserved.
163|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 28: Configure and Troubleshoot IP
Version 6 (Part 2)
Technologies Covered





EIGRPv6
EIGRPv6 summarization
EIGRPv6 default route
EIGRPv6 authentication
EIGRPv6 unequal load balancing
Overview
You have been tasked to configure IPv6 routing in your network. Specifically, you have to know
how to deploy EIGRPv6. This includes certain more advanced protocol features, such as
summarization, authentication and unequal-cost Load Balancing.
Estimated Time to Complete: 4 hours
164 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

Cisco EIGRP for IPV6 Implementation:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/configuration/15-mt/ire-15mt-book/ip6-route-eigrp.html
iPexpert’s Recommended Video Training

No associated videos
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
165|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Diagram 28.1: IPv6 Routing Topology
Lab 28 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
166 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Configuration Tasks
1. R1, R2, and R3 are in a hub and spoke topology where R1 is the hub and R2 and R3 are the
spokes. Configure the DMVPN phase 3 tunnel infrastructure for IPv6. Do not implement
encryption. Use the following addresses:
Table 28.2
R1
E0/1
10.1.123.1/24
R2
E0/0
10.1.123.2/24
R3
E0/0
10.1.123.3/24
Table 28.3
Link Local Unicast
Global Unicast
R1 interface Tunnel23
FE80::1
2001:DB8:AAAA:1::1/64
R2 interface Tunnel23
FE80::2
2001:DB8:AAAA:1::2/64
R3 interface Tunnel23
FE80::3
2001:DB8:AAAA:1::3/64
2. Configure an IPv6 NHRP authentication of iPexpert and a NHRP network-id of 123.
3. Configure the following loopback IPv6 addresses:
Table 28.4
Global Unicast
R1 interface lo0
2001:DB8:A:A::1/128
R2 interface lo0
2001:DB8:A:A::2/128
R3 interface lo0
2001:DB8:A:A::3/128
4. Enable EIGRPv6 with an AS of 123 on the DMVPN network between R1, R2, and R3.
5. Make sure that there is IPv6 connectivity between the loopbacks of R1, R2, and R3.
6. Configure EIGRPv6 with an AS of 123 on the LAN 2001:DB8:CCCC:1::/64. Check that you can ping
the loopback0 of R3 from R6 and R9.
167|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
7. In the routing table of R6 and R9, there should be no specific entries for the loopbacks of R1, R2,
and R3. There should only be a routing entry to reach the summary route 2001:DB8:A:A::/126.
Check that you can ping the loopback0 of R3 from R6 and R9.
8. On R2, create an IPv6 static default route pointing to Null0 and make sure that R2 will be the
default router for all packets with an unknown IPv6 addresses in the EIGRP domain AS 123.
9. Configure EIGRPv6 with an AS of 123 on the LAN 2001:DB8:BBBB:1::/64.
10. Router R1 should not advertise any specific networks to R8. Only a default route should be
advertised. Use the “ipv6 summary-address eigrp” on R1 to resolve this task. Check that you can
ping the loopback0 of R3 and the loopback0 of R2 from R8.
11. Configure EIGRPv6 authentication between R1 and R8. Use a key chain called “iPexpertchain”, a
key number of 2, and a key-string of “iPexpert”.
12. Configure the following IPv6 addresses on the connection between R3 and R4:
Table 28.5
Link Local Unicast
Global Unicast
R3 interface S4/3
FE80::1
2001:DB8:1111:1::3/64
R4 interface S4/0
FE80::2
2001:DB8:1111:1::4/64
13. Configure the following IPv6 addresses on the connection between R3 and R5:
Table 28.6
Link Local Unicast
Global Unicast
R3 interface S4/0
FE80::1
2001:DB8:2222:1::3/64
R5 interface S4/0
FE80::2
2001:DB8:2222:1::5/64
14. Configure the following IPv6 addresses on the connection between R4 and R5:
Table 28.7
168 | P a g e
Link Local Unicast
Global Unicast
R4 interface E0/0
FE80::1
2001:DB8:FFFF:1::4/64
R5 interface E0/0
FE80::2
2001:DB8:FFFF:1::5/64
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
15. Configure EIGRPv6 with an AS of 345 on the connections between R3 and R4, between R3 and R5,
and between R4 and R5.
16. Configure the following loopback IPv6 addresses:
Table 28.8
Global Unicast
R4 interface lo0
2001:DB8:A:A::4/128
R5 interface lo0
2001:DB8:A:A::5/128
17. Make sure that there is IPv6 connectivity between the loopbacks of R2 and R4.
18. In the routing table of R3, the routing entry towards the loopback of R5 should contain 2 nexthops, one next-hop being R4 and the other being R5 directly. The cost of the direct path should
not be made equal to the cost of the indirect path (via R3). Use the variance command.
Helpful Verification Commands




Show
Show
Show
Show
ipv6 eigrp interface
ipv6 eigrp neighbor
ipv6 route eigrp
eigrp protocols
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 28 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 2
Copyright© iPexpert. All Rights Reserved.
169|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 29: Configure and Troubleshoot IP
Version 6 (Part 3)
Technologies Covered






OSPFv3
OSPFv3 traffic engineering
OSFPv3 virtual link
OSPFv3 summarization
IPv6 NAT-PT
Protocol redistribution
Overview
You have been tasked to configure IPv6 routing in your network using OSPFv3. You have to know
how to deploy the protocol and configure its features, like Summarization and Virtual Links. IPv6
NAT-PT is also part of this lab, same as protocol redistribution.
Estimated Time to Complete: 4 hours
170 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

IPv6 Routing OSPFv3:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-mt/iro-15-mtbook/ip6-route-ospfv3.html
iPexpert’s Recommended Video Training

No associated videos
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
171|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Diagram 29.1: IPv6 Version 6 Topology
Lab 29 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
Configuration Tasks
1. R1, R2, and R3 are in a hub and spoke topology where R1 is the hub and R2 and R3 are the
spokes. Configure the DMVPN phase 3 tunnel infrastructure for IPv6. Do not implement
encryption. Use the following addresses:
172 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Table 29.2
R1
E0/1
10.1.123.1/24
R2
E0/0
10.1.123.2/24
R3
E0/0
10.1.123.3/24
R1
lo10
1.1.1.1/32
R2
lo10
2.2.2.2/32
R3
lo10
3.3.3.3/32
R4
lo10
4.4.4.4/32
R5
lo10
5.5.5.5/32
Link Local Unicast
Global Unicast
R1 interface Tunnel23
FE80::1
2001:DB8:AAAA:1::1/64
R2 interface Tunnel23
FE80::2
2001:DB8:AAAA:1::2/64
R3 interface Tunnel23
FE80::3
2001:DB8:AAAA:1::3/64
Table 29.3
2. Configure an IPv6 NHRP authentication of “iPexpert” and a NHRP network-id of 123.
3. Configure the following loopback IPv6 addresses:
Table 29.4
Global Unicast
R1 interface lo0
2001:DB8:A:A::1/128
R2 interface lo0
2001:DB8:A:A::2/128
R3 interface lo0
2001:DB8:A:A::3/128
4. Enable OSPFv3 process 99 in area 0 on the DMVPN network between R1, R2, and R3. DR election
should not be taking place. On R1, R2, and R3 use the loopback10 IPv4 address as the OSPF
router-ID.
5. Make sure that there is IPv6 connectivity between the loopbacks of R1, R2, and R3.
6. Configure the following IPv6 addresses on the connection between R3 and R2:
173|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Table 29.5
Link Local Unicast
Global Unicast
R2 interface E0/1
FE80::1
2001:DB8:CCCC:1::2/64
R3 interface E0/1
FE80::2
2001:DB8:CCCC:1::3/64
7. Enable OSPFv3 process 99 in area 0 on the network 2001:DB8:CCCC:1::/64.
8. R1 should always route via R2 to reach network 2001:DB8:CCCC:1::/64. Only in case of a failure of
the connectivity between R1 and R2, should the path via R3 be chosen. You have to configure R1
to achieve this task.
9. Configure the following IPv6 addresses on the connection between R3 and R5:
Table 29.6
Link Local Unicast
Global Unicast
R3 interface S4/0
FE80::1
2001:DB8:2222:1::3/64
R5 interface S4/0
FE80::2
2001:DB8:2222:1::5/64
10. Configure the following IPv6 addresses on the connection between R5 and R4:
Table 29.7
Link Local Unicast
Global Unicast
R5 interface E0/1
FE80::1
2001:DB8:FFFF:1::5/64
R4 interface E0/0
FE80::2
2001:DB8:FFFF:1::4/64
11. Configure the following loopback IPv6 addresses:
Table 29.8
Global Unicast
R5 interface lo0
2001:DB8:A:A::5/128
R4 interface lo0
2001:DB8:A:A::4/128
12. Enable OSPFv3 process 99 in area 55 on the network 2001:DB8:2222:1::/64 and loopback0 of R5.
174 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
13. Enable OSPFv3 process 99 in area 44 on the network 2001:DB8:FFFF:1::/64 and loopback0 of R4.
14. Make sure that there is IPv6 connectivity between the loopbacks of R1, R2, R3, R4, and R5.
15. Configure the following IPv6 addresses on the connection between R1 and R8:
Table 29.9
Link Local Unicast
Global Unicast
R1 interface E0/0
FE80::1
2001:DB8:BBBB:1::1/64
R8 interface E0/1
FE80::2
2001:DB8:BBBB:1::8/64
16. Enable OSPFv3 area 88 on the connection between R1 and R8.
17. On R8, configure the following loopback IPv6 addresses:
Table 29.10
Global Unicast
R8 interface lo8
2001:DB8:F:F:8000::8 /80
R8 interface lo9
2001:DB8:F:F:9000::8/80
R8 interface lo10
2001:DB8:F:F:A000::8/80
R8 interface lo11
2001:DB8:F:F:B000::8/80
18. On R8, enable OSPFv3 on loopback8, loopback9, loopback10, and loopback11, and on R1
advertise a single summary network encompassing all the 4 loopbacks.
19. Configure the following IPv6 addressees:
Table 29.11
Link Local Unicast
Global Unicast
R8 interface E0/0
FE80::1
2001:DB8:4444:1::8/64
R8 interface S3/0
FE80::1
2001:DB8:5555:1::8/64
R7 interface S3/0
FE80::2
2001:DB8:5555:1::7/64
R7 interface E0/1
FE80::1
2001:DB8:7777:1::7/64
R4 interface E0/1
FE80::2
2001:DB8:4444:1::4/64
20. On R4 and on R8, configure RIPng with an ID of 48 on the connection between R4 and R8.
175|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
21. On R8 and on R7, configure EIGRPv6 in AS 78 on the connection between R8 and R7.
22. EIGRPv6 in AS 78 should be also running on the interface E0/1 of R7.
23. Ensure IPv6 connectivity between the RIPng routing domain, the OSPFv3 routing domain, and the
EIGRPv6 routing domain. In particular, you should be able to IPv6 ping the lo0 of R2 from router
R7, you should be able to ping the IP address 2001:DB8:4444:1::8/64 from router R3, and you
should be able to ping the IP address 2001:DB8:4444:1::8/64 from router R7.
24. The IPv4 protocol is running on the LAN between R5 and R6. Configure the following IP
addresses:
Table 29.12
R5 E0/0
10.1.56.5/24
R6 E0/0
10.1.56.6/24
25. R3 should be able to ping 10.1.56.6 by using the IPv6 address 2001:DB8:6666:1::6. You are
allowed to configure a static route on R3. The rest of the configuration should be performed on
R5.
26. Make sure that you can ping IPv6 2001:DB8:6666:1::6 from all the loopbacks 0 in the routing
domain.
Helpful Verification Commands




