1.1 Errors in Initial Configuration
VTP domain name mismatch.
VTP password mismatch.
Backup interface configured in
SW1 fa 0/10 (or maybe in some other switches or interface)
VTP version mismatch.
'no peer neighbor-route' to be
given if missing somewhere where required.
1.2 Switching
Configure all of the appropriate non trunking access switch ports on sw1,
sw2, sw3, according to the following requirements.
Configure the VLANs for the access
switch ports as shown in the table.
Include the ports to BB1, BB2 and
BB3.
Configure trunks between sw2
fa0/2 and R2 G0/1
Ensure that SW1 is the
spanning-tree Root Switch for all vlans and has the best chance of staying as
such, even for any new vlan that might added in the future
Make sure that the spanning tree
enters the forwarding state immediately only for these access switch ports, by
passing the listening and learning states.
Avoid transmitting bridge
protocol data units (BPDUs) on these access switch ports, if a BPDU is received
on any of these ports, the ports should transition back to the listening,
learning and forward states.
Add any special layer 2 commands
that are required on the routers including trunk configuration.
SW1
spanning-tree vlan 1-1005 priority 0
spanning-tree portfast bpdufilter default
interface FastEthernet0/3
switchport access vlan 3
switchport mode access
spanning-tree portfast
interface FastEthernet0/4
switchport access vlan 44
switchport mode access
spanning-tree portfast
interface FastEthernet0/5
switchport access vlan 15
switchport mode access
spanning-tree portfast
interface FastEthernet0/10
switchport access vlan 15
switchport mode access
spanning-tree portfast
SW2
spanning-tree portfast bpdufilter default
interface FastEthernet0/1
switchport access vlan 11
switchport mode access
spanning-tree portfast
interface FastEthernet0/2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 22,24
switchport mode trunk
interface FastEthernet0/3
switchport access vlan 13
switchport mode access
spanning-tree portfast
interface FastEthernet0/4
switchport access vlan 24
switchport mode access
spanning-tree portfast
interface FastEthernet0/5
switchport access vlan 45
switchport mode access
spanning-tree portfast
interface FastEthernet0/10
switchport access vlan 2
switchport mode access
spanning-tree portfast
SW3
spanning-tree portfast bpdufilter default
interface FastEthernet0/10
switchport access vlan 3
switchport mode access
spanning-tree portfast
SW4
spanning-tree portfast bpdufilter default
1.3 Implement Frame-Relay
Use the following requirements to configure R1 and R2 for Frame-relay and
R4 the frame-relay switch.
Use ANSI LMI on the frame-relay
switch and auto-sensing on R1 and R2
Don't use any static frame-relay
maps or inverse address resolution protocol.
Use RFC 1490/RFC2427(IETF)
encapsulation.
Use sub-interfaces between R1 and
R2
Use largest mask for frame relay
link
Do not change anything in the
frame-relay switch R4
Use the data-link connection
identifier DLCI assignments from the table below
Router DLCI assignments
R1 100
R2 200
R1
interface Serial0/1/1
no ip address
encapsulation frame-relay ietf
no frame-relay inverse-arp
clock rate 64000
interface Serial0/1/1.100 point-to-point
ip address YY.YY.15.242 255.255.255.252
frame-relay interface-dlci 100 ietf
R2
interface Serial0/1/1
no ip address
encapsulation frame-relay ietf
no frame-relay inverse-arp
clock rate 64000
interface Serial0/1/1.200 point-to-point
ip address YY.YY.15.241 255.255.255.252
frame-relay interface-dlci 200 ietf
Frame relay switch should be already configured
R4
frame-relay switching
interface Serial0/1/0
no ip address
encapsulation frame-relay IETF
clock rate 64000
frame-relay lmi-type ansi
frame-relay intf-type dce
frame-relay route 100 interface Serial0/1/1 200
interface Serial0/1/1
no ip address
encapsulation frame-relay IETF
frame-relay lmi-type ansi
frame-relay intf-type dce
frame-relay route 200 interface Serial0/1/0 100
no shut
1.4 Traffic Control protection from backbone
Configure traffic control on the three backbone links, protecting your
network from a broadcast storm. This protection should begin once broadcast
traffic is half (50%) available bandwidth. The port should remain functional
during this time.
