Professional Documents
Culture Documents
SECTION1.1SwitchAdministration
ConfiguretheACMEHeadquartersnetwork(AS12345)asperthefollowingrequirements:
TheVTPdomainmustbesettoCCIE
UseVTPversion2
SW1andSW2mustnotadvertisetheirVLANconfigurationbutmustforwardVTPadvertisementsthattheyreceiveouttheirtrunkports
SecureallVTPupdateswithanMD5digestoftheASCIIstring"CCIErocks?"
ConfiguretheNetworkofNewYorkoffice(AS34567)asperthefollowingrequirements:
TheVTPdomainmustbesettoCCIE
UseVTPversion2
SW3mustbetheVTPServerandSW4mustbetheVTPClient
SecureallVTPupdateswithanMD5digestoftheASCIIstringCCIErocks?
InordertoavoidasmuchaspossibleunknownunicastfloodinginallVLANstheadministratorrequiresthatanydynamicentrieslearnedbySW3andSW4mustberetainedfor3hours
beforebeingrefreshed
Note:CheckwhichSwitchesareaskedforServer/Client/Transparentmodeandformacaddressagingtime
VTPtransparentmode:vlans,domainnameandmodeshouldbepresentinrunningconfigandthencanbesavedinstartupconfig
UseCtrl+VorEsc+Qinordertoput?asapartofpassword
Solution:
SW1,SW2:
vtp domain CCIE
vtp version 2
vtp mode transparent
vtp password CCIErocks?
SW3:
vtp domain CCIE
vtp version 2
vtp mode server
vtp password CCIErocks?
!
mac address-table aging-time 10800
SW4:
vtp domain CCIE
vtp version 2
vtp mode client
vtp password CCIErocks?
!
mac address-table aging-time 10800
Verification:
show vtp status
show vtp password
show mac address-table aging-time
SECTION1.2Layer2Ports
Configureyournetworkasperthefollowingrequirements:
CompletetheconfigofallVLANssothatallroutersthatarelocatedinACME'sheadquarters(AS12345)andNewYorkoffice(AS34567)canpingtheirdirectlyconnectedneighbors
Allfourswitches(SW1SW4)musthavedot1qtrunksthatdonotrelyonnegotiation,donotconfigureanyEtherChannel
EnsurethatthefollowingunusedportsonallfourswitchesareshutdownandconfiguredasaccessportsinVLAN999
E3/0E3/3areunusedonSW1andSW2
E1/0E1/3areunusedonSW3andSW4
E3/0E3/3areunusedonSW3andSW4
Note:VLANconfigurationisrequiredonServer/TransparentmodeSwitchesonly,notonClientmode
Solution:
SW1,SW2:
vlan 14,15,23,24,35,46,57,67,999
SW3:
vlan 34,38,49,89,111,310,411,999
SW1:
int e0/0
switchport
switchport
no shut
!
int e0/1
switchport
switchport
no shut
!
int e0/2
switchport
switchport
no shut
!
int e0/3
switchport
switchport
no shut
!
int e1/0
switchport
switchport
no shut
!
int e1/1
switchport
switchport
no shut
!
int e1/2
switchport
mode access
access vlan 14
mode access
access vlan 23
mode access
access vlan 23
mode access
access vlan 24
mode access
access vlan 14
mode access
access vlan 15
mode access
SW1,SW2,SW3,SW4:
int range e2/0 - 3
switchport trunk encap dot1q
switchport mode trunk
switchport nonegotiate
no shut
SW2:
int e0/0
switchport
switchport
no shut
!
int e0/1
switchport
switchport
no shut
!
int e0/2
switchport
switchport
no shut
!
int e0/3
switchport
switchport
no shut
!
int e1/0
switchport
switchport
no shut
!
int e1/1
switchport
switchport
no shut
!
int e1/2
switchport
mode access
access vlan 15
mode access
access vlan 24
mode access
access vlan 35
mode access
access vlan 46
mode access
access vlan 35
mode access
access vlan 57
mode access
SW1,SW2,SW3,SW4:
int range e3/0 - 3
switchport mode access
switchport access vlan 999
shut
SW3:
int e0/0
switchport mode access
switchport access vlan 38
no shut
!
int e0/1
switchport mode access
switchport access vlan 89
no shut
!
int e0/2
switchport mode access
switchport access vlan 310
no shut
!
int e0/3
switchport mode access
switchport access vlan 111
no shut
!
int vlan 34
ip add 123.10.2.13 255.255.255.252
no shut
!
int vlan 38
ip add 123.10.2.6 255.255.255.252
no shut
!
int vlan 310
ip add 123.10.2.17 255.255.255.252
no shut
SW3,SW4:
int range e1/0 - 3
switchport mode access
switchport access vlan 999
shut
SW4:
int e0/0
switchport mode access
switch access vlan 89
no shut
!
int e0/1
switchport mode access
switch access vlan 49
no shut
!
int e0/2
switchport mode access
switch access vlan 111
no shut
!
int e0/3
switchport mode access
switch access vlan 411
no shut
!
int vlan 34
ip add 123.10.2.14 255.255.255.252
no shut
!
int vlan 49
ip add 123.10.2.10 255.255.255.252
no shut
!
int vlan 411
ip add 123.10.2.21 255.255.255.252
no shut
Verification:
show interfaces status
show interface trunk
show vlan brief
SECTION1.3SpanningTree
ConfiguretheACMEnetworkasperthefollowingrequirements:
MST
EachofthefollowingsetsofVLANsmustshareacommonspanningtopology:
Spanningtreetopology1:alloddVLANsusedthroughoutyourexam
Spanningtreetopology2:allevenVLANsusedthroughoutyourexam
Defaultspanningtreetopology:allotherVLANs
EnsurethatSW1andSW3istherootswitchforinstance1andthebackuprootswitch
forinstance2(meansMST)
EnsurethatSW2andSW4istherootswitchforinstance2andthebackuprootswitch
forinstance1(meansMST)
AllswitchesmustmaintainthreeSTPinstanceintotal
Explicitlyconfiguretherootandbackuprolesassumingthatotherswitcheswithdefault
configurationmayeventuallybeaddedinthenetworkinthefuture
Allaccessportsmustimmediatelytransitiontotheforwardingstateuponlinkupand
theymuststillparticipateinSTP,useasinglecommandperswitchtoenablethisfeature
AccessportsmustautomaticallyshutdowniftheyreceiveanyBPDUandan
administratormuststillmanuallyreenabletheport,useasinglecommandperswitchto
enablethefeature
Solution:
RSTP
SW1mustbetherootswitchforalloddvlansandmustbethebackupforallevenvlans
SW2mustbetherootswitchforallevenvlansandmustbethebackupforalloddvlans
SW3mustbetherootswitchforalloddvlansandmustbethebackupforallevenvlans
SW4mustbetherootswitchforallevenvlansandmustbethebackupforalloddvlans
UsetheSTPmodethathasonlythreepossiblestates(meansRSTP)
AllswitchesmustmaintainoneSTPinstancepervlan(meansRSTP)
Explicitlyconfiguretherootandbackuproles,assumingthatotherswitcheswith
defaultconfigurationmayeventuallybeaddedinthenetworkinthefuture
Allaccessportsmustimmediatelytransitionedtotheforwardingstateuponlinkupand
theymuststillparticipateinSTP,usesinglecommandperswitchtoenablethis
AccessportsmustautomaticallyshutdowniftheyreceiveanyBPDUandan
administratormuststillmanuallyreenabletheport,useasinglecommandperswitch
toenablethisfeature
MST
RSTP
Verification:
SW1,SW2,SW3,SW4:
spanning-tree mode mst
spanning-tree portfast default
spanning-tree portfast bpduguard default
SW1,SW2,SW3,SW4:
spanning-tree mode rapid-pvst
spanning-tree portfast default
spanning-tree portfast bpduguard default
show
show
show
show
spanning-tree
spanning-tree root
spanning-tree summary
spanning-tree mst configuration
SW1,SW2:
spanning-tree mst configuration
name cisco
revision 1
instance 1 vlan 1,15,23,35,57,67,999
instance 2 vlan 14,24,46
SW3,SW4:
spanning-tree mst configuration
name cisco
revision 1
instance 1 vlan 1,49,89,111,411,999
instance 2 vlan 34,38,310
SW1,SW3:
spanning-tree mst 1 priority 0
spanning-tree mst 2 priority 4096
SW1:
spanning vlan 1,15,23,35,57,67,999 priority 0
spanning vlan 14,24,46 priority 4096
show
show
show
show
spanning-tree
spanning-tree
spanning-tree
spanning-tree
mst
mst 0
mst 1
mst 2
SW2:
spanning vlan 1,15,23,35,57,67,999 priority 4096
spanning vlan 14,24,46 priority 0
SW3:
spanning vlan 1,49,89,111,411,999 priority 0
spanning vlan 34,38,310 priority 4096
SW4:
spanning vlan 1,49,89,111,411,999 priority 4096
spanning vlan 34,38,310 priority 0
SW2,SW4:
spanning-tree mst 1 priority 4096
spanning-tree mst 2 priority 0
SECTION1.4WANSwitching
TheWANlinksmustrelyonalayer2protocolthatsupportslinknegotiationandauthentication
TheServiceproviderexpectsbothR18andR19tocompletethreewayhandshakebyprovidingtheexpectedresponseofachallengethatissentbyAS20003Router
R18mustusetheusernameACMER18andpasswordCCIE
R19mustusetheusernameACMER19andpasswordCCIE
Solution:
R18:
int Serial 1/0
ip add 203.3.18.2 255.255.255.252
encapsulation ppp
no peer neighbor-route
ppp chap hostname ACME-R18
ppp chap password CCIE
no shut
SECTION2Layer3Technologies
R19:
int Serial 1/0
ip add 203.3.19.2 255.255.255.252
encapsulation ppp
no peer neighbor-route
ppp chap hostname ACME-R19
ppp chap password CCIE
no shut
Verification:
show ppp all
debug ppp authentication
A.