Show
Show
Show
Show
176 | P a g e
ipv6
ipv6
ipv6
ipv6
ospf
ospf
ospf
ospf
neighbor
interface
database
routes
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 29 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 2
Copyright© iPexpert. All Rights Reserved.
177|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Section 3: VPN Technologies
178 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 30: Configure and Troubleshoot
Multiprotocol Label Switching (Part 1)
Technologies Covered








IPv4 VPN address-family
LSP
LDP
L3VPN
Customer Edge
Provider Edge
Provider
Export map
Overview
You have been tasked to configure a MPLS L3 VPN service on an existing MPLS backbone. The CEs
are managed by the Service Provider and the loopbacks of the CEs should be leaked from the VRF
of the customer into the management VRF of the Service provider.
Estimated Time to Complete: 4 hours
179|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

Multiprotocol Label Switching Overview:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_basic/configuration/15-mt/mp-basic-15mt-book/mp-mpls-overview.html

MPLS Virtual Private Networks:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_l3_vpns/configuration/15-mt/mp-l3vpns-15-mt-book/mp-cfg-layer3-vpn.html

Multiprotocol BGP MPLS VPN:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_l3_vpns/configuration/15-mt/mp-l3vpns-15-mt-book/mp-bgp-mpls-vpn.html
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching lab exam. We recommend watching the following learning videos that cover
the topics seen in this lab scenario.

Video Title: MPLS Lecture

Video Title: MPLS L3VPN Lecture

Video Title: MPLS and LDP Basic Configurations

Video Title: MPLS Troubleshooting LDP-Based Network

Video Title: MPLS Building L3VPN Network
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
180 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Diagram 30.1: MPLS L3 VPN Topology
Lab 30 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
Configuration Tasks
1. The network is pre-configured with OSPF and LDP and the PEs are the R5, R4, R6, and R2 routers.
In order to optimize the building of the MPLS forwarding-table, make sure that only LSPs for the
loopback interfaces will be built.
2. Configure the following L3 MPLS VPN routing tables on the R5 and on the R6:
181|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Table 30.2
AS
VPN name
rd
rt export
rt import
1
Customer_A
1
10
10
1
Customer_B
2
20
20
3. Configure the following loopbacks for the VPN Customer_A and Customer_B.
Table 30.3
R5
Loopback10
10.10.5.5/32
Customer_A
R5
Loopback20
10.20.5.5/32
Customer_B
R6
Loopback10
10.10.6.6/32
Customer_A
R6
Loopback20
10.20.6.6/32
Customer_B
4. Configure the BGP routing sessions that will permit to exchange the VPNv4 information between
the PEs. Use BGP AS 1.
5. Redistribute the loopbacks created in the Task 3 in their respective VPNs and check that you can
ping from loopback to loopback within the same VPN.
6. Make sure that the loopbacks redistributed at PE router R5 have a known origin.
7. Customer_A and Customer_B companies are merging.
8. The engineer was too quick and the merger between Customer_A and Customer_B is not going
ahead.
9. Configure R1 and R9 to be part of VRF Customer_A and R3 to be part of VRF Customer_B. Use
static routes.
182 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Diagram 30.4: VRF Customer_A and VRF Customer _B Topology
Configure the following loopbacks:
Table 30.5
R1 loopback0
10.1.1.1/32
R9 loopback0
10.1.9.9/32
R3 loopback0
10.1.3.3/32
10. Route loopback0 interfaces of the CEs statically and make sure that those loopbacks are routed in
their respective VRF. Verify that R1 loopback0 can ping R9 loopback0.
11. The service provider is offering a service where the CEs are managed. Customer_A has chosen a
managed service for its CEs. The management CE of the Service provider is the router called BB2.
Create the management VRF on the router R2.
Table 30.6
183|P a g e
AS
VPN name
rd
rt export
rt import
1
SP_Management
100
1000
1000,1001
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
12. The management network is using the network 192.168.1.128/25. Create on BB2 a loopback 100
with the following IP address: 192.168.1.129/25 and route it statically into the SP_Management
VPN.
13. Configure the multi-protocol BGP environment to enable the exchange of the RT information. As
we are using iBGP, we create a full-mesh peering topology between R2, R5, and R6.
Diagram 30.7: Full-Mesh Peering Topology
14. The R1 CE and the R9 CE from Customer A has to be reachable from the service provider
management network. Use an export map called CE_Loopback_Export on R5 and on R6, and
make sure that the management network can only see the loopback of R1 and R9.
Helpful Verification Commands






Show
Show
Show
Show
Show
Show
184 | P a g e
mpls interfaces
mpls ldp neighbor
mpls ldp parameters
mpls ldp discovery
ip route vrf
ip bgp vpnv4
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 30 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 3
Copyright© iPexpert. All Rights Reserved.
185|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 31: Configure and Troubleshoot
Multiprotocol Label Switching (Part 2)
Technologies Covered







PE-CE static routing
PE-CE RIP routing
PE-CE OSPF routing
OSPF Domain-ID
OSPF sham-link
PE-CE EIGRP routing
EIGRP SoO
Overview
You have been tasked to configure a MPLS L3 VPN service on an existing MPLS backbone. You will
have to configure the routing between the CEs and the PEs for two customer L3 VPNs. OSPF
Sham Link and EIGRP SoO is also part of this lab.
Estimated Time to Complete: 4 hours
186 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

MPLS VPN OSPF PE and CE Support:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_l3_vpns/configuration/15-mt/mp-l3vpns-15-mt-book/mp-vpn-ospf-pe-ce-support.html

MPLS VPN Support for EIGRP Between PE and CE:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_l3_vpns/configuration/15-mt/mp-l3vpns-15-mt-book/mp-vpn-support-eigrp-betw-pe-ce.html

MPLS Virtual Private Networks:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_l3_vpns/configuration/15-mt/mp-l3vpns-15-mt-book/mp-cfg-layer3-vpn.html
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching lab exam. We recommend watching the following learning videos which
cover the topics seen in this lab scenario.

Video Title: MPLS Introduction

Video Title: MPLS Troubleshooting L3VPN Examples

Video Title: MPLS OSPF as PE CE Routing Protocol

Video Title: MPLS
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
187|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Diagram 31.1: MPLS L3 VPN Topology
Lab 31 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
Configuration Tasks
1. Configure R5, R4, R6, and R2 as PE routers. The MPLS cloud is using BGP AS 1. Establish MP-BGP
sessions between the PEs. Use the loopbacks 0 for the source of the peerings. Use R4 as a routereflector for all the PEs.
2. Create the following L3 VPNs on all PEs.
188 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Table 31.2
AS
VPN name
rd
rt export
rt import
1
Customer_A
10
10
10
1
Customer_B
20
20
20
3. Configure the following loopbacks for the VPN Customer_A and Customer_B. Make sure that the
loopbacks are routed in the VPN MPLS cloud using network statements.
Table 31.3
R5
Loopback15
10.10.5.5/32
Customer_A
R5
Loopback25
10.20.5.5/32
Customer_B
R6
Loopback16
10.10.6.6/32
Customer_A
R6
Loopback26
10.20.6.6/32
Customer_B
R2
Loopback12
10.10.2.2/32
Customer_A
R2
Loopback22
10.20.2.2/32
Customer_B
R4
Loopback14
10.10.4.4/32
Customer_A
R4
Loopback24
10.20.4.4/32
Customer_B
4. Make sure that you have full reachability between Lo15, Lo16, Lo12, and Lo14 in VPN
Customer_A.
5. Make sure that you have full reachability between Lo25, Lo26, Lo22, and Lo24 in VPN
Customer_B.
6. R1 is a CE in VRF Customer_A. The loopback of the router R1 should be routed statically within
the VPN Customer_A.
7. R9 is a CE in VRF Customer_B. The loopback of the router R9 should be routed using RIP version 2
within the VPN Customer_B. Do not redistribute BGP into RIP.
8. R7 is a CE connected to PE R6 in VRF Customer_A. The loopback of the router R7 should be
routed using OSPF process ID 7 in area 0 within the VPN Customer_A. Ensure that you have IP
reachability between lo0 of R1 and lo0 of R7.
9. R8 is a CE connected to PE R2 in VRF Customer_A. The loopback of the router R8 should be
routed using OSPF process ID 8 in area 0 within the VPN Customer_A. Ensure that you have IP
reachability between lo0 of R7, R8, and R1.
189|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
10. On R8, the network 10.1.7.0/24 should be present in the OSPF database as a LSA type 3. If
necessary, use a domainID of 78.
11. Configure the connection between R7 and R8 in OSPF area 0 with an IP ospf cost of 4000.
12. Make sure that the path over the MPLS backbone is the preferred path for traffic going from R7
to R8. Use the loopback22 with IP address 2.2.2.2/32 on R2. Use the loopback66 with IP address
6.6.6.6/32 on R6.
13. R3 is a CE connected to PE R2 in VRF Customer_B. The loopback of the router R3 should be
routed using EIGRP ID 1 with AS 200 within the VPN Customer_B. Use metric 1 1 1 1 1 when
redistributing BGP into EIGRP on the PE. Ensure that you have IP reachability between lo0 of R9
and lo0 of R3.
14. R3 is a CE connected to PE R6 in VRF Customer_B. Routing between R3 and R6 is using EIGRP ID 1
with AS 200. Use metric 1 1 1 1 1 when redistributing BGP into EIGRP on the PE.
15. By using the extended community 1:11 and 1:12, ensure that it is not allowed that an EIGRP route
that has been distributed into BGP on R2 can be learnt via R6 when BGP is redistributed into
EIGRP on R6, and vice-versa.
Helpful Verification Commands








