[info]1.1 (IP Bridging)[/info]
[success]When told to create a bridge between R1 and R3 using R6 for traffic between VLAN16 and VLAN36. Make sure the rest of the routing domain can communicate with both R1 and R3 via IP:[/success]
R6:
bridge irb <–activates IRB
!
Int fa0/0.16
bridge-group 1
!
int fa0/0.36
bridge-group 1
!
int BVI1
ip address 136.1.136.6 255.255.255.0
!
bridge 1 protocol ieee <–the IEEE 802.1d standard is the STP
bridge 1 route ip <–This command says that when an IP address is present on an interface, even one with a bridge-group command, then IP traffic should be routed from and to that interface.
The two command above allows routing of IP for bridge group 1. VLANs (virtual LANs) are not part of 802.1D, but specified in 802.1Q.
[info]1.2 (Spanning-Tree Protocol)[/info]
[success]When told to configure SW1 as the spanning-tree root:[/success]
SW1:
spanning-tree vlan 4 root primary
spanning-tree vlan 44 root primary
spanning-tree vlan 52 root primary
spanning-tree vlan 63 root primary
[success]When told to have traffic between SW1 and SW2 use Fa1/9 and have Fa1/8 as a backup if Fa1/9 goes down. This should be done on SW1:[/success]
SW1:
int fa1/8
spanning-tree vlan 4 port-priority 32
spanning-tree vlan 44 port-priority 32
spanning-tree vlan 52 port-priority 32
spanning-tree vlan 63 port-priority 32
!
int fa1/9
spanning-tree vlan 4 port-priority 16 <–for priority lower is better
spanning-tree vlan 44 port-priority 16
spanning-tree vlan 52 port-priority 16
spanning-tree vlan 63 port-priority 16
SW2:
spanning-tree uplinkfast <–provides fast reconvergence if a direct failure of the root port occurs
[info]2 (IPv4)
2.1 (OSPF)[/info]
[success]When told to make sure R2 uses R5 to reach R4 and vice versa:[/success]
R2:
int s0/0
ip ospf network point-to-multipoint
R4:
int s0/0
ip ospf network point-to-multipoint
R5:
int s0/0.245
ip ospf network point-to-multipoint
[success]When told to advertise R1, R2, R4, and R5′s loopback 0 interfaces into OSPF area 0. They should show up with a mask of /24 (R1 & R2) with the exception to the prefixes you need to appear as /32 (R4 & R5):[/success]
R1:
int loopback0
ip ospf network point-to-point <–Advertises the loopback with a 24 bit subnet mask into OSPF
!
router ospf 1
network 150.1.1.1 0.0.0.0 area 0
R2:
int loopback0
ip ospf network point-to-point <–Advertises the loopback with a 24 bit subnet mask into OSPF
!
router ospf 1
network 150.1.2.2 0.0.0.0 area 0
R4:
router ospf 1
network 150.1.4.4 0.0.0.0 area 0
R5:
router ospf 1
network 150.1.5.5 0.0.0.0 area 0
[error]The reason to have R4 & R5 keep the /32 is because of the MPLS VPN. LSP failures will result if you go with a /24. A mismatch between the route advertised for the loopback and the label binding generated by a PE will occur.[/error]
[success]When told to configure OSPF area 45 on the serial link between R4 and R5 for backup purposes to the FR cloud and traffic should NOT be routed across the serial link when the FR cloud comes back up:[/success]
R4:
int s0/1
ip ospf cost 65534 <– lower the cost the better making sure this path is not used
!
router ospf 1
area 45 virtual-link 150.1.5.5
network 136.1.45.4 0.0.0.0 area 45
R5:
int s0/1
ip ospf cost 65534
!
router ospf 1
area 45 virtual-link 150.1.4.4
network 136.1.45.5 0.0.0.0 area 45
[error]The reason for the virtual link between R4 and R5 is because when R4 loses it connection to FR cloud, OSPF areas 4 and 44 lose their connection to area 0 making area 0 discontiguous.[/error]
[success]When told to make sure the routing information is legit and you should secure all area0 adjacencies with a secure hash value password CISCO:[/success]
R1:
int s0/0
ip ospf message-digest-key 1 md5 CISCO
!