B.
C.
D.
E.
Afterfinishingeachofthefollowingquestionsmakesurethatallconfiguredinterfacesandsubnetsareconsistentlyvisibleonallpertinentrouterandswitches
DonotredistributeroutebetweenanyinteriorgatewayprotocolIGPandBGPifnotexplicitlyrequired.
IfnotexplicitlystatedotherwiseyouneedtopingaBGProuteonlyifitisstatedinaquestionotherwisetherouteshouldbeonlytheBGPtable.
Attheendofthissectionallsubnetsinyourtopologyincludingtheloopbackinterfacemustbereachableviapingfromanywhereinyourtopologythebackboneinterfacesmustbe
reachableonlyiftheyarepartofthesolutiontoaquestion.
Theloopbackinterfacesmustbeseenasahostroute/32intheroutingtablesunlessstatedotherwiseinaquestion.
SECTION2.1OSPFinAS12345
ConfigureOSPFv2area0inACMEHQ(AS12345)accordingtothefollowingrequirements:
ConfiguretheOSPFprocessidto12345andsettherouteridtointerfacelo0onallsevenrouters
Theinterfacelo0ateachroutermustbeseenasaninternalOSPFprefixbyallotherrouters
EnsurethatOSPFisnotrunningonanyinterfacethatisfacinganotherAS,useanymethodtoaccomplishthisrequirement
SW1andSW2mustnotparticipateinroutingatall
DonotchangethedefaultOSPFcostofanyinterfaceinAS12345
R1shouldactlikestubrouterinospf,itisnotorderedyoutoconfigureR1instubarea,justmakesureR1won'tbeatransitrouterofthetrafficsR1isnotsourceordestination
R1mustseethefollowingOSPFroutesintheroutingtable
R1# show ip route ospf
!
Gateway of last resort is not set
123.0.0.0/8 is variably subnetted, 17 subnets, 2 masks
123.2.2.2/32 [110/21] via 123.10.1.1, 00:00:20, Ethernet0/1
123.3.3.3/32 [110/21] via 123.10.1.6, 00:00:30, Ethernet0/2
123.4.4.4/32 [110/11] via 123.10.1.1, 00:00:20, Ethernet0/1
123.5.5.5/32 [110/11] via 123.10.1.6, 00:00:30, Ethernet0/2
123.6.6.6/32 [110/21] via 123.10.1.1, 00:00:20, Ethernet0/1
123.7.7.7/32 [110/21] via 123.10.1.6, 00:00:30, Ethernet0/2
123.10.1.8/30 [110/30] via 123.10.1.6, 00:00:30, Ethernet0/2
[110/30] via 123.10.1.1, 00:00:20, Ethernet0/1
123.10.1.12/30 [110/20] via 123.10.1.6, 00:00:30, Ethernet0/2
123.10.1.16/30 [110/20] via 123.10.1.1, 00:00:20, Ethernet0/1
123.10.1.20/30 [110/20] via 123.10.1.1, 00:00:20, Ethernet0/1
123.10.1.24/30 [110/30] via 123.10.1.6, 00:00:30, Ethernet0/2
[110/30] via 123.10.1.1, 00:00:20, Ethernet0/1
123.10.1.28/30 [110/20] via 123.10.1.6, 00:00:30, Ethernet0/2
O
O
O
O
O
O
O
O
O
O
O
O
After implementing the last point you should get something like:
O
Solution:
R1:
router ospf 12345
R2:
router ospf 12345
R3:
router ospf 12345
R4:
router ospf 12345
router-id 123.1.1.1
net 123.1.1.1 0.0.0.0 area 0
net 123.10.1.2 0.0.0.0 area 0
net 123.10.1.5 0.0.0.0 area 0
net 123.10.1.0 0.0.0.255 area 0
max-metric router-lsa
router-id 123.2.2.2
net 123.2.2.2 0.0.0.0 area 0
net 123.10.1.9 0.0.0.0 area 0
net 123.10.1.17 0.0.0.0 area 0
net 123.10.1.0 0.0.0.255 area 0
router-id 123.3.3.3
net 123.3.3.3 0.0.0.0 area 0
net 123.10.1.10 0.0.0.0 area 0
net 123.10.1.13 0.0.0.0 area 0
net 123.10.1.0 0.0.0.255 area 0
router-id 123.4.4.4
net 123.4.4.4 0.0.0.0 area 0
net 123.10.1.21 0.0.0.0 area 0
net 123.10.1.1 0.0.0.0 area 0
net 123.10.1.18 0.0.0.0 area 0
net 123.10.1.0 0.0.0.255 area 0
R5:
router ospf 12345
router-id 123.5.5.5
net 123.5.5.5 0.0.0.0 area 0
net 123.10.1.14 0.0.0.0 area 0
net 123.10.1.6 0.0.0.0 area 0
net 123.10.1.29 0.0.0.0 area 0
net 123.10.1.0 0.0.0.255 area 0
R6:
router ospf 12345
router-id 123.6.6.6
net 123.6.6.6 0.0.0.0 area 0
net 123.10.1.25 0.0.0.0 area 0
net 123.10.1.22 0.0.0.0 area 0
net 123.10.1.0 0.0.0.255 area 0
R7:
router ospf 12345
router-id 123.7.7.7
net 123.7.7.7 0.0.0.0 area 0
net 123.10.1.30 0.0.0.0 area 0
net 123.10.1.26 0.0.0.0 area 0
net 123.10.1.0 0.0.0.255 area 0
Verification:
show ip ospf neighbor
show ip ospf int brief
show ip route ospf
SECTION2.2EIGRPinAS34567
ConfigureEIGRPforIPv4intheNewYorkoffice(AS34567)accordingtothefollowingrequirements:
TheEIGRPASis34567,donotuseanyvirtualinstancenumber(meansnonamedmode).
Theinterfacelo0mustbeseenasaninternalEIGRPprefixbyallotherrouters
EnsuretheEIGRPisnotrunningonanyinterfacethatisfacinganotherAS,useanymethodtoaccomplishthis
UsingasinglecommandononeswitchonlyensurethatR8installstwoequalcostrouteforthefollowingthreepath
VLAN411
intlo0atSW4
intlo0atR11
UsingasinglecommandononeswitchonlyensurethatR9installstwoequalcostrouteforthefollowingthreepath
VLAN310
intlo0atSW3
intlo0atR10
Note:ChecktheBWandDELAYvaluesforPhysicalandSVIinterfaces
Solution:
R8:
router eigrp 34567
no auto-summary
network 123.8.8.8 0.0.0.0
network 123.10.2.1 0.0.0.0
network 123.10.2.5 0.0.0.0
network 123.10.2.0 0.0.0.255
R9:
router eigrp 34567
no auto-summary
network 123.9.9.9 0.0.0.0
network 123.10.2.2 0.0.0.0
network 123.10.2.9 0.0.0.0
network 123.10.2.0 0.0.0.255
R10:
router eigrp 34567
no auto-summary
network 123.10.10.10 0.0.0.0
network 123.10.2.18 0.0.0.0
network 123.10.2.25 0.0.0.0
network 123.10.2.0 0.0.0.255
R11:
router eigrp 34567
no auto-summary
network 123.11.11.11 0.0.0.0
network 123.10.2.26 0.0.0.0
network 123.10.2.22 0.0.0.0
network 123.10.2.0 0.0.0.255
SW3:
ip routing
router eigrp 34567
no auto-summary
network 123.33.33.33 0.0.0.0
network 123.10.2.17 0.0.0.0
network 123.10.2.6 0.0.0.0
network 123.10.2.13 0.0.0.0
network 123.10.2.0 0.0.0.255
SW4:
ip routing
router eigrp 34567
no auto-summary
network 123.44.44.44 0.0.0.0
network 123.10.2.21 0.0.0.0
network 123.10.2.10 0.0.0.0
network 123.10.2.14 0.0.0.0
network 123.10.2.0 0.0.0.255
SW3,SW4:
int vlan 34
delay 100
end
clear ip eigrp neighbors
Verification:
show
show
show
show
show
ip eigrp
ip eigrp
ip eigrp
ip route
int vlan
interfaces
neighbors
topology
eigrp
34 | i DLY
CheckEIGRProutingtableonR8&R9beforechangingthedelayandafterchangingit,wellseetwopathsforthedestination
D
D
D
D
D
D
SECTION2.3EIGRPinAS45678
TheEIGRPAutonomousSystemis45678
Theinterfacelo0mustbeseenasaninternalEIGRPprefixbyallotherrouters
EnsuretheEIGRPisnotrunningonanyinterfacethatisfacinganotherAS,useanymethodtoaccomplishthisrequirement(Named/Classic)
SW5andSW6arelayer3switchesandmustconfigureEIGRP
DonotchangetheinterfacebandwidthonanyphysicalinterfaceinAS45678
OnallthreeroutersR15,R16,R17,useEIGRPwith64bitmetricversion
EIGRPrunninginAS45678shouldusethestrongestauthenticationmethodwithkeyCCIE,itshouldprotectagainstpacketreplayattacksbecauseofaspoofedsourceaddress.