SW1, SW2, SW3
interface FastEthernet0/10
storm-control broadcast level 50.00
1.5 Trunking Manipulations
Configure the dual trunk ports between Sw1, sw2, sw3 and sw4 according to
the following requirements
Disable DTP on six distribution
ports for each switch. Use dot1q encapsulation.
Set the list of allowed VLANs
that can receive and send traffic on these interfaces in tagged format. In
particular only allow the VLANs need to go through the trunk links. VLAN 1 not
inclusive.
Ensure the link to the backbone
are able to read to unidirectional link failure
Ensure the interfaces that are
connected to backbone not become root switch
SW1,SW2,SW3,SW4
vlan dot1q tag native /* if native
vlan should be tagged */
interface range fa0/19 – 24
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 3,11,13,,44,45
switchport nonegotiate
SW1,SW2,SW3,SW4
interface fa0/10
udld port aggressive
spanning-tree guard root
Section II layer 3 Technologies
After finishing each of the
following questions, make sure that all configured interfaces and subnets are consistently
visible on all pertinent routers and
switches.
Do not redistribute between any
interior gateway protocol (IGP) and Border
Gateway Protocol (BGP).
You need to ping a BGP route only
if stated in a question, otherwise the route should be only in the BGP table.
At the end of section 2, all
subnets in your topology, including the loop back interfaces (except for SW3), must be
reachable via ping.
Therefore redistribute as you
wish unless directly stated in the question.
The backbone interface must be
reachable only if they are part of the solution to a question.
The loop back interfaces can be
seen as either /24 or /32 in the routing tables
unless stated otherwise in a question.
The loop back interfaces can be
added into your IGP either via redistribution or added to a routing process of your choice.
2.1 Implement IPV4 OSPF
Configure Open Shortest Path First (OSPF)
Updates should be advertised only
out of the interfaces that are indicated in the IGP topology diagram.
The Process ID can be any number
Don't manually change the router
ID.
Don't create additional OSPF
areas
Configure OSPF area 2 such that
there are no TYPE 5 Advertisements (LSA) in the area, R1 should generate a
default route.
Configure OSPF over frame relay
between R1 and R2 choosing a network type that requires designate router (DR)
and backup designate router (BDR) negotiations and has the fastest recovery
times.
R1
interface Serial0/1/1.100 point-to-point
ip ospf network broadcast
ip ospf dead-interval minimal hello-multiplier 20
router ospf 1
area 2 nssa default-information-originate
network YY.YY.15.161 0.0.0.0 area 0
network YY.YY.1.1 0.0.0.0 area 0
network YY.YY.15.242 0.0.0.0 area 2
R2
interface Serial0/1/1.200 point-to-point
ip ospf network broadcast
ip ospf dead-interval minimal hello-multiplier 20
router ospf 1
area 2 nssa
network YY.YY.2.2 0.0.0.0 area 2
network YY.YY.15.130 0.0.0.0 area 2
network YY.YY.15.241 0.0.0.0 area 2
R3
router ospf 1
network YY.YY.15.193 0.0.0.0 area 0
SW1
ip routing
interface Vlan11
ip address YY.YY.15.162 255.255.255.224
interface Vlan13
ip address YY.YY.15.194 255.255.255.224
router ospf 1
network YY.YY.7.7 0.0.0.0 area 0
network YY.YY.15.162 0.0.0.0 area 0
network YY.YY.15.194 0.0.0.0 area 0
SW2
interface Vlan2
ip address 150.2.1.1 255.255.255.0
interface Vlan22
ip address YY.YY.15.129 255.255.255.224
router ospf 1
area 2 nssa
network YY.YY.8.8 0.0.0.0 area 2
network YY.YY.15.129 0.0.0.0 area 2
2.2 Implement IPV4 EIGRP
Configure EIGRP 100 and EIGRP YY per the IGP topology diagram.
