Wednesday, July 25, 2012

CCIE Routing & Switching LAB Soution(K1)


1.1 Errors in Initial Configuration

    VTP domain name mismatch.
    VTP password mismatch.
    Backup interface configured in SW1 fa 0/10 (or maybe in some other switches or interface)
    VTP version mismatch.
    'no peer neighbor-route' to be given if missing somewhere where required.

1.2 Switching

Configure all of the appropriate non trunking access switch ports on sw1, sw2, sw3, according to the following requirements.

    Configure the VLANs for the access switch ports as shown in the table.
    Include the ports to BB1, BB2 and BB3.
    Configure trunks between sw2 fa0/2 and R2 G0/1
    Ensure that SW1 is the spanning-tree Root Switch for all vlans and has the best chance of staying as such, even for any new vlan that might added in the future
    Make sure that the spanning tree enters the forwarding state immediately only for these access switch ports, by passing the listening and learning states.
    Avoid transmitting bridge protocol data units (BPDUs) on these access switch ports, if a BPDU is received on any of these ports, the ports should transition back to the listening, learning and forward states.
    Add any special layer 2 commands that are required on the routers including trunk configuration.

SW1

spanning-tree vlan 1-1005 priority 0
spanning-tree portfast bpdufilter default

interface FastEthernet0/3
switchport access vlan 3
switchport mode access
spanning-tree portfast

interface FastEthernet0/4
switchport access vlan 44
switchport mode access
spanning-tree portfast

interface FastEthernet0/5
switchport access vlan 15
switchport mode access
spanning-tree portfast

interface FastEthernet0/10
switchport access vlan 15
switchport mode access
spanning-tree portfast

SW2

spanning-tree portfast bpdufilter default
interface FastEthernet0/1
switchport access vlan 11
switchport mode access
spanning-tree portfast

interface FastEthernet0/2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 22,24
switchport mode trunk

interface FastEthernet0/3
switchport access vlan 13
switchport mode access
spanning-tree portfast

interface FastEthernet0/4
switchport access vlan 24
switchport mode access
spanning-tree portfast

interface FastEthernet0/5
switchport access vlan 45
switchport mode access
spanning-tree portfast

interface FastEthernet0/10
switchport access vlan 2
switchport mode access
spanning-tree portfast

SW3

spanning-tree portfast bpdufilter default
interface FastEthernet0/10
switchport access vlan 3
switchport mode access
spanning-tree portfast

SW4

spanning-tree portfast bpdufilter default

1.3 Implement Frame-Relay

Use the following requirements to configure R1 and R2 for Frame-relay and R4 the frame-relay  switch.

    Use ANSI LMI on the frame-relay switch and auto-sensing on R1 and R2
    Don't use any static frame-relay maps or inverse address resolution protocol.
    Use RFC 1490/RFC2427(IETF) encapsulation.
    Use sub-interfaces between R1 and R2
    Use largest mask for frame relay link
    Do not change anything in the frame-relay switch R4
    Use the data-link connection identifier DLCI assignments from the table below

Router  DLCI assignments
R1  100
R2  200

R1

interface Serial0/1/1
no ip address
encapsulation frame-relay ietf
no frame-relay inverse-arp
clock rate 64000

interface Serial0/1/1.100 point-to-point
ip address YY.YY.15.242 255.255.255.252
frame-relay interface-dlci 100 ietf

R2
interface Serial0/1/1
no ip address
encapsulation frame-relay ietf
no frame-relay inverse-arp
clock rate 64000

interface Serial0/1/1.200 point-to-point
ip address YY.YY.15.241 255.255.255.252
frame-relay interface-dlci 200 ietf

Frame relay switch should be already configured

R4
frame-relay switching

interface Serial0/1/0
no ip address
encapsulation frame-relay IETF
clock rate 64000
frame-relay lmi-type ansi
frame-relay intf-type dce
frame-relay route 100 interface Serial0/1/1 200

interface Serial0/1/1
no ip address
encapsulation frame-relay IETF
frame-relay lmi-type ansi
frame-relay intf-type dce
frame-relay route 200 interface Serial0/1/0 100
no shut

1.4 Traffic Control protection from backbone

Configure traffic control on the three backbone links, protecting your network from a broadcast storm. This protection should begin once broadcast traffic is half (50%) available bandwidth. The port should remain functional during this time.

