Workbook H2 CFG CCIE PDF
Workbook H2 CFG CCIE PDF
Workbook H2 CFG CCIE PDF
Document Information
Author Combat C4C, CC Dreamer C4C
Skype ID1: ccie04final (NOT live:ccie04final)
Please Contact
Skype ID2: nguyenbich279 (NOT live:nguyenbich279)
Change Authority Advanced Team Focus
Version 1.7
Date 2020
Comment History Updated Solution
1
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
CONTENTS
1. SECTION 1: Layer 2 technologies ................................................................................. 5
1.1 Section 1.1: Jameson’s Datacenter: Access Ports .......................................... 5
1.2 Section 1.2: Jameson’s Datacenter: Trunk Ports .......................................... 10
1.3 Section 1.3 Jameson’s Datacenter: Link bundling ....................................... 12
1.4 Section 1.4 Jameson’s Branch Offices ................................................................. 20
2. SECTION 2 Layer 3 Technologies ............................................................................... 23
2.1 Section 2.1 Jameson’s IGP, Part 1......................................................................... 23
2.2 Section 2.2 Jameson’s IGP, Part 2......................................................................... 30
2.3 Section 2.3 Jacob’s IGP ................................................................................................ 34
2.4 Section 2.4 Jameson’s Pre-merge.......................................................................... 38
2.5 Section 2.5 Jacob’s Pre-merge................................................................................. 46
2.6 Section 2.6 Merge phase 1: BGP ............................................................................. 50
2.7 Section 2.7 Merge phase 2: IGP .............................................................................. 52
2.8 Section 2.8 Merge phase 2: Routing Policies .................................................. 54
2.9 Section 2.9 IPv6 Routing, Part 1 ............................................................................ 56
2.10 Section 2.10 IPv6 Routing, Part 2...................................................................... 59
2.11 Section 2.11 Multicast in Jameson’s ................................................................. 60
3. SECTION 3 VPN Technology........................................................................................... 62
3.1 Section 3.1 Jameson’s Branch Offices ................................................................. 62
3.2 Section 3.2 Jameson’s Pre-merge VPN ............................................................... 64
3.3 Section 3.3 Merge Phase 2: VPN ............................................................................. 68
3.4 Section 3.4 Inter-VPN Routing ................................................................................ 74
4. SECTION 4 Infrastructure Security ........................................................................... 79
4.1 Section 4.1 Device Security ....................................................................................... 79
4.2 Network Security.............................................................................................................. 80
5. SECTION 5 Infrastructure Services ........................................................................... 82
5.1 Section 5.1 Centralized DHCP ................................................................................... 82
5.2 Section 5.2 Internet Gateway .................................................................................. 84
5.3 Section 5.3 First hop redundancy........................................................................... 86
5.4 Section 5.4 Tracking reachability ........................................................................... 88
2
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
Main Topology
3
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
4
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
There has been pre-configured in Jameson’ s Datacenter. SW3 is the server and the
other three switches are clients. Do not modify this configuration. Some other
configuration was already started but it is your responsibility to verify and complete
them.
Configure all four switches in Jameson’s datacenter network (AS 65002) as per the
following requirements:
5
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
Note:
In the real exam, you will have many deivcies with pre-configuration:
- Vlan is pre-configured in some switches but maybe it missed some VLANs, so
you need to check it carefully.
- Pay attention with trunk link (maybe it is pre-configured as well).
- Check the physical interface, interface vlan, it can be in “shutdown” status.
- Make sure that you save 30 minutes to read whole, and check the physical
topology as well.
SW3:
vtp mode server
vtp domain jamesons
vtp password CISCO
vtp version 2
6
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
vlan 34,100,101,153,156,164,173,184,911,999
SW4/SW5/SW6
vtp mode client
vtp domain jamesons
vtp password CISCO
vtp version 2
SW5
int e0/0
sw acc vlan 173
sw mode acc
no shut
!
int range e0/1-3
sw acc vlan 101
sw mode acc
7
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
no shut
SW6
int e0/0
sw ac vlan 184
sw mode acc
no shut
!
int range e0/1-3
sw acc vlan 100
sw mode acc
no shut
SW5/SW6
int range e1/2-3,e2/0-3,e3/0-3
sw ac vlan 999
sw mod acc
shut
SW3/SW4/SW5/SW6
spanning-tree portfast default
spanning-tree portfast bpduguard default
snmp-server enable traps syslog
Verification:
SW3#show vlan bri
8
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup
Feature VLAN:
--------------
VTP Operating Mode : Server
Maximum VLANs supported locally : 1005
Number of existing VLANs : 16
Configuration Revision : 1
MD5 digest : 0x9A 0xD9 0x43 0xA9 0x8B 0x3C 0xA8 0x31
0x1D 0x6F 0x53 0xAD 0x22 0xFA 0xF9 0xEC
9
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
SW3/SW4
int range e2/0-1,e1/0-1
sw trunk en dot
sw mod trunk
sw trunk native vlan 1
no shut
SW5/SW6
int range e1/0-1
sw trunk en dot
sw mode trunk
sw trunk native vlan 1
no shut
SW3/SW4/SW5/SW6
spanning-tree mode rapid-pvst
SW3
span vlan 1-1005 pri 0
10
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
SW4
span vlan 1-1005 pri 4096
Note:
interface x/y
sw trunk en dot
sw mod trunk
switchport nonegotiate
Verification:
SW3#show int trunk
11
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
All four switches must bundle trunk ports so that they maintain a single logical
link to each other (excepted between SW5 and SW6), as shown in the
“Diagram 2: Initial Topology”.