router ospf 1
area 0 authencation message-digest
R2:
int s0/0
ip ospf message-digest-key 1 md5 CISCO
!
router ospf 1
area 0 authencation message-digest
R4:
int s0/0
ip ospf message-digest-key 1 md5 CISCO
!
router ospf 1
area 0 authencation message-digest
area 45 virtual-link 150.1.5.5 message-digest-key 1 md5 CISCO
R5:
int s0/0.15 point-to-point
ip ospf message-digest-key 1 md5 CISCO
!
int s0/0.245 multipoint
ip ospf message-digest-key 1 md5 CISCO
!
router ospf 1
area 0 authentication message-digest
area 45 virtual-link 150.1.4.4 message-digest-key 1 md5 CISCO
[info]2.2 (IGP Features)[/info]
[success]When told to have the OSPF domain configure with:
-Bandwidth 10000Mbps Cost 2
-Bandwidth 10Mbps Cost 2000
-Bandwidth 1.544Mbps Cost 12953
-Bandwidth 0.768Mbps Cost 26041[/success]
R1, R2, R4, R5, SW1, and SW2:
route ospf 1
auto-cost reference-bandwidth 20000 <–cost = reference bandwidth / interface bandwidth so:
2 = reference bandwidth / 10000
2*10000 = 200002000 = RB/10
2000*10 = 20000
[success]When told that R5′s database is growing quickly and you need to make sure that OSPF LSA’s are grouped, check-summed, and max aged six times the default:[/success]
R5:
router ospf 1
timers pacing lsa-group 40 <–this command changes the interval at which link-state advertisements (LSAs) are collected into a group and refreshed, checksummed, or aged. Default is 240. They want slower 240/6=40
[success]When told to protect R5 against flooding with the same LSA and to make sure it holds for twice the default interval before accepting the same LSA again:[/success]
R5:
router ospf 1
timers lsa arrival 2000 <–accepting the same LSA at 2000 milliseconds. Default 1000
[success]
When told to redistribute and obtain full reachability to all advertised networks
and
When told R5 should route through R1 to get prefixes learned from BB1 and route through R2 to get to the prefixes learned from BB3:
[/success]
R1:
router eigrp 100
redistribute ospf 1 metric 10000 1000 100 1 1500
!
rouer ospf 1
redstribute eigrp 100 subnets route-map EIGRP2OSPF
distance ospf external 171
!
route-map EIGRP2OSPF permit 10
match tag 1 <–tag 1 send R5 to BB1
set metric 1
!
route-map EIGRP2OSPF permit 1000
R2:
rotuer eigrp 100
redistribute ospf 1 metric 10000 1000 100 1 1500
!
router ospf 1
redistribute eigrp 100 subnets route-map EIGRP2OSPF
distance 171
!
route-map EIGRP2OSPF permit 10
match tag 3 <–tag 3 send R5 to BB3
set metric 1
!
route-map EIGRP2OSPF permit 1000
R5:
router ospf 1
redistribute rip subnets
!
router rip
distance 109
redistribute ospf 1 metric 1
R6:
router eigrp 100
redistribute rip metric 10000 1000 100 1 1500 route-map RIP2EIGRP
!
router rip
redistribute eigrp 100 metric 1
!
ip prefix-list RIP_FROM_BB1 seq5 permit 212.18.0.0/22 ge 24 le 24
!
ip prefix-list RIP_FROM_BB3 seq5 permit 30.0.0.0/14 ge 16 le 16
ip prefix-list RIP_FROM_BB3 seq10 permit 31.0.0.0/14 ge 16 le 16
!
route-map RIP2EIGRP permit 10
match ip address prefix-list RIP_FROM_BB1
set tag 1 <–tag 1 send R5 to BB1
!
route-map RIP2EIGRP permit 20
match ip address prefix-list RIP_FROM_BB3
set tag 3 <–tag 3 send R5 to BB3
!
route-map RIP2EIGRP permit 30
[info]2.3 (BGP Path Manipulation)[/info]
[success]When told that AS100 CANNOT be used to transit to AS54 and this should be configured on R6:[/success]
R6:
router bgp 100
neighbor 54.1.3.254 route-map NO_EXPORT in
neighbor 204.12.1.254 route-map NO_EXPORT in
neighbor 136.1.136.1 send-community
neighbor 136.1.136.3 send-community
!
