Wednesday, July 25, 2012

CCIE Routing & Switching LAB Soution(K1)


1.1 Errors in Initial Configuration

    VTP domain name mismatch.
    VTP password mismatch.
    Backup interface configured in SW1 fa 0/10 (or maybe in some other switches or interface)
    VTP version mismatch.
    'no peer neighbor-route' to be given if missing somewhere where required.

1.2 Switching

Configure all of the appropriate non trunking access switch ports on sw1, sw2, sw3, according to the following requirements.

    Configure the VLANs for the access switch ports as shown in the table.
    Include the ports to BB1, BB2 and BB3.
    Configure trunks between sw2 fa0/2 and R2 G0/1
    Ensure that SW1 is the spanning-tree Root Switch for all vlans and has the best chance of staying as such, even for any new vlan that might added in the future
    Make sure that the spanning tree enters the forwarding state immediately only for these access switch ports, by passing the listening and learning states.
    Avoid transmitting bridge protocol data units (BPDUs) on these access switch ports, if a BPDU is received on any of these ports, the ports should transition back to the listening, learning and forward states.
    Add any special layer 2 commands that are required on the routers including trunk configuration.

SW1

spanning-tree vlan 1-1005 priority 0
spanning-tree portfast bpdufilter default

interface FastEthernet0/3
switchport access vlan 3
switchport mode access
spanning-tree portfast

interface FastEthernet0/4
switchport access vlan 44
switchport mode access
spanning-tree portfast

interface FastEthernet0/5
switchport access vlan 15
switchport mode access
spanning-tree portfast

interface FastEthernet0/10
switchport access vlan 15
switchport mode access
spanning-tree portfast

SW2

spanning-tree portfast bpdufilter default
interface FastEthernet0/1
switchport access vlan 11
switchport mode access
spanning-tree portfast

interface FastEthernet0/2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 22,24
switchport mode trunk

interface FastEthernet0/3
switchport access vlan 13
switchport mode access
spanning-tree portfast

interface FastEthernet0/4
switchport access vlan 24
switchport mode access
spanning-tree portfast

interface FastEthernet0/5
switchport access vlan 45
switchport mode access
spanning-tree portfast

interface FastEthernet0/10
switchport access vlan 2
switchport mode access
spanning-tree portfast

SW3

spanning-tree portfast bpdufilter default
interface FastEthernet0/10
switchport access vlan 3
switchport mode access
spanning-tree portfast

SW4

spanning-tree portfast bpdufilter default

1.3 Implement Frame-Relay

Use the following requirements to configure R1 and R2 for Frame-relay and R4 the frame-relay  switch.

    Use ANSI LMI on the frame-relay switch and auto-sensing on R1 and R2
    Don't use any static frame-relay maps or inverse address resolution protocol.
    Use RFC 1490/RFC2427(IETF) encapsulation.
    Use sub-interfaces between R1 and R2
    Use largest mask for frame relay link
    Do not change anything in the frame-relay switch R4
    Use the data-link connection identifier DLCI assignments from the table below

Router  DLCI assignments
R1  100
R2  200

R1

interface Serial0/1/1
no ip address
encapsulation frame-relay ietf
no frame-relay inverse-arp
clock rate 64000

interface Serial0/1/1.100 point-to-point
ip address YY.YY.15.242 255.255.255.252
frame-relay interface-dlci 100 ietf

R2
interface Serial0/1/1
no ip address
encapsulation frame-relay ietf
no frame-relay inverse-arp
clock rate 64000

interface Serial0/1/1.200 point-to-point
ip address YY.YY.15.241 255.255.255.252
frame-relay interface-dlci 200 ietf

Frame relay switch should be already configured

R4
frame-relay switching

interface Serial0/1/0
no ip address
encapsulation frame-relay IETF
clock rate 64000
frame-relay lmi-type ansi
frame-relay intf-type dce
frame-relay route 100 interface Serial0/1/1 200

interface Serial0/1/1
no ip address
encapsulation frame-relay IETF
frame-relay lmi-type ansi
frame-relay intf-type dce
frame-relay route 200 interface Serial0/1/0 100
no shut

1.4 Traffic Control protection from backbone

Configure traffic control on the three backbone links, protecting your network from a broadcast storm. This protection should begin once broadcast traffic is half (50%) available bandwidth. The port should remain functional during this time.