Show
Show
Show
Show
Show
Show
Show
Show
190 | P a g e
mpls interfaces
mpls ldp neighbor
mpls ldp parameters
mpls ldp discovery
ip route vrf
ip bgp vpnv4 vrf
ip bgp vpnv4 vrf VRF_name network_address
ip ospf sham-links
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 31 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 3
Copyright© iPexpert. All Rights Reserved.
191|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 32: Configure and Troubleshoot IPsec
Virtual Private Networks (Part 1)
Technologies Covered




GRE tunnels
IPsec tunnels
GRE over IPsec
IPsec VTIs
Overview
You have been tasked to configure GRE tunnels and IPsec encryption on different connections of
your network. The knowledge of ISAKMP/IPSec is required to successfully finish this scenario.
Static VTIs are also covered.
Estimated Time to Complete: 4 hours
192 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

How to Configure a GRE Tunnel:
https://supportforums.cisco.com/document/13576/how-configure-gre-tunnel

Cisco Tunnel Configuration Examples and TechNotes:
http://www.cisco.com/c/en/us/tech/ip/ip-tunneling/tech-configuration-examples-list.html

Configuring IKE for IPSec VPNs:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_ikevpn/configuration/15-2mt/sec-keyexch-ipsec.html

LAN-to-LAN IPsec Tunnel between Two Routers:
http://www.cisco.com/c/en/us/support/docs/routers/1700-series-modular-accessrouters/71462-rtr-l2l-ipsec-split.html
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching lab exam. We recommend watching the following learning videos that cover
the topics seen in this lab scenario.

Video Title: GRE Tunnels

Video Title: Tunneling and GRE

Video Title: IPSec VPN Configuration

Video Title: Troubleshooting L2L VPNs
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
193|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Diagram 32.1: IPsec Virtual Private Network Topology
Lab 32 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
194 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Configuration Tasks
1. Configure a LAN-to-LAN IPsec tunnel on the serial connection between R4 and R3. Use a hash of
MD5 and pre-shared key of “iPexpert” during the phase 1 negotiation.
2. Between R4 and R3, use esp-des encryption and an esp-md5-hmac authentication during the
phase 2 negotiation.
3. Traffic going from loopback0 of R4 to loopback0 of R3 should be encrypted in both directions.
You are not allowed to use a dynamic routing protocol or a default route.
4. Configure a GRE tunnel on the serial connection between R2 and R9. The tunnel1 interface has an
IP address of 192.168.29.2/24 on R2 and an IP address of 192.168.29.9/24 on R9. Use the E0/1 of
R2 and S3/0 of R9 as source/destination of the tunnel. You are not allowed to configure anything
on the R6 router.
5. You are not allowed to use a dynamic routing protocol or a default route. Traffic going from
loopback0 of R2 to loopback0 of R9 should transit through this GRE tunnel.
6. There is a Web server which is connected to a client and the traffic is running over Tunnel 1. The
client cannot communicate with the server. The web server is sending IP packets with a size of
1500 bytes and the DF-bit set. Configure the tunnel to restore connectivity between the server
and the client. You are not allowed to clear the DF-bit or to intervene in the TCP negotiation.
7. Encrypt the GRE traffic tunnel between R2 and R9. Use a GRE over IPsec tunneling. Use a hash of
MD5 and pre-shared key of “iPexpert” during the phase 1 negotiation.
8. Between R2 and R9, use esp-3des encryption and an esp-md5-hmac authentication during the
phase 2 negotiation. Make sure that the IP connectivity between the loopback0 of R2 and the
loopback0 of R9 is still up and running.
9. Configure IPsec encryption on the ethernet connection between R5 and R8. Use an encryption of
AES, a DH group number 2 and pre-shared key of “iPexpert” during the phase 1 negotiation.
10. Between R5 and R8, use esp-3des encryption and an esp-sha-hmac authentication during the
phase 2 negotiation.
11. Create a VTI on both ends. IP address on R5 is 192.168.58.5/24 and IP address on R8 is
192.168.58.8/24.
12. Traffic going from loopback0 of R5 to loopback0 from R8 should be encrypted in both directions.
You are not allowed to use a dynamic routing protocol or a default route.
195|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Helpful Verification Commands





Show
Show
Show
Show
Show
crypto
crypto isakmp sa
crypto ipsec sa
interface tunnel x
crypto session [det]
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 32 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 3
Copyright© iPexpert. All Rights Reserved.
196 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 33: Configure and Troubleshoot IPsec
Virtual Private Networks (Part 2)
Technologies Covered






DMVPN phase 1 EIGRP
DMVPN phase 1 OSPF
DMVPN phase 2 EIGRP
DMVPN phase 2 OSPF
DMVPN phase 1 with IPSec
DMVPN phase 2 with IPSec
Overview
The main focus of this lab is DMVPN. You will be tasked to deploy this technology in Phases I and
II, using EIGRP and OSPF to exchange private prefixes. IPSec will have to be deployed to protect
the in-cloud communication.
Estimated Time to Complete: 4 hours
197|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

Dynamic Multipoint VPN:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_dmvpn/configuration/15-mt/secconn-dmvpn-15-mt-book/sec-conn-dmvpn-dmvpn.html

DMVPN Design Guide:
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/DMVPDG.html

Cisco Live - DMVPN Concepts:
https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=78731&tclass=popup
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching lab exam. We recommend watching the following learning videos which
cover the topics seen in this lab scenario.

Video Title: Phase 1 DMPVN

Video Title: Phase 1 DMVPN EIGRP

Video Title: Phase 1 DMVPN OSPF

Video Title: Phase 2 DMPVN

Video Title: Phase 2 DMVPN EIGRP

Video Title: Phase 2 DMVPN OSPF

Video Title: DMPVN Encryption
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
198 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Diagram 33.1: IPsec Virtual Private Network Topology
Lab 33 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
199|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Configuration Tasks
1. Configure EIGRP AS 1 on the network between R2, R3, and R6. EIGRP should enable the IP
connectivity between the loopback0 of R2, R3, and R6.
2. Configure DMVPN phase 1 between R2, R3, and R6. The tunnels number 11 is sourced from the
loopback0. The Hub has to act as a NHS. The network-ID of the NHRP network is 11. Use a tunnel
key of 11. Use the following IP addresses:
Table 33.2
R2
11.0.0.2/24
Spoke
R3
11.0.0.3/24
Spoke
R6
11.0.0.6/24
Hub
3. A new registration request should be sent every 10 seconds. A registration request sent by the
spokes to the NHS should be kept for 60 seconds if no new update for this entry is received.
4. Configure the following loopbacks:
Table 33.3
R2
Loopback11
10.11.2.2/32
R3
Loopback11
10.11.3.3/32
R6
Loopback11
10.11.6.6/32
5. Configure EIGRP AS 11 on the DMVPN tunnels, configure the spokes as EIGRP stub and advertise
the loopback 11 of each router with a network statement. Make sure that there is IP reachability
between the loopback11 of R2, R3, and R6.
6. Secure the traffic with IPSec on the DMVPN tunnels. Use a hash of MD5, a DH group number 2
and a wild-card pre-shared key of “iPexpert” during the phase 1 negotiation. Use esp-des
encryption and an esp-md5-hmac authentication during the phase 2 negotiation.
7. Configure OSPF process 2 area 0 on the network between R1, R2, and R3. OSPF should enable the
IP connectivity between the loopback0 of R1, R2, and R3.
8. Configure DMVPN phase 1 between R1, R2, and R3. The tunnels number 22 is sourced from the
loopback0. The network-ID of the NHRP network is 22. Don’t use dynamic mapping. Use a tunnel
key of 22. Use the following IP addresses:
200 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Table 33.4
R1
22.0.0.1/24
Hub
R2
22.0.0.2/24
Spoke
R3
22.0.0.3/24
Spoke
9. Authenticate the NHRP network with an ID of 22 with the key “iPexpert”.
10. Configure the following loopbacks:
Table 33.5
R1
Loopback22
10.22.1.1/32
R2
Loopback22
10.22.2.2/32
R3
Loopback22
10.22.3.3/32
11. Configure OSPF process 22 area 0 on the DMVPN tunnels and advertise the loopback 22 of each
router with a network statement. There should not be any DR elected – use Point-to-Multipoint
network on the Spokes and Point-to-Multipoint Non-Broadcast on the Hub. Make sure that there
is IP reachability between the loopback22 of R2, R3, and R6.
12. Secure the traffic with IPSec on the DMVPN tunnels. Use an encryption of AES and a wild-card
pre-shared key of “iPexpert” during the phase 1 negotiation. Use esp-aes encryption and an espsha-hmac authentication during the phase 2 negotiation.
13. On the LAN between R1, R4, and R5, setup EIGRP routing in named configuration mode using AS3
and the name of iPexpert. EIGRP should enable the IP connectivity between the loopback0 of R1,
R4, and R5.
14. Configure DMVPN phase 2 between R1, R4, and R5. The tunnels numbers 33 are sourced from
the loopback0. The network-ID of the NHRP network is 33. Do not use dynamic mapping. Use a
tunnel key of 33. Use the following IP addresses:
Table 33.6
R1
33.0.0.1/24
Spoke
R4
33.0.0.4/24
Hub
R5
33.0.0.5/24
Spoke
15. Configure the following loopbacks:
201|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Table 33.7
R1
Loopback33
10.33.1.1/32
R4
Loopback33
10.33.4.4/32
R5
Loopback33
10.33.5.5/32
16. Configure EIGRP process 33 on the DMVPN tunnels and advertise the loopback 33 of each router
with a network statement. Make sure that a ping from the loopback 33 of R1 to the loopback 33
of R5 is always going through the hub.
17. Secure the traffic with IPSec on the DMVPN tunnels. Use an encryption of 3-DES and a wild-card
pre-shared key of “iPexpert” during the phase 1 negotiation. Use esp-des encryption and an espmd5-hmac authentication during the phase 2 negotiation.
18. On the LAN between R5, R7, and R8, setup OSPF process 4 area 0. OSPF should enable the IP
connectivity between the loopback0 of R5, R7, and R8.
19. Configure DMVPN phase 2 between R5, R7, and R8. The tunnels numbers 44 are sourced from
the loopback0. The network-ID of the NHRP network is 44. No NHRP configuration should be
done on the hub. Use a tunnel key of 44. Use the following IP addresses:
Table 33.8
R5
44.0.0.5/24
Spoke
R7
44.0.0.7/24
Spoke
R8
44.0.0.8/24
Hub
R5
Loopback44
10.44.5.5/32
R7
Loopback44
10.44.7.7/32
R8
Loopback44
10.44.8.8/32
20. Configure the following loopbacks:
Table 33.9
21. Configure OSPF process 44 area 0 on the DMVPN tunnels and advertise the loopback 44 of each
router with a network statement. The election of a DR should take place in this network. The DR
should always be on the hub router. Multicast should be enabled on the DMVPN tunnels. Do not
use OSPF type broadcast. Make sure that a ping from the loopback 44 of R7 to the loopback 44 of
R5 is going directly from R7 to R5.
202 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
22. Secure the traffic with IPSec on the DMVPN tunnels. Use an encryption of AES, a DH group
number 1 and a wild-card pre-shared key of “iPexpert” during the phase 1 negotiation. Use espaes encryption and an esp-sha-hmac authentication during the phase 2 negotiation.
Helpful Verification Commands