EIGRP updates should be
advertised only out to the interface per the IGP topology diagram.
On R1, redistribute between OSPF
and EIGRP YY. However all of the routes that are indicated below from backbone
3 (EIGRP 100) should not be redistributed between both protocols,
Use route maps to accomplish this
requirement. All route-maps should utilize the same access-list.
Cannot disable auto-summary
On OSPF area 0, EIGRP 100 routers
should be choose the connection through R3 and should be seen as one path
On R3 redistribute from EIGRP 100
into OSPF with metric-type 2
On R3 redistribute from EIGRP 100
into EIGRP YY. However 3 networks 198.2.1.0 198.2.3.0 and 198.2.5.0 should be
aggregated into a single address with the most specific mask possible
R1
router eigrp 1
redistribute ospf 1 metric 1544 2000 255 1 1500 route-map BLOCK
network YY.YY.1.1 0.0.0.0
network YY.YY.15.249 0.0.0.0
auto-summary
router ospf 1
redistribute eigrp 1 subnets route-map BLOCK
route-map BLOCK deny 10
match ip address 10
route-map BLOCK permit 20
access-list 10 permit 4.YY.YY.0 0.0.0.255
access-list 10 permit 128.28.2.0 0.0.0.255
access-list 10 permit 198.YY.YY.4 0.0.0.3
access-list 10 permit 198.2.1.0 0.0.0.255
access-list 10 permit 182.2.4.0 0.0.0.255
access-list 10 permit 182.2.2.0 0.0.0.255
access-list 10 permit 198.2.5.0 0.0.0.255
access-list 10 permit 150.3.YY.0 0.0.0.255
R3
router eigrp 100
no auto-summary
network 150.3.1.1 0.0.0.0
interface Serial0/1/0
ip summary-address eigrp 1 198.2.0.0 255.255.248.0
router eigrp 1
redistribute eigrp 100
network YY.YY.3.3 0.0.0.0
network YY.YY.15.245 0.0.0.0
auto-summary
router ospf 1
redistribute eigrp 100 subnets metric-type 2
R5
router eigrp 1
auto-summary
network YY.YY.5.5 0.0.0.0
network YY.YY.15.97 0.0.0.0
network YY.YY.15.246 0.0.0.0
network YY.YY.15.250 0.0.0.0
SW4
interface Vlan44
ip address YY.YY.15.66 255.255.255.224
interface Vlan45
ip address YY.YY.15.98 255.255.255.224
router eigrp 1
auto-summary
network YY.YY.10.10 0.0.0.0
network YY.YY.15.98 0.0.0.0
2.3 Implement RIP version 2
Configure RIP version 2 (RIP V2) per the IGP topology diagram.
RIP update must be advertised
only out to the interface per the IGP topology diagram
Use the auto-summary
All rip updates should be
unicast.
Mutually redistribute between RIP
and EIGRP on SW4 and mutually redistribute between RIP and ospf of R2. EIGRP
learned routes should be preferred over OSPF routes.
RIP and EIGRP cannot turn off
auto-summary, this cannot affect ospf routing.
