Professional Documents
Culture Documents
CCIE SOLDIER
Section 1 : Layer 2 Technologies 1.1 Troubleshoot Layer 2 Switch Faults 1. Guard root on SW1 trunk ports 1. interface f0/19 24 2. no spanning-tree portfast guard root 2. DHCP snooping/ARP inspection on VLAN17 on SW2 1. no ip dhcp snooping vlan 17 2. no ip arp inspection vlan 17 3. Portfast trunk on SW4 trunk interfaces 1. interface f0/19 24 2. no spanning-tree portfast 4. Root Guard on interfaces connected to backbone 1. On SW1 SW3 2. interface f0/10 3. no spanning-tree guard 5. vtp version, domain name, password difference 1. ( vtp version should be 2, adjust domain name and password accord to test info). 1.2 VLAN and Access-Ports On All Switches vtp domain CCIE vtp mode trans vtp password cisco vtp version 2 On SW1 interface Vlan56 ip address YY.YY.56.6 255.255.255.0
interface Vlan67 ip address YY.YY.67.6 255.255.255.0 On SW2 interface Vlan17 ip address YY.YY.17.7 255.255.255.0 interface Vlan67 ip address YY.YY.67.7 255.255.255.0 On SW3 interface Vlan38 ip address YY.YY.38.8 255.255.255.0 interface Vlan89 ip address YY.YY.89.8 255.255.255.0 interface Vlan300 ip address 150.3.yy.1 255.255.255.0 On SW4 interface Vlan29 ip address YY.YY.29.9 255.255.255.0 interface Vlan89 ip address YY.YY.89.9 255.255.255.0 1.3 Multiple Spanning Tree (MST) On all Switches vlan dot1q tag native spanning-tree mode mst spanning-tree mst configuration revision 1 name cisco instance 3 vlan 1-4094 instance 1 vlan 17,29,45,67,89,333,999 instance 2 vlan 34,38,56,100,200,300,500,666 interface range fastethernet 0/19-24 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk native vlan 999 int po 1 sw trunk native vlan 999 ////Just added, you will have native vlan mismatch error msg if Po is not treated//// interface range <all-unused-ports> switchport mode access switchport access vlan 999 shutdown On SW1 spanning-tree mst 0 root primary spanning-tree mst 1 root primary spanning-tree mst 2 root secondary
On SW2 spanning-tree mst 0 root secondary spanning-tree mst 1 root secondary spanning-tree mst 2 root primary 1.4 Switch Trunking and EtherChannel interface range fastethernet 0/19-24 switchport trunk encapsulation dot1q switchport nonegotiate On SW1 port-channel load-balance src-dst-mac interface range fastethernet 0/23-24 channel-group 1 mode active interface fastethernet 0/24 lacp port-priority 1 On SW2 port-channel load-balance src-dst-mac interface range fastethernet 0/23-24 channel-group 1 mode passive interface fastethernet 0/24 lacp port-priority 1
1.5 Implement 802.1Q Tunneling On ALL Switches interface range fastethernet 0/19-24 switchport trunk allowed vlan remove 333 666 On SW3 and SW4 no vlan 666 interface range fastethernet 0/19 switchport trunk allowed vlan 333 On SW1 and SW2 system mtu 1504 /// reload for this command to take effect /// system mtu routing 1500 /* default */ interface fastethernet 0/19 switchport access vlan 666 switchport mode dot1q-tunnel l2protocol-tunnel cdp no cdp enable interface Port-chanel 1 switchport trunk allowed vlan add 666 On SW3