Show
Show
Show
Show
Show
Show
Show
Show
dmvpn
ip nhrp
crypto isakmp sa
crypto ipsec sa
dmvpn
crypto isakmp policy
crypto ipsec profile
crypto session [det]
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 33 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 3
Copyright© iPexpert. All Rights Reserved.
203|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Section 4: Infrastructure Security
204 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 34: Security (Part I)
Technologies Covered









AAA
CLI Views
Standard Access Lists
Extended Access Lists
Reflexive Access Lists
Dynamic Access Lists
Object Groups
PBR
uRPF
Overview
Multiple Security features are covered in this lab, such as basic AAA, CLI Views, Access Lists,
Object Groups, PBR and uRPF.
Estimated Time to Complete: 5 hours
205|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

Passwords, Privileges and Logins:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_cfg/configuration/15-mt/sec-usr-cfg15-mt-book/sec-cfg-sec-4cli.html

Authentication:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/15-mt/sec-usraaa-15-mt-book/sec-cfg-authentifcn.html

Authorization:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/15-mt/sec-usraaa-15-mt-book/sec-cfg-authorizatn.html

Accounting:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/15-mt/sec-usraaa-15-mt-book/sec-cfg-accountg.html

CLI Views:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_cfg/configuration/15-mt/sec-usr-cfg15-mt-book/sec-role-base-cli.html

Configuring RADIUS:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_rad/configuration/15-mt/sec-usrrad-15-mt-book/sec-cfg-radius.html

Access-Lists:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_acl/configuration/15-mt/sec-dataacl-15-mt-book.html

Unicast Reverse Path Forwading:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_urpf/configuration/15-mt/secdata-urpf-15-mt-book.html

Secure Shell Configuration Guide:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_ssh/configuration/15-mt/sec-usrssh-15-mt-book/sec-usr-ssh-sec-shell.html
206 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching lab exam. We recommend watching the following learning videos that cover
the topics seen in this lab scenario.

Video Title: AAA

Video Title: Device Access Control

Video Title: Security Lecture, Part 2
Topology Details
It is recommended to create your own diagram at the beginning of each lab so any potential
information you find useful during your preparations can be reflected on this drawing, making it
much easier when you step into the real lab.
Multiple topology drawings are available for this chapter. You will need to pre-configure the
network with the base configuration files. Logically connect and configure your network as
displayed in the drawing below. You may also refer to the diagram located within your
configuration files for topology information.
NOTE
Static/default routes are NOT allowed unless otherwise stated in the task.
You can use “cisco” for any password if other password was not explicitly mentioned in the question.
207|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Diagram 34.1: Security Topology
Lab 34 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
208 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Table 34.2
Device
Port
R1
E0/0
Loop0
R3
E0/1
Loop0
R2
R9
R8
Cat1
209|P a g e
E0/0
E0/1
Loop0
E0/1
E0/0
Loop0
VLAN
IP Address
41
172.41.41.1/24
2172:41:41::1/64
1.1.1.1/24
1::1/64
115
10.0.115.3/24
2010:0:115::3/64
3.3.3.3/24
3::3/64
70
117
10.70.70.2/24
2010:70:70::2/64
10.0.117.2/24
2010:0:117::2/64
2.2.2.2/24
2::2/64
41
101
172.41.41.9/24
2172:41:41::9/64
10.10.11.9/24
2010:10:11::9/64
9.9.9.9/24
9::9/64
E0/1
E0/0.115
E0/0.117
Loop0
101
115
117
10.10.11.8/24
2010:10:11::8/64
10.0.115.8/24
2010:0:115::8/64
10.0.117.8/24
2010:0:117::8/64
8.8.8.8/24
8::8/64
SVI70
70
10.70.70.140/24
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Configuration Tasks
1. AAA

Configure R1 for AAA.

Users who telnet to this device should be authenticated by the default method list using
a line password (“iPexpert”). Console line should not be affected.

PPP authentication requests should be authenticated using RADIUS server (10.10.11.90).

Protect RADIUS communication using key “iPexpert”. RADIUS traffic should be sent using
new port numbers.

Network access should be authorized – if RADIUS is down authorization should succeed
for authenticated users.

Enable accounting for network traffic – records should be kept for when a session
initiates and when it terminates.
2. Local Authentication & Authorization

Enable SSH on R3. Use domain-name “ipexpert.com”.

Create two local user accounts – “admin” and “secops”.

When “admin” connects to R3 remotely via SSH it should be automatically placed at level
15 after successful authentication.

When someone authenticates as “secops” he/she should be placed at level 8.

Anyone who knows enable password (“cisco”) should be able to access Privilege Level.

Make sure that enable password is MD5-encrypted.

Don’t use AAA to accomplish this task.
3. AAA EXEC Authorization
210 | P a g e

Remove local authentication on R3. Enable AAA.

Users “admin” and “secops” should be still assigned to privilege levels 15 and 8,
respectively, after successful authentication.
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1

User “secops” should be able to access the following commands:
o
show running-config
o
configure terminal
o
ip routing
o
ip route

User “admin” should have access to all commands.

When “secops” issues the enable command he should be automatically given Privilege
Level access without prompting for password.

Don’t use any default method lists in this task.
4. AAA with CLI Views

Configure R2 for CLI Views using AAA.

Create a local user account “administrator” who should be given access to all commands.

Create a local user account “netops” who should be able to do the following:

211|P a g e
o
Access all show commands except for any show crypto command.
o
Issue “ping” and “telnet”.
o
Configure any dynamic routing protocol.
Create a local user account “secops” who should be able to do the following:
o
Access all show crypto commands.
o
Configure any crypto command in the global config mode.

Create another user account - “ops”. This person should be always able to do what
“netops” and “secops” can do.

Use “iPexpert” as a password for all views.
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
5. Traffic Filtering – Standard ACLs

R8 is configured with the following loopback networks:
o
111.111.111.2/32
o
111.111.111.4/32
o
111.111.111.6/32

R1 should be configured to drop & log packets sourced from those addresses using a
Standard ACL. This ACL should have as few entries as possible with a minimum overlap.

All routers should be able to reach R3 only from interfaces configured with odd IPv4
addresses.

Traffic sourced from other IPv4 addresses should be dropped.

Implement this using a Standard ACL with a single “deny” entry.

You are allowed to change a single IP address on R8.
6. Traffic Filtering – Extended ACLs

Configure an IPv4 ACL on R9’s E0/0 inbound. Allow the following traffic:

o
OSPFv2 – be very specific here.
o
R1 acts as a Telnet, Web and SQLNET (TCP 1521) server – permit this traffic only
to its loopback0 in a single ACL line.
o
UDP-based traceroute (IOS) to any destination – use a single ACL line.
o
All TCP segments destined to R1’s Loopback 44 but only with SYN and ACK bits
set and FIN bit being not set.
o
All IP packets with any source and destination with a TTL 0-253 and 255 (in a
single ACL line).
o
Routers R2, R9, and R8 should be able to ping all interfaces of R1 (regardless of
the TTL in the packets). R1 should be able to ping all routers except R3 as well.
Configure an IPv6 ACL on R9’s E0/0 inbound in the following way:
o
212 | P a g e
Allow Telnet to R1’s Loopback 0.
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1

o
Deny all IPv6 packets with missing or unknown L4 information.
o
Deny all IPv6 packets with Routing Extension Header.
o
Make sure OSPFv3 adjacencies are not affected, same as all ICMPv6 packets.
Deny and log all other IPv4 & IPv6 traffic. Make sure you see a log message for every
packet dropped by this entry.
7. Traffic Filtering – Time Ranges & Object-Groups

All web traffic destined to R8’s Loopback 12,14, and 16 interfaces should be denied
during business hours Mon-Fri 9am-5pm. This Includes encrypted traffic.

November 11, 2014 has been declared a no-work day. Ensure that no traffic is allowed to
the above mentioned loopbacks for the entire day.

Permit and log all IPv4 DNS traffic (TCP and UDP) to R8’s Loopback0 and 12. Include
source MAC address in the logs. Use a single ACL entry to configure this.

All other traffic should not be affected.
8. Traffic Filtering – IP Fragments

Modify an ACL from the previous task to block all IPv4 fragments regardless of the
time/date.

Block all IPv4 and IPv6 fragments coming to E0/1 on R2 – don’t use an access-list to
accomplish that.
9. Traffic Filtering – Reflexive Access-Lists
213|P a g e

Users in VLAN 70 should be allowed through R2 to any destination when using WWW,
Telnet, and SSH.

Return traffic should be allowed dynamically. Dynamic entries should timeout after a
minute.

Only allow OSPF, ICMP, and Telnet inbound on E0/1.

Use Reflexive Access-Lists.
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
10. Dynamic (Lock & Key) Access-Lists

You decided that traffic originating in VLAN 70 should be allowed through R2 only for
authenticated users.

Users will be authenticating using Telnet to 2.2.2.2 over port 3023.

Sessions should not be idle for more than 2 minutes.

Sessions longer than 30 minutes require re-authentication.

A valid local user account for this task is “intuser” with password “cisco”.

AAA should be already enabled on this device (from one of the previous tasks).
11. Policy-Based Routing

Telnet traffic sourced from R2’s loopback0 destined to 3.3.3.3 should be blackholed on
R8.

Use PBR to accomplish that.
12. Unicast Reverse Path Forwarding (URPF)

Enable Loose Mode uRPF on R8.