The distribution switches SW3 and SW4 must balance traffic between all
members of the link bundle based on source and destination IP addresses.
The access switches SW5 and SW6 must balance the income traffic (that is
originated from server) between all members of the link bundle based on the
source mac address.
It requests use LACP, SW3 and SW4 configure, SW5 and SW6 configure
passive.
SW3
int range e1/0-1,e2/0-1
shut
int range e2/0-1
channel-protocol lacp
channel-group 34 mode active
int range e1/0-1
channel-protocol lacp
channel-group 35 mode active
SW4
int range e1/0-1, e2/0-1
shut
int range e2/0-1
channel-protocol lacp
channel-group 34 mode active
int range e1/0-1
channel-pro lacp
channel-gro 46 mode active
SW5
12
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
int range e1/0-1
shut
channel-pro lacp
channel-gr 35 mode passive
SW6
int range e1/0-1
channel-protocol lacp
channel-group 46 mode pass
SW3/SW4
int range e1/0-1,e2/0-2
no shut
port-channel load-balance src-dst-ip
SW5/SW6
int range e1/0-1
no shut
port-channel load-balance src-mac
R17/R18
int range e0/0-1
no shut
Note:
It depends on your question you will get from Cisco, but you need to understand
about the negotiation in Link bundling with this picture below:
13
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
interface x/y
channel-group [number] mode on
Verification:
SW3#show int trunk
14
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
Et1/2 admin down down
Et1/3 admin down down
Et2/0 up up
Et2/1 up up
Et2/2 up up
Et2/3 admin down down
Et3/0 admin down down
Et3/1 admin down down
Et3/2 admin down down
Et3/3 admin down down
Po35 up up
Po34 up up
Lo0 up up
Vl1 admin down down
Vl34 up up
Vl100 up up
Vl101 up up
Vl153 up up
Vl173 up up
Vl911 up up
SW3#show vlan
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
34 enet 100034 1500 - - - - - 0 0
100 enet 100100 1500 - - - - - 0 0
101 enet 100101 1500 - - - - - 0 0
153 enet 100153 1500 - - - - - 0 0
156 enet 100156 1500 - - - - - 0 0
164 enet 100164 1500 - - - - - 0 0
173 enet 100173 1500 - - - - - 0 0
184 enet 100184 1500 - - - - - 0 0
911 enet 100911 1500 - - - - - 0 0
999 enet 100999 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 trcrf 101003 4472 1005 3276 - - srb 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trbrf 101005 4472 - - 15 ibm - 0 0
15
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
VLAN AREHops STEHops Backup CRF
---- ------- ------- ----------
1003 7 7 off
SW3#show span
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 1
Address aabb.cc00.6000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
VLAN0034
Spanning tree enabled protocol rstp
Root ID Priority 34
Address aabb.cc00.6000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
VLAN0100
Spanning tree enabled protocol rstp
Root ID Priority 100
Address aabb.cc00.6000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
16
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
Po35 Desg FWD 56 128.66 Shr
VLAN0101
Spanning tree enabled protocol rstp
Root ID Priority 101
Address aabb.cc00.6000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
VLAN0153
Spanning tree enabled protocol rstp
Root ID Priority 153
Address aabb.cc00.6000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
VLAN0156
Spanning tree enabled protocol rstp
Root ID Priority 156
Address aabb.cc00.6000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
17
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
VLAN0164
Spanning tree enabled protocol rstp
Root ID Priority 164
Address aabb.cc00.6000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
VLAN0173
Spanning tree enabled protocol rstp
Root ID Priority 173
Address aabb.cc00.6000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
VLAN0184
Spanning tree enabled protocol rstp
Root ID Priority 184
Address aabb.cc00.6000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
VLAN0911
Spanning tree enabled protocol rstp
Root ID Priority 911
Address aabb.cc00.6000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
18
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
VLAN0999
Spanning tree enabled protocol rstp
Root ID Priority 999
Address aabb.cc00.6000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
SW4#ping 255.255.255.255 re 2
Type escape sequence to abort.
Sending 2, 100-byte ICMP Echos to 255.255.255.255, timeout is 2 seconds:
19
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
Configure interface Ethernet0/0 in Jameson’s branch routers R19, R20 and R21 as
per the following requirements:
The Ethernet WAN links must rely on a Layer 2 protocol that support link
negotiation and authentication.
The service provider expect that the branch routers complete a three-way
handshake by providing the expected response of a challenge that is sent by
ISP.
R19 must use the username “Jamesons-R19” and password “CCIE” (without
quotes).
R20 must use the username “Jamesons-R20” and password “CCIE” (without
quotes).
R21 must use the username “Jamesons-R21” and password “CCIE” (without
quotes).
The interface Eth0/0 of all three routers must receive an IP address from ISP.
Ensure that all three routers can ping the IP address of each other’s interface
Eth0/0.
You are allowed to configure a single static route in each branch router to
achieve the previous requirement.
R19
interface dialer1
ip address negotiated
encap ppp
dialer pool 1
ppp chap hostname Jamesons-R19
ppp chap pass 0 CCIE
!
int e0/0
pppoe enable group global
pppoe-client dial-pool-number 1
no shut
!
ip route 192.0.2.0 255.255.255.0 dialer 1
R20
20
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
int dialer 1
ip add nego
en ppp
dialer pool 1
ppp chap hostname Jamesons-R20
ppp chap pass 0 CCIE
!
int e0/0
pppoe enable group global
pppoe-client dial-pool-number 1
no shut
!
ip route 192.0.2.0 255.255.255.0 dialer 1
R21
int dialer 1
ip add nego
en ppp
dialer pool 1
ppp chap hostname Jamesons-R21
ppp chap pass 0 CCIE
!
int e0/0
pppoe enable group global
pppoe-client dial-pool-number 1
no shut
!
ip route 192.0.2.0 255.255.255.0 dialer 1
Explain:
By default, when you checked in the router, you will get the output:
C 192.0.2.5/32 is directly connected, Dialer1
C 192.0.2.6/32 is directly connected, Dialer1
So when you want to ping the Ip address of R21 interface E0/0, it will be not success
(because you don’t have route in the routing table, so it is reason you need to add a
static route).