Note:CheckandConfigureVLANs&SVIsontheSwitches(vlan5,55&vlan6,66)
SW5/SW6donthaveLoopbacksconfigured,insteadtheIPaddareonVLAN5/6
Ifaskedfor"novirtualname"&"noauthentication":
CLASSICmodeonR15/R16/R17/SW5/SW6
Ifaskedfor"novirtualname"&"strongestauthentication": CLASSICmodeonR15/R16/R17/SW5/SW6withmd5
Ifaskedfor"virtualname"&"strongestauthentication":
NAMEDmodeonR15/R16/R17/SW5/SW6withhmac
Solution:
Named Mode
R15:
router eigrp CCIE
address-fa ipv4 auto 45678
net 123.15.15.15 0.0.0.0
net 123.20.1.9 0.0.0.0
net 123.20.1.1 0.0.0.0
topology base
no auto-summary
R16:
router eigrp CCIE
address-fa ipv4 auto 45678
net 123.16.16.16 0.0.0.0
net 123.20.1.2 0.0.0.0
net 123.20.1.17 0.0.0.0
topology base
no auto-summary
R17:
router eigrp CCIE
address-fa ipv4 auto 45678
net 123.17.17.17 0.0.0.0
net 123.20.1.18 0.0.0.0
net 123.20.1.10 0.0.0.0
topology base
no auto-summary
SW5:
router eigrp CCIE
address-fa ipv4 auto 45678
net 123.55.55.55 0.0.0.0
net 123.20.1.3 0.0.0.0
topology base
no auto-summary
SW6:
router eigrp CCIE
address-fa ipv4 auto 45678
net 123.66.66.66 0.0.0.0
net 123.20.1.11 0.0.0.0
topology base
no auto-summary
SW5:
router eigrp 45678
no auto-summary
net 123.55.55.55 0.0.0.0
net 123.20.1.3 0.0.0.0
SW6:
router eigrp 45678
no auto-summary
net 123.66.66.66 0.0.0.0
net 123.20.1.11 0.0.0.0
Classic Mode
R15:
router eigrp 45678
no auto-summary
net 123.15.15.15 0.0.0.0
net 123.20.1.9 0.0.0.0
net 123.20.1.1 0.0.0.0
R16:
router eigrp 45678
no auto-summary
net 123.16.16.16 0.0.0.0
net 123.20.1.2 0.0.0.0
net 123.20.1.17 0.0.0.0
R17:
router eigrp 45678
no auto-summary
net 123.17.17.17 0.0.0.0
net 123.20.1.18 0.0.0.0
net 123.20.1.10 0.0.0.0
Classic Mode
Authentication
R15,R16,R17,SW5,SW6:
key chain CCIE
key 1
key-string cisco
R15,R16,R17:
int range e0/1 - 2
ip authentication mode eigrp 45678 md5
ip authentication key-chain eigrp 45678 CCIE
SW5:
int vlan 55
ip authentication mode eigrp 45678 md5
ip authentication key-chain eigrp 45678 CCIE
SW6:
int vlan 66
ip authentication mode eigrp 45678 md5
ip authentication key-chain eigrp 45678 CCIE
Verification:
show ip eigrp neighbors
show ip eigrp interfaces
show ip route eigrp
debug eigrp packets
SECTION2.4EIGRPinAS65222
TheEIGRPASis45678
Theinterfacelo0ateachroutermustbeseenasaninternalEIGRPprefixbyallotherroutersinBGPAS65222&AS45678
TheinterfaceE0/0onR18andR19mustbeadvertisedintoEIGRPasinternalprefix
EnsurethatEIGRPisnotrunningonanyinterfacethatisfacinganotherAS,useanymethodtoaccomplishthisrequirement
Allfourrouters(R16,R17,R18,R19)mustmaintainaseparateroutingtableinstancesupportsebgppeeringwithAS20003
R17istheDMVPNhub,R18,R19asthespoke,usethepreconfigtunnel0
EnsureR17establishEIGRPtunnelwithR18andR19viasameinterfacetunnel0
R17mustnotsendanyqueriestoR18&R19foractiveEIGRProutes
R17mustnotreceiveEIGRPsummaryroutesfromR18andR19
DonotsummarizeorfilteranyprefixanywhereinEIGRPAS45678
Note:Checkwhethereigrpstubconnectedandsummaryroutesareaskedornot
Checkwhethertunnelsarepreconfiguredonallrouters
Testwith/without"nosplithorizon"onR17Tun0interface
AdvertisetheconnectedinterfacesonR18,R19
EIGRPneighborshipwillcomeupbetweenR17/R18/R19aftercompletionofSec2.7&3.3
Solution:
Tunnel Pre-Configuration:
R17:
int tun0
ip add 123.20.1.25 255.255.255.248
ip nhrp authentication cisco
ip nhrp map multicast dynamic
ip nhrp network-id 45678
tunnel source e0/0
tunnel mode gre multipoint
R18:
int tun0
ip add 123.20.1.26 255.255.255.248
ip nhrp authentication cisco
ip nhrp map multicast 203.3.17.2
ip nhrp map 123.20.1.25 203.3.17.2
ip nhrp network-id 45678
ip nhrp nhs 123.20.1.25
tunnel source Serial1/0
tunnel mode gre multipoint
Named Mode
R19:
int tun0
ip add 123.20.1.27 255.255.255.248
ip nhrp authentication cisco
ip nhrp map multicast 203.3.17.2
ip nhrp map 123.20.1.25 203.3.17.2
ip nhrp network-id 45678
ip nhrp nhs 123.20.1.25
tunnel source Serial1/0
tunnel mode gre multipoint
R17:
router eigrp CCIE
address-family ipv4 auto 45678
network 123.17.17.17 0.0.0.0
network 123.20.1.25 0.0.0.0
!
af-interface tunnel0
no split-horizon
no authentication mode
!
topology base
no auto-summary
R18:
router eigrp CCIE
address-family ipv4 auto 45678
network 123.18.18.18 0.0.0.0
network 123.20.1.26 0.0.0.0
network 10.1.18.1 0.0.0.0
eigrp stub connected
!
topology base
no auto-summary
R19:
router eigrp CCIE
address-family ipv4 auto 45678
network 123.19.19.19 0.0.0.0
network 123.20.1.27 0.0.0.0
network 10.1.19.1 0.0.0.0
eigrp stub connected
!
topology base
no auto-summary
Classic Mode
R17:
router eigrp 45678
no auto-summary
network 123.17.17.17 0.0.0.0
network 123.20.1.25 0.0.0.0
R18:
router eigrp 45678
no auto-summary
network 123.18.18.18 0.0.0.0
network 123.20.1.26 0.0.0.0
network 10.1.18.1 0.0.0.0
eigrp stub connected
R19:
router eigrp 45678
no auto-summary
network 123.19.19.19 0.0.0.0
network 123.20.1.27 0.0.0.0
network 10.1.19.1 0.0.0.0
eigrp stub connected
SECTION2.5BGPinAS12345
BGPispartiallyconfiguredinACMEheadquarters,completetheconfigurationasrequired
ConfiguretheBGPinACMEsHQ(AS12345)accordingtothefollowingrequirements:
R4andR5mustnotestablishanyBGPsessionatanytime
AllBGProutersmustusetheirinterfaceloopback0astheirrouterid
Disablethedefaultipv4unicastaddressfamilyforpeeringsessionestablishmentinallBGProuters
R1mustbetheipv4routereflectorforBGPAS12345
R1mustusepeergroupnameiBGPforinternalpeerings
ConfigureeBGPbetweenACME'sSanFranciscoandSanJosesitesaccordingtothefollowingrequirements:
R20istheCErouteranduseeBGPtoconnecttothemanagedservicesthatareprovidedbythePEroutersR2andR3
R20mustestablishseparateeBGPpeeringswithbothR2andR3foreveryVRF
R20mustadvertiseadefaultroutetoallofitsBGPpeersexceptto10.120.99.1and10.120.99.5
R20mustadvertisethefollowingprefixtoalltheBGPpeers
10.0.0.0/8summaryonly
123.0.0.0/8summaryonly
Verification:
show ip nhrp
show ip eigrp neigh
Note:CheckVRFconfigurationonR2/R3
CheckwhetheraddressfamilyisrequiredonR20ornot,checkfor10.1.20.0,128/25 subnets
AggregaterouteswillappearaftercompletionofallAS45678/65222Sections
Solution:
R1:
router bgp 12345
bgp router-id 123.1.1.1
no bgp default ipv4-unicast
neighbor iBGP peer-group
neighbor iBGP remote-as 12345
neighbor iBGP update-source Lo0
neighbor 123.2.2.2 peer-group iBGP
neighbor 123.3.3.3 peer-group iBGP
neighbor 123.6.6.6 peer-group iBGP
neighbor 123.7.7.7 peer-group iBGP
!
address-family ipv4
neighbor iBGP route-reflector-client
neighbor 123.2.2.2 activate
neighbor 123.3.3.3 activate
neighbor 123.6.6.6 activate
neighbor 123.7.7.7 activate
R1:
router bgp 12345
bgp router-id 123.1.1.1
no bgp default ipv4-unicast
neighbor 123.2.2.2 remote-as 12345
neighbor 123.3.3.3 remote-as 12345
neighbor 123.6.6.6 remote-as 12345
neighbor 123.7.7.7 remote-as 12345
neighbor 123.2.2.2 update-source Lo0
neighbor 123.3.3.3 update-source Lo0
neighbor 123.6.6.6 update-source Lo0
neighbor 123.7.7.7 update-source Lo0
!