SW1, SW2, SW3

interface FastEthernet0/10
storm-control broadcast level 50.00

1.5 Trunking Manipulations

Configure the dual trunk ports between Sw1, sw2, sw3 and sw4 according to the following  requirements

    Disable DTP on six distribution ports for each switch. Use dot1q encapsulation.
    Set the list of allowed VLANs that can receive and send traffic on these interfaces in tagged format. In particular only allow the VLANs need to go through the trunk links. VLAN 1 not inclusive.
    Ensure the link to the backbone are able to read to unidirectional link failure
    Ensure the interfaces that are connected to backbone not become root switch

SW1,SW2,SW3,SW4

vlan dot1q tag native    /* if native vlan should be tagged */

interface range fa0/19 – 24
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 3,11,13,,44,45
switchport nonegotiate

SW1,SW2,SW3,SW4
interface fa0/10
udld port aggressive
spanning-tree guard root

Section II layer 3 Technologies

    After finishing each of the following questions, make sure that all configured  interfaces and subnets are consistently visible on all pertinent routers and  switches.
    Do not redistribute between any interior gateway protocol (IGP) and Border  Gateway Protocol (BGP).
    You need to ping a BGP route only if stated in a question, otherwise the route should be only in the BGP table.
    At the end of section 2, all subnets in your topology, including the loop back  interfaces (except for SW3), must be reachable via ping.
    Therefore redistribute as you wish unless directly stated in the question.
    The backbone interface must be reachable only if they are part of the solution to a question.
    The loop back interfaces can be seen as either /24 or /32 in the routing tables  unless stated otherwise in a question.
    The loop back interfaces can be added into your IGP either via redistribution or  added to a routing process of your choice.

2.1 Implement IPV4 OSPF

Configure Open Shortest Path First (OSPF)

    Updates should be advertised only out of the interfaces that are indicated in the IGP topology diagram.
    The Process ID can be any number
    Don't manually change the router ID.
    Don't create additional OSPF areas
    Configure OSPF area 2 such that there are no TYPE 5 Advertisements (LSA) in the area, R1 should generate a default route.
    Configure OSPF over frame relay between R1 and R2 choosing a network type that requires designate router (DR) and backup designate router (BDR) negotiations and has the fastest recovery times.

R1

interface Serial0/1/1.100 point-to-point
ip ospf network broadcast
ip ospf dead-interval minimal hello-multiplier 20

router ospf 1
area 2 nssa default-information-originate
network YY.YY.15.161 0.0.0.0 area 0
network YY.YY.1.1 0.0.0.0 area 0
network YY.YY.15.242 0.0.0.0 area 2

R2

interface Serial0/1/1.200 point-to-point
ip ospf network broadcast
ip ospf dead-interval minimal hello-multiplier 20

router ospf 1
area 2 nssa
network YY.YY.2.2 0.0.0.0 area 2
network YY.YY.15.130 0.0.0.0 area 2
network YY.YY.15.241 0.0.0.0 area 2

R3

router ospf 1
network YY.YY.15.193 0.0.0.0 area 0

SW1

ip routing

interface Vlan11
ip address YY.YY.15.162 255.255.255.224

interface Vlan13
ip address YY.YY.15.194 255.255.255.224

router ospf 1
network YY.YY.7.7 0.0.0.0 area 0
network YY.YY.15.162 0.0.0.0 area 0
network YY.YY.15.194 0.0.0.0 area 0

SW2

interface Vlan2
ip address 150.2.1.1 255.255.255.0

interface Vlan22
ip address YY.YY.15.129 255.255.255.224

router ospf 1
area 2 nssa
network YY.YY.8.8 0.0.0.0 area 2
network YY.YY.15.129 0.0.0.0 area 2

2.2 Implement IPV4 EIGRP

Configure EIGRP 100 and EIGRP YY per the IGP topology diagram.

    EIGRP updates should be advertised only out to the interface per the IGP topology diagram.
    On R1, redistribute between OSPF and EIGRP YY. However all of the routes that are indicated below from backbone 3 (EIGRP 100) should not be redistributed between both protocols,
    Use route maps to accomplish this requirement. All route-maps should utilize the same access-list.
    Cannot disable auto-summary

    On OSPF area 0, EIGRP 100 routers should be choose the connection through R3 and should be seen as one path
    On R3 redistribute from EIGRP 100 into OSPF with metric-type 2
    On R3 redistribute from EIGRP 100 into EIGRP YY. However 3 networks 198.2.1.0 198.2.3.0 and 198.2.5.0 should be aggregated into a single address with the most specific mask possible

R1

router eigrp 1
redistribute ospf 1 metric 1544 2000 255 1 1500 route-map BLOCK
network YY.YY.1.1 0.0.0.0
network YY.YY.15.249 0.0.0.0
auto-summary

router ospf 1
redistribute eigrp 1 subnets route-map BLOCK

route-map BLOCK deny 10
match ip address 10
route-map BLOCK permit 20

access-list 10 permit 4.YY.YY.0 0.0.0.255
access-list 10 permit 128.28.2.0 0.0.0.255
access-list 10 permit 198.YY.YY.4 0.0.0.3
access-list 10 permit 198.2.1.0 0.0.0.255
access-list 10 permit 182.2.4.0 0.0.0.255
access-list 10 permit 182.2.2.0 0.0.0.255
access-list 10 permit 198.2.5.0 0.0.0.255
access-list 10 permit 150.3.YY.0 0.0.0.255