interface vlan 333 ip address YY.YY.33.8 255.255.255.0 On SW4 interface vlan 333 ip address YY.YY.33.9 255.255.255.0 1.6 PPP over Ethernet Check carefully "service password-encryption" command. If it is enable then disable it with "no service passwordencryption" On R3 (Server) username RackYYR4 password CISCO bba-group pppoe CISCO virtual-template 1 interface FastEthernet0/0 /// R3 interface facing R4/// no ip address pppoe enable group CISCO interface Virtual-Template1 ip address YY.YY.34.3 255.255.255.0 peer default ip address pool POOL ppp authentication chap ip local pool POOL YY.YY.34.4 On R4 (Client) interface FastEthernet0/ 1 ///R4 interface facing R3/// no ip address pppoe enable pppoe-client dial-pool-number 1 interface Dialer1 mtu 1492 ip address negotiated encapsulation ppp dialer pool 1 dialer persistent dialer idle-timeout 0 ppp chap hostname RackYYR4 ppp chap password CISCO 1.7 Implement Frame-Relay On R1 interface Serial0/0/0 bandwidth 50000 ip address YY.YY.12.1 255.255.255.0 encapsulation frame-relay IETF frame-relay map ip YY.YY.12.2 100 broadcast frame-relay map ip YY.YY.12.1 100 no frame-relay inverse-arp On R2 interface Serial0/0/0 bandwidth 50000
ip address YY.YY.12.2 255.255.255.0 encapsulation frame-relay IETF frame-relay map ip YY.YY.12.1 200 broadcast frame-relay map ip YY.YY.12.2 200 no frame-relay inverse-arp Section 2 : Layer 3 Technologies 2.1 IPv4 OSPF On R1 ip cef router ospf yy router-id YY.YY.1.1 area 1 virtual-link YY.YY.3.3 network YY.YY.1.1 0.0.0.0 area 0 network YY.YY.15.1 0.0.0.0 area 0 network YY.YY.17.1 0.0.0.0 area 0 network YY.YY.12.1 0.0.0.0 area 1 network 150.1.YY.1 0.0.0.0 area 0 //dont forget advertise in ospf// neighbor YY.YY.12.2 On R2 Ip cef router ospf yy router-id YY.YY.2.2 network YY.YY.2.2 0.0.0.0 area 1 network YY.YY.12.2 0.0.0.0 area 1 network YY.YY.23.2 0.0.0.0 area 1 network 150.2.YY.1 0.0.0.0 area 1 //dont forget advertise in ospf// neighbor YY.YY.12.1 On R3 Ip cef router ospf yy router-id YY.YY.3.3.3 area 1 virtual-link YY.YY.1.1 area 1 virtual-link YY.YY.5.5 network YY.YY.3.3 0.0.0.0area 1 network YY.YY.23.3 0.0.0.0 area 1 network YY.YY.35.3 0.0.0.0 area 1 network YY.YY.34.3 0.0.0.0 area 2 On R4 Ip cef router ospf yy router-id YY.YY.4.4 network YY.YY.4.4 0.0.0.0 area 2 network YY.YY.34.4 0.0.0.0 area 2 On R5 Ip cef router ospf yy router-id YY.YY.5.5 area 1 virtual-link YY.YY.3.3
network YY.YY.5.5 0.0.0.0 area 0 network YY.YY.15.5 0.0.0.0 area 0 network YY.YY.56.5 0.0.0.0 area 0 network YY.YY.35.5 0.0.0.0 area 1 On SW1 ip routing Ip cef distributed router ospf yy router-id YY.YY.6.6 network YY.YY.6.6 0.0.0.0 area 0 network YY.YY.56.6 0.0.0.0 area 0 network YY.YY.67.6 0.0.0.0 area 0 On SW2 ip routing Ip cef distributed router ospf yy router-id YY.YY.7.7 network YY.YY.7.7 0.0.0.0 area 0 network YY.YY.17.7 0.0.0.0 area 0 network YY.YY.67.7 0.0.0.0 area 0 2.2 IPv4 EIGRP On SW3 ip routing Ip cef distributed router eigrp YY network YY.YY.8.8 0.0.0.0 network YY.YY.38.8 0.0.0.0 network YY.YY.89.8 0.0.0.0 redistribute eigrp 100 no auto-summary router eigrp 100 network 150.3.YY.1 0.0.0.0 no auto-summary On R3 router eigrp YY network YY. YY.38.3 0.0.0.0 no auto-summary On R2 router eigrp YY network YY.YY.29.2 0.0.0.0 no auto-summary On SW4 ip routing Ip cef distributed router eigrp YY network YY.YY.9.9 0.0.0.0 network YY.YY.29.9 0.0.0.0
2.3 IPv4 RIPv2 On R4 router rip version 2 passive-interface default no passive-interface FastEhternet 0/0 network YY.0.0.0 no auto-summary On R5 router rip version 2 passive-interface default no passive-interface FastEhternet 0/1 network YY.0.0.0 no auto-summary Redistribution OSPF, EIGRP, RIP 2.4 Between OSPF and EIGRP On R2 / R3 route-map SET_TAG permit 10 match source-protocol eigrp YY match route-type external set tag 100 route-map SET_TAG permit 20 route-map DENY_TAG deny 10 match tag 100 route-map DENY_TAG permit 20 router eigrp YY redistribute ospf yy metric 100000 100 255 1 1500 router ospf yy redistribute eigrp YY subnets route-map SET_TAG distribute-list route-map DENY_TAG in