R2
router rip
auto-summary
version 2
passive-interface default
neighbor YY.YY.15.33
network YY.YY.0.0
redistribute ospf YY metric 1
offset-list 0 out 4 fastethernet0/1.24
router ospf YY
redistribute rip subnets route-map EIGRP100
// EIGRP 100 learned routes from RIP
ip prefix-list EIGRP100PL permit 4.0.0.0/8
ip prefix-list EIGRP100PL permit 128.28.0.0/16
ip prefix-list EIGRP100PL permit 128.128.0.0/16
ip prefix-list EIGRP100PL permit 150.3.0.0/16
ip prefix-list EIGRP100PL permit 198.198.5.0/24
…
route-map EIGRP100 deny 10
match ip address prefix-list EIGRP100PL
route-map EIGRP100 permit 20
R4
router rip
version 2
auto-summary
passive-interface default
neighbor YY.YY.15.34
neighbor YY.YY.15.66
network YY.YY.0.0
SW4
router rip
version 2
auto-summary
passive-interface default
neighbor YY.YY.15.65
network YY.YY.0.0
redistribute eigrp YY metric 2
distance 171 YY.YY.15.65 0.0.0.0 10
access-list 10 deny YY.YY.4.4
access-list 10 deny YY.YY.15.32 0.0.0.31
access-list 10 permit any
route-map NET_RIP permit 10
match ip address prefix-list net_rip
ip prefix-list net_rip permit YY.YY.4.4/32
ip prefix-list net_rip permit YY.YY.15.32/27
ip prefix-list net_rip permit YY.YY.15.64/27
router eigrp YY
redistribute rip metric 1544 2000 255 1 1500 route-map NET_RIP
2.4 Implement IPV6
Refer to the IPV6 topology diagram to configure IPV6 unique local unicast
addresses using the eui-64 interface identifier.
Configure OSPFv3 as per the IPV6
topology.
Ensure that R4 can ping SW1 using
IPV6.
R4 G0/1 and R2 G0/1.z (Vlan 24)
FC01:DB8:74:9::/64 EUI-64
R2 S0/1/0.z and R1 -S0/1/0.z
FC01:DB8:74:A::/64 EUI-64
R1 G0/1 and SW1 - Svi 11
FC01:DB8:74:B::/64 EUI-64
R1
ipv6 unicast-routing
ipv6 cef
interface FastEthernet0/1
ipv6 address FC01:DB8:74:B::/64 eui-64
ipv6 ospf mtu-ignore
ipv6 ospf 1 area 1
ipv6 router ospf 1
router-id YY.YY.1.1
interface Serial0/1/1.100 point-to-point
ipv6 address FC01:DB8:74:A::/64 eui-64
ipv6 ospf 1 area 1
R2
ipv6 unicast-routing
ipv6 cef
ipv6 router ospf 1
router-id YY.YY.2.2
interface Serial0/1/1.200 point-to-point
ipv6 address FC01:DB8:74:A::/64 eui-64
ipv6 ospf 1 area 1
interface FastEthernet0/1.24
ipv6 address FC01:DB8:74:9::/64 eui-64
ipv6 ospf 1 area 0
R4
ipv6 unicast-routing
ipv6 cef
ipv6 router ospf 1
router-id YY.YY.4.4
interface FastEthernet0/1
ipv6 address FC01:DB8:74:9::/64 eui-64
ipv6 ospf 1 area 0
SW1
sdm prefer dual-ipv4-and-ipv6-default
/* reload the router */
ipv6 unicast-routing
ipv6 router ospf 1
router-id YY.YY.7.7
interface Vlan11
ipv6 address FC01:DB8:74:B::/64 eui-64
ipv6 ospf 1 area 1
2.5 – Implement IPv4 BGP
Referring to the bgp routing diagram, configure BGP with these parameters:
Configure two bgp confederations
R1, R3, R5 and SW4 (ASYY1) and R2 and SW2 (ASYY2).
The confederation peers should
neighbor between R1 and R2 and between SW4 and R2.
EBGP: SW2 ebgp peers with the
router 150.2.YY.254 on BB2 in AS254. This router advertises five routes with
format 197.68.z.0/24 and the AS path 254.
EBGP: R5 ebgp peers with the
router 150.1.YY.254 on BB1 in AS254. This router advertises five routes with
the format 197.68.z.0/24 and the AS path 254,253.
The bgp devices should all prefer
the path through R5 (150.1.YY.254) for network 197.68.21.0/24 and
197.68.22.0/24. The ibgp devices should all prefer the path through SW2
(150.2.YY.254) for network 197.68.1.0/24, 197.68.4.0/24 and 197.68.5.0/24. This
manipulation should be accomplished by configuring only on one router using
route maps that refer to a single access list.