SW1, SW2, SW3

interface FastEthernet0/10
storm-control broadcast level 50.00

1.5 Trunking Manipulations

Configure the dual trunk ports between Sw1, sw2, sw3 and sw4 according to the following  requirements

    Disable DTP on six distribution ports for each switch. Use dot1q encapsulation.
    Set the list of allowed VLANs that can receive and send traffic on these interfaces in tagged format. In particular only allow the VLANs need to go through the trunk links. VLAN 1 not inclusive.
    Ensure the link to the backbone are able to read to unidirectional link failure
    Ensure the interfaces that are connected to backbone not become root switch

SW1,SW2,SW3,SW4

vlan dot1q tag native    /* if native vlan should be tagged */

interface range fa0/19 – 24
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 3,11,13,,44,45
switchport nonegotiate

SW1,SW2,SW3,SW4
interface fa0/10
udld port aggressive
spanning-tree guard root

Section II layer 3 Technologies

    After finishing each of the following questions, make sure that all configured  interfaces and subnets are consistently visible on all pertinent routers and  switches.
    Do not redistribute between any interior gateway protocol (IGP) and Border  Gateway Protocol (BGP).
    You need to ping a BGP route only if stated in a question, otherwise the route should be only in the BGP table.
    At the end of section 2, all subnets in your topology, including the loop back  interfaces (except for SW3), must be reachable via ping.
    Therefore redistribute as you wish unless directly stated in the question.
    The backbone interface must be reachable only if they are part of the solution to a question.
    The loop back interfaces can be seen as either /24 or /32 in the routing tables  unless stated otherwise in a question.
    The loop back interfaces can be added into your IGP either via redistribution or  added to a routing process of your choice.

2.1 Implement IPV4 OSPF

Configure Open Shortest Path First (OSPF)

    Updates should be advertised only out of the interfaces that are indicated in the IGP topology diagram.
    The Process ID can be any number
    Don't manually change the router ID.
    Don't create additional OSPF areas
    Configure OSPF area 2 such that there are no TYPE 5 Advertisements (LSA) in the area, R1 should generate a default route.
    Configure OSPF over frame relay between R1 and R2 choosing a network type that requires designate router (DR) and backup designate router (BDR) negotiations and has the fastest recovery times.

R1

interface Serial0/1/1.100 point-to-point
ip ospf network broadcast
ip ospf dead-interval minimal hello-multiplier 20

router ospf 1
area 2 nssa default-information-originate
network YY.YY.15.161 0.0.0.0 area 0
network YY.YY.1.1 0.0.0.0 area 0
network YY.YY.15.242 0.0.0.0 area 2

R2

interface Serial0/1/1.200 point-to-point
ip ospf network broadcast
ip ospf dead-interval minimal hello-multiplier 20

router ospf 1
area 2 nssa
network YY.YY.2.2 0.0.0.0 area 2
network YY.YY.15.130 0.0.0.0 area 2
network YY.YY.15.241 0.0.0.0 area 2

R3

router ospf 1
network YY.YY.15.193 0.0.0.0 area 0

SW1

ip routing

interface Vlan11
ip address YY.YY.15.162 255.255.255.224

interface Vlan13
ip address YY.YY.15.194 255.255.255.224

router ospf 1
network YY.YY.7.7 0.0.0.0 area 0
network YY.YY.15.162 0.0.0.0 area 0
network YY.YY.15.194 0.0.0.0 area 0

SW2

interface Vlan2
ip address 150.2.1.1 255.255.255.0

interface Vlan22
ip address YY.YY.15.129 255.255.255.224

router ospf 1
area 2 nssa
network YY.YY.8.8 0.0.0.0 area 2
network YY.YY.15.129 0.0.0.0 area 2

2.2 Implement IPV4 EIGRP

Configure EIGRP 100 and EIGRP YY per the IGP topology diagram.