Packets received with unknown sources should be dropped.

Don’t use a default route when uRPF decisions are made.

An exception to this policy is packets coming from 192.168.1.0/24 – they should be
allowed and logged.
Helpful Verification Commands





Show
Show
Show
Show
Show
214 | P a g e
aaa authentication
cef interface
access-lists
privilege
parser view
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 34 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 4
Copyright© iPexpert. All Rights Reserved.
215|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 35: Security (Part 2)
Technologies Covered





NBAR
NBAR2
TCP Intercept
Packet Logging
Port Security
Overview
In the second lab for Security, you will be tasked to configure NBAR, TCP Intercept, Logging, VLAN
Filtering and Port Security.
Estimated Time to Complete: 3 hours
216 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

Configuring NBAR:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_nbar/configuration/15-mt/qos-nbar-15mt-book/nbar-mqc.html

Configuring TCP Intercept:
http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfdenl.
html

Port Security:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release
/15-0_2_se/configuration/guide/3750x_cg/swtrafc.html

Port ACLs and VLAN ACLs:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/150_2_se/configuration/guide/3750x_cg/swacl.html

Private VLANs and VACLs:
http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6000-series-switches/1060190.html
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching lab exam. We recommend watching the following learning videos that cover
the topics seen in this lab scenario.

Video Title: Switch Security Manipulations
Topology Details
It is recommended to create your own diagram at the beginning of each lab so any potential
information you find useful during your preparations can be reflected on this drawing, making it
much easier when you step into the real lab.
Multiple topology drawings are available for this chapter.
You will need to pre-configure the network with the base configuration files.
217|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
NOTE
Static/default routes are NOT allowed unless otherwise stated in the task.
You can use “cisco” for any password if other password was not explicitly mentioned in the question.
Diagram 35.1: Security Topology
Lab 35 Setup



Please login to your Security vRack and load the initial Configuration,
Verify basic L2/L3 connectivity. Use IP Addressing Table, Lab Diagram, and the Physical Topology.
This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
218 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Table 35.2
Device
Port
VLAN
IP Address
41
172.41.41.1/24
2172:41:41::1/64
1.1.1.1/24
1::1/64
115
10.0.115.3/24
2010:0:115::3/64
3.3.3.3/24
3::3/64
E0/0
R1
Loop0
E0/1
R3
Loop0
E0/0
70
R2
E0/1
117
Loop0
R9
E0/1
41
E0/0
101
Loop0
E0/1
E0/0.115
R8
E0/0.117
Loop0
Cat1
219|P a g e
SVI70
101
115
117
70
10.70.70.2/24
2010:70:70::2/64
10.0.117.2/24
2010:0:117::2/64
2.2.2.2/24
2::2/64
172.41.41.9/24
2172:41:41::9/64
10.10.11.9/24
2010:10:11::9/64
9.9.9.9/24
9::9/64
10.10.11.8/24
2010:10:8::8/64
10.0.115.8/24
2010:0:115::8/64
10.0.117.8/24
2010:0:117::8/64
8.8.8.8/24
8::8/64
10.70.70.140/24
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Configuration Tasks
1. NBAR

Using NBAR create and apply a policy outbound on R2’s E0/1 to drop the Slammer worm
traffic.

The Slammer worm propagates over UDP port 1434 and its packets are exactly 404B
long.

In the same policy all HTTP packets with string “attack” in the URL should be dropped but
only when traffic is going to a WWW server 8.8.8.8 (R8).

The string should be case insensitive.
2. NBAR Next-Gen (NBAR2)

Configure R8 to drop all terminal-related traffic except PCANYWHERE.

Also implement a policy for peer-to-peer traffic:
o
All clear-text packets should be rate-limited to 200kbps.
o
All encrypted traffic should be dropped.

Enable classification of IPv6 traffic that is carried over Teredo tunnels.

Use a technology that examines IPv4 and IPv6 packets.

Apply the policy outbound on E0/1.
3. NBAR Protocol Discovery

Enable NBAR Protocol Discovery on R9’s E0/0.

Make sure statistics are obtained for IPv4 and IPv6 traffic.
4. TCP Intercept
220 | P a g e

There are multiple servers in VLAN 70 hosting various TCP-based applications.

Several DoS attacks took place recently targeted at those devices.
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1

Configure R2 to intercept TCP connection requests to this segment.

If the total number of half-open connections reaches 400, R2 should start randomly
dropping them.

This should cease if the number of half-open sessions falls below 200.

Make sure router stops managing the sessions after 40 minutes of inactivity.
5. TCP Intercept Passive Mode

There are some other TCP servers that were recently attacked with large amount of
spoofed SYN requests (3.3.3.0/24 segment).

R3 should be configured to send a reset to the server under attack but it should not
participate in the handshake.

The reset segment should be sent if a session does not establish within 20 seconds.

If a number of connection attempts within the last minute exceed 100, or when a total
number of half-open sessions exceed 300, the sessions should be reset faster - after 10
seconds.

If a FIN exchange or RST packet was seen for a session, it should be dropped after 7
seconds.
6. Packet Logging
221|P a g e

Configure R1 to send all logged messages to a Syslog server located at 10.70.70.100.

Use facility type local1.

Use detailed time stamps for log and debugs including local time zone, and the time of
day.

Logs should be also sent to a buffer – allocate 16384B of memory for this purpose.

Log messages should be sent with source of 1.1.1.1 and they should be rate-limited to
200 per second except for Sev 1 messages.
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
7. Port Security

Enable Port Security on Cat2.

Make sure that port connected to R1 will accept frames with R1’s MAC, but don’t
configure address statically.

On the same interface also allow frames coming from 0000.2222.3333.

If a violation occurs frames should be dropped, and a Syslog and SNMP traps should be
generated. The switch should try to automatically recover from a violation every 50
seconds.

Anytime the switch reboots it should not affect the Port Security table.
Helpful Verification Commands




Show
Show
Show
Show
ip nbar port-map
ip nbar protocol-discovery
port-security [interface]
vlan access-map
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 35 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 4
Copyright© iPexpert. All Rights Reserved.
222 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 36: Security (Part 3)
Technologies Covered




DHCP Snooping
Terminal Line Access
Control Plane Policing
Control Plane Protection
Overview
The main focus of this lab is Layer 2 and Control Plane Security. You will have to know how to
configure features such as DHCP Snooping, Control Plane Policing and Control Plane Protection.
Estimated Time to Complete: 4 hours
223|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

DHCP Features and IP Source Guard:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/150_2_se/configuration/guide/3750x_cg/swdhcp82.html

Control Plane Policing:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_plcshp/configuration/15-mt/qos-plcshp15-mt-book/qos-plcshp-ctrl-pln-plc.html

Control Plane Protection:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_plcshp/configuration/15-mt/qos-plcshp15-mt-book/qos-plcshp-cpp.html

Control Plane Logging:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_plcshp/configuration/15-mt/qos-plcshp15-mt-book/qos-plcshp-cpl.html
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching lab exam. We recommend watching the following learning videos that cover
the topics seen in this lab scenario.

Video Title: IOS DHCP Server Fundamentals

Video Title: Optimize the Network

Video Title: Control Plane Policing & Protection

Video Title: Device Access Control
224 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Topology Details
It is recommended to create your own diagram at the beginning of each lab so any potential
information you find useful during your preparations can be reflected on this drawing, making it
much easier when you step into the real lab.
Multiple topology drawings are available for this chapter.
You will need to pre-configure the network with the base configuration files.
NOTE
Static/default routes are NOT allowed unless otherwise stated in the task.
You can use “cisco” for any password if other password was not explicitly mentioned in the question
Diagram 36.1: Security Topology
225|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 36 Setup



Please login to your Security vRack and load the initial Configuration.
Verify basic L2/L3 connectivity. Use IP Addressing Table, Lab Diagram, and the Physical Topology.
This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
226 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Table 36.2
Device
Port
VLAN
IP Address
101
10.10.11.1/24
2010:10:11::1/64
1.1.1.1/24
1::1/64
115
10.0.115.3/24
2010:0:115::3/64
3.3.3.3/24
3::3/64
E0/0
R1
Loop0
E0/1
R3
Loop0
E0/0
70
R2
E0/1
117
Loop0
E0/0
R9
101
Loop0
E0/1
E0/0.115
R8
E0/0.117
Loop0
Cat1
227|P a g e
SVI70
101
115
117
70
10.70.70.2/24
2010:70:70::2/64
10.0.117.2/24
2010:0:117::2/64
2.2.2.2/24
2::2/64
10.10.11.9/24
2010:10:11::9/64
9.9.9.9/24
9::9/64
10.10.11.8/24
2010:10:11::8/64
10.0.115.8/24
2010:0:115::8/64
10.0.117.8/24
2010:0:117::8/64
8.8.8.8/24
8::8/64
10.70.70.140/24
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Configuration Tasks
1. DHCP Snooping

Secure DHCP communication in VLAN 101 using DHCP Snooping.

Configure R9 to act as a DHCP Server in this VLAN.

Make sure R1 and R8 obtain their address dynamically.

Rate-limit client DHCP traffic to 15pps.

Ensure that snooping bindings don’t disappear after a reload. The lease times should be
accurate - configure & use R9 as a NTP server.
2. Controlling Terminal Line Access

Secure VTY lines on R9 and R1.

Management traffic should be allowed from the following subnets:
o
10.0.115.0/24
o
10.0.117.0/24
o
2010:0:117::/64

R1 should only accept Telnet.

R9 should only allow SSH access (user: cisco, pw: cisco).
3. Control Plane Policing
228 | P a g e

R8 should be configured to protect its CPU using CoPP.

Rate-limit all ICMP packets to 15 per second.

Rate-limit all ICMPv6 packets to 70000bps.

All HTTP packets originating from 3.3.3.3 should be dropped.

Outbound telnet packets destined to 1.1.1.1 should be dropped and logged. Log
messages should be generated every 2 seconds and they should include TTL and length
of dropped packets.
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1

OSPFv2 and OSPFv3 packets should not be affected by this configuration.
4. Control Plane Protection

Enable Control Plane Protection on R9.

Packets destined to non-listening ports should be silently dropped.

Telnet connections over port 3020 should be unaffected.

Input queue of R9 should not be overwhelmed by any single protocol traffic.

No more than 100 BGP and 4 SSH packets should be queued.

No more than 30 packets for all other TCP/UDP protocols enabled on the router should
be seen in the queue.