route-map NO_EXPORT permit 10
set community no-export
[success]When told to advertise VLAN3 into BGP on R3 and AS200 should route through AS300 to get these prefixes and it should be done in AS100:[/success]
R3:
router bgp 100
network 136.1.3.0 mask 255.255.255.0
R1:
router bgp 100
neigh 136.1.15.5 route-map TO_R5 out
!
ip prefix-list VLAN3 seq 5 permit 136.1.3.0/24
!
route-map TO_R5 permit 10
match ip address prefix-list VLAN3
set as-path prepend 100 100 <–by prepending the as-path, it will take R2 path
!
route-map TO_R5 permit 1000
[info]2.4 (BGP Attributes)[/info]
[success]When told to advertise VLAN29 into BGP on R2 and it should be seen like this and it should not affect other prefixes on R5:
*> 136.1.29.0/24 136.1.245.2 0 100 300 i[/success]
R2:
router bgp 300
network 136.1.29.0 mask 255.255.255.0
R5:
router bgp 200
neighbor 136.1.245.2 route-map FROM_R2 in
!
ip prefix-list VLAN29 seq 10 permit 136.1.29.0/24
!
route-map FROM_R2 permit 10
match ip address prefix-list VLAN20
set weight 100
!
route-map FROM_R2 permit 1000
[success]When to configure AS300 so that traffic destined for VLAN29 comes in the serial link to R3 (S1/1 on R@). If the link between is down, VLAN29 should still be accessable via the FR cloud. This should be done on R2:[/success]
R2:
router bgp 300
neighbor 136.1.245.5 advertise-map ADVERTISE non-exist-map NON_EXIST <–When a match is made on the non-exist-map, the status of the advertise-map is Withdraw; when no match is made, the status becomes Advertise.
!
ip prefix-list SERIAL seq 10 permit 136.1.23.0/24
!
ip prefix-list VLAN29 seq 10 permit 136.1.29.0/24
!
route-map NON_EXIST permit 10
match ip address prefix-list SERIAL
!
route-map ADVERTISE permit 10
match ip address prefix-list VLAN29
[success]When told to make sure that R3 and SW3 will accept BGP updates with AS100 in the AS path and do not alter R2s config:[/success]
R3:
router bpg 100
neigh 136.1.23.2 allowas-in <– this overrides the AS-PATH rule when you see your own AS in the path, disregard them
SW3:
router bgp 100
neigh 136.1.29.2 allowas-in
3.1 (IPv6 Addressing)
[success]When told to configure VLAN29 and VLAN4 to support IPv6 with 2001:CC1E:1:202::/64 for R2 and 2001:CC1E:1:404::/64 for R4. The host portion should be based off of MAC the address:[/success]
R2:
int fa0/0
ipv6 address 2001:CC1E:1:202::/64 eui-64
R4:
int fa0/0
ipv6 address 2001:CC1E:1:404::/64 eui-64
[success]When told to enable communcation between VLAN29 and VLAN4 using an IPv4 based GRE tunnel. Use any site-local network for IPv6 addressing within the tunnel:[/success]
R2:
int tunnel0
ipv6 address FEC0::2/64
tunnel source 150.1.2.2
tunnel destination 150.1.4.4
R4:
int tunnel0
ipv6 address FEC0::4/64
tunnel source 150.1.4.4
tunnel destination 150.1.2.2
[error]
Site-local addresses are implementations of IPv4 private addresses in IPv6. These addresses are supposed to be used within a site or an Intranet and are not forwarded to public Internet. In hexadecimal notation they start with “FEC”, “FED”, “FEE” or “FEF”.
Link-local addresses start with “FE8”, “FE9”, “FEA” or “FEB” notations. An IETF worker Hinden (1995) explains that link-local addresses “are designed to be used for addressing on a single link for purposes such as auto-address configuration” or neighbor discovery.
[/error]
[info]3.2 (IPv6 Routing)[/info]
[success]When told to exchange routing info between R2 and R4 using OSPFv3 where R4 should learn R2′s IPv6 prefixes and should send them as a single route to R2 allowing R2 to reach any destination:[/success]
R2:
ipv6 unicast-routing <–used to enable the forwarding of IPv6 packets between interfaces on the router.