Verification:
R19#show ip int br
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 unassigned YES TFTP up up
Ethernet0/1 10.16.1.1 YES TFTP up up
Ethernet0/2 unassigned YES TFTP administratively down down
21
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
Ethernet0/3 unassigned YES TFTP administratively down down
Ethernet1/0 unassigned YES TFTP administratively down down
Ethernet1/1 unassigned YES TFTP administratively down down
Ethernet1/2 unassigned YES TFTP administratively down down
Ethernet1/3 unassigned YES TFTP administratively down down
Dialer1 192.0.2.6 YES IPCP up up
Loopback0 10.255.1.19 YES TFTP up up
Tunnel0 10.100.0.19 YES TFTP up down
Virtual-Access1 unassigned YES unset up up
Virtual-Access2 unassigned YES unset up up
R19#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
R19#ping 192.0.2.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.0.2.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
R19#ping 192.0.2.14
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.0.2.14, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
R19#ping 192.0.2.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.0.2.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
22
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
After finishing each ò the following questions make sure that all configured
interfaces and subnets are consistently visible on all pertinent router and
switches.
Do not redistribute route between any interior gateway protocol IGP and BGP
if not explicitly required.
If not explicitly stated otherwise, you need to ping a BGP route only if it is
stated in a question otherwise the route should be only in the BGP table.
At the end of this section all subnets in your topology in your topology
including the loopback interface must be reachable via Ping from anywhere in
your topology the back bone interfaces must be reachable only if they are
part of the solution to a question.
The loopback interface must be seen as a host route /32 in the routing tables
unless stated otherwise in a question.
Configure Jameson’s network (AS 65001 and AS 65002) according to the following
requirements:
Ensure that all routers use their interface Loopback 0 as OSPF router-id.
Ensure that OSPF is not running on any interface that is facing another BGP
AS.
SW5 and SW6 must not participate in OSPF at all.
Do not use the “network” statement under the “router ospf” configuration
anywhere in the core network (AS 65001).
Do not change the default OSPF cost of any interface anywhere.
Ensure that R1, SW1 and SW2 are elected the Designated router on all of their
interfaces, and that they have the best chances of maintaining that role as
long as their interfaces are up.
Ensure that R2 is elected the Backup Designated router on all of their
interfaces, and that it has the best chances of maintaining that role as long as
its interfaces are up.
Request passive interface VLAN 100, VLAN 101, VLAN 911 on exam.
OSPF process is 1.
23
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
SW3/SW4
router ospf 1
passive-int vlan 100
passive-int vlan 101
passive-int vlan 911
R17
router ospf 1
router-id 10.255.1.17
!
interface l0
ip ospf 1 are 0
int e0/1
ip ospf 1 area 0
R18
router ospf 1
router-id 10.255.1.18
int l0
ip ospf 1 area 0
int e0/1
ip ospf 1 area 0
SW1
router ospf 1
router-id 10.255.1.101
int l0
ip ospf 1 area 0
int vlan 100
ip ospf 1 are 0
!
int vlan 101
ip ospf 1 area 0
ip ospf pri 255
24
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
R11
router ospf 1
router-id 10.255.1.11
int l0
ip ospf 1 area 0
int e0/1
ip ospf 1 area 0
R12
router ospf 1
router-id 10.255.1.12
!
int l0
ip ospf 1 area 0
int e0/1
ip ospf 1 area 0
SW2
router ospf 1
router-id 10.255.1.102
int l0
ip ospf 1 area 0
int vlan 100
ip ospf 1 are 0
int vlan 101
ip ospf 1 area 0
ip ospf priority 255
R13
router ospf 1
router-id 10.255.1.13
int l0
ip ospf 1 area 0
int e0/1
ip ospf 1 are 0
R14
router ospf 1
router-id 10.255.1.14
int l0
ip ospf 1 are 0
int e0/1
ip ospf 1 are 0
25
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
R1
router ospf 1
router-id 10.255.1.1
int l0
ip ospf 1 are 0
int range e0/0-3,e1/0
ip ospf 1 are 0
ip ospf pri 255
R3
router ospf 1
router-id 10.255.1.3
int l0
ip ospf 1 area 0
int e0/0
ip ospf 1 area 0
int e0/2
ip ospf 1 area 0
R4
router ospf 1
router-id 10.255.1.4
int l0
ip ospf 1 are 0
int e0/0
ip ospf 1 are 0
int e0/2
ip ospf 1 area 0
ip ospf pri 255
R5
router ospf 1
router-id 10.255.1.5
!