address-family ipv4
neighbor 123.2.2.2 activate
neighbor 123.3.3.3 activate
neighbor 123.6.6.6 activate
neighbor 123.7.7.7 activate
neighbor 123.2.2.2 route-reflector-client
neighbor 123.3.3.3 route-reflector-client
neighbor 123.6.6.6 route-reflector-client
neighbor 123.7.7.7 route-reflector-client
R2:
router bgp 12345
!
address-family ipv4 vrf GREEN
neighbor 10.120.12.2 remote-as 65112
neighbor 10.120.12.2 activate
!
address-family ipv4 vrf BLUE
neighbor 10.120.13.2 remote-as 65112
neighbor 10.120.13.2 activate
!
address-family ipv4 vrf RED
neighbor 10.120.14.2 remote-as 65112
neighbor 10.120.14.2 activate
!
address-family ipv4 vrf YELLOW
R3:
router bgp 12345
!
address-family ipv4 vrf GREEN
neighbor 10.120.12.6 remote-as 65112
neighbor 10.120.12.6 activate
!
address-family ipv4 vrf BLUE
neighbor 10.120.13.6 remote-as 65112
neighbor 10.120.13.6 activate
!
address-family ipv4 vrf RED
neighbor 10.120.14.6 remote-as 65112
neighbor 10.120.14.6 activate
!
address-family ipv4 vrf YELLOW
R2:
router bgp 12345
bgp router-id 123.2.2.2
R3:
router bgp 12345
bgp router-id 123.3.3.3
R6:
router bgp 12345
bgp router-id 123.6.6.6
R7:
router bgp 12345
bgp router-id 123.7.7.7
R2,R3,R6,R7:
router bgp 12345
no bgp default ipv4-unicast
neighbor 123.1.1.1 remote-as 12345
neighbor 123.1.1.1 update-source Lo0
!
address-family ipv4
neighbor 123.1.1.1 activate
R20:
router bgp 65112
no bgp default ipv4-unicast
neighbor 10.120.12.1 remote-as
neighbor 10.120.13.1 remote-as
neighbor 10.120.14.1 remote-as
neighbor 10.120.15.1 remote-as
neighbor 10.120.99.1 remote-as
neighbor 10.120.12.5 remote-as
neighbor 10.120.13.5 remote-as
neighbor 10.120.14.5 remote-as
neighbor 10.120.15.5 remote-as
neighbor 10.120.99.5 remote-as
!
address-family ipv4
neighbor 10.120.12.1 activate
12345
12345
12345
12345
12345
12345
12345
12345
12345
12345
Verification:
show
show
show
show
ip bgp summary
ip bgp vpnv4 all summary
bgp all summary
bgp vpnv4 unicast all summary
show
show
show
show
ip bgp
ip bgp vpnv4 all
bgp all
bgp vpnv4 unicast all
show ip route
show ip route vrf *
SECTION2.6BGPinAS34567
BGPispartiallypreconfiguredinACMENewYorkoffice,completetheconfigasrequired
ConfigureiBGPinAS34567accordingtothefollowingrequirements:
SW3andSW4mustnotestablishanyBGPsessionatanytime
AllBGProutersmustusetheirinterfacelo0astheirrouterid
Disablethedefaultipv4unicastaddressfamilyforpeeringsessionestablishmentinallBGProuters
ConfigurefullmeshiBGPpeeringbetweenallfourrouters,useanyconfigurationmethod
R9mustbeselectedasthepreferredexitpointfortrafficdestinedtoremoteAS's
R11mustselectedasthenextpreferredexitincaseR9fails
NoBGPspeakermustusenetworkstatementundertheBGProuterconfig
EnsurethatalltheBGPnexthopisnevermarkedasunreachableaslongasinterfacelo0oftheremotepeerisknownviaIGP
ConfigureeBGPinAS34567accordingtothefollowingrequirements:
AllfourBGProutersmustestablisheBGPpeeringswiththeirneighboringASasshowninDiagram3(BGPtopology)
AllfourBGProutersmustredistributeEIGRPintoBGP
R9&R11mustredistributeonlytheBGPdefaultrouteintoEIGRP
EnsurethatR9istheonlyrouterthatseesthedefaultasaBGProuteandthatallotherrouters(R8,R10,R11)seeitasanEIGRPexternal
Notes:R8/R10isreceivingfewroutesfromtheISPsdirectly,filterthem.
R8/R10:
ip prefix-list DEFAULT permit 0.0.0.0/0
neighbor a.b.c.d prefix-list DEFAULT in
R10:
ip prefix-list ROUTE_61 deny 61.61.61.61/32
neighbor a.b.c.d prefix-list ROUTE_61 in
Solution:
R8:
router bgp 34567
bgp router-id 123.8.8.8
no bgp default ipv4-unicast
neigh iBGP peer-group
neigh iBGP remote-as 34567
neigh iBGP update-source lo0
neigh 123.9.9.9
peer-gro iBGP
neigh 123.10.10.10 peer-gro iBGP
neigh 123.11.11.11 peer-gro iBGP
neigh 101.1.34.1 remote-as 10001
!
address-family ipv4
neigh iBGP next-hop-self
neigh 123.9.9.9
activate
neigh 123.10.10.10 activate
neigh 123.11.11.11 activate
neigh 101.1.34.1
activate
R9:
router bgp 34567
bgp router-id 123.9.9.9
no bgp default ipv4-unicast
bgp default local-pref 110
neigh iBGP peer-group
neigh iBGP remote-as 34567
neigh iBGP update-source lo0
neigh 123.8.8.8
peer-gro iBGP
neigh 123.10.10.10 peer-gro iBGP
neigh 123.11.11.11 peer-gro iBGP
neigh 102.2.34.1 remote-as 10002
neigh 33.34.4.1 remote-as 30000
!
address-family ipv4
neigh iBGP next-hop-self
neigh 123.8.8.8
activate
neigh 123.10.10.10 activate
neigh 123.11.11.11 activate
neigh 102.2.34.1
activate
neigh 33.34.4.1
activate
neigh 102.2.34.1 route-map LP in
neigh 33.34.4.1 route-map LP in
!
route-map LP
set local-preference 110
R10:
router bgp 34567
bgp router-id 123.10.10.10
no bgp default ipv4-unicast
neigh iBGP peer-group
neigh iBGP remote-as 34567
neigh iBGP update-source lo0
neigh 123.8.8.8
peer-gro iBGP
neigh 123.9.9.9
peer-gro iBGP
neigh 123.11.11.11 peer-gro iBGP
neigh 201.1.34.1 remote-as 20001
!
address-family ipv4
neigh iBGP next-hop-self
neigh 123.8.8.8
activate
neigh 123.9.9.9
activate
neigh 123.11.11.11 activate
neigh 201.1.34.1
activate
R11:
router bgp 34567
bgp router-id 123.11.11.11
no bgp default ipv4-unicast
bgp default local-pref 105
neigh iBGP peer-group
neigh iBGP remote-as 34567
neigh iBGP update-source lo0
neigh 123.8.8.8
peer-gro iBGP
neigh 123.10.10.10 peer-gro iBGP
neigh 123.9.9.9
peer-gro iBGP
neigh 202.2.34.1 remote-as 20002
neigh 33.34.3.1 remote-as 30000
!
address-family ipv4
neigh iBGP next-hop-self
neigh 123.8.8.8
activate
neigh 123.10.10.10 activate
neigh 123.9.9.9
activate
neigh 202.2.34.1
activate
neigh 33.34.3.1
activate
neigh 202.2.34.1 route-map LP in
neigh 33.34.3.1 route-map LP in
!
route-map LP
set local-preference 105
R8:
router bgp 34567
bgp router-id 123.8.8.8
no bgp default ipv4-unicast
neig 123.9.9.9
remote-as 34567
neig 123.10.10.10 remote-as 34567
neig 123.11.11.11 remote-as 34567
neig 123.9.9.9
update-so lo0
neig 123.10.10.10 update-so lo0
neig 123.11.11.11 update-so lo0
neig 101.1.34.1 remote-as 10001
R9:
router bgp 34567
bgp router-id 123.9.9.9
no bgp default ipv4-unicast
bgp default local-pref 110
neig 123.8.8.8
remote-as
neig 123.10.10.10 remote-as
neig 123.11.11.11 remote-as
neig 123.8.8.8
update-so
neig 123.10.10.10 update-so
neig 123.11.11.11 update-so
R10:
router bgp 34567
bgp router-id 123.10.10.10
no bgp default ipv4-unicast
nei 123.8.8.8
remote-as 34567
nei 123.9.9.9
remote-as 34567
nei 123.11.11.11 remote-as 34567
nei 123.8.8.8
update-so lo0
nei 123.9.9.9
update-so lo0
nei 123.11.11.11 update-so lo0
nei 201.1.34.1
remote-as 20001
R11:
router bgp 34567
bgp router-id 123.11.11.11
no bgp default ipv4-unicast
bgp default local-pref 105
nei 123.8.8.8
remote-as 34567
nei 123.9.9.9
remote-as 34567
nei 123.10.10.10 remote-as 34567
nei 123.8.8.8
update-so lo0
nei 123.9.9.9
update-so lo0
nei 123.10.10.10 update-so lo0
34567
34567
34567
lo0
lo0
lo0
!
address-family ipv4
neig 123.9.9.9
activate
neig 123.10.10.10 activate
neig 123.11.11.11 activate
neig 123.9.9.9
next-hop-self
neig 123.10.10.10 next-hop-self
neig 123.11.11.11 next-hop-self
neig 101.1.34.1
activate
R8,R9,R10,R11:
router bgp 34567
address-family ipv4
redistribute eigrp 34567
neig 102.2.34.1
remote-as 10002
neig 33.34.4.1
remote-as 30000
!