    EIGRP updates should be advertised only out to the interface per the IGP topology diagram.
    On R1, redistribute between OSPF and EIGRP YY. However all of the routes that are indicated below from backbone 3 (EIGRP 100) should not be redistributed between both protocols,
    Use route maps to accomplish this requirement. All route-maps should utilize the same access-list.
    Cannot disable auto-summary

    On OSPF area 0, EIGRP 100 routers should be choose the connection through R3 and should be seen as one path
    On R3 redistribute from EIGRP 100 into OSPF with metric-type 2
    On R3 redistribute from EIGRP 100 into EIGRP YY. However 3 networks 198.2.1.0 198.2.3.0 and 198.2.5.0 should be aggregated into a single address with the most specific mask possible

R1

router eigrp 1
redistribute ospf 1 metric 1544 2000 255 1 1500 route-map BLOCK
network YY.YY.1.1 0.0.0.0
network YY.YY.15.249 0.0.0.0
auto-summary

router ospf 1
redistribute eigrp 1 subnets route-map BLOCK

route-map BLOCK deny 10
match ip address 10
route-map BLOCK permit 20

access-list 10 permit 4.YY.YY.0 0.0.0.255
access-list 10 permit 128.28.2.0 0.0.0.255
access-list 10 permit 198.YY.YY.4 0.0.0.3
access-list 10 permit 198.2.1.0 0.0.0.255
access-list 10 permit 182.2.4.0 0.0.0.255
access-list 10 permit 182.2.2.0 0.0.0.255
access-list 10 permit 198.2.5.0 0.0.0.255
access-list 10 permit 150.3.YY.0 0.0.0.255

R3
router eigrp 100
no auto-summary
network 150.3.1.1 0.0.0.0

interface Serial0/1/0
ip summary-address eigrp 1 198.2.0.0 255.255.248.0

router eigrp 1
redistribute eigrp 100
network YY.YY.3.3 0.0.0.0
network YY.YY.15.245 0.0.0.0
auto-summary

router ospf 1
redistribute eigrp 100 subnets metric-type 2

R5

router eigrp 1
auto-summary
network YY.YY.5.5 0.0.0.0
network YY.YY.15.97 0.0.0.0
network YY.YY.15.246 0.0.0.0
network YY.YY.15.250 0.0.0.0

SW4

interface Vlan44
ip address YY.YY.15.66 255.255.255.224

interface Vlan45
ip address YY.YY.15.98 255.255.255.224

router eigrp 1
auto-summary
network YY.YY.10.10 0.0.0.0
network YY.YY.15.98 0.0.0.0

2.3 Implement RIP version 2

Configure RIP version 2 (RIP V2) per the IGP topology diagram.

    RIP update must be advertised only out to the interface per the IGP topology diagram
    Use the auto-summary
    All rip updates should be unicast.
    Mutually redistribute between RIP and EIGRP on SW4 and mutually redistribute between RIP and ospf of R2. EIGRP learned routes should be preferred over OSPF routes.
    RIP and EIGRP cannot turn off auto-summary, this cannot affect ospf routing.

R2

router rip
auto-summary
version 2
passive-interface default
neighbor YY.YY.15.33
network YY.YY.0.0
redistribute ospf YY metric 1
offset-list 0 out 4 fastethernet0/1.24

router ospf YY
redistribute rip subnets route-map EIGRP100

// EIGRP 100 learned routes from RIP
ip prefix-list EIGRP100PL permit 4.0.0.0/8
ip prefix-list EIGRP100PL permit 128.28.0.0/16
ip prefix-list EIGRP100PL permit 128.128.0.0/16
ip prefix-list EIGRP100PL permit 150.3.0.0/16
ip prefix-list EIGRP100PL permit 198.198.5.0/24

route-map EIGRP100 deny 10
match ip address prefix-list EIGRP100PL

route-map EIGRP100 permit 20

R4

router rip
version 2
auto-summary
passive-interface default
neighbor YY.YY.15.34
neighbor YY.YY.15.66
network YY.YY.0.0