R3
router eigrp 100
no auto-summary
network 150.3.1.1 0.0.0.0

interface Serial0/1/0
ip summary-address eigrp 1 198.2.0.0 255.255.248.0

router eigrp 1
redistribute eigrp 100
network YY.YY.3.3 0.0.0.0
network YY.YY.15.245 0.0.0.0
auto-summary

router ospf 1
redistribute eigrp 100 subnets metric-type 2

R5

router eigrp 1
auto-summary
network YY.YY.5.5 0.0.0.0
network YY.YY.15.97 0.0.0.0
network YY.YY.15.246 0.0.0.0
network YY.YY.15.250 0.0.0.0

SW4

interface Vlan44
ip address YY.YY.15.66 255.255.255.224

interface Vlan45
ip address YY.YY.15.98 255.255.255.224

router eigrp 1
auto-summary
network YY.YY.10.10 0.0.0.0
network YY.YY.15.98 0.0.0.0

2.3 Implement RIP version 2

Configure RIP version 2 (RIP V2) per the IGP topology diagram.

    RIP update must be advertised only out to the interface per the IGP topology diagram
    Use the auto-summary
    All rip updates should be unicast.
    Mutually redistribute between RIP and EIGRP on SW4 and mutually redistribute between RIP and ospf of R2. EIGRP learned routes should be preferred over OSPF routes.
    RIP and EIGRP cannot turn off auto-summary, this cannot affect ospf routing.

R2

router rip
auto-summary
version 2
passive-interface default
neighbor YY.YY.15.33
network YY.YY.0.0
redistribute ospf YY metric 1
offset-list 0 out 4 fastethernet0/1.24

router ospf YY
redistribute rip subnets route-map EIGRP100

// EIGRP 100 learned routes from RIP
ip prefix-list EIGRP100PL permit 4.0.0.0/8
ip prefix-list EIGRP100PL permit 128.28.0.0/16
ip prefix-list EIGRP100PL permit 128.128.0.0/16
ip prefix-list EIGRP100PL permit 150.3.0.0/16
ip prefix-list EIGRP100PL permit 198.198.5.0/24

route-map EIGRP100 deny 10
match ip address prefix-list EIGRP100PL

route-map EIGRP100 permit 20

R4

router rip
version 2
auto-summary
passive-interface default
neighbor YY.YY.15.34
neighbor YY.YY.15.66
network YY.YY.0.0

SW4

router rip
version 2
auto-summary
passive-interface default
neighbor YY.YY.15.65
network YY.YY.0.0
redistribute eigrp YY metric 2
distance 171 YY.YY.15.65 0.0.0.0 10

access-list 10 deny YY.YY.4.4
access-list 10 deny YY.YY.15.32 0.0.0.31
access-list 10 permit any

route-map NET_RIP permit 10
match ip address prefix-list net_rip

ip prefix-list net_rip permit YY.YY.4.4/32
ip prefix-list net_rip permit YY.YY.15.32/27
ip prefix-list net_rip permit YY.YY.15.64/27

router eigrp YY
redistribute rip metric 1544 2000 255 1 1500 route-map NET_RIP

2.4 Implement IPV6

Refer to the IPV6 topology diagram to configure IPV6 unique local unicast addresses using the eui-64 interface identifier.

    Configure OSPFv3 as per the IPV6 topology.
    Ensure that R4 can ping SW1 using IPV6.

R4 G0/1 and R2 G0/1.z (Vlan 24)  FC01:DB8:74:9::/64 EUI-64
R2  S0/1/0.z and R1 -S0/1/0.z FC01:DB8:74:A::/64 EUI-64
R1  G0/1 and SW1 - Svi 11 FC01:DB8:74:B::/64 EUI-64

R1

ipv6 unicast-routing
ipv6 cef

interface FastEthernet0/1
ipv6 address FC01:DB8:74:B::/64 eui-64
ipv6 ospf mtu-ignore
ipv6 ospf 1 area 1

ipv6 router ospf 1
router-id YY.YY.1.1

interface Serial0/1/1.100 point-to-point
ipv6 address FC01:DB8:74:A::/64 eui-64
ipv6 ospf 1 area 1

R2

ipv6 unicast-routing
ipv6 cef

ipv6 router ospf 1
router-id YY.YY.2.2

interface Serial0/1/1.200 point-to-point
ipv6 address FC01:DB8:74:A::/64 eui-64
ipv6 ospf 1 area 1

interface FastEthernet0/1.24
ipv6 address FC01:DB8:74:9::/64 eui-64
ipv6 ospf 1 area 0

R4

ipv6 unicast-routing
ipv6 cef

ipv6 router ospf 1
router-id YY.YY.4.4

interface FastEthernet0/1
ipv6 address FC01:DB8:74:9::/64 eui-64
ipv6 ospf 1 area 0

SW1

sdm prefer dual-ipv4-and-ipv6-default  /* reload the router */

ipv6 unicast-routing
ipv6 router ospf 1
router-id YY.YY.7.7
interface Vlan11
ipv6 address FC01:DB8:74:B::/64 eui-64
ipv6 ospf 1 area 1