int l0
ip ospf 1 are 0
int rang e0/0-1
ip ospf 1 are 0
R6
router ospf 1
router-id 10.255.1.6
int l0
26
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
ip ospf 1 area 0
int e0/0
ip ospf 1 are 0
int e0/1
ip ospf 1 are 0
ip ospf pri 255
R7
router ospf 1
router-id 10.255.1.7
int l0
ip ospf 1 are 0
int e0/3
ip ospf 1 area 0
R8
router ospf 1
router-id 10.255.1.8
int l0
ip ospf 1 area 0
int e0/3
ip ospf 1 are 0
ip ospf pri 255
R9/R10
int range e0/0-1
no shut
R9
router ospf 1
router-id 10.255.1.9
int l0
ip ospf 1 area 0
int e0/0
ip ospf 1 are 0
R10
router ospf 1
router-id 10.22.1.10
int l0
ip ospf 1 area 0
int e0/0
ip ospf 1 area 0
27
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
ip ospf pri 255
R2
router ospf 1
router-id 10.255.1.2
int l0
ip ospf 1 are 0
int range e0/0-3,e1/0
ip ospf 1 are 0
ip ospf pri 254
Verification:
R1#show ip os int br
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Lo0 1 0 10.255.1.1/32 1 LOOP 0/0
Et0/0 1 0 10.254.0.1/30 10 DR 1/1
Et0/1 1 0 10.254.0.5/30 10 DR 1/1
Et0/2 1 0 10.254.0.13/30 10 DR 1/1
Et0/3 1 0 10.254.0.9/30 10 DR 1/1
Et1/0 1 0 10.254.0.17/30 10 DR 1/1
R1#show ip os ne
Neighbor ID Pri State Dead Time Address Interface
10.255.1.2 254 FULL/BDR 00:00:37 10.254.0.2 Ethernet0/0
10.255.1.5 1 FULL/BDR 00:00:33 10.254.0.6 Ethernet0/1
10.255.1.3 1 FULL/BDR 00:00:34 10.254.0.14 Ethernet0/2
10.255.1.7 1 FULL/BDR 00:00:31 10.254.0.10 Ethernet0/3
10.255.1.9
R2#show ip os int br
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Lo0 1 0 10.255.1.2/32 1 LOOP 0/0
Et0/0 1 0 10.254.0.2/30 10 BDR 1/1
Et0/1 1 0 10.254.0.21/30 10 BDR 1/1
Et0/2 1 0 10.254.0.33/30 10 BDR 1/1
Et0/3 1 0 10.254.0.25/30 10 BDR 1/1
Et1/0 1 0 10.254.0.29/30 10 BDR 1/1
R2#show ip os ne
Neighbor ID Pri State Dead Time Address Interface
10.255.1.1 255 FULL/DR 00:00:37 10.254.0.1 Ethernet0/0
10.255.1.6 255 FULL/DR 00:00:39 10.254.0.22 Ethernet0/1
10.255.1.4 255 FULL/DR 00:00:35 10.254.0.34 Ethernet0/2
10.255.1.8 255 FULL/DR 00:00:37 10.254.0.26 Ethernet0/3
10.22.1.10 255 FULL/DR 00:00:33 10.254.0.30 Ethernet1/0
SW1#show ip os int br
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Lo0 1 0 10.255.1.101/32 1 LOOP 0/0
Vl101 1 0 10.1.254.254/24 1 DR 2/2
Vl100 1 0 10.1.1.254/24 1 DR 0/0
SW1#show ip os ne
28
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
10.255.1.11 1 FULL/DROTHER 00:00:39 10.1.254.1 Vlan101
10.255.1.12 1 FULL/BDR 00:00:31 10.1.254.2 Vlan101
SW2#show ip os int br
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Lo0 1 0 10.255.1.102/32 1 LOOP 0/0
Vl101 1 0 10.3.254.254/24 1 DR 2/2
Vl100 1 0 10.3.1.254/24 1 DR 0/0
SW2#show ip os ne
Neighbor ID Pri State Dead Time Address Interface
10.255.1.13 1 FULL/DROTHER 00:00:34 10.3.254.1 Vlan101
10.255.1.14 1 FULL/BDR 00:00:33 10.3.254.2 Vlan101
R4#show ip os int br
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Lo0 1 0 10.255.1.4/32 1 LOOP 0/0
Et0/2 1 0 10.254.0.34/30 10 DR 1/1
Et0/0 1 0 10.254.0.50/30 10 BDR 1/1
R4#show ip os ne
29
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
R17 must propagate a default route in its OSPF domain, but only if it already
has a default route in its routing table.
Do not redistribute BGP into OSPF and vice versa on R17.
Each branch router must establish an OSPF adjacency with R17 and must
receive a default route via OSPF. They may not receive any other LSA type 3
from the ABR.
Each branch router must advertise their interface Lo0 and Ethernet0/1 into
OSPF.
None of the branch routers may attempt to elect a Designated Router on their
Tunnel 0 interface.
Explain
Help others network go to internet. It is needed configure for 3.1 section DMVPN
R17
int tunnel 0
ip nhrp map multicast dynamic
ip nhrp network-id 12345
ip nhrp redirect
tunnel source e0/0
tunnel mode gre multipoint
R19/20/21
int t0
ip nhrp map multicast 192.0.2.2
ip nhrp map 10.100.0.1 192.0.2.2
ip nhrp network-id 12345
30
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
ip nhrp shortcut
ip nhrp nhs 10.100.0.1
tunnel source dialer 1
tunnel mode gre multipoint
R17
router ospf 1
area 51 stub no-sum
default-information originate
!
int t0
ip ospf 1 area 51
ip ospf network point-to-multipoint
R19
router ospf 1
router-id 10.255.1.19
are 51 stub
!
int t0
ip ospf 1 area 51
ip ospf net point-to-multipoint
!
int l0
ip ospf 1 area 51
int e0/1
ip ospf 1 area 51
R20
router ospf 1
router-id 10.255.1.20
area 51 stub
!
int l0
ip ospf 1 are 51
int e0/1
ip ospf 1 are 51
int t0
ip ospf 1 area 51
ip ospf network point-to-multipoint
R21
router ospf 1
router-id 10.255.1.21
31
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
area 51 stub
int l0
ip ospf 1 are 51
int e0/1
ip ospf 1 are 51
int t0
ip ospf 1 are 51
ip ospf network point-to-multipoint
R17/R19/R20/R21
int tu0
shutdown
end
!
conf t
int tu 0
no shutdown
end
Explain:
Sometime the state of interface still down, so the best practice you should do:
shutdown and no shutdown interface Tunnel 0, Even after you shut and no shut
interface tunnel 0, the DMVPN still not up, so we need to reload router R17, R18,
R20 and R21.