Configure only the loopback 0 ip
address to propagate BGP route information.
You cannot use route reflector or change next-hop self.
BGP routes should be advertised
to AS254.
R1
router bgp YY1
no synchronization
no auto-summary
bgp log-neighbor-changes
bgp confederation identifier YY
bgp confederation peers YY2
neighbor YY.YY.2.2 remote-as YY2
neighbor YY.YY.2.2 ebgp-multihop 255
neighbor YY.YY.2.2 update-source Loopback0
neighbor YY.YY.3.3 remote-as YY1
neighbor YY.YY.3.3 update-source Loopback0
neighbor YY.YY.5.5 remote-as YY1
neighbor YY.YY.5.5 update-source Loopback0
neighbor YY.YY.10.10 remote-as YY1
neighbor YY.YY.10.10 update-source Loopback0
R3
router bgp YY1
no synchronization
bgp log-neighbor-changes
bgp confederation identifier YY
neighbor YY.YY.5.5 remote-as YY1
neighbor YY.YY.5.5 update-source Loopback0
neighbor YY.YY.1.1 remote-as YY1
neighbor YY.YY.1.1 update-source Loopback0
neighbor YY.YY.10.10 remote-as YY1
neighbor YY.YY.10.10 update-source Loopback0
no auto-summary
R5
router bgp YY1
no synchronization
bgp log-neighbor-changes
bgp confederation identifier YY
neighbor YY.YY.3.3 remote-as YY1
neighbor YY.YY.3.3 update-source Loopback0
neighbor YY.YY.1.1 remote-as YY1
neighbor YY.YY.1.1 update-source Loopback0
neighbor YY.YY.10.10 remote-as YY1
neighbor YY.YY.10.10 update-source Loopback0
neighbor 150.1.YY.254 remote-as 254
neighbor 150.1.YY.254 route-map TAG in
no auto-summary
access-list 5 permit 197.68.20.0 0.0.3.255
route-map TAG permit 10
match ip address 5
set local-preference 250
route-map TAG permit 20
router eigrp YY
redistribute connected metrix 1544 200 255 1 1500 route-map BB1
route-map BB1 permit 10
match interface fa0/0
SW4
router bgp YY1
no synchronization
bgp log-neighbor-changes
bgp confederation identifier YY
bgp confederation peers YY2
neighbor YY.YY.1.1 remote-as YY1
neighbor YY.YY.1.1 update-source Loopback0
neighbor YY.YY.2.2 remote-as YY2
neighbor YY.YY.2.2 ebgp-multihop 255
neighbor YY.YY.2.2 update-source Loopback0
neighbor YY.YY.3.3 remote-as YY1
neighbor YY.YY.3.3 update-source Loopback0
neighbor YY.YY.5.5 remote-as YY1
neighbor YY.YY.5.5 update-source Loopback0
no auto-summary
R2
router bgp YY2
no synchronization
bgp log-neighbor-changes
bgp confederation identifier YY
bgp confederation peers YY1
neighbor YY.YY.1.1 remote-as YY1
neighbor YY.YY.1.1 ebgp-multihop 255
neighbor YY.YY.1.1 update-source Loopback0
neighbor YY.YY.8.8 remote-as YY2
neighbor YY.YY.8.8 update-source Loopback0
neighbor YY.YY.10.10 remote-as YY1
neighbor YY.YY.10.10 ebgp-multihop 255
neighbor YY.YY.10.10 update-source Loopback0
no auto-summary
SW2
router bgp YY2
no synchronization
bgp log-neighbor-changes
bgp confederation identifier YY
neighbor YY.YY.2.2 remote-as YY2
neighbor YY.YY.2.2 update-source Loopback0
neighbor 150.2.1.254 remote-as 254
no auto-summary
router ospf YY
redistribute connected metric 100 subnets route-map BB2
route-map BB2 permit 10
match interface vlan 2
Section III IP Multicast
3.1 Implement PIM sparse mode for IPV6 multicast.
Enable pim sparse mode (pim-sm)
on the lan between R4 and R2, and on the WAN link between R2 and R1,
Using these criteria. Configure
R4 Fa0/1 to be the redezvous point (RP) for the FF08::4000:4000 multicast
group, no other groups should be
permitted.