2.5 – Implement IPv4 BGP

Referring to the bgp routing diagram, configure BGP with these parameters:

    Configure two bgp confederations R1, R3, R5 and SW4 (ASYY1) and R2 and SW2 (ASYY2).
    The confederation peers should neighbor between R1 and R2 and between SW4 and R2.
    EBGP: SW2 ebgp peers with the router 150.2.YY.254 on BB2 in AS254. This router advertises five routes with format 197.68.z.0/24 and the AS path 254.
    EBGP: R5 ebgp peers with the router 150.1.YY.254 on BB1 in AS254. This router advertises five routes with the format 197.68.z.0/24 and the AS path 254,253.
    The bgp devices should all prefer the path through R5 (150.1.YY.254) for network 197.68.21.0/24 and 197.68.22.0/24. The ibgp devices should all prefer the path through SW2 (150.2.YY.254) for network 197.68.1.0/24, 197.68.4.0/24 and 197.68.5.0/24. This manipulation should be accomplished by configuring only on one router using route maps that refer to a single access list.
    Configure only the loopback 0 ip address to propagate BGP route information.
    You cannot use route reflector or change next-hop self.
    BGP routes should be advertised to AS254.

R1

router bgp YY1
no synchronization
no auto-summary
bgp log-neighbor-changes
bgp confederation identifier YY
bgp confederation peers YY2
neighbor YY.YY.2.2 remote-as YY2
neighbor YY.YY.2.2 ebgp-multihop 255
neighbor YY.YY.2.2 update-source Loopback0
neighbor YY.YY.3.3 remote-as YY1
neighbor YY.YY.3.3 update-source Loopback0
neighbor YY.YY.5.5 remote-as YY1
neighbor YY.YY.5.5 update-source Loopback0
neighbor YY.YY.10.10 remote-as YY1
neighbor YY.YY.10.10 update-source Loopback0

R3

router bgp YY1
no synchronization
bgp log-neighbor-changes
bgp confederation identifier YY
neighbor YY.YY.5.5 remote-as YY1
neighbor YY.YY.5.5 update-source Loopback0
neighbor YY.YY.1.1 remote-as YY1
neighbor YY.YY.1.1 update-source Loopback0
neighbor YY.YY.10.10 remote-as YY1
neighbor YY.YY.10.10 update-source Loopback0
no auto-summary

R5

router bgp YY1
no synchronization
bgp log-neighbor-changes
bgp confederation identifier YY
neighbor YY.YY.3.3 remote-as YY1
neighbor YY.YY.3.3 update-source Loopback0
neighbor YY.YY.1.1 remote-as YY1
neighbor YY.YY.1.1 update-source Loopback0
neighbor YY.YY.10.10 remote-as YY1
neighbor YY.YY.10.10 update-source Loopback0
neighbor 150.1.YY.254 remote-as 254
neighbor 150.1.YY.254 route-map TAG in
no auto-summary

access-list 5 permit 197.68.20.0 0.0.3.255

route-map TAG permit 10
match ip address 5
set local-preference 250
route-map TAG permit 20

router eigrp YY
redistribute connected metrix 1544 200 255 1 1500 route-map BB1

route-map BB1 permit 10
match interface fa0/0

SW4

router bgp YY1
no synchronization
bgp log-neighbor-changes
bgp confederation identifier YY
bgp confederation peers YY2
neighbor YY.YY.1.1 remote-as YY1
neighbor YY.YY.1.1 update-source Loopback0
neighbor YY.YY.2.2 remote-as YY2
neighbor YY.YY.2.2 ebgp-multihop 255
neighbor YY.YY.2.2 update-source Loopback0
neighbor YY.YY.3.3 remote-as YY1
neighbor YY.YY.3.3 update-source Loopback0
neighbor YY.YY.5.5 remote-as YY1
neighbor YY.YY.5.5 update-source Loopback0
no auto-summary

R2

router bgp YY2
no synchronization
bgp log-neighbor-changes
bgp confederation identifier YY
bgp confederation peers YY1
neighbor YY.YY.1.1 remote-as YY1
neighbor YY.YY.1.1 ebgp-multihop 255
neighbor YY.YY.1.1 update-source Loopback0
neighbor YY.YY.8.8 remote-as YY2
neighbor YY.YY.8.8 update-source Loopback0
neighbor YY.YY.10.10 remote-as YY1
neighbor YY.YY.10.10 ebgp-multihop 255
neighbor YY.YY.10.10 update-source Loopback0
no auto-summary

SW2

router bgp YY2
no synchronization
bgp log-neighbor-changes
bgp confederation identifier YY
neighbor YY.YY.2.2 remote-as YY2
neighbor YY.YY.2.2 update-source Loopback0
neighbor 150.2.1.254 remote-as 254
no auto-summary

router ospf YY
redistribute connected metric 100 subnets route-map BB2

route-map BB2 permit 10
match interface vlan 2

Section III IP Multicast

3.1 Implement PIM sparse mode for IPV6 multicast.

    Enable pim sparse mode (pim-sm) on the lan between R4 and R2, and on the WAN link between R2 and R1,
    Using these criteria. Configure R4 Fa0/1 to be the redezvous point (RP) for the FF08::4000:4000 multicast group, no other groups should be  permitted.