address-family ipv4
neig 123.8.8.8 activate
neig 123.10.10.10 activate
neig 123.11.11.11 activate
neig 123.8.8.8
next-hop-self
neig 123.10.10.10 next-hop-self
neig 123.11.11.11 next-hop-self
neig 102.2.34.1
activate
neig 33.34.4.1
activate
!
address-family ipv4
nei 123.8.8.8
activate
nei 123.9.9.9
activate
nei 123.11.11.11 activate
nei 123.8.8.8
next-hop-self
nei 123.9.9.9
next-hop-self
nei 123.11.11.11 next-hop-self
nei 201.1.34.1
activate
R9,R11:
ip prefix-list DEFAULT permit 0.0.0.0/0
!
route-map DEFAULT
match ip address prefix-list DEFAULT
!
router eigrp 34567
redistribute bgp 34567 metric 10000 10 255 1 1500 route-map DEFAULT
Verification:
show
show
show
show
show
ip
ip
ip
ip
ip
bgp
bgp summary
route bgp
route eigrp
route 0.0.0.0
SECTION2.7BGPinAS45678and65222
Thereare2variations:WithVRF(LOCALSP)andWithoutVRF
ConfigureeBGPinACME'sAPACregion(AS45678andAS65222)accordingtothefollowingrequirements:
ConfigureBGPinACMESydneyandAPACRegionasperbelowrequirements:
SW5andSW6mustnotestablishanyBGPsessionatanytime
AllBGProutersmustusetheirintlo0astheirrouterid
NoiBGPpeeringsessionsareallowedinAS45678
R15mustestablishanEBGPpeeringwithAS10003andmustreceivedefaultrouteaswellasotherprefix.
R15mustredistributeBGPintoEIGRPandviceversa
R15mustalsoadvertiseanaggregateprefix123.20.1.0/24toAS10003andmustsuppressallcomponentprefixes
R16,R17,R18,R19areconfiguredvrfLOCAPSP
R16,R17,R18,R19mustestablishaneBGPpeeringwithAS20003inVRFLOCALSPandmustreceiveonlydefaultrouteandnootherprefixesfromAS20003
R16,R17,R18,R19mustestablishaneBGPpeeringwithAS20003andmustreceiveadefaultrouteaswellasotherprefix
R16,R17,R18,R19mustnotadvertiseanyprefixtoAS20003
AslongasR15isoperational;R16,R17,R18,R19mustprefertheEIGRPdefaultrouteovertheeBGPdefaultroute
DonotcreateanyVRFanywhereinordertoaccomplishtheaboverequirements
WithVRFWithoutVRF
Note:Forvrfversion,wearen'taskedtomakeEIGRPdefaultpreferredovereBGPdefault
CheckVRFconfigurationproperly(ipvrfforwardingmissing)
CheckEIGRPmodeinSec2.3&2.4(NamedorClassic)
DefaultrouteonR18/R19willcomeaftercompletionofSec3.3
NonVRF:IfR16,R17,R18,R19receive1.2.3.4/32&123.0.0.0/8routes,thenfilterthemusingaprefixlistandcalltheminINdirectionforneighbors
R16,R17,R18,R19:
ip prefix-list BLOCK seq 1 deny
1.2.3.4/32
ip prefix-list BLOCK seq 2 deny
123.0.0.0/8 le 32
ip prefix-list BLOCK seq 3 permit 0.0.0.0/0
le 32
!
neighbor a.b.c.d prefix-list BLOCK in
Solution:
VRF Configuration:
R16:
ip vrf LOCALSP
rd 45678:1
!
int e0/0
ip vrf forwarding LOCALSP
ip add 203.3.16.2 255.255.255.252
no shut
R17:
ip vrf LOCALSP
rd 45678:1
!
int e0/0
ip vrf forwarding LOCALSP
ip add 203.3.17.2 255.255.255.252
no shut
R18:
ip vrf LOCALSP
rd 45678:1
!
int Ser1/0
ip vrf forwarding LOCALSP
ip add 203.3.18.2 255.255.255.252
no shut
R15:
router bgp 45678
bgp router-id 123.15.15.15
neighbor 103.2.45.1 remote-as 10003
!
address-family ipv4
neighbor 103.2.45.1 activate
aggregate-add 123.20.1.0 255.255.255.0 summary-only
redistribute eigrp 45678
!
router eigrp CCIE
address-family ipv4 unicast auto 45678
topology base
redistribute bgp 45678 metric 10000 10 255 1 1500
--------- OR --------router eigrp 45678
redistribute bgp 45678 metric 10000 10 255 1 1500
Verification:
show
show
show
show
show
show
show
show
show
WITH VRF
WITHOUT VRF
R19:
ip vrf LOCALSP
rd 45678:1
!
int Ser1/0
ip vrf forwarding LOCALSP
ip add 203.3.19.2 255.255.255.252
no shut
R16,R17,R18,R19:
ip prefix-list AS20003 deny 0.0.0.0/0 le 32
ip prefix-list DEFAULT permit 0.0.0.0/0
!
route-map DEFAULT
match ip address prefix-list DEFAULT
R16:
router bgp 45678
bgp router-id 123.16.16.16
address-family ipv4 vrf LOCALSP
neighbor 203.3.16.1 remote-as 20003
neighbor 203.3.16.1 activate
neighbor 203.3.16.1 prefix-list AS20003 out
neighbor 203.3.16.1 prefix-list DEFAULT in
neighbor 203.3.16.1 route-map DEFAULT in
distance 171 203.3.16.1 0.0.0.0
R17:
router bgp 45678
bgp router-id 123.17.17.17
address-family ipv4 vrf LOCALSP
neighbor 203.3.17.1 remote-as 20003
neighbor 203.3.17.1 activate
neighbor 203.3.17.1 prefix-list AS20003 out
neighbor 203.3.17.1 prefix-list DEFAULT in
neighbor 203.3.17.1 route-map DEFAULT in
distance 171 203.3.16.1 0.0.0.0
R18:
router bgp 65222
bgp router-id 123.18.18.18
address-family ipv4 vrf LOCALSP
neighbor 203.3.18.1 remote-as 20003
neighbor 203.3.18.1 activate
neighbor 203.3.18.1 prefix-list AS20003 out
neighbor 203.3.18.1 prefix-list DEFAULT in
neighbor 203.3.18.1 route-map DEFAULT in
distance 171 203.3.18.1 0.0.0.0
R19:
router bgp 65222
bgp router-id 123.19.19.19
address-family ipv4 vrf LOCALSP
neighbor 203.3.19.1 remote-as 20003
neighbor 203.3.19.1 activate
R16,R17,R18,R19:
access-list 1 permit 0.0.0.0
ip prefix-list AS20003 deny 0.0.0.0/0 le 32
R16:
router bgp 45678
bgp router-id 123.16.16.16
neighbor 203.3.16.1 remote-as 20003
address-family ipv4
neighbor 203.3.16.1 activate
neighbor 203.3.16.1 prefix-list AS20003 out
distance 171 203.3.16.1 0.0.0.0 1
R17:
router bgp 45678
bgp router-id 123.17.17.17
neighbor 203.3.17.1 remote-as 20003
address-family ipv4
neighbor 203.3.17.1 activate
neighbor 203.3.17.1 prefix-list AS20003 out
distance 171 203.3.17.1 0.0.0.0 1
R18:
router bgp 65222
bgp router-id 123.18.18.18
neighbor 203.3.18.1 remote-as 20003
address-family ipv4
neighbor 203.3.18.1 activate
neighbor 203.3.18.1 prefix-list AS20003 out
distance 171 203.3.18.1 0.0.0.0 1
R19:
router bgp 65222
bgp router-id 123.19.19.19
neighbor 203.3.19.1 remote-as 20003
address-family ipv4
neighbor 203.3.19.1 activate
neighbor
neighbor
neighbor
distance
SECTION2.8BGPRoutingPolicies
ConfiguretheACMEnetworkasperthefollowingrequirements:
AllACMEborderroutersinAS12345mustfiltertheBGPprefixesthatareadvertisedtotheirSPinVRFINETandmustallowallprefixesthatbelongtoClassA123.0.0.0/8andallother
VRF'smustpropagateallprefix
AllACMEborderroutersinAS34567mustfiltertheBGPprefixesthatareadvertisedtotheirSPandmustallowallprefixesthatbelongtotheClassA123.0.0.0/8
Donotuseanyroutemaporaccesslisttoaccomplishtheaboverequirements
R13mustroutetrafficpreferablyviaAS20002,useanymethodtoaccomplishthisrequirement
AllthreeremotesitesinAS65111mustbeabletoping1.2.3.4andtraceroutemustrevealtheexactsamepathasshowninthefollowingoutput
R12#ping 1.2.3.4 source lo0
!!!!!