R4
ipv6 cef
ipv6 multicast-routing
ipv6 pim rp-address X:X:X:X
R2
ipv6 cef
ipv6 multicast-routing
ipv6 pim rp-address X:X:X:X
R1
ipv6 cef
ipv6 multicast-routing
ipv6 pim rp-address X:X:X:X
3.2 Multicast Joins
Configure R2 s0/0/0.z as an IPV6 receiver for the multicast group
FF08::4000:4000.
R2 should be able to ping the multicast group FF08::4000:4000.
R2
interface Serial0/1/1.100 point-to-point
ipv6 mld join-group FF08::4000:4000 X:X:X:X
Section IV Advanced Services
4.1 Secure HTTP Access
Enable secure HTTP access for R5.
Enable authentication using the
list "HTTP" which utilizes local user authentication.
Configure two different users for
access to R5; the user cisco (password "cisco"), who only have
privilege 1 access to R5; and the user ADMIN (password “CISCO") who has privilege
15 access to R5.
Do no modify console and vty
lines login and password configuration
R5
aaa new-model
aaa authenctication login default line
/* none required at the end if no line passwords are configured */
aaa authentication login HTTP local-case
username cisco privilege 1 password 0 cisco
username ADMIN privilege 15 password 0 CISCO
no ip http server
ip http secure-server
ip http authentication aaa login-authentication HTTP
4.2 Secure the WAN PPP Links
Configure challenge handshake authentication protocol (CHAP) on R5 for the
link to R1 and R3, according to the following requirements.
An authentication, authorization,
and accounting (AAA) list names R1 and R3 for R1 and R3 respectively.
Authentication for R1 should
first try the radius server 198.2.3.128 using a key of cisco and fall back to
local login in the event of a failure to connect to the radius server.
R1 should present itself to R5 as
RACKYYR1 with a shared password cisco.
Authentication for R3 should
first try the TACAS server 198.2.3.129 using a key of cisco and fall back to
local login in the event of a failure to connect to the TACAS server.
R3 should present itself to R5 as
BACKUP with a shared password of CISCO.
R5
aaa new-model
aaa authentication ppp R1 group radius local-case
aaa authentication ppp R3 group tacacs+ local-case
username RACK1R1 password 0 cisco
username BACKUP password 0 CISCO
tacacs-server host 198.2.3.129 key cisco
radius-server host 198.2.3.128 key cisco
interface Serial0/1/0
ppp authentication chap R1
interface Serial0/1/1
ppp authentication chap R3
R1
interface Serial0/1/0
ppp chap hostname RACK1R1
ppp chap password cisco
R3
interface Serial0/1/0
ppp chap hostname BACKUP
ppp chap password CISCO
4.3 MQC Based frame-relay traffic shaping
Configure R1 for Modular QoS CLI (MQC) based frame relay traffic shaping
(FRTS) according to the following requirements:
Using a hierarchical policy map,
specify the parent class-default committed information rate (CIR) as 64KB (when
no backward explicit congestion notification (BECNs) are present and 32KB (when
BECNs are present).
The traffic already marked with
class 1 or 2 (AF11 or AF21) must be classified as Data traffic.
Data Traffic should receive a
guaranteed bandwidth of 35%.
Voice packets are marked as
Expedited Forwarding (EF)
Voice traffic should receive a
guaranteed bandwidth of 40%
R2
class-map match-any DATA
match ip dscp af11
match ip dscp af21
class-map match-all VOICE
match ip dscp ef
policy-map CHILD
class VOICE
priority percent 40
class DATA
bandwidth percent 35
class class-default
fait-queue
policy-map PARENT
class class-default
shape average 64000
shape adaptive 32000
service-policy CHILD
map-class frame-relay FRTS
service-policy output PARENT
interface Serial0/1/1.100 point-to-point
frame-relay class FRTS
4.4 AutoQOS over PPP
To 4.3 continue to address VOIP quality of service (QOS) by configuring
Cisco autoqos over PPP link between R1 and R5.