Verification:
R17#show ip os ne
R17#show ip os int br
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Lo0 1 0 10.255.1.17/32 1 LOOP 0/0
Et0/1 1 0 10.2.0.38/30 10 BDR 1/1
Tu0 1 51 10.100.0.1/24 1000 P2MP 3/3
R19#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
32
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
ia - IS-IS inter area, * - candidate default, U - per-user static
route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
R17#show dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
1 192.0.2.6 10.100.0.19 UP 00:10:38 D
1 192.0.2.10 10.100.0.20 UP 00:10:26 D
1 192.0.2.14 10.100.0.21 UP 00:10:11 D
33
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
Configure EIGRP for IPv4 in Jacob’s core network (AS 65006) according to the
following requirements:
All EIGRP routers must support 64-bit metric calculations and Routing
Information Base (RIB) scaling in EIGRP topologies.
The interface Lo0 of each router must be seen as an internal EIGRP prefix by
all other routers in their local domain.
Ensure that EIGRP is not running on any interface that is facing another AS.
Use any method to accomplish this requirement.
Jacob’s core network must use the EIGRP autonomous system number 1.
R52 must inject its interface loopback 52 into EIGRP as an external prefix.
All EIGRP core routers R50, R51 must add the administrator tag
“172.172.172.172” to all prefixes that they inject into EIGRP. Ensure that
operators can filter routes by using the route tag wildcard mask.
The following output must be seen on R50:
R50#show ip ei topology 52.52.52.52 255.255.255.255
EIGRP-IPv4 VR(JACOBS) Topology Entry for AS(1)/ID(172.30.1.50) for
52.52.52.52/32
State is Passive, Query origin flag is 1, 1 Successor(s), FD is
131153920, RIB is 1024640
Descriptor Blocks:
172.30.100.3 (Ethernet0/0), from 172.30.100.3, Send flag is 0x0
Composite metric is (131153920/163840), route is External
Vector metric:
Minimum bandwidth is 10000 Kbit
Total delay is 1001250000 picoseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 1
Originating router is 172.30.1.52
External data:
AS number of route is 0
External protocol is Connected, external metric is 0
Administrator tag is 172.172.172.172
R53/R54
34
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
int range e0/0-1
no shut
R50/R51/R52/R53/R54
no router eigrp 1
R50
router eigrp JACOBS
address-family ipv4 unicast autonomous-system 1
network 172.30.1.50 0.0.0.0
network 172.30.100.1 0.0.0.0
R51
router eigrp JACOBS
address-family ipv4 unicast autonomous-system 1
network 172.30.1.51 0.0.0.0
network 172.30.100.2 0.0.0.0
R52
router eigrp JACOBS
address-family ipv4 unicast autonomous-system 1
net 172.30.1.52 0.0.0.0
net 172.30.100.3 0.0.0.0
topology base
redistribute connected route-map CONNECTED
route-map CONNECTED
match interface loopback 52
R53
router eigrp JACOBS
address-family ipv4 unicast autonomous-system 1
network 172.30.1.53 0.0.0.0
net 172.30.100.4 0.0.0.0
R54
router eigrp JACOBS
address-family ipv4 unicast autonomous-system 1
network 172.30.1.54 0.0.0.0
net 172.30.100.5 0.0.0.0
35
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
R50/51/52/53/54/R9/R10
route-tag notation dotted-decimal
Explain:
R50/51/52
route-map TAG permit 10
set tag 172.172.172.172
!
router eigrp JACOBS
address-family ipv4 unicast autonomous-system 1
topology base
distribute-list route-map TAG out
R57
router eigrp 10
network 172.18.2.1 0.0.0.0
network 172.30.1.57 0.0.0.0
Verification:
R50#show ip ei ne
EIGRP-IPv4 VR(JACOBS) Address-Family Neighbors for AS(1)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
3 172.30.100.5 Et0/0 11 00:04:58 2 100 0 12
2 172.30.100.4 Et0/0 11 00:05:09 5 100 0 14
1 172.30.100.3 Et0/0 11 00:05:19 2 100 0 19
0 172.30.100.2 Et0/0 11 00:05:27 1 100 0 17
R50#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
36
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
37
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
Refer to the “Overall Scenario”, “Diagram 2: Initial Topology” and “Diagram 4: Pre-
merge Topology”.
R11, R12, R13 and R14 must redistribute OSPF into BGP and they must
advertise a default route into their respective OSPF domain. They may not
redistribute BGP into OSPF. Need add always, it is request on exam.
R15 and R16 must mutually redistribute OSPF and BGP.
R11, R12, R13 and R14 must advertise only four prefixes via eBGP to
Jameson’s core network as follows:
o R11 and R12 must advertise 10.1.0.0/16, 10.255.1.11/32,
10.255.1.12/32 and 10.255.1.101/32;
o R13 and R14 must advertise 10.3.0.0/16, 10.255.1.13/32,
10.255.1.14/32 and 10.255.1.102/32;
R1 must reflect IPv4 BGP prefixes to all core routers except R2. All internal
BGP peers must be established using interface Lo0.