SW4

router rip
version 2
auto-summary
passive-interface default
neighbor YY.YY.15.65
network YY.YY.0.0
redistribute eigrp YY metric 2
distance 171 YY.YY.15.65 0.0.0.0 10

access-list 10 deny YY.YY.4.4
access-list 10 deny YY.YY.15.32 0.0.0.31
access-list 10 permit any

route-map NET_RIP permit 10
match ip address prefix-list net_rip

ip prefix-list net_rip permit YY.YY.4.4/32
ip prefix-list net_rip permit YY.YY.15.32/27
ip prefix-list net_rip permit YY.YY.15.64/27

router eigrp YY
redistribute rip metric 1544 2000 255 1 1500 route-map NET_RIP

2.4 Implement IPV6

Refer to the IPV6 topology diagram to configure IPV6 unique local unicast addresses using the eui-64 interface identifier.

    Configure OSPFv3 as per the IPV6 topology.
    Ensure that R4 can ping SW1 using IPV6.

R4 G0/1 and R2 G0/1.z (Vlan 24)  FC01:DB8:74:9::/64 EUI-64
R2  S0/1/0.z and R1 -S0/1/0.z FC01:DB8:74:A::/64 EUI-64
R1  G0/1 and SW1 - Svi 11 FC01:DB8:74:B::/64 EUI-64

R1

ipv6 unicast-routing
ipv6 cef

interface FastEthernet0/1
ipv6 address FC01:DB8:74:B::/64 eui-64
ipv6 ospf mtu-ignore
ipv6 ospf 1 area 1

ipv6 router ospf 1
router-id YY.YY.1.1

interface Serial0/1/1.100 point-to-point
ipv6 address FC01:DB8:74:A::/64 eui-64
ipv6 ospf 1 area 1

R2

ipv6 unicast-routing
ipv6 cef

ipv6 router ospf 1
router-id YY.YY.2.2

interface Serial0/1/1.200 point-to-point
ipv6 address FC01:DB8:74:A::/64 eui-64
ipv6 ospf 1 area 1

interface FastEthernet0/1.24
ipv6 address FC01:DB8:74:9::/64 eui-64
ipv6 ospf 1 area 0

R4

ipv6 unicast-routing
ipv6 cef

ipv6 router ospf 1
router-id YY.YY.4.4

interface FastEthernet0/1
ipv6 address FC01:DB8:74:9::/64 eui-64
ipv6 ospf 1 area 0

SW1

sdm prefer dual-ipv4-and-ipv6-default  /* reload the router */

ipv6 unicast-routing
ipv6 router ospf 1
router-id YY.YY.7.7
interface Vlan11
ipv6 address FC01:DB8:74:B::/64 eui-64
ipv6 ospf 1 area 1

2.5 – Implement IPv4 BGP

Referring to the bgp routing diagram, configure BGP with these parameters:

    Configure two bgp confederations R1, R3, R5 and SW4 (ASYY1) and R2 and SW2 (ASYY2).
    The confederation peers should neighbor between R1 and R2 and between SW4 and R2.
    EBGP: SW2 ebgp peers with the router 150.2.YY.254 on BB2 in AS254. This router advertises five routes with format 197.68.z.0/24 and the AS path 254.
    EBGP: R5 ebgp peers with the router 150.1.YY.254 on BB1 in AS254. This router advertises five routes with the format 197.68.z.0/24 and the AS path 254,253.
    The bgp devices should all prefer the path through R5 (150.1.YY.254) for network 197.68.21.0/24 and 197.68.22.0/24. The ibgp devices should all prefer the path through SW2 (150.2.YY.254) for network 197.68.1.0/24, 197.68.4.0/24 and 197.68.5.0/24. This manipulation should be accomplished by configuring only on one router using route maps that refer to a single access list.
    Configure only the loopback 0 ip address to propagate BGP route information.
    You cannot use route reflector or change next-hop self.
    BGP routes should be advertised to AS254.