AutoQos should not use NBAR to classify the voice traffic.
R1
interface s0/1/0
auto discovery qos trust
auto qos voip trust
Interface multilink XXXXX
no peer neighbor-route
R5
interface s0/0
auto discovery qos trust
auto qos voip trust
Interface multilink XXXXX
no peer neighbor-route
Note
Bandwidth needs to be set to 128 which is the default.
Also, no peer neighbor-route needs to be configured on the dynamic
multilink interfaces on R1 and R5.
4.5 First Hop Redundancy
To facilitate load balancing and back for hosts off VLAN_H, configure GLBP
on VLAN_H, use any group number.
R4 should have the higher
priority with the ability for R2 to assume control if the priority of R4
decreases. Use MD5 authentication to protect the GLBP group. Use the key-string
"cisco".
Configure the IP YY.YY.15.35 as
your GLBP virtual address.
R2 should assume control if R4
loses reachability to the default route
On R4 should track availability
of default route
R4
track 11 ip route 0.0.0.0 0.0.0.0 reachability
interface FastEthernet0/1
glbp 1 ip YY.YY.15.35
glbp 1 priority 105
glbp 1 preempt
glbp 1 authentication md5 key-string cisco
glbp 1 weighting 110 lower 95 upper 105
glbp 1 weighting track 11 decrement 20
R2
interface FastEthernet0/1.24
glbp 1 ip YY.YY.15.35
glbp 1 priority 100
glbp 1 preempt
glbp 1 authentication md5 key-string cisco
Section V. Optimize the Network
5.1 Netflow IPv4 Multicast Accounting
Configure netflow multicast accounting on R4 according to the following
requirement
Sources should be VLAN_H
Export all data to 198.2.5.10
Use UDP port 9991 for exporting
Use net flow version 9 only
Collect all of the output and
failure statistics, both in and out of R4 in VLAN_H.
R4
ip multicast netflow rpf-failure
ip multicast netflow output-counters
ip flow-export version 9
ip flow-export destination 198.2.5.10 9991
interface f0/1
ip flow ingress
ip flow egress
5.2 TFTP Server
Configure R3 as TFTP server with the following requirements
R4 should be able to copy the
file TEST from the flash memory of R3.
No other files should be
available from R3
No other devices should be able
to copy the file TEST from R3
Note: You do not need to create the TEST file on R3 or attempt to make a
actual copy.
R3
access-list 53 permit YY.YY.4.4
access-list 53 permit YY.YY.15.33
access-list 53 permit YY.YY.15.65
tftp-server flash:TEST 53
5.2 Embedded Event Manager Monitor of CPU
Using IOS CLI an event manager applet on R3 according to the following
requirements:
If the 5min CPU value
(cpmCPUTotal5minRev "1.3.6.1.4.1.9.9.109.YY.YY.YY.YY.8" ) goes above 60 percent, the first 10 lines of the
show process cpu sorted 5min command
output should be emailed to engineer@cisco.com from eem@cisco.com with a subject of "CPUAlert5min" using the
mail server 198.2.5.10. Polling should be every 60 seconds.
R3
event manager applet cpmCPUTotal5minRev
event snmp oid 1.3.6.1.4.1.9.9.109.YY.YY.1.8 get-type exact entry-op ge
entry-val 60 poll-interval 60
action 1.0 cli command "terminal length 13"
action 2.0 cli command "show processes cpu sort 5min"
action 3.0 cli command “q”
action 4.0 mail server "198.2.5.10" to
"engineer@cisco.com" from "EEM@cisco.com" subject "CPUAlert5min" body
"$_cli_result"