Ensure that each Jameson’s site receives BGP prefixes from other sites.
A very smaller output as the one shown below must be seen on R11, R12, R13
and R14 (only the next-hop, version and update-group may differ).
R11#show ip bgp 10.2.0.0/16
BGP routing table entry for 10.2.0.0/16, version 18
Paths: (2 available, best #2, table default)
Advertised to update-groups:
2
Refresh Epoch 1
65001 65001, (aggregated by 65002 10.255.1.16)
10.255.1.12 (metric 11) from 10.255.1.12 (10.255.1.12)
Origin IGP, metric 0, localpref 100, valid, internal, atomic-aggregate
rx pathid: 0, tx pathid: 0
Refresh Epoch 1
65001 65001, (aggregated by 65002 10.255.1.15)
10.254.0.53 from 10.254.0.53 (10.255.1.7)
Origin IGP, localpref 100, valid, external, atomic-aggregate, best
rx pathid: 0, tx pathid: 0x0
Ensure that any prefix that originate in any of these main site will not advertise
back to same site via redundant gateway.
The configuration must equally apply to any future prefixes that may be
advertised by any site
R15 and R16 must advertise their OSPF default route to their PE.
38
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
R1
router bgp 65001
bgp router-id 10.255.1.1
nei IBGP peer-group
nei IBGP remote-as 65001
nei IBGP update-source loopback 0
nei IBGP route-reflector-client
nei 10.255.1.3 peer-group IBGP
nei 10.255.1.4 peer-group IBGP
nei 10.255.1.5 peer-group IBGP
nei 10.255.1.6 peer-group IBGP
nei 10.255.1.7 peer-group IBGP
nei 10.255.1.8 peer-group IBGP
R3
router bgp 65001
bgp router-id 10.255.1.3
nei 10.255.1.1 remote-as 65001
nei 10.255.1.1 update-source l0
nei 10.255.1.1 next-hop-self
R4
router bgp 65001
bgp router-id 10.255.1.4
nei 10.255.1.1 remote-as 65001
nei 10.255.1.1 update-source l0
nei 10.255.1.1 next-hop-self
R5
router bgp 65001
bgp router-id 10.255.1.5
nei 10.255.1.1 remote-as 65001
nei 10.255.1.1 update-source l0
nei 10.255.1.1 next-hop-self
R6
router bgp 65001
bgp router-id 10.255.1.6
nei 10.255.1.1 remote-as 65001
nei 10.255.1.1 update-source l0
nei 10.255.1.1 next-hop-self
39
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
R7
router bgp 65001
bgp router-id 10.255.1.7
nei 10.255.1.1 remote-as 65001
nei 10.255.1.1 update-source l0
nei 10.255.1.1 next-hop-self
R8
router bgp 65001
bgp router-id 10.255.1.8
nei 10.255.1.1 remote-as 65001
nei 10.255.1.1 update-source l0
nei 10.255.1.1 next-hop-self
Explain:
Why do you need the command: next-hop-self under the BGP configuration?
Because the interface faced to the edge router, you don’t advertise it into the core
network, so if the route from
R3 (role as PE)
ip vrf GREEN
rd 65002:15
!
int e0/1
ip vrf forwarding GREEN
ip add 10.254.0.73 255.255.255.252
!
router bgp 65001
no nei 10.254.0.74 remote-as 65002
address-family ipv4 vrf GREEN
nei 10.254.0.74 remote-as 65002
nei 10.254.0.74 as-override
R4 (PE role)
ip vrf GREEN
rd 65002:16
!
int e0/1
ip vrf forwarding GREEN
ip add 10.254.0.77 255.255.255.252
router bgp 65001
no nei 10.254.0.78 remote-as 65002
address-family ipv4 vrf GREEN
40
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
nei 10.254.0.78 remote-as 65002
nei 10.254.0.78 as-override
R5 (PE role)
ip vrf GREEN
rd 65002:13
int e0/2
ip vrf forwarding GREEN
ip add 10.254.0.41 255.255.255.252
!
router bgp 65001
no nei 10.254.0.42 remote-as 65002
address-family ipv4 vrf GREEN
nei 10.254.0.42 remote-as 65002
nei 10.254.0.42 as-override
R6 (PE role)
ip vrf GREEN
rd 65002:14
!
int e0/2
ip vrf forwarding GREEN
ip add 10.254.0.45 255.255.255.252
!
router bgp 65001
no nei 10.254.0.46 remote-as 65002
address-family ipv4 vrf GREEN
nei 10.254.0.46 remote-as 65002
nei 10.254.0.46 as-override
R7 (PE role)
ip vrf RED
rd 65002:11
!
int e0/0
ip vrf forwarding RED
ip add 10.254.0.53 255.255.255.252
!
router bgp 65001
no nei 10.254.0.54 remote-as 65002
address-family ipv4 vrf RED
nei 10.254.0.54 remote-as 65002
nei 10.254.0.54 as-override
41
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
R8 (PE role)
ip vrf RED
rd 65002:12
int e0/0
ip vrf forwarding RED
ip add 10.254.0.57 255.255.255.252
router bgp 65001
no nei 10.254.0.58 remote-as 65002
address-family ipv4 vrf RED
nei 10.254.0.58 remote-as 65002
nei 10.254.0.58 as-override
42
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
R11/R12
router bgp 65002
redistribute ospf 1
aggregate-address 10.1.0.0 255.255.0.0 summary-only
!
router ospf 1
default-information originate always
R13/R14
router bgp 65002
redistribute ospf 1
aggregate-address 10.3.0.0 255.255.0.0 summary-only
!
router ospf 1
default-information originate always
R15/R16
router bgp 65002
redistribute ospf 1 match internal external 2
aggregate-address 10.2.0.0 255.255.0.0 summary-only
!
router ospf 1
redistribute bgp 65002 subnets metric-type 1
!
router bgp 65002
default-information originate
43
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
Verification:
R1#show ip bgp summary
BGP router identifier 10.255.1.1, local AS number 65001
BGP table version is 1, main routing table version 1
R15#show ip bgp
BGP table version is 342, local router ID is 10.255.1.15
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
44
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
*> 10.254.0.73 0 65001 65001 ?