!
ipv6 router ospf 1 <–Enables OSPF router configuration mode.
!
int tunnel 0
ipv6 ospf 1 area 0
!
int fa0/0
ipv6 ospf 1 area 0
R4:
ipv6 unicast-routing
!
ipv6 router ospf 1
default-information originate always <–This command will advertise a default route into the OSPF domain, regardless of whether it has a route to 0.0.0.0.
!
int tunnel 0
ipv6 ospf 1 area 0
!
int fa0/0
ipv6 ospf 1 area 04
[success]When told to ensure the loss of a OSPFv3 neighbor is detected withing 3 seconds:[/success]
R2:
int tunnel 0
ipv6 ospf hello-interval 1 <–The shorter the hello interval, the earlier topological changes will be detected, but more routing traffic will ensue.
ipv6 ospf dead-interval 3 <–Sets the time period for which hello packets must not be seen before neighbors declare the router down (Usually 4xs the Hello)
R4:
int tunnel 0
ipv6 ospf hello-interval 1
ipv6 ospf dead-interval 3
[info]4 (MPLS VPN)
4.1 (Label Exchange)[/info]
[success]When told to configure label exchange between R4 and R5 using Cisco’s legacy protocol:[/success]
R4:
mpls label protocol tdp <–There is TDP and LDP. TDP being Cisco’s legacy
R5:
mpls label protocol tdp
[success]When told to make sure the TCP sessions do NOT use the loopback0 interface as sources:[/success]
R4:
int s0/1
mpls ldp discovery transport-address interface <–LDP advertises the IP address of the interface in LDP Discovery Hello messages sent from the interface. By default, the router ID is advertised as the transport address.
int s0/0
mpls ldp discovery transport-address interface
R5:
int s0/1
mpls ldp discovery transport-address interface
int s0/0.245
mpls ldp discovery transport-address interface
[success]When told to ensure reliability in case the primary FR interface fails:[/success]
R4:
mpls ldp router-id loopback 0 force <–the IP address on interface loopback 0 is configured as the LDP router ID. Note the optional force keyword, which ensures that the IP address on interface loopback 0, and not the IP address of any other interface, becomes the LDP router ID.
R5:
mpls ldp router-id loopback 0 force
[info]4.2 (MPLS VPN)[/info]
[success]When told to configure VLAN57 and VLAN44 interface on R5 and R4 in the VRF VPN_AB:[/success]
R4:
int fa0/1
ip vrf forwarding VPN_AB
R5:
int fa0/1
ip vrf forwarding VPN_AB
[success]When told to use RD value 100:47 and two different route-target values for every VRF:[/success]
R4:
ip vrf VPN_AB
rd 100:47
route-target export 100:47
route-target import 100:74
R5:
ip vrf VPN_AB
rd 100:47
route-target export 100:74
route-target import 100:47
[success]When told to make make sure you can ping the directly connected interfaces across the VPN:[/success]
R4:
router bgp 400
address-family ipv4 unicast VRF VPN_AB <– places the router in address family configuration mode and specifies VPN_AB as the name of the VRF instance to associate with subsequent IP Version 4 address family configuration mode commands
redistribute connected
!
address-family vpnv4 unicast <–The router is configured to exchange unicast IPv4 addresses
neighbor 150.1.5.5 activate <–Specifies a peer with which routes of the current address family are exchanged
neighbor 150.1.5.5 send-community both
R5:
router bgp 200
address-family ipv4 unicast VRF VPN_AB
redistribute connected
!
address-family vpnv4 unicast
neighbor 150.1.4.4 activate
neighbor 150.1.4.4 send-community both
[info]4.3 (PE-CE Routing)[/info]
[success]When told to use OSPf process numbers 44 (R4) and 57 (R5) to configure PE/CE routing and to make sure every site sees the other site routes as inter-area summary prefixes, not external routes:[/success]
R4:
router ospf 44 vrf VPN_AB
network 0.0.0.0 255.255.255.255 area 44
redistribute bgp 200 subnets
domain-id 47.47.47.47 <–Based on OSPF process ID. Should match. Good explainatin below.