R4

ipv6 cef
ipv6 multicast-routing

ipv6 pim rp-address X:X:X:X

R2

ipv6 cef
ipv6 multicast-routing

ipv6 pim rp-address X:X:X:X

R1

ipv6 cef
ipv6 multicast-routing

ipv6 pim rp-address X:X:X:X

3.2 Multicast Joins

Configure R2 s0/0/0.z as an IPV6 receiver for the multicast group FF08::4000:4000.
R2 should be able to ping the multicast group FF08::4000:4000.

R2

interface Serial0/1/1.100 point-to-point
ipv6 mld join-group FF08::4000:4000 X:X:X:X

Section IV Advanced Services

4.1 Secure HTTP Access

Enable secure HTTP access for R5.

    Enable authentication using the list "HTTP" which utilizes local user authentication.
    Configure two different users for access to R5; the user cisco (password "cisco"), who only have privilege 1 access to R5; and the user ADMIN (password “CISCO") who has privilege 15 access to R5.
    Do no modify console and vty lines login and password configuration

R5

aaa new-model
aaa authenctication login default line    /* none required at the end if no line passwords are configured */
aaa authentication login HTTP local-case

username cisco privilege 1 password 0 cisco
username ADMIN privilege 15 password 0 CISCO

no ip http server
ip http secure-server

ip http authentication aaa login-authentication HTTP

4.2 Secure the WAN PPP Links

Configure challenge handshake authentication protocol (CHAP) on R5 for the link to R1 and R3, according to the following requirements.

    An authentication, authorization, and accounting (AAA) list names R1 and R3 for R1 and R3 respectively.
    Authentication for R1 should first try the radius server 198.2.3.128 using a key of cisco and fall back to local login in the event of a failure to connect to the radius server.
    R1 should present itself to R5 as RACKYYR1 with a shared password cisco.
    Authentication for R3 should first try the TACAS server 198.2.3.129 using a key of cisco and fall back to local login in the event of a failure to connect to the TACAS server.
    R3 should present itself to R5 as BACKUP with a shared password of CISCO.

R5

aaa new-model

aaa authentication ppp R1 group radius local-case
aaa authentication ppp R3 group tacacs+ local-case

username RACK1R1 password 0 cisco
username BACKUP password 0 CISCO

tacacs-server host 198.2.3.129 key cisco
radius-server host 198.2.3.128 key cisco

interface Serial0/1/0
ppp authentication chap R1

interface Serial0/1/1
ppp authentication chap R3

R1

interface Serial0/1/0
ppp chap hostname RACK1R1
ppp chap password cisco

R3

interface Serial0/1/0
ppp chap hostname BACKUP
ppp chap password CISCO

4.3 MQC Based frame-relay traffic shaping

Configure R1 for Modular QoS CLI (MQC) based frame relay traffic shaping (FRTS) according to the following requirements:

    Using a hierarchical policy map, specify the parent class-default committed information rate (CIR) as 64KB (when no backward explicit congestion notification (BECNs) are present and 32KB (when BECNs are present).
    The traffic already marked with class 1 or 2 (AF11 or AF21) must be classified as Data traffic.
    Data Traffic should receive a guaranteed bandwidth of 35%.
    Voice packets are marked as Expedited Forwarding (EF)
    Voice traffic should receive a guaranteed bandwidth of 40%

R2

class-map match-any DATA
match ip dscp af11
match ip dscp af21

class-map match-all VOICE
match ip dscp ef

policy-map CHILD
class VOICE
priority percent 40
class DATA
bandwidth percent 35
class class-default
fait-queue

policy-map PARENT
class class-default
shape average 64000
shape adaptive 32000
service-policy CHILD

map-class frame-relay FRTS
service-policy output PARENT

interface Serial0/1/1.100 point-to-point
frame-relay class FRTS

4.4 AutoQOS over PPP

To 4.3 continue to address VOIP quality of service (QOS) by configuring Cisco autoqos over PPP link between R1 and R5.
AutoQos should not use NBAR to classify the voice traffic.

R1

interface s0/1/0
auto discovery qos trust
auto qos voip trust

Interface multilink XXXXX
no peer neighbor-route


R5

interface s0/0
auto discovery qos trust
auto qos voip trust

Interface multilink XXXXX
no peer neighbor-route

Note
Bandwidth needs to be set to 128 which is the default.
Also, no peer neighbor-route needs to be configured on the dynamic multilink interfaces on R1 and R5.