R1

router bgp YY1
no synchronization
no auto-summary
bgp log-neighbor-changes
bgp confederation identifier YY
bgp confederation peers YY2
neighbor YY.YY.2.2 remote-as YY2
neighbor YY.YY.2.2 ebgp-multihop 255
neighbor YY.YY.2.2 update-source Loopback0
neighbor YY.YY.3.3 remote-as YY1
neighbor YY.YY.3.3 update-source Loopback0
neighbor YY.YY.5.5 remote-as YY1
neighbor YY.YY.5.5 update-source Loopback0
neighbor YY.YY.10.10 remote-as YY1
neighbor YY.YY.10.10 update-source Loopback0

R3

router bgp YY1
no synchronization
bgp log-neighbor-changes
bgp confederation identifier YY
neighbor YY.YY.5.5 remote-as YY1
neighbor YY.YY.5.5 update-source Loopback0
neighbor YY.YY.1.1 remote-as YY1
neighbor YY.YY.1.1 update-source Loopback0
neighbor YY.YY.10.10 remote-as YY1
neighbor YY.YY.10.10 update-source Loopback0
no auto-summary

R5

router bgp YY1
no synchronization
bgp log-neighbor-changes
bgp confederation identifier YY
neighbor YY.YY.3.3 remote-as YY1
neighbor YY.YY.3.3 update-source Loopback0
neighbor YY.YY.1.1 remote-as YY1
neighbor YY.YY.1.1 update-source Loopback0
neighbor YY.YY.10.10 remote-as YY1
neighbor YY.YY.10.10 update-source Loopback0
neighbor 150.1.YY.254 remote-as 254
neighbor 150.1.YY.254 route-map TAG in
no auto-summary

access-list 5 permit 197.68.20.0 0.0.3.255

route-map TAG permit 10
match ip address 5
set local-preference 250
route-map TAG permit 20

router eigrp YY
redistribute connected metrix 1544 200 255 1 1500 route-map BB1

route-map BB1 permit 10
match interface fa0/0

SW4

router bgp YY1
no synchronization
bgp log-neighbor-changes
bgp confederation identifier YY
bgp confederation peers YY2
neighbor YY.YY.1.1 remote-as YY1
neighbor YY.YY.1.1 update-source Loopback0
neighbor YY.YY.2.2 remote-as YY2
neighbor YY.YY.2.2 ebgp-multihop 255
neighbor YY.YY.2.2 update-source Loopback0
neighbor YY.YY.3.3 remote-as YY1
neighbor YY.YY.3.3 update-source Loopback0
neighbor YY.YY.5.5 remote-as YY1
neighbor YY.YY.5.5 update-source Loopback0
no auto-summary

R2

router bgp YY2
no synchronization
bgp log-neighbor-changes
bgp confederation identifier YY
bgp confederation peers YY1
neighbor YY.YY.1.1 remote-as YY1
neighbor YY.YY.1.1 ebgp-multihop 255
neighbor YY.YY.1.1 update-source Loopback0
neighbor YY.YY.8.8 remote-as YY2
neighbor YY.YY.8.8 update-source Loopback0
neighbor YY.YY.10.10 remote-as YY1
neighbor YY.YY.10.10 ebgp-multihop 255
neighbor YY.YY.10.10 update-source Loopback0
no auto-summary

SW2

router bgp YY2
no synchronization
bgp log-neighbor-changes
bgp confederation identifier YY
neighbor YY.YY.2.2 remote-as YY2
neighbor YY.YY.2.2 update-source Loopback0
neighbor 150.2.1.254 remote-as 254
no auto-summary

router ospf YY
redistribute connected metric 100 subnets route-map BB2

route-map BB2 permit 10
match interface vlan 2

Section III IP Multicast

3.1 Implement PIM sparse mode for IPV6 multicast.

    Enable pim sparse mode (pim-sm) on the lan between R4 and R2, and on the WAN link between R2 and R1,
    Using these criteria. Configure R4 Fa0/1 to be the redezvous point (RP) for the FF08::4000:4000 multicast group, no other groups should be  permitted.