All IPv4 transit traffic punted to the CPU should be policed to 512kbps.
5. Control Plane Protection – Logging

All malformed & allowed packets received on Host subinterface should be logged.

Rate-limit those log messages to one every 5 seconds.

Log all dropped Transit packets that entered R9 through interface E0/0.

Allowed and over the Input Queue limit SSH traffic should be logged as well.
Helpful Verification Commands






229|P a g e
Show
Show
Show
Show
Show
Show
ip dhcp server
ip dhcp server bindings
ip source binding
control-plane
class-map
run policy-map
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 36 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 4
Copyright© iPexpert. All Rights Reserved.
230 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Section 5: Infrastructure Services
231|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 37: Configure and Troubleshoot Quality
of Service Mechanisms (Part 1)
Technologies Covered






Classification and marking
Bandwidth percent
LLQ
WRED
Dynamic flows
ECNs
Overview
Voice over IP will be deployed in your network and you have been tasked to configure QOS in
your network. Knowledge of classification, marking LLQ and Congestion Avoidance is essential for
this scenario.
Estimated Time to Complete: 2 hours
232 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

Classification Overview:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_classn/configuration/15-mt/qos-classn15-mt-book/qos-classn-oview.html

MQC:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_mqc/configuration/15-mt/qos-mqc-15mt-book/qos-mqc.html

Marking Network Traffic:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_classn/configuration/15-mt/qos-classn15-mt-book/qos-classn-mrkg-ntwk-trfc.html

Classifying Network Traffic:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_classn/configuration/15-mt/qos-classn15-mt-book/qos-classn-ntwk-trfc.html

Congestion Management Overview:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_conmgt/configuration/15-mt/qosconmgt-15-mt-book/qos-conmgt-oview.html

Low Latency Queuing with Priority Percentage Support:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_conmgt/configuration/15-mt/qosconmgt-15-mt-book/qos-conmgt-llq-pps.html
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching lab exam. We recommend watching the following learning videos that cover
the topics seen in this lab scenario.
233|P a g e

Video Title: Intro to QoS

Video Title: Quality of Service Lecture

Video Title: Quality of Service Configuration

Video Title: Classification and Marking, Part 1-4
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
Diagram 37.1: Quality of Service Mechanisms Topology
Lab 37 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
Configuration Tasks
1. R2 is a customer managed CE and R6 is the entry point to the service provider. The traffic
received on the E0/0 is untrusted and should be re-marked when entering the service provider
network. A class called VOICE should be created for traffic with destination ports in the RTP
range 32512 32768, a class called SQL should be created for traffic with destination ports in the
234 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
TCP range 1433 1434 and a class called OFFICE_BOSS should be created for traffic originated
from the LAN 10.1.222.0/24.
2. On R6, configure a policy-map called TRAFFIC_COLOURING. This policy-map should mark the
VOICE traffic with the DSCP EF, the SQL traffic with the DSCP AF31, and the OFFICE_BOSS with the
DSCP AF21. The remaining unclassified traffic should have the DSCP field reset to 0.
3. On the WAN link between R3 and R6, a QOS policy will be enforced. The Voice traffic should be
prioritized before any other traffic in case of congestion. 10% of the bandwidth is allocated to
VOICE traffic.
4. In case of congestion, the SQL traffic should have 30% of the bandwidth reserved and the
OFFICE_BOSS traffic should have 20% of the bandwidth reserved.
5. In order to slow-down TCP traffic in case of congestion, some packets in the default queue should
be randomly dropped before the queue is getting full and tail-dropping.
6. On the interface S3/0 of R6, enable WRED to begin to randomly drop packets with the IP
precedence of 3 when the queue contains 20 packets and to tail-drop when the number of
packets in the queue reaches more than 30 packets. 1 out of 5 packets should be randomly
dropped.
7. On the interface S3/0 of R6, configure the minimum possible queue size.
8. On the interface S4/0 of R4, configure a hold queue of 200 packets.
9. On the interface S4/0 of R3, ensure that packets with a dscp of AF21 begin to be randomly
dropped when the queue contains 100 packets and to tail-drop when the number of packets in
the queue reach more than 200 packets. 1 out of 10 packets should be randomly dropped.
10. The TCP hosts that are transiting on the connection between R3 and R4 are supporting ECN.
Enable WRED to take into account the DSCP field. Instead of randomly beginning to drop packets,
WRED should be configured to mark the packet that was supposed to be dropped. The goal of
this marking is to trigger the receiver to suggest the source to decrease the TCP window size.
Helpful Verification Commands



235|P a g e
Show class-map
Show policy-map
Show policy-map interface
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of w hy specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 37 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 5
Copyright© iPexpert. All Rights Reserved.
236 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 38: Configure and Troubleshoot Quality
of Service Mechanisms (Part 2)
Technologies Covered






Traffic shaping
Policing
Hierarchical policers
Percent-based policers
Header compression
NBAR
Overview
You have been tasked to configure QOS in your network. The technologies covered include Traffic
Shaping, Policing (including Hierarchical Policers), Header Compression and NBAR (classification).
Estimated Time to Complete: 2 hours
237|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

DiffServ for QoS:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_dfsrv/configuration/15-mt/qos-dfsrv15-mt-book/qos-dfsrv.html

Hierarchical Queuing Framework:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_hrhqf/configuration/15-mt/qos-hrhqf15-mt-book/qos-hrhqf.html

Classification Configuration Guide:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_classn/configuration/15-mt/qos-classn15-mt-book.html

Marking Network Traffic:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_classn/con

Classifying Network Traffic:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_classn/configuration/15-mt/qos-classn15-mt-book/qos-classn-ntwk-trfc.html

Policing and Shaping:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_plcshp/configuration/15-mt/qos-plcshp15-mt-book.html

Header Compression:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_hdrcomp/configuration/15-mt/qoshdrcomp-15-mt-book.html

Classifying Traffic using NBAR:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_nbar/configuration/15-mt/qos-nbar-15mt-book/clsfy-traffic-nbar.html

Configuring NBAR:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_nbar/configuration/15-mt/qos-nbar-15mt-book/nbar-mqc.html
238 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching lab exam. We recommend watching the following learning videos that cover
the topics seen in this lab scenario.

Video Title: Quality of Service Lecture

Video Title: Quality of Service Configuration

Video Title: Classification and Marking, Part 1-4
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
Diagram 38.1: Quality of Service Mechanisms Topology
239|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 38 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
Configuration Tasks
1. On the WAN link between R3 and R6, enforce a QOS policy using a policy-map called
Serial_Policy1. This QOS policy has 3 classes of service. Under congestion, a class called BRONZE
matching DSCP AF21 has 256 Kbits/s reserved, a class called SILVER matching DSCP AF31 has 256
kbits/s reserved, and a class called GOLD matching DSCP EF has 512 kbits/s reserved.
2. Class SILVER has to be shaped to 512 kbits/s with a normal burst size of 2048 bits.
3. Class BRONZE can obtain throughput up to a peak of 512 kbps if enough bandwidth is available.
4. On the interface E0/1.101 of R2, configure traffic-shaping. Limit the egress TCP traffic for
destination port 80 to 1 kbps and the egress TCP traffic for destination port 443 to 300 kbps.
Traffic not matching any access-list should be shaped to 100 kbps.
5. On R3 and R6, in the policy-map called Serial_policy1, add the following classes: the class called
CUSTOMER1 is matching IP DSCP CS4 and the class called CUSTOMER2 is matching IP traffic with
a destination TCP port of 69.
6. On R3 and R6, in the class called CUSTOMER1, police the traffic to a CIR of 128 kbps with a Bc of
1500 bytes and a PIR of 256 kbps with a Be of 4500 bytes. Packets that conform are sent, packets
that exceed are re-marked with a COS of 0 and transmitted, and packets that violate are dropped.
7. On R3 and R6, in the class called CUSTOMER2, police the traffic to a CIR of 64 kbps with a Bc of
1500 bytes and a PIR of 128 kbps with a Be of 3000 bytes. Packets marked with a DSCP of AF32
and AF33 that conform are sent, packets with a DSCP of AF32 and AF33 that exceed are remarked with DSCP of AF11 and transmitted, and packets that violate are dropped. Packets that
belong to neither AF32 nor AF33 are re-marked with a DSCP of AF12. Create a class-map called
AF3233.
8. On the WAN link between R3 and R4, enforce a QOS policy using a policy-map called
Serial_Policy_Parent. This QOS policy has only the class default. This policy-map is used to police
the traffic to 100 kbps.
9. Create a policy-map called Serial_Policy_Child and enforce this QOS policy on the traffic that has
already been policed in the previous question. The service-policy Serial_Policy_Child has two
240 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
classes called CLASS1 and CLASS2. CLASS1 is matching UDP traffic and CLASS2 is matching TCP
traffic. CLASS1 should be policed to 20 kbps and CLASS 2 should be policed to 50 kbps.
10. On the WAN link between R3 and R5, enforce a QOS policy using a policy-map called
Serial_Policy_Percentage. This QOS policy has only the class default. This policy-map is used to
police the traffic to a CIR of 60% of the available bandwidth and to a PIR of 90% of the available
bandwidth.
11. On the WAN link between R3 and R5, configure PPP encapsulation and enable RTP enhanced
header compression.
12. Consider that the connection between R3 and R4 is a satellite link. Enable RTP header
compression on this connection.
13. On the link between R6 and R2, enforce a QOS policy using a policy-map called
Serial_Policy_NBAR on R6. This QOS policy has 2 classes called LOTUS and URL. LOTUS class is
matching Lotus notes traffic and is shaped to 512 kbps. URL class is matching HTTP traffic that
contains a URL of /iPexpert is policed to 512 kbps.
Helpful Verification Commands



Show policy-map
Show policy-map interface
Show traffic-shape
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 38 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 5
Copyright© iPexpert. All Rights Reserved.
241|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 39: Configure and Troubleshoot IP/IOS
Services (Part 1)
Technologies Covered




Syslog logging
Logging timestamps
Logging to flash
Conditional debugging
Overview
You have been tasked to configure various management services in your network. You have to
know how to enable logging (including sending logs to a Syslog server), how to configure change
notifications and finally enable the archiving feature.
Estimated Time to Complete: 1 hour
242 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

Basic System Management Configuration Guide:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/bsm/configuration/15-mt/bsm-15-mtbook.html

Troubleshooting and Fault Management:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/bsm/configuration/15-mt/bsm-15-mtbook/bsm-troubleshooting.html

Configuration Change Notification and Logging:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/config-mgmt/configuration/15mt/configmgmt-15-mt-book/cm-config-logger.html
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching lab exam. We recommend watching the following learning videos that cover
the topics seen in this lab scenario.