4.5 First Hop Redundancy

To facilitate load balancing and back for hosts off VLAN_H, configure GLBP on VLAN_H, use any group number.

    R4 should have the higher priority with the ability for R2 to assume control if the priority of R4 decreases. Use MD5 authentication to protect the GLBP group. Use the key-string "cisco".
    Configure the IP YY.YY.15.35 as your GLBP virtual address.
    R2 should assume control if R4 loses reachability to the default route
    On R4 should track availability of default route

R4

track 11 ip route 0.0.0.0 0.0.0.0 reachability

interface FastEthernet0/1

glbp 1 ip YY.YY.15.35
glbp 1 priority 105
glbp 1 preempt
glbp 1 authentication md5 key-string cisco

glbp 1 weighting 110 lower 95 upper 105
glbp 1 weighting track 11 decrement 20

R2

interface FastEthernet0/1.24

glbp 1 ip YY.YY.15.35
glbp 1 priority 100
glbp 1 preempt
glbp 1 authentication md5 key-string cisco

Section V. Optimize the Network

5.1 Netflow IPv4 Multicast Accounting

Configure netflow multicast accounting on R4 according to the following requirement

    Sources should be VLAN_H
    Export all data to 198.2.5.10
    Use UDP port 9991 for exporting
    Use net flow version 9 only
    Collect all of the output and failure statistics, both in and out of R4 in VLAN_H.

R4

ip multicast netflow rpf-failure
ip multicast netflow output-counters

ip flow-export version 9
ip flow-export destination 198.2.5.10 9991

interface f0/1
ip flow ingress
ip flow egress

5.2 TFTP Server

Configure R3 as TFTP server with the following requirements

    R4 should be able to copy the file TEST from the flash memory of R3.
    No other files should be available from R3
    No other devices should be able to copy the file TEST from R3

Note: You do not need to create the TEST file on R3 or attempt to make a actual copy.

R3

access-list 53 permit YY.YY.4.4
access-list 53 permit YY.YY.15.33
access-list 53 permit YY.YY.15.65

tftp-server flash:TEST 53

5.2 Embedded Event Manager Monitor of CPU

Using IOS CLI an event manager applet on R3 according to the following requirements:

    If the 5min CPU value (cpmCPUTotal5minRev "1.3.6.1.4.1.9.9.109.YY.YY.YY.YY.8" ) goes  above 60 percent, the first 10 lines of the show process cpu sorted 5min  command output should be emailed to engineer@cisco.com from eem@cisco.com with a  subject of "CPUAlert5min" using the mail server 198.2.5.10. Polling should be every 60  seconds.

R3

event manager applet cpmCPUTotal5minRev
event snmp oid 1.3.6.1.4.1.9.9.109.YY.YY.1.8 get-type exact entry-op ge entry-val 60 poll-interval 60
action 1.0 cli command "terminal length 13"
action 2.0 cli command "show processes cpu sort 5min"
action 3.0 cli command “q”
action 4.0 mail server "198.2.5.10" to "engineer@cisco.com" from "EEM@cisco.com" subject  "CPUAlert5min" body "$_cli_result" 

39 comments:

  1. Achieving the Cisco CCIE Routing and Switching certification is a significant achievement for any technician. It signifies that the technician has achieved expert-level knowledge that allows them to be network engineers who can plan, troubleshoot, and operate a complex and converged infrastructure.

    ReplyDelete
  2. What's up, yup this piece of writing is really fastidious and I have learned lot of things from it on the topic of blogging. thanks.
    Feel free to visit my web page :: web design miami beach

    ReplyDelete
  3. Keep on writing, great job!
    Also see my web site: funnymariogames

    ReplyDelete
  4. I'm not sure exactly why but this website is loading incredibly slow for me. Is anyone else having this problem or is it a issue on my end? I'll check back later and see if the problem still exists.
    My site: Lifelock promo code

    ReplyDelete
  5. I'm not sure where you're getting your info, but great
    topic. I needs to spend some time learning more or understanding more.

    Thanks for fantastic information I was looking
    for this information for my mission.
    My page ... crushing cogs tower

    ReplyDelete
  6. Just wish tо say your article iѕ аs surprising.
    The clarity in yοur post іs ѕіmplу
    cool and і can aѕsume уou аre an еxpеrt on this ѕubϳеct.
    Wеll ωіth your pеrmission lеt
    me tο grab your feed tο kеeр updated wіth forthcоming
    post. Τhanks a million and рleaѕe cаrrу
    оn the grаtifying work.