R4

ipv6 cef
ipv6 multicast-routing

ipv6 pim rp-address X:X:X:X

R2

ipv6 cef
ipv6 multicast-routing

ipv6 pim rp-address X:X:X:X

R1

ipv6 cef
ipv6 multicast-routing

ipv6 pim rp-address X:X:X:X

3.2 Multicast Joins

Configure R2 s0/0/0.z as an IPV6 receiver for the multicast group FF08::4000:4000.
R2 should be able to ping the multicast group FF08::4000:4000.

R2

interface Serial0/1/1.100 point-to-point
ipv6 mld join-group FF08::4000:4000 X:X:X:X

Section IV Advanced Services

4.1 Secure HTTP Access

Enable secure HTTP access for R5.

    Enable authentication using the list "HTTP" which utilizes local user authentication.
    Configure two different users for access to R5; the user cisco (password "cisco"), who only have privilege 1 access to R5; and the user ADMIN (password “CISCO") who has privilege 15 access to R5.
    Do no modify console and vty lines login and password configuration

R5

aaa new-model
aaa authenctication login default line    /* none required at the end if no line passwords are configured */
aaa authentication login HTTP local-case

username cisco privilege 1 password 0 cisco
username ADMIN privilege 15 password 0 CISCO

no ip http server
ip http secure-server

ip http authentication aaa login-authentication HTTP

4.2 Secure the WAN PPP Links

Configure challenge handshake authentication protocol (CHAP) on R5 for the link to R1 and R3, according to the following requirements.

    An authentication, authorization, and accounting (AAA) list names R1 and R3 for R1 and R3 respectively.
    Authentication for R1 should first try the radius server 198.2.3.128 using a key of cisco and fall back to local login in the event of a failure to connect to the radius server.
    R1 should present itself to R5 as RACKYYR1 with a shared password cisco.
    Authentication for R3 should first try the TACAS server 198.2.3.129 using a key of cisco and fall back to local login in the event of a failure to connect to the TACAS server.
    R3 should present itself to R5 as BACKUP with a shared password of CISCO.

R5

aaa new-model

aaa authentication ppp R1 group radius local-case
aaa authentication ppp R3 group tacacs+ local-case

username RACK1R1 password 0 cisco
username BACKUP password 0 CISCO

tacacs-server host 198.2.3.129 key cisco
radius-server host 198.2.3.128 key cisco

interface Serial0/1/0
ppp authentication chap R1

interface Serial0/1/1
ppp authentication chap R3

R1

interface Serial0/1/0
ppp chap hostname RACK1R1
ppp chap password cisco

R3

interface Serial0/1/0
ppp chap hostname BACKUP
ppp chap password CISCO

4.3 MQC Based frame-relay traffic shaping

Configure R1 for Modular QoS CLI (MQC) based frame relay traffic shaping (FRTS) according to the following requirements:

    Using a hierarchical policy map, specify the parent class-default committed information rate (CIR) as 64KB (when no backward explicit congestion notification (BECNs) are present and 32KB (when BECNs are present).
    The traffic already marked with class 1 or 2 (AF11 or AF21) must be classified as Data traffic.
    Data Traffic should receive a guaranteed bandwidth of 35%.
    Voice packets are marked as Expedited Forwarding (EF)
    Voice traffic should receive a guaranteed bandwidth of 40%

R2

class-map match-any DATA
match ip dscp af11
match ip dscp af21

class-map match-all VOICE
match ip dscp ef

policy-map CHILD
class VOICE
priority percent 40
class DATA
bandwidth percent 35
class class-default
fait-queue

policy-map PARENT
class class-default
shape average 64000
shape adaptive 32000
service-policy CHILD

map-class frame-relay FRTS
service-policy output PARENT

interface Serial0/1/1.100 point-to-point
frame-relay class FRTS

4.4 AutoQOS over PPP

To 4.3 continue to address VOIP quality of service (QOS) by configuring Cisco autoqos over PPP link between R1 and R5.
AutoQos should not use NBAR to classify the voice traffic.