Video Title: IP and IOS Services Lecture

Video Title: Optimize the Network
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
243|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Diagram 39.1: IP/IOS Services Topology
Lab 39 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
Configuration Tasks
1. Configure R2 to log system messages to a syslog server with the IP address 10.2.2.2. Send only
emergencies, alerts, and critical messages.
2. Configure R2 to log all messages with a severity from 1 to 7 in an internal buffer. The size of this
buffer should be 20000.
3. Make sure that any type of log messages has the exact date and time stamp (and not the
uptime).
4. If two system messages arrive with the same timestamps, make sure (with sequence numbers)
that you still know which one was generated first.
5. Configure R2 to log only emergencies, alerts, critical, and error messages to the console.
244 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
6. Ensure that the router does keep a history file of 10 logged messages prepared to be sent as
SNMP traps.
7. Limit the rate of logging messages to 70 per second for all logging messages, except for those
with a severity level 5.
8. Log every configuration command entered on R9. Log the last 500 configuration command
messages locally. Make sure that the passwords and SNMP community strings are replaced by
****asterisks****. Also, send notifications of configuration changes to a syslog server.
Helpful Verification Commands



Show logging
Show archive log config
Show debugging
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specifi c
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 39 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 5
Copyright© iPexpert. All Rights Reserved.
245|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 40: Configure and Troubleshoot IP/IOS
Services (Part 2)
Technologies Covered



SNMP v2
SNMP v3
NTP
Overview
You have been tasked to configure management services in your network. Specifically, SNMP
versions 2/3 and NTP will be configured in this lab. The knowledge of NTP Access-Lists is also
required to successfully finish this scenario.
Estimated Time to Complete: 2 hours
246 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

NTPv4 in IPv6:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/bsm/configuration/15-mt/bsm-15-mtbook/ip6-ntpv4.html

NTP ACL:
http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf012.ht
ml#wp1001170

Setting Time and Calendar Services:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/bsm/configuration/15-mt/bsm-15-mtbook/bsm-time-calendar-set.html

SNMP:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/snmp/configuration/15-mt/snmp-15-mtbook/nm-snmp-cfg-snmp-support.html
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching lab exam. We recommend watching the following learning videos that cover
the topics seen in this lab scenario.

Video Title: IP and IOS Services Lecture

Video Title: IP and IOS Services Configuration
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
247|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Diagram 40.1: IP/IOS Services Topology
Lab 40 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
Configuration Tasks
1. On R2, permit any SNMP server to poll the router with read-only permission using the community
string iPexpert.
2. R2 should send IPSEC traps to the server 10.4.4.4 using SNMPv2c. The community iPexpert is
included in the traps.
3. On R6, permit only hosts 10.4.4.4 and 10.4.4.3 to poll the router with read-only permission using
the community string iPexpert. Use access-list number 6.
4. R2 should send all syslog messages as SNMP ACKed traps to the server 10.4.4.4 using SNMPv2c.
ACKed trap means that an ACK packets should be sent by the server back to R2 to confirm that he
received the trap. The community iPexpert is included in the traps.
248 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
5. R3 is going to be polled by a NMS with an IP address of 10.5.5.5. This polling should be configured
according to the AuthPriv security model. Create two views, a RO view called ROVIEW and a RW
view called RWVIEW. Make the MIB-2 objects accessible for both views.
6. On R3, define a RO group called ROGROUP. Associate to this group with read view ROVIEW and
the following user:

username: Username1

password: Password1

encryption password: iPexpert

Use the SHA authentication method and the 3-DES encryption method.
7. On R3, define a RW group called RWGROUP. Associate this group with read view ROVIEW, write
view RWVIEW and the following user:

username: Username2

password: Password2

encryption password: iPexpert

Use the MD5 authentication method and the AES-256 encryption method.
8. On R3, enable traps and informs to be sent to 10.5.5.5 using payload encryption. The user
Username1 generates the traps and informs.
9. Configure R5 as a stratum 5 NTP master.
10. NTP server on R5 should source packets from interface S4/0.
11. Configure R3 as client from NTP server R5. Configure NTP authentication between R3 and R5 with
a key number of 1 and a password of “ iPexpert”.
12. On R5, make sure that the only NTP client that can synchronized with R5 is the client with the IP
address 10.1.35.3. Use an access-list called NTPCLIENT.
13. Make sure that only 10.1.35.5 can be the NTP server for R3. Configure on R3 an access-list called
NTPSERVER.
249|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Helpful Verification Commands








Show
Show
Show
Show
Show
Show
Show
Show
snmp
snmp group
snmp user
snmp community
snmp host
snmp enine-id
ntp status
ntp association
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 40 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 5
Copyright© iPexpert. All Rights Reserved.
250 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 41: Configure and Troubleshoot IP/IOS
Services (Part 3)
Technologies Covered



Proxy ARP
Local Proxy ARP
DHCP
Overview
In this scenario you will be tasked to configure multiple management services, along with Proxy
and Local Proxy ARP. The knowledge of DHCP protocol is required for this lab.
Estimated Time to Complete: 2 hours
251|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

Proxy ARP:
http://www.cisco.com/c/en/us/support/docs/ip/dynamic-address-allocation-resolution/137185.html

DHCP Process:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dhcp/configuration/15-mt/dhcp-15mt-book/dhcp-overview.html

DHCP Server Configuration:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dhcp/configuration/15-mt/dhcp15-mt-book/config-dhcp-server.html

DHCP Relay Agent:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dhcp/configuration/15-mt/dhcp-15mt-book/config-dhcp-relay-agent.html
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching lab exam. We recommend watching the following learning videos which
cover the topics seen in this lab scenario.

Video Title: IP and IOS Services Lecture

Video Title: IP and IOS Services Configuration
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
252 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Diagram 41.1: IP/IOS Services Topology
Lab 41 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
Configuration Tasks
1. On R2, when someone is trying to reload the router, the reload command should have no effect.
Configure the IP address 10.1.26.2 with a mask 255.255.0.0 on the interface E0/1 of R2. Do not
modify this mask on the other side of the connection between R6 and R2. In the routing table of
R2, there are only the connected networks. However, R2 is able to ping 10.1.69.9 with the ping
sourced from IP address 10.1.26.2. On the interface of R6, disable the mechanism that makes this
IP connectivity possible.
2. On R2, make sure that the interface E0/1 is replying to all the ARP requests sent on the network
10.1.26.0/24.
3. Configure R3 as a DHCP server for the network 10.1.35.0/24 and 10.1.36.0/24. Default gateways
are 10.1.35.1 and 10.1.36.1 respectively. The DNS server IP address is 10.2.2.2.
253|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
4. The IP address range 10.1.35.1-10.1.35.11 should be excluded from the IP addresses allocated to
the clients by the server.
5. The IP address range 10.1.36.1-10.1.36.11 should be excluded from the IP addresses allocated to
the clients by the server.
6. R3 will also be DHCP servers for the network 10.1.26.0/24. Default gateway is 10.1.26.1. The DNS
server IP address is 10.2.2.2.
7. The IP address 10.1.35.100 should always be assigned to the server with the mac address
aaaa.bbbb.cccc.
8. Configure R9 as a DHCP server for the network 10.1.79.0/24. Default gateway is 10.1.79.1. The
DNS server IP address is 10.2.2.2. Exclude 10.1.79.1-11 from the DHCP range.
9. The interface E0/0 of R7 should retrieve an IP address from the DHCP pool configured earlier.
10. On R9, configure AAA and Radius for DHCP accounting. The RADIUS server has IP address
10.2.2.2.
Helpful Verification Commands




Show ip arp
Clear ip arp
Show ip dhcp pool
Show ip dhcp binding
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 41 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 5
Copyright© iPexpert. All Rights Reserved.
254 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 42: Configure and Troubleshoot IP/IOS
Services (Part 4)
Technologies Covered




IP SLA
HSRP
VRRP
GLBP
Overview
IP/IOS Services covered in this lab include IP SLA and First Hop Redundancy Protocols : HSRP,
VRRP and GLBP. Configuration of authentication, preemption and Load Distribution for certain
FHRPs is also part of this scenario.
Estimated Time to Complete: 2 hours
255|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

IP SLA Configuration Guide:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipsla/configuration/15-mt/sla-15-mtbook.html

First Hop Redundancy Protocol Configuration Guide:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/15-mt/fhp-15-mtbook.html
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching lab exam. We recommend watching the following learning videos that cover
the topics seen in this lab scenario.

Video Title: Service Level Agreement and Object Tracking

Video Title: IP and IOS Services Lecture

Video Title: IP and IOS Service Configuration

Video Title: First-Hop Redundancy Protocols
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
256 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Diagram 42.1: IP/IOS Services Topology
Lab 42 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
Configuration Tasks
1. On the connection between R7 and R9, configure IP SLA on R7 to measure the UDP jitter. UDP
packets should be sent to 10.1.79.9 port 3200 every 10 seconds with a DSCP marking of EF. This
measurement should run indefinitely.
2. When the connection between R7 and R9 is lost, R7 will send a trap and trigger a ping 10.1.79.9
every 5 seconds during 60 seconds. If connectivity is not re-established after 60 seconds, a
second trap will again be sent. Enable R7 to send CISCO-SYSLOG-MIB traps to the SNMP server
10.1.222.200 with the community “iPexpert”.
257|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
3. Between R6 and R9, configure an IP SLA job on R6 that will generate an ICMP echo with a packet
size of 1000 bytes every 10 seconds. Those packets have to be sent to 10.1.69.9.
4. The IP SLA control messages between R6 and R9 have to be authenticated using a key-chain
called “iPexpert”. This key-chain should use key number 3 and a key string of “iPexpert”.
5. Between R6 and R8, configure on R6 a TCP operation to 10.1.68.8 on port 443 that doesn’t
require R8 to be configured as a responder.
6. Between R8 and R2, configure on R8 a TCP operation to 10.1.108.2 on port 80 that requires R2 to
be configured as a responder.
7. Configure R8 to perform every 30 seconds a DNS lookup on the DNS server 10.1.222.222 for the
website www.ipexpert.com.
8. Configure GLBP between R8, R2, and R1 on the network 10.1.108.0/24. Virtual IP address is
10.1.108.133. 10% of the traffic should use R2 as a gateway and 10% of the traffic should use R1
as a gateway.
9. Authenticate the GLBP routers with a MD5 hashed password of “iPexpert133”.
10. Configure VRRP between R2 and R1 on the network 10.1.108.0/24. Virtual IP address is
10.1.108.144. When R2 is up and running, it should always be the master.
11. Authenticate the VRRP routers with a password of “iPexpert”.
12. Configure HSRP between R8 and R2 on the network 10.1.108.0/24. Virtual IP address is
10.1.108.155. As long as R8 is up and running, it should stay the master and when an outage
occurs, it should recover this role 1 minute after coming back online.
13. When the ICMP echo from R8 to R6 fails, the priority should be decreased the minimum in such a
way that R2 takes over the primary role.
14. Authenticate the HSRP routers with a clear text password of “iPexpert”.
258 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Helpful Verification Commands