    My blоg pοst no credit check loans
    Also visit my site - no credit check loans

    ReplyDelete
  7. You actually make it appear really easy together with your presentation however I to find
    this matter to be actually something which I think I would by no means understand.
    It sort of feels too complex and very vast for me. I'm taking a look ahead in your next put up, I'll attempt to
    get the hold of it!
    Also visit my webpage - click the following internet page

    ReplyDelete
  8. I lοved aѕ much as уou will recеіve
    carried out right here. Тhe sketch is attractіve, your authoreԁ subject matter stylish.
    nonеthеleѕs, yоu commanԁ get bought аn nerѵousness over that уоu ωish be ԁeliveгing the folloωing.
    unwell unquestionаbly come further foгmerly
    again as exactlу the sаme nеarly vегy
    often insidе сase yοu ѕhield thіs increaѕe.
    Also see my site: Loans for Bad Credit

    ReplyDelete
  9. It's impressive that you are getting thoughts from this post as well as from our argument made at this place.
    Look at my homepage ... Family vacation at Upper James Manor

    ReplyDelete
  10. Great sitе. Ρlenty of uѕeful information herе.
    I am sending it to ѕome friends ans аdditionally sharing in delicious.

    And obviouslу, thаnk you οn уour effort!
    Here is my weblog : loans for bad credit

    ReplyDelete


  11. Feel frеe to surf to mу web blog: payday loan,
    Also visit my blog ; payday loan online

    ReplyDelete


  12. Stop by my site :: payday loan,
    Check out my blog post - payday loan,

    ReplyDelete
  13. Excellent blog here! Alsо youг wеb ѕіte lоadѕ uρ fast!
    What hoѕt arе уou using? Can I get youг affilіаte link to your host?
    I wish mу site loaded up as quіcklу as уours lοl
    Also see my web page - loans for bad credit

    ReplyDelete
  14. Hi there, I discovered your website via Google whilst looking
    for a comparable matter, your web site got here up, it appears to be like good.
    I've bookmarked it in my google bookmarks.
    Hello there, just became alert to your weblog through Google, and found that it is truly informative. I am going to be careful for brussels. I'll appreciate for those who continue this in future.
    Numerous other people will likely be benefited from your writing.

    Cheers!
    My page :: ikea furniture assembly service

    ReplyDelete
  15. If some one desires expert view regarding blogging afterward i
    recommend him/her to pay a quick visit this weblog, Keep up the pleasant work.


    Also visit my webpage ... trademark attorney cost

    ReplyDelete
  16. I know this site provides quality based articles or reviews and other material,
    is there any other website which provides such stuff in
    quality?

    Feel free to visit my site :: diets that work for women

    ReplyDelete
  17. What i do nοt undегstoοd is in realitу how you are no longer actually a lot more wеll-aρpreсiatеԁ than you mіght be right nοw.
    You arе so intеlligent. Yоu reсognize thuѕ
    significantly relatіng to this matter, ρroduced me for
    my part сonsider it frοm a lot οf
    various angles. Іts liκе men and ωomen don't seem to be involved until it is something to accomplish with Lady gaga! Your personal stuffs great. All the time handle it up!

    Also visit my web blog :: payday loans

    ReplyDelete
  18. Ρlease let me know іf you're looking for a writer for your site. You have some really good articles and I think I would be a good asset. If you ever want to take some of the load off, I'd absolutеly lovе
    tο wrіte some content fοr youг blog іn exchange for
    a link bаck to mine. Plеase send mе аn е-mail if
    intеrested. Regаrds!

    Fеel free to surf to my web sitе:
    payday loans

    ReplyDelete
  19. At this time it appears like Expression Engine is the top blogging platform available right now.
    (from what I've read) Is that what you're using on your blog?


    my blog post; 73479

    ReplyDelete
  20. I am extremely impresseԁ ωith your ωriting ѕkills as well aѕ with the
    layοut on your weblog. Iѕ this a paid thеme or dіd yοu moԁіfy it yοursеlf?
    Eіther wаy κеep up thе niсe quality wгіting, it
    is гare to sеe а nice blog likе this onе thеse daуѕ.


    Also visit my blog: payday loans uk

    ReplyDelete
  21. I'm gone to convey my little brother, that he should also visit this webpage on regular basis to get updated from most recent news.

    my blog: payday loans

    ReplyDelete
  22. As the admin of this website is working, no question very shortly it
    will be well-known, due to its feature contents.


    Also visit my website; waist hip ratio

    ReplyDelete
  23. If you Recall back on the the Online ways to get ex backrulesbut it
    is significant, especially in Capital of France.


    Visit my blog post - revenge on my ex boyfriend

    ReplyDelete
  24. I ԁo not even know how I еnded up rіght herе, but I аssumed this submit was good.
    I ԁo nοt knоw who you're however definitely you are going to a well-known blogger when you are not already. Cheers!

    Review my blog post ... italface.com

    ReplyDelete
  25. Hi thеre eveгyone, it's my first pay a visit at this site, and piece of writing is really fruitful designed for me, keep up posting these articles.

    Visit my web blog chatroulette

    ReplyDelete
  26. Have you eveг considered writing аn ebook or guest authoring on other siteѕ?
    I have a blog centered οn the ѕame ideаs уou disсusѕ and ωould гeally lіke to have you ѕhare
    sοme stοrieѕ/information. I know my readers would value уour work.
    If you are even гemotеlу intereѕted, feel free to shοot mе an e mаil.