R12#traceroute 1.2.3.4 so lo0
VRF info: (vrf in name/id, vrf out name/id)
1 201.1.12.1 2 msec 0 msec 1 msec
2 201.1.123.2 [AS 65112] 0 msec 1 msec 0 msec
3 10.120.12.1 [AS 65112] [MPLS: Label 31 Exp 0] 1 msec 1 msec 0 msec
4 10.120.12.2 [AS 65112] 6 msec 1 msec 1 msec
5 10.120.99.5 [AS 65112] 1 msec 1 msec 1 msec
6 102.2.123.1 [AS 65112] 1 msec 1 msec 1 msec
7 33.10.2.1 [AS 65112] 1 msec * 2 msec
Note:ping&tracewillworkaftercompletionofSec3.1and3.2
R12/R13/R14:redistributeconnectedsubnetsoradvertisesubnetsintobgp
Solution:
R2,R3,R6,R7,R8,R9,R10,R11:
ip prefix-list CLASS-A permit 123.0.0.0/8 le 32
R2:
router bgp 12345
address-family ipv4 vrf INET
neighbor 101.1.123.1 prefix-list CLASS-A out
R8:
router bgp 34567
address-family ipv4
neighbor 101.1.34.1 prefix-list CLASS-A out
R3:
router bgp 12345
R9:
router bgp 34567
address-family ipv4
neighbor 102.2.34.1 prefix-list CLASS-A out
R6:
router bgp 12345
address-family ipv4 vrf INET
neighbor 201.1.123.1 prefix-list CLASS-A out
R10:
router bgp 34567
address-family ipv4
neighbor 201.1.34.1 prefix-list CLASS-A out
R7:
router bgp 12345
address-family ipv4 vrf INET
neighbor 202.2.123.1 prefix-list CLASS-A out
R11:
router bgp 34567
address-family ipv4
neighbor 202.2.34.1 prefix-list CLASS-A out
R12:
router bgp 65111
neighbor 201.1.12.1 remote-as 20001
!
address-family ipv4
neighbor 201.1.12.1 activate
redistribute connected
R13:
router bgp 65111
neighbor 201.1.13.1 remote-as 20001
neighbor 202.2.13.1 remote-as 20002
!
address-family ipv4
neighbor 201.1.13.1 activate
neighbor 202.2.13.1 activate
neighbor 202.2.13.1 weight 100
redistribute connected
R20:
router bgp 65112
address-family ipv4
neighbor 10.120.15.5 weight 100
neighbor 10.120.99.5 weight 100
Verification:
R14:
router bgp 65111
neighbor 202.2.14.1 remote-as 20002
!
address-family ipv4
neighbor 202.2.14.1 activate
redistribute connected
SECTION2.9IPv6OSPF
ConfigureOSPFv3intheACMENewYorkOfficeasperthefollowingrequirements:
DonotenableOSPFv3onanyinterfacesotherthaninterfacesindicatedinIPv6topology.
PlaceinterfacesinOSPFv3area,donotcreateanynewarea.NootherinterfacemaybeincludedinOSPFv3
ConfigureOSPFProcessID1andsettherouteridasinterfacelo0
SW4mustbeselectedastheDRonvlan34andmusthavethebestchance
SW3mustbeselectedasthebackupDRonvlan34andmusttakeoverDRifSW4isdown
YouarenotallowedtouseIPv6routerospf
YouarenotallowedtouseIPv6ospf1area
YouarenotallowedtouseIPv6ospf1priority
Note:IfSW3&SW4haveloopbackconfiguredwithIPv6addthenonlyadvertiseinOSPFv3
SW3andR10loopbacksareconfiguredforOSPFv3forNTPtask
CheckwhetherIPv6OSPFconfigurationisallowedornot
Solution:
SW3:
ipv6 unicast-routing
ipv6 cef
!
router ospfv3 1
router-id 123.33.33.33
!
int vlan 34
ospfv3 1 ipv6 area 0
ospfv3 priority 254
!
int vlan 310
ospfv3 1 ipv6 area 10
!
int lo0
ospfv3 1 ipv6 area 0
SW4:
ipv6 unicast-routing
ipv6 cef
!
router ospfv3 1
router-id 123.44.44.44
!
int vlan 34
ospfv3 1 ipv6 area 0
ospfv3 priority 255
!
int vlan 411
ospfv3 1 ipv6 area 11
!
int lo0
ospfv3 1 ipv6 area 0
R10:
ipv6 unicast-routing
ipv6 cef
!
router ospfv3 1
router-id 123.10.10.10
!
interface Ethernet0/1
ospfv3 1 ipv6 area 10
!
int lo0
ospfv3 1 ipv6 area 10
R11:
ipv6 unicast-routing
ipv6 cef
!
router ospfv3 1
router-id 123.11.11.11
!
interface Ethernet0/2
ospfv3 1 ipv6 area 11
!
int lo0
ospfv3 1 ipv6 area 11
SW3:
ipv6 unicast-routing
ipv6 cef
!
ipv6 router ospf 1
router-id 123.33.33.33
!
int vlan 34
ipv6 ospf 1 area 0
ipv6 ospf priority 254
!
int vlan 310
ipv6 ospf 1 area 10
!
int lo0
ipv6 ospf 1 area 0
SW4:
ipv6 unicast-routing
ipv6 cef
!
ipv6 router ospf 1
router-id 123.44.44.44
!
int vlan 34
ipv6 ospf 1 area 0
ipv6 ospf priority 255
!
int vlan 411
ipv6 ospf 1 area 11
!
int lo0
ipv6 ospf 1 area 0
R10:
ipv6 unicast-routing
ipv6 cef
!
ipv6 router ospf 1
router-id 123.10.10.10
!
interface Ethernet0/1
ipv6 ospf 1 area 10
!
interface lo0
ipv6 ospf 1 area 10
R11:
ipv6 unicast-routing
ipv6 cef
!
ipv6 router ospf 1
router-id 123.11.11.11
!
interface Ethernet0/2
ipv6 ospf 1 area 11
!
interface lo0
ipv6 ospf 1 area 11
SECTION2.10BGPforIPv6
ConfigureACMEnetworkasperthefollowingrequirements:
EstablishthefoureBGPpeeringasindicatedon"DiagramIPv6routing"
DonotusethenetworkcommandundertheBGPaddressfamilyipv6oneitherR10orR11
Verification:
show
show
show
show
BothregionalSPwilladvertisethenecessaryprefixes
AdvertisetheIPv6prefixofinterfaceE0/1(E0/0)intoBGPonbothR12andR14
ConfigureyournetworksuchthatanyIPv6usercancommunicatewithanyIPv6userthatislocatedandviceversa
Donotuseanystaticrouteordefaultrouteanywhere
Usethefollowingpingtoverifyyourconfig
Note:RedistributionisrequiredforNTPtask
Checktheoutputwithandwithoutallowasin
RedistributionbetweenBGP&OSPFmaynotberequired,ifweshuttheeBGPbetweenAS20001andAS20002
Solution:
R10:
router bgp 34567
neighbor 2001:CC1E:BEF:10:201:1:34:1 remote-as 20001
!
address-family ipv6
neighbor 2001:CC1E:BEF:10:201:1:34:1 activate
redistribute ospf 1 include-connected match int ext 1 ext 2
redistribute ospf 1 include-connected route-map OSPF-BGP
!
route-map OSPF-BGP
match route-type internal
match route-type external
!
router ospfv3 1
address-family ipv6 unicast
redistribute bgp 34567
------- Or ------ipv6 router ospf 1
redistribute bgp 34567
R11:
router bgp 34567
neighbor 2001:CC1E:BEF:11:202:2:34:1 remote-as 20002
!
address-family ipv6
neighbor 2001:CC1E:BEF:11:202:2:34:1 activate
redistribute ospf 1 include-connected match int ext 1 ext 2
redistribute ospf 1 include-connected route-map OSPF-BGP
!
route-map OSPF-BGP
match route-type internal
match route-type external
!
router ospfv3 1
address-family ipv6 unicast
redistribute bgp 34567
------- Or ------ipv6 router ospf 1
redistribute bgp 34567
R12:
ipv6 unicast-routing
ipv6 cef
!
router bgp 65111
neighbor 2001:CC1E:BEF:12:201:1:12:1 remote-as 20001
!
address-family ipv6
neighbor 2001:CC1E:BEF:12:201:1:12:1 activate
neighbor 2001:CC1E:BEF:12:201:1:12:1 allowas-in
network 2001:CC1E:BEF:12::/64
R14:
ipv6 unicast-routing
ipv6 cef
!
router bgp 65111
neighbor 2001:CC1E:BEF:14:202:2:14:1 remote-as 20002
!
address-family ipv6
neighbor 2001:CC1E:BEF:14:202:2:14:1 activate
neighbor 2001:CC1E:BEF:14:202:2:14:1 allowas-in
network 2001:CC1E:BEF:14::/64
Verification:
show
show
show
show
show
show
SECTION2.11Layer3Multicast
StreamingserverisconnectedinVLAN5onSW5.ReceiversarelocatedattheDMVPNspokesR18andR19
ConfiguretheACMEnetworkasperthefollowingrequirements:
Onlynetworksegmentswithactivereceiversthatexplicitlyrequirethedatamustreceivethemulticasttraffic
InterfaceLoooback0ofR15mustbeconfiguredasRP(rpcand)
UseastandardmethodofdynamicallydistributingtheRP(bsrcand)
BothR16andR17mustparticipateinthemulticastrouting
TotestconfigureinterfaceE0/0ofbothR18andR19tojoingroup232.1.1.1
AddanyunusedportonSW5intoVLAN5andconfirmthatmulticastisworkingasrequiredbyusingthefollowingtest.
SW5mustreceiveareplyfrombothR18andR19.