!
router bgp 200
address-family ipv4 vrf VPN_AB <–Gets into the address family
redistribute ospf 44 <–This redistributes only OSPF intra- and inter-area routes into BGP
R5:
router ospf 57 vrf VPN_AB
network 0.0.0.0 255.255.255.255 area 57
redistribute bgp 200 subnets
domain-id 47.47.47.47
area 57 nssa <–reflects SW1 settings for the NSSA area
!
router bgp 200
address-family ipv4 vrf VPN_AB
redistribute ospf 57
[error]OSPF, unlike Border Gateway Protocol (BGP) or Enhanced Interior Gateway Routing Protocol (EIGRP), does not check the process number (or autonomous system number) when adjacencies are formed between neighboring routers and routing information is exchanged. The only case in which the OSPF process number is taken into account is when OSPF is used as the routing protocol on a Provider Edge to Customer Edge (PE-CE) link in a Multiprotocol Label Switching (MPLS) VPN. PE routers mark OSPF routes with the domain attribute derived from the OSPF process number to indicate whether the route originated within the same OSPF domain or from outside it. If the OSPF process numbering is inconsistent on PE routers in the MPLS VPN, the domain-id OSPF mode command should be used to mark that the OSPF processes with different numbers belong to the same OSPF domain.[/error]
[info]5 (Multicast)
5.1 (Multicast Forwarding)[/info]
[success]When told a client on VLAN29 is confgured to listen for multicast group 228.22.22.22 for testing purporse. The app does not support IGMP. Configure the network so this host can receive traffic sent to this group. Ensure R2 can fast switch traffic for this group out to VLAN29:[/success]
R2:
int fa0/0
ip igmp static-group 228.22.22.22 <–Key words “fast switch” point to static-group. Remember no ICMP echo request with this command.
[info]5.2 (Multicast Filtering)[/info]
[success]When told you have some bandwidth hogs and you want to restrict these people by confguring VLAN4 to receive feeds for groups that are used for business related activities and no one else. The groups are 225.25.25.25 and 226.26.26.26:[/success]
R4:
int fa0/0
ip igmp access-group 50
!
access-list 50 permit 225.25.25.25
access-list 50 permit 226.26.26.26
[info]5.3 (Multicast Filtering)[/info]
[success]When told to configure R1 so it doesn’t send any multicast traffic out of its FE interface that has a TTL of less than 13:[/success]
R1:
int fa0/0
ip multicast ttl-threshold 12
[info]6 (Security)
6.1 (Traffic Filtering)[/info]
[success]When told the network admin wants R6′s connection to BB1 secured by only allowing TCP, UDP, and ICMP traffic in from BB1 if it originated from behind R6 or is required for another secion of the lab. Ensure that users behind R6 can still traceroute to hosts beyond the FR cloud. Do not use CBAC or ZBF to accomplish this task:[/success]
R6:
int s0/0
ip access-group INBOUND in
ip access-group OUTBOUND out
!
ip access-list ext INBOUND
permit icmp any any time-exceeded
permit icmp any any port-unreachable
permit udp any any eq rip
permit tcp any any eq bgp
permit tcp any eq bgp any
evaluate REFLEXIVE
!
ip access-list ext OUTBOUND
permit tcp any any reflect REFLEXIVE
permit UDP any any reflect REFLEXIVE
permit ICMP any any reflect REFLEXIVE
[error]A good explanation from Brian McGahan:
Reflexive access-lists and content based access-control (CBAC) can
be thought of as subsets what the PIX firewall does. In order for a
firewall to be “stateful” it has to know what traffic has been originated
from inside the network. A “stateful” firewall means that when traffic
leaves the network it is noted in a state table. When traffic tries to come
back into the network it is only allowed if there is a previously created
entry in the state table. A reflexive list uses the same principle.When traffic is leaving the network it is “reflected” to the state
table. When traffic tries to come back in it is “evaluated” to see if there
is a previous entry in the state table. If there is no entry (and no
explicit permit statement) the traffic is denied. Without the “reflect”
statement, nothing would show up in the state table and everything would be
effectively denied.[/error]
[info]6.2 (DOS prevention)[/info]
[success]When told that users are complaining about performance to a web server 136.1.4.100 because of HTTP SYN attacks and to fix it, you need to configure R4 to send a TCP reset to the web server for any TCP sessions that fail to reach the established state after 15 seconds:[/success]
R6:
ip tcp intercept list 125 <–Enables TCP intercept
ip tcp intercept watch-timeout 15
ip tcp intercept mode watch <–Passively watches the connection requests flowing through the router. If a connection fails to get established in a configurable interval, the software intervenes and terminates the connection attempt.