* i 10.255.1.14/32 10.255.1.16 0 100 0 65001 65001 ?
*> 10.254.0.73 0 65001 65001 ?
* i 10.255.1.15/32 10.255.1.16 11 100 0 ?
*> 0.0.0.0 0 32768 ?
* i 10.255.1.16/32 10.255.1.16 0 100 0 ?
*> 10.2.0.2 11 32768 ?
* i 10.255.1.17/32 10.255.1.16 22 100 0 ?
*> 10.2.0.6 12 32768 ?
* i 10.255.1.18/32 10.255.1.16 23 100 0 ?
*> 10.2.0.6 13 32768 ?
* i 10.255.1.19/32 10.255.1.16 1022 100 0 ?
*> 10.2.0.6 1012 32768 ?
* i 10.255.1.20/32 10.255.1.16 1022 100 0 ?
*> 10.2.0.6 1012 32768 ?
* i 10.255.1.21/32 10.255.1.16 1022 100 0 ?
*> 10.2.0.6 1012 32768 ?
* i 10.255.1.101/32 10.255.1.16 0 100 0 65001 65001 ?
*> 10.254.0.73 0 65001 65001 ?
* i 10.255.1.102/32 10.255.1.16 0 100 0 65001 65001 ?
*> 10.254.0.73 0 65001 65001 ?
* i 10.255.1.103/32 10.255.1.16 21 100 0 ?
*> 10.2.0.6 11 32768 ?
* i 10.255.1.104/32 10.255.1.16 22 100 0 ?
*> 10.2.0.6 12 32768 ?
* i 172.30.1.55/32 10.255.1.16 0 100 0 65001 65005 ?
*> 10.254.0.73 0 65001 65005 ?
* i 172.30.1.56/32 10.255.1.16 0 100 0 65001 65005 ?
*> 10.254.0.73 0 65001 65005 ?
* i 172.30.1.57/32 10.255.1.16 0 100 0 65001 65005 ?
*> 10.254.0.73 0 65001 65005 ?
* i 172.30.1.58/32 10.255.1.16 0 100 0 65001 65007 ?
*> 10.254.0.73 0 65001 65007 ?
* i 172.30.1.107/32 10.255.1.16 0 100 0 65001 65005 ?
*> 10.254.0.73 0 65001 65005 ?
* i 172.30.1.108/32 10.255.1.16 0 100 0 65001 65007 ?
*> 10.254.0.73 0 65001 65007 ?
45
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
Refer to the “Overall Scenario”, “Diagram 2: Initial Topology” and “Diagram 4: Pre-
merge Topology”. Jacob’s decided to enable MPLS VPN in their network Configure
Jameson’s network as per the following requirements: based on Topology.
R56
router bgp 65005
bgp router-id 172.30.1.56
nei 172.18.253.5 remote-as 65006
nei 172.30.1.55 remote-as 65005
nei 172.30.1.55 update-source l0
nei 172.30.1.55 next-hop-self
aggregate-address 172.18.0.0 255.255.0.0 summary-only
R55
router bgp 65005
bgp router-id 172.30.1.55
nei 172.18.253.1 remote-as 65006
nei 172.30.1.56 remote-as 65005
nei 172.30.1.56 update-source l0
nei 172.30.1.56 next-hop-self
aggregate-address 172.18.0.0 255.255.0.0 summary-only
int e0/1
ip vrf forwarding GREEN
ip add 172.18.253.1 255.255.255.252
46
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
interface Ethernet0/1
ip vrf forwarding GREEN
ip address 172.18.253.5 255.255.255.252
int e0/1
ip vrf forwarding BLUE
ip add 172.17.253.22 255.255.255.252
47
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
!
router bgp 65005
redistribute eigrp 10 route-map JACOBHQ
!
router eigrp 10
redistribute bgp 65005 metric 1 1 1 1 1 route-map JACOBHQ1
Verification:
R50#show bgp vpnv4 uni all
BGP table version is 525, local router ID is 172.30.1.50
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
49
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
Refer to the “Overall Scenario” and “Diagram 5: Merge Phase: 1” Jameson’s and
Jacob’s started the first phase of their merge and add a new border router in their
respective main site (R18 and R57).
Interface loopback 0 of both R18 and R57 must be add into their respective
IGP domain.
Interface Eth0/1 of both R18 and R57 must peer with its connected IGP
neighbor.
Both R18 and R57 must advertise a summary prefix via eBGP to each other as
follows:
R18 advertises 10.0.0.0/8
R57 advertises 172.0.0.0/8
Both R18 and R57 must propagate the received summary prefix into their
respective IGP domain.