MulticasttrafficshouldpreferpaththroughR16,dontusedelayorbandwidthtoenforceit
Note:ippimsparsemodemayberequiredonSW6also
WeneedtoforceR17totakepathtoreachRP(R15)viaR16formulticasttowork
Ensure,theinterfacethattheIGMPjoingroupconfigison,mustalsobeadvertisedandreachableviaunicastipaddressfortheinterface
Solution:
SW5:
ip multicast-routing
!
int vlan 5
ip pim sparse-mode
!
int vlan 55
R15:
ip multicast-routing
!
int lo0
ip pim sparse-mode
!
int e0/1
R16:
ip multicast-routing
!
int e0/1
ip pim sparse-mode
!
int e0/2
R17:
ip multicast-routing
!
int tun0
ip pim sparse-mode
!
int e0/1
R18,R19:
ip multicast-routing
!
int tun0
ip pim sparse-mode
!
int e0/0
ip pim sparse-mode
ip pim sparse-mode
!
int e0/2
ip pim sparse-mode
!
ip pim bsr-cand lo0
ip pim rp-cand lo0
R17:
access-list 17 per 123.15.15.15 0.0.0.0
!
router eigrp CCIE
address-family ipv4 auto 45678
topology base
offset-list 17 in 2147483647 e0/2
----- Or ----router eigrp 45678
offset-list 17 in 2147483647 e0/2
ip pim sparse-mode
ip pim sparse-mode
!
int e0/2
ip pim sparse-mode
ip pim sparse-mode
ip igmp join-group 232.1.1.1
Verification:
show ip pim interface
show ip pim neighbor
show ip igmp interface
show ip igmp groups
show ip mroute
show ip mroute summary
clear ip mroute *
SECTION3VPNTechnology
SECTION3.1MPLSVPNPart1
Referto"Diagram3BGPTopology"and"Diagram4VPNTechnology"
TheACMEHQnetwork(AS12345)usesMPLSL3VPNinordertoclearlyseparateremotesitenetworks.
TheACMEcorporatesecuritypoliciesarecentralizedandenforcedattheSanJosesite(AS65112)forallremotesites.Thepoliciesrequirethatalltrafficthatisoriginatedfromanyremote
sites(withtheexceptionofNewYorkoffice)
ConfigureMPLSL3VPNintheACMEnetworkaccordingtothefollowingrequirements:
EnableLDPonlyonrequiredinterfacesonallsevenroutersinAS12345,usesmartestway(mplsldpautoconfig)
Usetheinterfacelo0toestablishLDPpeerings
EnsurethatnoMPLSinterfacethatbelongstoanyrouterinAS12345isvisibleonatraceroutethatoriginatesoutsideoftheAS
R2,R3,R6,R7mustbeconfiguredasPErouters
R1,R4,R5mustbeconfiguredasProuters
Note:mplsldpautoconfigfeaturegloballyenablesLDPoneveryinterfaceassociatedwithanIGPinstance
Solution:
R1,R2,R3,R4,R5,R6,R7
mpls label protocol ldp
R1,R2,R3,R4,R5,R6,R7
mpls label protocol ldp
Verification:
show
show
show
show
show
show
mpls
mpls
mpls
mpls
mpls
mpls
interfaces
ldp neighbor
ldp discovery
ldp bindings
ip binding
forwarding-table
SECTION3.2MPLSVPNPart2
Referto"Diagram3BGPTopology"and"Diagram4VPNTechnology"
TheglobalandregionalserviceprovidershaveagreedtotransporttheACMEVPNviaPEtoPEeBGPpeeringthatarealreadypreconfigured.
CompletealltheconfigofMPLSL3VPNintheACMEnetworkaccordingtothefollowingrequirements:
R1mustreflectVPNv4prefixesfromanyPEtoanyotherPEinAS12345
R2andR3mustestablisheBGPpeeringwithbothglobalSP(AS10001andAS10002)forthefollowingVRF's
GREEN
BLUE
RED
YELLOW
INET
R6mustestablishaneBGPpeeringwiththeregionalSP(AS20001)forthefollowingVRFs
GREEN
BLUE
INET
R7mustestablishaneBGPpeeringwiththeregionalSP(AS20002)forthefollowingVRFs
BLUE
RED
INET
AllIPaddusedforeBGPpeeringmustpasstheBGP'sdirectlyconnectedcheck
NoBGPspeakerinAS12345mayusethenetworkorredistributestatementunderanyaddressfamilyoftheBGProuterconfig
AttheendoftheexamscenariotheinterfaceE0/0ofthegatewayrouterinanyremotesitemustbeabletoconnecttotheinterfaceE0/0ofanyotherremotegatewaythatbelongstoAS
65111orAS65222(Sec2.8AS65111task)
Usethefollowingtestsasexamplesofconnectivitychecks
R12#ping 10.1.19.1 source Ethernet0/0
!!!!!
R12#trace 10.1.19.1 source Ethernet0/0
(10 hops)
Note:ping&tracewillworkaftercompletionofSec2.8(AS65222)andallAS45678/65222Sections
10.1.19.1(10.2.19.1)isR19IPAddress
Solution:
R1:
router bgp 12345
!
address-family vpnv4
neigh iBGP route-reflector-client
neigh iBGP send-community extended
neigh 123.2.2.2 activate
neigh 123.3.3.3 activate
neigh 123.6.6.6 activate
neigh 123.7.7.7 activate
R1:
router bgp 12345
!
address-family vpnv4
neigh 123.2.2.2 activate
neigh 123.3.3.3 activate
neigh 123.6.6.6 activate
neigh 123.7.7.7 activate
neigh 123.2.2.2 route-reflector-client
neigh 123.3.3.3 route-reflector-client
neigh 123.6.6.6 route-reflector-client
neigh 123.7.7.7 route-reflector-client
neigh 123.2.2.2 send-community extended
neigh 123.3.3.3 send-community extended
neigh 123.6.6.6 send-community extended
neigh 123.7.7.7 send-community extended
R2:
router bgp 12345
!
address-family ipv4 vrf GREEN
neigh 101.1.123.1 remote-as 10001
neigh 101.1.123.1 activate
!
address-family ipv4 vrf BLUE
neigh 101.1.123.1 remote-as 10001
neigh 101.1.123.1 activate
!
address-family ipv4 vrf RED
neigh 101.1.123.1 remote-as 10001
neigh 101.1.123.1 activate
!
address-family ipv4 vrf YELLOW
neigh 101.1.123.1 remote-as 10001
neigh 101.1.123.1 activate
!
address-family ipv4 vrf INET
neigh 101.1.123.1 remote-as 10001
neigh 101.1.123.1 activate
R3:
router bgp 12345
!
address-family ipv4 vrf GREEN
neigh 102.2.123.1 remote-as 10002
neigh 102.2.123.1 activate
!
address-family ipv4 vrf BLUE
neigh 102.2.123.1 remote-as 10002
neigh 102.2.123.1 activate
!
address-family ipv4 vrf RED
neigh 102.2.123.1 remote-as 10002
neigh 102.2.123.1 activate
!
address-family ipv4 vrf YELLOW
neigh 102.2.123.1 remote-as 10002
neigh 102.2.123.1 activate
!
address-family ipv4 vrf INET
neigh 102.2.123.1 remote-as 10002
neigh 102.2.123.1 activate
R2,R3,R6,R7:
router bgp 12345
!
address-family vpnv4
neigh 123.1.1.1 activate
neigh 123.1.1.1 send-community extended
R6:
router bgp 12345
!
address-family ipv4 vrf GREEN
neigh 201.1.123.1 remote-as 20001
neigh 201.1.123.1 activate
!
address-family ipv4 vrf BLUE
neigh 201.1.123.1 remote-as 20001
neigh 201.1.123.1 activate
!
address-family ipv4 vrf INET
neigh 201.1.123.1 remote-as 20001
neigh 201.1.123.1 activate
R7:
router bgp 12345
!
address-family ipv4 vrf BLUE
neigh 202.2.123.1 remote-as 20002
neigh 202.2.123.1 activate
!
address-family ipv4 vrf RED
neigh 202.2.123.1 remote-as 20002
neigh 202.2.123.1 activate
!
address-family ipv4 vrf INET
neigh 202.2.123.1 remote-as 20002
neigh 202.2.123.1 activate
R12,R13,R14:
Verification:
R20:
router bgp 65112
address-family ipv4
neighbor 10.120.15.5 weight 100
bgp config:
complete the task in Sec 2.8
show
show
show
show
show
show
show
ip vrf
bgp all
bgp all summary
ip bgp
ip bgp summary
ip bgp vpnv4 all
ip bgp vpnv4 all summary
SECTION3.3DMVPN
Thereare2variations:WithVRF(LOCALSP)andWithoutVRF
ConfigureDMVPNphase3intheACMEAPACregion(AS45678and65222)asperthefollowingrequirements:
Usethepreconfiguredinterfacetunnel0onallthethreeroutersinordertoaccomplishthistask
R17mustbethehubrouter
R18andR19mustbethespokeandmustparticipateinNHRPinformationexchange
Disablesendicmpredirectmessageonallthreetunnelinterfaces
Configurethefollowingparametersonallthethreetunnelinterfaces
bandwidth1000kbps
delay10000msec
mtu1400bytes
tcpmss1380
AuthenticateNHRPusingthestring45678key
UseNHRPnetworkid45678
ConfigNHRPholdtimeto5min
Ensurethatspoketospoketrafficdoesnottransitviathehub(Phase3)
EnsurethatDMVPNshouldbeestablishedviaVRFoneachrouters(withVRFtask)
Note:tunnelvrf"vrfname"missingontunnelinterfaces
TakebackupofTunnelsconfiguration
Solution:
WITH VRF
WITHOUT VRF
WITH/WITHOUT VRF
Verification:
R17,R18,R19:
int tun0
tunnel vrf LOCALSP
no ip redirects
bandwidth 1000
R17,R18,R19:
int tun0
!