!
access-list 125 permit tcp any host 136.1.4.100
[info]7 (Network Services)
7.1 (IOS Management)[/info]
[success]When told to setup R4 to be managed via HTTP because the people connecting don’t know the CLI and to configure it with:
-TCP port 8080
-Only permit subnet 136.1.2.0/24
-Authenticate users using local username WEB and password CISCO
-The password should be stored in the router config as an MD5 hash:[/success]
R4:
username WEB secret CISCO <– secret stores it as MD5
!
ip http server
ip http port 8080
ip http access-class 75
ip http authentication local
!
access-list 75 permit 136.1.2.0 0.0.0.255
[info]7.2 (File Management)[/info]
[success]When told configure R1 so that it can boot image “cisco2-C2600″ from R3 if its flash fails:[/success]
R3:
tftp-server falsh:2600-iuo-mz.122-13.bin alias cisco2-C2600
[info]7.3 (Auto-Install)[/info]
[success]When told a new router will be installed on the FR cloud connecting to R5 shortly using DLCI 555. This router should get its config from a TFTP server in VLAN29. R5 should use 136.1.5.0/30 to communicate with the new router and provide it with IP address 136.1.5.2 via BOOTP:[/success]
R2:
int fa0/0
ip directed-broadcast <–Incoming IP packets whose addresses identify them as directed broadcasts intended for the subnet to which that interface is attached will be exploded as broadcasts on that subnet.
R5:
int s0/0.555 point-to-point
ip address 136.1.5.1 255.255.255.252
ip helper-address 136.1.29.255 <–Used since there was no IP Address for the TFTP server. This points to the direct broadcast for the subnet.
frame-relay interface-dlci 555 protocol ip 136.1.5.2 <–This command is used for auto-install over Frame Relay.
[info]7.4 (Local Authorization)[/info]
[success]When told that R2′s default privilege level for telnet should be set to 0:[/success]
R2:
line vty 0 15
privilege level 0
[success]When told the only commands (other change priv level 0 commands) allowed should be ping and traceroute:[/success]
R2:
privilege exec level 0 traceroute
privilege exec level 0 ping
[success]When told if users need privilege level 1 commands, they should be required to authenticate with the password CISCO prior to being given access:[/success]
R2:
enbale secret level 1 CISCO
[info]7.5 (Local Authorization)[/info]
[success]When told that support engineers have a hard time troubleshooting RIP issues and now management wants the NOC users to be able to turn on and disable RIP debugging and nothing else. Users will be entereing R5 in user mode (privilege level 1):[/success]
R5:
privilege exec level 1 debug ip rip
privilege exec level 1 undebug ip rip
privilege exec level 1 terminal monitor
[info]7.6 (Switch Management)[/info]
[success]When told to configure SW1 and SW2 to managed via SNMP with these parameters:
-Contact:CCIE Lab SW1
-Location:San Jose, CA US
-Chassis ID:221-787878[/success]
SW1 and SW2:
snmp-server contact CCIE Lab SW1
snmp-server location San Jose, CA US
snmp-server chassis-id 221-787878
[success]When told the srver ip address is 136.1.2.100 and will be expecting RO community string to be CISCORO and RW CISCORW:[/success]
SW1 and SW2:
access-list 50 permit 136.1.2.100
!