Show
Show
Show
Show
Show
Show
Show
Show
Show
standby
standby brief
vrrp
glbp
ip sla configuration
ip sla application
ip sla statistics
ip sla summary
ip sla responder
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 42 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 5
Copyright© iPexpert. All Rights Reserved.
259|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 43: Configure and Troubleshoot IP/IOS
Services (Part 5)
Technologies Covered







NAT Overload
NAT Route-maps
Static NAT
Static PAT
NAT no alias
NAT no payload
Policy NAT
Overview
This lab focuses on Network Address Translation (NAT). Multiple NAT technologies (Dynamic,
Static, PAT) are covered, including Policy NAT. The knowledge of certain NAT features is also
tested, like for example the “no alias” keyword.
Estimated Time to Complete: 2 hours
260 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

NAT Configuration:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/15-mt/nat-15-mtbook/iadnat-addr-consv.html

Reversible NAT:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/15-mt/nat-15-mtbook/iadnat-rmap-outin.html
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching lab exam. We recommend watching the following learning videos that cover
the topics seen in this lab scenario.

Video Title: IOS NAT
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
261|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Diagram 43.1: IP/IOS Services Topology
Lab 43 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
Configuration Tasks
1. On R7, configure a default route towards R9. 10.1.79.0/24 is the inside network, 100.1.69.0/24 is
the outside network. Make sure that the ping from R7 to 100.1.69.6 is successful using a static
NAT – map 10.1.79.7 to 100.1.69.20.
2. We don’t want R9 to respond to the ARP request for 100.1.69.20. Clear the ARP cache and verify
that the ping from R7 to 100.1.69.6 is unsuccessful.
3. Ensure that the ping from R7 to 100.1.69.6 is again successful by configuring a static ARP entry on
router R6.
262 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
4. Ensure that the payload will not be modified by the static NAT entry configured on R9.
5. On R9, configure loopback0 with an IP address of 10.1.9.9/24. 10.1.9.0/24 is the inside network,
100.1.69.0/24 is the outside network.
6. On R9, configure a dynamic NAT that maps the internal range 10.1.9.0/24 to the public address
range 100.1.69.241-100.1.69.255. When no more address is available in the public range, a new
connection will use a mapping of an already mapped public IP address with a different port
number.
7. On R9, configure loopback1 with an IP address of 11.1.9.9/24. 11.1.9.0/24 is the inside network,
100.1.69.0/24 is the outside network.
8. On R9, configure a dynamic PAT that maps the internal range 11.1.9.0/24 to the interface E0/0.
9. On R8, enable the TCP small server service on TCP port 13 called “datetime”.
10. On R8, configure a default route towards R6. 100.1.68.0/24 is the inside network, 100.1.69.0/24
is the outside network. Make sure that telnet from R9 to 100.1.69.30 on port 4000 will return the
daytime information.
11. 10.1.108.0/24 is the inside network, 100.1.68.0/24 is the outside network. R1 should be able to
reach R6 without configuring any static/default routes. You have to use the ip nat outside
command on R8.
12. Ensure that you can telnet from R1 to R6 by using the “add-route” keyword in the NAT rule.
13. On R2, configure a default route towards R8. Traffic coming from R2 should be dynamically
NATed to the IP address 100.1.68.20. Use a route-map to achieve this task.
Helpful Verification Commands



263|P a g e
Show ip nat translations
Show ip nat statistics
Clear ip nat translations
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 43 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 5
Copyright© iPexpert. All Rights Reserved.
264 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 44: Configure and Troubleshoot IP/IOS
Services (Part 6)
Technologies Covered





IP precedence accounting
IP output packet accounting
IP access violation accounting
MAC address accounting
TCP optimization
Overview
The main focus of this scenario is IP Accounting. Another part of the labs is related to tuning the
TCP stack on the routers (PMTUD, high performance options and more).
Estimated Time to Complete: 1 hour
265|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

Cisco IOS Accounting Features:
http://www.ciscopress.com/articles/article.asp?p=764234&seqNum=4

Configuring IP Accounting:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp/configuration/15-s/iap-15-s-book/iapipserv.html - GUID-2C668491-3A84-4985-A47D-296850FEE20C

Configuring TCP:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp/configuration/15-mt/iap-15-mtbook/iap-tcp.html
iPexpert’s Recommended Video Training

No associated videos
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
266 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Diagram 44.1: IP/IOS Services Topology
Lab 44 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
Configuration Tasks
1. On R7, perform on the E0/1 accounting based on IP precedence on received packets.
2. Configure the following loopbacks:
Table 44.2
267|P a g e
R8 loopback0
10.1.8.8/32
R9 loopback0
10.1.9.9/32
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
3. Advertise loopback0 of R8 and R9 into OSPF using network statements.
4. On R6, create an access-list to block traffic going from loopback0 of R8 to the loopback0 of R9.
5. Ensure that IP accounting displays the number of packets blocked by the access-list from Task 4.
6. On the interface E0/1 of R6, collect statistics about traffic per MAC address in the egress and
ingress direction.
7. On R8, activate high performance TCP options as described in RFC 1323.
8. On R2, configure the outgoing TCP queue to contain a maximum of 10 packets.
9. On R2, activate PMTUD.
10. R8 should wait for a maximum of 10 seconds to receive a TCP SYN.
11. Make sure that the “TCP silly window syndrome” will not affect R8.
Helpful Verification Commands





Show ip accounting
Clear ip accounting
Show interface x precendence
Show interface x accounting
Show interface x mac-accounting
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 44 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 5
Copyright© iPexpert. All Rights Reserved.
268 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Lab 45: Configure and Troubleshoot IP/IOS
Services (Part 7)
Technologies Covered





Netflow ingress and egress
Netflow top talkers
Netflow aggregation cache
Netflow random sampling
Netflow input filters
Overview
The management service covered in this lab is NetFlow. You have to know how to configure this
technology and how to send the collected data to an aggregation server. The Top Talkers feature
and Random Sampling configuration is also tested in this scenario.
Estimated Time to Complete: 1 hour
269|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
iPexpert’s Recommended Reading Material

NetFlow:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/netflow/configuration/15-mt/nf-15-mtbook.html

Flexible Netflow Configuration Guide:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fnetflow/configuration/15-mt/fnf-15-mtbook.html

Flexible Netflow – Top N Talkers Support:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fnetflow/configuration/15-mt/fnf-15-mtbook/cgf-topn.html
iPexpert’s Recommended Video Training
iPexpert’s Video on Demand training library contains a wealth of videos pertaining to the CCIE
Routing & Switching lab exam. We recommend watching the following learning videos that cover
the topics seen in this lab scenario.

Video Title: NetFlow
Topology Details
Logically connect and configure your network as displayed in the drawing below. You may also
refer to the diagram located within your configuration files for topology information.
The topology used in the lab will be the following:
270 | P a g e
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Diagram 45.1: IP/IOS Services Topology
Lab 45 Setup

This lab is intended to be used with online rack access. Connect to the terminal server for the
online rack, and complete the configuration tasks as detailed below.
NOTE
Load the initial configuration files before starting to work on the tasks.
Configuration Tasks
1. Setup R8 to collect Netflow version 9 statistics on E0/0 and E0/1, and to send them to server
10.1.79.33 on port 2333 in version 9 format. If R8 uses BGP, the peer AS should be included in
exports. Make sure that the flows information is not duplicated.
2. Configure R8 to export flow records every 2 minutes.
3. On R8, ensure that a flow in the cache that was not refreshed during 10 seconds expires.
4. Setup R9 to collect Netflow version 9 statistics on E0/0 and E0/1, and to send them to server
10.1.79.33 on port 2333 in version 5 format. Only 1 out of 50 packets should be captured by
Netflow, randomly.
271|P a g e
Version 5.1A
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
5. On R6, configure Netflow on interface E0/1 and interface E0/0 to only capture traffic between
10.1.8.8 and 10.1.9.9. Only 1 out of 2 packets from this flow should be captured. Use a class-map
called “NETFLOWCLASS” and a policy-map called “NETFLOWPOLICY”
6. On R1, configure Netflow version 9 on interface E0/0 to capture Netflow statistics in egress and
ingress directions. The Netflow template should be sent every minute in version 9 to server
10.1.79.44.
7. On R1, on the Netflow running on the E0/0, aggregate flow based of destination prefix present in
the routing table. Never aggregate with a mask number lower than /24.
8. On R2, setup Netflow to display in the command line the 20 top speakers going through interface
E0/0. Sort the top speaker by bytes.
9. On R7, configure Flexible Netflow to collect the source and destination IPv4 address, the flow
direction, the next-hop IP address using a flow record called “IPEXPERTRECORD”.
10. On R7, configure Flexible Netflow to export statistics to the server 10.1.79.55 on port 3444 every
30 seconds using a flow exporter called “IPEXPERTEXPORTER”.
11. Activate Flexible NetFlow configuration in the ingress and egress direction on interface E0/1.
Helpful Verification Commands






Show
Show
Show
Show
Show
Show
272 | P a g e
ip flow
ip flow top-talkers
ip cache flow
flow record
flow exporter
flow monitor
Version 5.2C
iPexpert’s Lab Preparation Workbook
for Cisco’s CCIE Routing & Switching Lab Exam, Volume 1
Technical Verification and Support
To verify your configurations please ensure that you have downloaded the latest “final
configurations” from within the iPexpert Member’s Area.
You may also verify your configurations and obtain a detailed overview of why specific
commands were used within the accompanying Detailed Solution Guide.
For instructor and developer support, please be sure to submit questions through our
interactive support community that’s accessible from the Member’s Area.
This concludes Lab 45 of iPexpert's CCIE Routing & Switching Workbook, Volume 1, Section 5
Copyright© iPexpert. All Rights Reserved.
273|P a g e
Version 5.1A
Download