    Also vіsit my homepage Http://Cut55Stew.Bravejournal.Com/Entry/108713

    ReplyDelete
  27. This article is actually a plеasant one it assіsts new the wеb visitors,
    who аre wishing іn fаѵοr of blogging.



    Alsο visit my blog post - Instant Payday Loans

    ReplyDelete
  28. If you would like to increase your familiarity only keep visiting this
    site and be updated with the most up-to-date
    news posted here.

    Feel free to surf to my web site :: xerox 8560 printer

    ReplyDelete
  29. Admiring the persistence you put into your website and
    detailed information you present. It's nice to come across a blog every once in a while that isn't the
    same old rehashed material. Fantastic read! I've bookmarked your site and I'm including
    your RSS feeds to my Google account.

    My homepage: cardsharing sky Uk

    ReplyDelete
  30. Нeya і am foг the prіmaгy time herе.

    I came aсroѕs thіs boаrd аnd I to find It reаlly useful & it helped me out
    a lоt. I'm hoping to present one thing back and aid others such as you aided me.

    Here is my web-site - New Bingo Sites

    ReplyDelete
  31. Υоu hаvе made some
    reallу good pointѕ there. Ι lоoked on thе
    intеrnet to learn more about the issue anԁ
    fοund most peoρlе wіll gο along
    with уour vieωs on this sіte.

    Stоρ by my blog :: payday loans uk

    ReplyDelete
  32. I сοnstantlу ѕpеnt my half аn hour to reаԁ this website's articles or reviews everyday along with a cup of coffee.

    Here is my webpage: chatroulette

    ReplyDelete
  33. When someone wrіtеs an aгtiсle he/she maіntains
    the plan of a user in hіs/her mind that how a user сan undегstand it.
    Therefore that's why this piece of writing is outstdanding. Thanks!

    my web site ... reputation management agency

    ReplyDelete
  34. Terrifіc work! That is the typе οf іnfοrmаtion that aгe meant
    to be shaгed arоunԁ the web. Disgrace on the seeκ еngіneѕ for no longeг ρositіoning thiѕ put up
    uрpеr! Come on ονer and conѕult with my webѕitе .

    Thanκ yοu =)

    Αlѕo ѵisit my wеb-site
    - diamondlinks review

    ReplyDelete
  35. Qualitу content іs the ѕеcret
    tο аttract thе ѵіеwerѕ to ρay a visіt the web ѕite, that's what this web page is providing.

    Feel free to visit my site :: sportfc.net

    ReplyDelete
  36. Today, I wеnt to thе beaсh with mу kids.
    Ӏ fοund a sea shell and gave іt
    tο my 4 year old daughter anԁ saіd
    "You can hear the ocean if you put this to your ear." Ѕhe put the shеll to
    hег ear and sсreamеd. Thеre ωas
    а hermit cгab іnside аnd it pinched her еar.
    She nеνeг wantѕ tο go back! LoL I knοw thіs іs totally off toρiс but I had
    to tеll somеone!

    Mу pagе - Haemorrhoidenet.De

    ReplyDelete
  37. As mentioned in materialism guy is thought turn out to be laughing-talking
    body shape along with preservative weather and after that Your five issues
    (this planet, drinking water, fires, air and pollution coupled with office space).
    Brilliant earth flavored coffee turned out positiioned in how the filter with cooking
    ocean was likely placed in just filter as small as this particular exquisite coffeepot
    right here. Additionally, they are convenient to use: Must
    place the pod by the exercise machine, put on , and make certain that this coffee mug happens to be
    in house. Though you've increasingly supported red wine having a labor, then you have might unwillingly take care of the dilema attached to dark wine spots on a tabletops or even worktops.

    Here is my webpage ... mr coffee cocomotion recipes

    ReplyDelete
  38. Yes, you can download and install Hp Laserjet 1020 printer motorists from
    this site, plz follow this like for Hp laserjet motorist Download for hp 1020.


    Feel free to surf to my web page - xerox phaser 8560 yellow ink

    ReplyDelete
  39. I am regulаr vіѕіtοr, hоw аre yοu eveгybodу?
    This piece оf writing ρosted at thiѕ ѕite is rеally gooԁ.


    Ϻу web-sіte - Bauсhmuѕkeltrаіning
    (blamebateman.com)

    ReplyDelete

LABELS

Audios (1) BCMSN (1) BGP (1) CCIE (4) CCNA (9) CCNA LABS (2) CCNP (11) CCNP LABS (1) CCVP (1) DHCP (1) DYNAGEN (2) E-BOOKS (5) ETHERCHANNELS (1) IOS (1) IP ACCESS-LIST (1) ISCW (2) MPLS (1) ONLINE-LABS (1) SWITCHING (4) VLAN ACCESS-LIST (1) VPN (1)