R1

interface s0/1/0
auto discovery qos trust
auto qos voip trust

Interface multilink XXXXX
no peer neighbor-route


R5

interface s0/0
auto discovery qos trust
auto qos voip trust

Interface multilink XXXXX
no peer neighbor-route

Note
Bandwidth needs to be set to 128 which is the default.
Also, no peer neighbor-route needs to be configured on the dynamic multilink interfaces on R1 and R5.

4.5 First Hop Redundancy

To facilitate load balancing and back for hosts off VLAN_H, configure GLBP on VLAN_H, use any group number.

    R4 should have the higher priority with the ability for R2 to assume control if the priority of R4 decreases. Use MD5 authentication to protect the GLBP group. Use the key-string "cisco".
    Configure the IP YY.YY.15.35 as your GLBP virtual address.
    R2 should assume control if R4 loses reachability to the default route
    On R4 should track availability of default route

R4

track 11 ip route 0.0.0.0 0.0.0.0 reachability

interface FastEthernet0/1

glbp 1 ip YY.YY.15.35
glbp 1 priority 105
glbp 1 preempt
glbp 1 authentication md5 key-string cisco

glbp 1 weighting 110 lower 95 upper 105
glbp 1 weighting track 11 decrement 20

R2

interface FastEthernet0/1.24

glbp 1 ip YY.YY.15.35
glbp 1 priority 100
glbp 1 preempt
glbp 1 authentication md5 key-string cisco

Section V. Optimize the Network

5.1 Netflow IPv4 Multicast Accounting

Configure netflow multicast accounting on R4 according to the following requirement

    Sources should be VLAN_H
    Export all data to 198.2.5.10
    Use UDP port 9991 for exporting
    Use net flow version 9 only
    Collect all of the output and failure statistics, both in and out of R4 in VLAN_H.

R4

ip multicast netflow rpf-failure
ip multicast netflow output-counters

ip flow-export version 9
ip flow-export destination 198.2.5.10 9991

interface f0/1
ip flow ingress
ip flow egress

5.2 TFTP Server

Configure R3 as TFTP server with the following requirements

    R4 should be able to copy the file TEST from the flash memory of R3.
    No other files should be available from R3
    No other devices should be able to copy the file TEST from R3

Note: You do not need to create the TEST file on R3 or attempt to make a actual copy.

R3

access-list 53 permit YY.YY.4.4
access-list 53 permit YY.YY.15.33
access-list 53 permit YY.YY.15.65

tftp-server flash:TEST 53

5.2 Embedded Event Manager Monitor of CPU

Using IOS CLI an event manager applet on R3 according to the following requirements:

    If the 5min CPU value (cpmCPUTotal5minRev "1.3.6.1.4.1.9.9.109.YY.YY.YY.YY.8" ) goes  above 60 percent, the first 10 lines of the show process cpu sorted 5min  command output should be emailed to engineer@cisco.com from eem@cisco.com with a  subject of "CPUAlert5min" using the mail server 198.2.5.10. Polling should be every 60  seconds.

R3

event manager applet cpmCPUTotal5minRev
event snmp oid 1.3.6.1.4.1.9.9.109.YY.YY.1.8 get-type exact entry-op ge entry-val 60 poll-interval 60
action 1.0 cli command "terminal length 13"
action 2.0 cli command "show processes cpu sort 5min"
action 3.0 cli command “q”
action 4.0 mail server "198.2.5.10" to "engineer@cisco.com" from "EEM@cisco.com" subject  "CPUAlert5min" body "$_cli_result" 

LABELS

Audios (1) BCMSN (1) BGP (1) CCIE (4) CCNA (9) CCNA LABS (2) CCNP (11) CCNP LABS (1) CCVP (1) DHCP (1) DYNAGEN (2) E-BOOKS (5) ETHERCHANNELS (1) IOS (1) IP ACCESS-LIST (1) ISCW (2) MPLS (1) ONLINE-LABS (1) SWITCHING (4) VLAN ACCESS-LIST (1) VPN (1)