snmp-server community CISCORO RO 50
snmp-server community CISCORW RW 50
[success]When told SW1 and SW2 should generate SNMP traps for changes related to VTP using the community string CISCOTRAP:[/success]
SW1 and SW2:
snmp-server enable traps vtp
snmp-server host 136.1.2.100 CISCOTRAP vtp
[info]7.7 (GLBP)[/info]
[success]When told to configure R1, R3, and R6 as a single virtual router using the ip address of 136.1.136.254 and authenticate all packet exchanges using the password CISCO:[/success]
R1:
int fa0/0
glbp 1 ip 136.1.136.254
glbp 1 authentication md key-string CISCO
R3:
int fa0/1
glbp 1 ip 136.1.136.254
glbp 1 authentication md key-string CISCO
R6:
int BVI1
glbp 1 ip 136.1.136.254
glbp 1 authentication md key-string CISCO
[success]When told hosts on VLAN16 and VLAN36 should load balance between R1, R3, and R6 using the proportion 1:3:6:[/success]
R1:
int fa0/0
glbp 1 weighting 10
glbp 1 load-balancing weighted
R3:
int fa0/1
glbp 1 weighting 30
glbp 1 load-balancing weighted
R6:
int BVI1
glbp 1 weighting 60 <–Higher the weight the Higher Priority
glbp 1 load-balancing weighted
[success]When told R6 should be responsible for ARP responses and R1 should take its role in case of failure and make sure R6 is not used for packet forwarding once it loses connectivity as AS54. Use ICMP echo packets to track reachability. Send ICMP echo probes every second:[/success]
R1:
int fa0/0
glbp 1 priority 200
glbp 1 preempt <–This command configures the router to take over as Active Virtual Gateway (AVG) for a GLBP group if it has a higher priority than the current AVG.
R3:
glbp 1 preempt
R6:
int BVI1
glbp 1 priority 255 <–Highest priority wins
glbp 1 preempt
glbp 1 weighting track 1 decrement 60 <–If a tracked interface goes down, the GLBP group weighting is reduced by a specified value. Default value is 10.
!
track 1 interface serial1/0 ip routing <–Track 1 is watching Serial1/0 so it can be weighted.
!
ip sla 1
icmp-echo 54.1.3.254
timeout 1000
frequency 1
!
ip sla schedule 1 start-time now life forever <–Operation 1 begins collecting data immediately and is scheduled to run indefinitely
!
ip access-list ext INBOUND
25 permit icmp host 54.1.3.254 host 54.1.3.6 echo-reply
[info]8 (QOS)
8.1 (Frame Relay Traffic Shaping)[/info]
[success]When told to configure R1, R2, R4, and R5 according to:
-data should be sent at a sustained rate of 256Kbps per DLCI
-In the event of congestion, fallback to no lower than 192Kbps
-any FECNs received should be reflected as a BECN:[/success]
R1, R2, R4, and R5:
int s0/0
frame-relay class FRTS
frame-relay traffic-shaping
!
map-class frame-relay FRTS
frame-relay cir 256000 <–Use this command to specify the incoming or outgoing committed information rate (CIR) for a Frame Relay virtual circuit.
frame-relay mincir 192000 <–Use this command to specify the minimum acceptable incoming or outgoing committed information rate (CIR) for a Frame Relay virtual circuit. This is the rate at which traffic will be throttled down to when using adaptive shaping.
frame-relay adaptive-shaping becn <–Used with the above command. his command configures the router to respond to frame relay frames that have the BECN bit set. When a frame is received on that PVC with the BECN bit set, then the router throttles traffic down on that PVC to the MINCIR value. The CIR is usually set to the port speed or a value higher than the true CIR of the PVC. The MINCIR value is then set to the true CIR of the PVC.
frame-relay fecn-adapt <–Any FECNs received should be reflected as BECNs
[info]8.2 (Rate Limiting)[/info]
[success]When told limit all HTTP responses sent our of R4′s int fa0/1 to 256Kbps betwen the hours of 8am-5pm monday-friday. Configure this on R4:[/success]
R4:
class-map match-all HTTP_CLASS
match access-group 100
!
policy-map HTTP_POLICY
class HTTP_CLASS
police cir 256000
!
int fa0/1
service-policy output HTTP_POLICY
!
access-list 100 permit tcp any eq www any time-range HTTP_TIMERANGE
!
time-range HTTP_TIMERANGE
periodic weekdays 8:00 to 17:00
[success]When told that the line between R4 and R5 is congested and it’s affecting VOIP traffic. Configure R4 and R5 to support client apps that request bandwidth reservations of the network in the transit path. Assume each call can reserve up to 64Kbps and that no more than 128Kbps can be reserved at any given time:[/success]
R4 and R5:
map-class frame-relay FRTS
frame-relay fair-queue
R4:
int s0/0
ip rsvp bandwidth 128 64
R5:
int s0/0
ip rsvp bandwidth 128 64
!
int s0/0.245 multipoint
ip rsvp bandwidth 128 64