no ip redirects
bandwidth 1000
R17:
int tun0
ip nhrp redirect
delay 1000
ip mtu 1400
ip tcp adjust-mss 1380
tunnel key 45678
ip nhrp network-id 45678
ip nhrp holdtime 300
delay 1000
ip mtu 1400
ip tcp adjust-mss 1380
tunnel key 45678
ip nhrp network-id 45678
ip nhrp holdtime 300
R18,R19:
int tun 0
ip nhrp shortcut
SECTION3.4DMVPNEncryption
Thereare2variations:WithVRF(LOCALSP)andWithoutVRF
Referto"Diagram4VPNtechnology"
SecuretheDMVPNtunnelusingIPSecaccordingtothefollowingrequirements:
ConfigureIKEphase1asperthefollowing
Configureasinglepolicyusingpriority10
UseAESencryptionwiththepresharekeyCCIE
Thekeymustappearinplaintextintheconfig
AllIPSectunnelsmustbeauthenticatedusingthesameIKEphase1presharedkey
Use1024bitsforthekeyexchangeusingtheDiffieHellmanalgorithm
ConfigureIKEphase2asperthefollowingrequirements
UseCCIEXFORMastransformsetname
UseDMVPNPROFILEasIPSecprofilename
UseIPSecintransportmode
UsetheIPSecprotocolESPandalgorithmAESwith128bits
EnsurethattheDMVPNcloudissecuredusingaboveparameters.Usetunnelprotectioninyourconfig
Solution:
VRF
WITHOUT VRF
Verification:
R17,R18,R19:
crypto isakmp policy 10
encryption aes
authentication pre-share
group 2
!
crypto keyring DMVPN vrf LOCALSP
pre-shared-key address 0.0.0.0 0.0.0.0 key CCIE
!
crypto ipsec transform-set CCIEXFORM esp-aes
mode transport
!
crypto ipsec profile DMVPNPROFILE
R17,R18,R19:
crypto isakmp policy 10
encryption aes
authentication pre-share
group 2
crypto isakmp key CCIE address 0.0.0.0
!
!
!
crypto ipsec transform-set CCIEXFORM esp-aes
mode transport
!
crypto ipsec profile DMVPNPROFILE
SECTION4InfrastructureSecurity
SECTION4.1DeviceSecurity
ConfigureR20intheACMESanJoseofficeasperthefollowing:
AlluserswhoconnecttoR20viatheconsoleorviaanyofVTYlinesusingSSHmustbepromptedwiththebelowmessagebeforeanyotherpromptisdisplayed
WARNING!ACCESSRESTRICTED
Donotuseanyotherspacesoranyothercharacters
Solution:
R20:
banner motd *WARNING!ACCESS RESTRICTED*
banner login *WARNING!ACCESS RESTRICTED*
!
line vty 0 4
no motd-banner
Note:SSHwillworkaftercompletionofSec5.1
SECTION4.2NetworkSecurity
ConfigureACMENewYorkofficeasperthefollowing:
EnsurethatinterfacesE0/03ofSW3forwardthetrafficsentfromexpectedandlegitimateusersonly
SW3mustdynamicallylearnonlyonemacaddressperportandmustsavethemacaddressinitsstartupconfiguration
SW3mustshutdowntheportifsecurityviolationoccursonanyofthefourports
Solution:
SW3:
int range e0/0-3
switchport port-security
Verification:
show port-security
SECTION5InfrastructureServices
SECTION5.1SystemManagement
ConfigureR20intheACMESanJoseofficeasperthefollowing:
EstablishSSHaccessinR20usingthedomainnameacme.org
R20mustacceptuptofiveremoteauthorizeduserstoconnectatthesametimeusingSSH
Createtheuser"test"withpassword"test"inlocaldatabaseofR20
EnsurethatR20acceptsSSHconnectionswithclientswithsourceipin123.10.2.0/24.Allothersourceipshouldbedenied.UsestandardACLtoaccomplishthis
R20mustgenerateasyslogmessageforallSSHconnectionattemptswhetherpermittedordenied
Whenauthenticatetheusernametestmustbegrantedprivilegelevel1
DonotenableaaanewmodelonR20
EnsurethatSSHistheonlyremoteaccessmethodpermittedonVTYlinesofR20
Ensurethattheconsoleisnotaffectedbyyoursolutionandnousernamepromptispresentedontheconsoleport
TestyoursolutionfromanydevicethatislocatedinAS34567andensurethatthefollowingsequenceofcommandproducethefollowingoutput
R10#ssh -l test 123.20.20.20
WARNING!ACCESS RESTRICTED
R20>
R20>show privilege
current privilege level is 1
R20>
R20>q
R10#
Note:rsakeysmustbegeneratedmanually
Solution:
R20:
ip domain-name acme.org
username test privilege 1 password test
!
crypto key generate rsa modulus 1024
ip ssh maxstartups 5
login on-success log
login on-failure log
ip ssh logging events
!
line vty 0 4
access-class 20 in
privilege level 1
login local
transport input ssh
!
access-list 20 permit 123.10.2.0 0.0.0.255 log
SECTION5.2NetworkServices
ConfiguretheACMEnetworkasperthefollowing:
R20mustenableallprivatecorporatetrafficthatisoriginatedfromanyhostwithsourceipaddress10.1.0.0/16or10.2.0.0/16
toconnecttoanypublicdestinationthatislocatedinAS34567
AllremotesitesinAS65111and65222mustbeabletoconnecttothepublicdestinations
R20mustswapthesourceIPAddressinthesepacketswiththeIPAddressofitsLooopback0
R20mustallowmultipleconcurrentconnections
UseastandardACLtoaccomplishthis.
Thefollowingtestsmustsucceedaftertheaboverequirements(inadditiontopreviousrequirements)areachieved
R12#ping 1.2.3.4 so Ethernet 0/0
!!!!!
R18#ping 1.2.3.4 so Ethernet 0/0
!!!!!
Solution:
R20:
access-list 10 permit 10.1.0.0 0.0.255.255
access-list 10 permit 10.2.0.0 0.0.255.255
!
ip nat inside source list 10 int lo0 overload
!
int lo0
ip nat outside/inside
!
int e0/0.99
ip nat outside
!
int e0/1.99
ip nat outside
!
int range e0/0.12 - e0/0.15
ip nat inside
!
Verification:
show ip nat translations
show ip nat statistics
SECTION5.3NetworkOptimization
ConfigureIOSfeatureonR17toachievefollowingoutput:
R17#show int | grep 'is up'
Ethernet 0/1 is up, line protocol is up
Ethernet 0/2 is up, line protocol is up
Ethernet 0/3 is up, line protocol is up
Loopback0 is up, line protocol is up
Tunnel0 is up, line protocol is up
Tunnel1 is up, line protocol is up
R17#show int | grep 'is up' | wc - l
Solution:
R17:
R17#terminal shell
R17(config)#shell processing full
SECTION5.3NetworkOptimizationAnotherVariation
ConfigureR17asperthefollowingrequirements:
TheoutputshownbelowmustbeseenonR17during10secafterR15successfullypingsinterfacelo0ofR19
R15#ping 123.19.19.19
!!!!!
R17#show ip flow top-talkers
SrcIf
E0/2
SrcIPaddress
123.20.1.9
DstIf
Tu0*
DstIPaddress
123.19.19.19
Pr
01
SrcP
0000
Note:E0/2istheinterfacefacingR15
Matchtheoutputasperthequestion(shuttheotherinterfaces)
Solution:
R17:
DstP Bytes
0800
500
ip flow-export version 9
ip flow-top-talkers
top 1
sort-by bytes
cache-timeout 10000
match protocol 1
match source address 123.20.1.9 255.255.255.255
match destination address 123.19.19.19 255.255.255.255
!
int tun0
ip flow egress
----- Or ----int e0/2
ip flow ingress
SECTION5.4NetworkServices
ConfigureACMEasperthefollowingrequirements:
SW3mustprovideanauthoritativetimesourcetotheACMEnetwork
R10andR12mustsynctheirclocktoSW3usingNTPv4forIPv6
R10andR12mustoperateinclientmode
SW3mustnotcaptureoruseanytimeinfothatissentbyR12andR14
AllNTPtrafficmustrelyonIPv6connectivityonly
AllNTPtrafficmustbesourcedanddestinedtointerfacelo0ofthecorrespondingdevices
TheNTPdevicesmustusestrongestauthenticationmethodtosynchronize,usingpasswordCCIERocks$
Note:CheckreachabilitytoSW3LoopbackIPv6address
CheckIPv6addressontheLoopbackinterfaces
Solution:
SW3:
int lo0
ipv6 add 2001:CC1E:BEF:0:123:33:33:33/128
ospfv3 1 ipv6 area 0
-------- Or -----ipv6 ospf 1 area 0
R10:
int lo0
ipv6 add 2001:CC1E:BEF:0:123:10:10:10/128
ospfv3 1 ipv6 area 10
-------- Or ------ipv6 ospf 1 area 10
SW3:
ntp master 1
ntp peer 2001:CC1E:BEF:0:123:10:10:10 ver 4
ntp peer 2001:CC1E:BEF:0:123:12:12:12 ver 4
SW3,R10,R12,R14
ntp source lo0
!
int lo0
ntp disable ip
R10,R12,R14
ntp server 2001:CC1E:BEF:0:123:33:33:33 ver 4
Verification:
show ntp associations
show ntp information
show ntp packets
R12:
int lo0
ipv6 add 2001:CC1E:BEF:0:123:12:12:12/128
!
router bgp 65111
address-family ipv6
network 2001:CC1E:BEF:0:123:12:12:12/128
R10,R12
ntp server 2001:CC1E:BEF:34:123:10:2:13 key 1 source lo0