neighbor YY.YY.4.4 update-source Loopback0 neighbor YY.YY.4.4 route-reflector-client neighbor YY.YY.5.5 remote-as YY neighbor YY.YY.5.5 update-source Loopback0 neighbor YY.YY.5.5 route-reflector-client
ipv6 router ospf 2001 router-id YY.YY.5.5 interface Loopback0 ipv6 address 2001:YY:5::5/128 ipv6 ospf 2001 area 0 interface FastEthernet0/0 ipv6 address 2001:YY:56::5/64 ipv6 ospf 2001 area 0 ipv6 nd ra suppress interface Serial0/0/1 ipv6 address 2001:YY:15::5/64 ipv6 ospf 2001 area 0 ipv6 nd ra suppress ipv6 ospf authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF On SW1 sdm prefer dual-ipv4-and-ipv6 default // reload // ipv6 unicast-routing ipv6 cef ipv6 router ospf 2001 router-id YY.YY.6.6 interface Loopback0 ipv6 address 2001:YY:6::6/128 ipv6 ospf 2001 area 0 interface vlan 56 ipv6 address 2001:YY:56::6/64 ipv6 ospf 2001 area 0 ipv6 nd ra suppress interface vlan 67 ipv6 address 2001:YY:67::6/64 ipv6 ospf 2001 area 0 ipv6 nd ra suppress On SW2 sdm prefer dual-ipv4-and-ipv6 default // reload // ipv6 unicast-routing ipv6 cef ipv6 router ospf 1 router-id YY.YY.7.7 interface Loopback0 ipv6 address 2001:YY:7::7/128 ipv6 ospf 2001 area 0 interface vlan 17 ipv6 address 2001:YY:17::7/64 ipv6 ospf 2001 area 0 ipv6 nd ra suppress interface vlan 67 ipv6 address 2001:YY:67::7/64 ipv6 ospf 2001 area 0
ipv6 nd ra suppress
Section 3 : IP Multicast 3.1 Implement IPv4 Multicast 1 & 3.2 Implement IPv4 Multicast 2
R3 ip multicast-routing access-list 10 permit 225.1.1.1 access-list 10 permit 225.1.1.2 access-list 10 permit 225.1.1.3 ip pim ssm range 10 int Loopback0 ip pim sparse-mode ! int serial0/0/0 ip pim sparse-mode ! no ip igmp ssm-map query dns R5 ip multicast-routing access-list 10 permit 225.1.1.1 access-list 10 permit 225.1.1.2 access-list 10 permit 225.1.1.3 access-list 20 permit 225.1.1.2 access-list 20 permit 225.1.1.3 ip pim ssm range 10 int serial0/0/1 ip pim sparse-mode ! ip igmp ssm-map enable no ip igmp ssm-map query dns ip igmp ssm-map static 20 YY.YY.3.3 ! int fa0/0 ip pim sparse-mode ip igmp version 3 ip igmp join-group 225.1.1.1 source YY.YY.3.3 //please attention what interface is for IGMPv3 joining// ip igmp static-group 225.1.1.2 source ssm-map //please attention what interface is for IGMPv2 joining// ip igmp static-group 225.1.1.3 source ssm-map //please attention what interface is for IGMPv2 joining//
interface FastEthernet0/7 no switchport access vlan switchport mode private-vlan host switchport private-vlan host-association 45 559 no shutdown
class Business bandwidth percent 30 random-detect random-detect exponential-weighting-constant 10 class Internet interface Serial0/0/1 //(interface facing R3) // max-reserved-bandwidth 100 bandwidth 2000 // if default is not 2000Kbps// service-policy output MQC
Section 5 : Optimize the Network 5.1 Simple Network Management Protocol (SNMP)
On R3 access-list 17 permit YY.YY.17.0 0.0.0.255 access-list 67 permit YY.YY.67.0 0.0.0.255 snmp-server location San Jose, US snmp-server contact ccie@cisco.com snmp-server source-interface trap Loopback0 snmp-server view adminview iso included snmp-server view adminwrite system included
snmp-server user ccie admin v3 auth md5 cisco snmp-server community NMS ro 67 no snmp-server group NMS v1 For verify #show snmp user #show snmp group
5.2 NetFlow
On R1 ip flow-export version 9 ip flow-export source loopback 0 // read question carefully.sometimes source loopback 0 not stated in question// ip flow-export destination YY.YY.56.100 2222 sctp backup destination YY.YY.56.101 2222 backup mode fail-over flow-sampler-map NETFLOW mode random one-out-of 1000 interface Gi0/1 flow-sampler NETFLOW flow-sampler NETFLOW egress