R18
router bgp 65002
bgp router-id 10.255.1.18
nei 10.2.0.46 remote-as 65005
network 10.2.100.0 mask 255.255.255.0
aggregate-address 10.0.0.0 255.0.0.0
router ospf 1
redistribute bgp 65002 metric-type 1 subnets
R57
router bgp 65005
bgp router-id 172.30.1.57
neighbor 10.2.0.45 remote-as 65002
network 172.18.1.0 mask 255.255.255.0
aggregate-address 172.0.0.0 255.0.0.0
!
router eigrp 10
redistribute bgp 65005 metric 10000 100 255 1 1500
50
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
Verification:
R18#show bgp ipv4 uni summary
BGP router identifier 10.255.1.18, local AS number 65002
BGP table version is 5, main routing table version 5
4 network entries using 560 bytes of memory
4 path entries using 320 bytes of memory
4/4 BGP path/bestpath attribute entries using 576 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1480 total bytes of memory
BGP activity 4/0 prefixes, 4/0 paths, scan interval 60 secs
51
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
Refer to “Diagram 2: Initial Topology” and “Diagram 6: Merge Phase 2”. Jameson’s
and Jacob’s are entering in the second phase of the merge and have deployed two
new border routers in their respective core network. Configure the core networks as
per the following requirements:
R9 and R10 must run OSPF on their interface Eth0/0 and Loopback 0.
R9 and R10 must run EIGRP on their interface Eth0/1.
R53 and R54 must run EIGRP on all of their interfaces.
Mutually redistribute EIGRP and OSPF on both R9 and R10
Avoid routing loops and ensure that all current and future prefixes are routed
via their optimal path. Do not use any access-list or prefix-list in order to
achieve this requirement
Do not change any administrative distance of any protocol in any router.
R9
router eigrp JACOBS
address-family ipv4 unicast autonomous-system 1
network 10.254.0.61 0.0.0.0
R10
router eigrp JACOBS
address-family ipv4 unicast autonomous-system 1
network 10.254.0.65 0.0.0.0
R53
router eigrp JACOBS
address-family ipv4 unicast autonomous-system 1
network 10.254.0.62 0.0.0.0
R54
router eigrp JACOBS
address-family ipv4 unicast autonomous-system 1
network 10.254.0.66 0.0.0.0
52
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
R9/R10
router ospf 1
redistribute eigrp 1 subnets
route-map METRIC permit 10
match metric 10 +- 11
set metric 10000 100 255 1 1500
route-map METRIC permit 20
set metric 1000 100 255 1 1500
router eigrp JACOBS
address-family ipv4 unicast autonomous-system 1
topology base
redistribute ospf 1 route-map METRIC
R9/R10 Filtering
route-map TAG deny 10
match tag 172.172.172.172
route-map TAG permit 20
!
router ospf 1
distribute-list route-map TAG in
R53/R54
int e0/0
no shut
int e0/1
no shut
Verification:
R50#traceroute 10.255.1.8
Type escape sequence to abort.
Tracing the route to 10.255.1.8
VRF info: (vrf in name/id, vrf out name/id)
1 172.30.100.5 [MPLS: Label 22 Exp 0] 2 msec 1 msec 2 msec
2 10.254.0.65 [MPLS: Label 26 Exp 0] 2 msec 1 msec 2 msec
3 10.254.0.29 [MPLS: Label 28 Exp 0] 1 msec 1 msec 1 msec
4 10.254.0.26 2 msec * 5 msec
53
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
Network managers have decided that the primary path for all traffic between
Jameson’s 10.2.100.0/24 and Jacob’s 172.18.1.0/24 must be routed
preferably via the BGP backdoor link between R18 and R57. If this link
should fail, then traffic should fall back over the MPLS core network.
All other traffic must be routed preferably via the MPLS core network.
Do not configure any route-map nor access-list in order to achieve this
requirement
Ensure that the following test reveals the same path as shown below:
R101#traceroute 172.18.1.254 numeric
Type escape sequence to abort.
Tracing the route to 172.18.1.254
VRF info: (vrf in name/id, vrf out name/id)
1 10.2.100.253 2 msec 1 msec 1 msec
2 10.2.0.14 1 msec 2 msec 1 msec
3 10.2.0.42 2 msec 2 msec 1 msec
4 10.2.0.46 2 msec 2 msec 1 msec
5 172.18.2.254 2 msec * 3 msec
SW10#traceroute 10.2.100.253
Type escape sequence to abort.
Tracing the route to 10.2.100.253
VRF info: (vrf in name/id, vrf out name/id)
1 172.18.2.1 0 msec 1 msec 0 msec
2 10.2.0.45 2 msec 1 msec 1 msec
3 10.2.0.41 1 msec 1 msec 2 msec
4 10.2.100.253 3 msec * 2 msec
R101#traceroute 172.18.2.254
Type escape sequence to abort.
Tracing the route to 172.18.2.254
VRF info: (vrf in name/id, vrf out name/id)
1 10.2.100.253 2 msec 1 msec 1 msec
2 10.2.0.5 1 msec 1 msec 1 msec
3 10.254.0.73 2 msec 2 msec 1 msec
4 10.254.0.13 [MPLS: Labels 35/46 Exp 0] 2 msec 2 msec 2 msec
5 10.254.0.18 [MPLS: Labels 38/46 Exp 0] 3 msec 3 msec 2 msec
6 10.254.0.62 [MPLS: Labels 40/46 Exp 0] 2 msec 2 msec 3 msec
7 172.18.253.5 [MPLS: Label 46 Exp 0] 3 msec 3 msec 3 msec
8 172.18.253.6 2 msec 2 msec 3 msec
9 172.18.254.254 3 msec * 3 msec
54
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
R51
router bgp 65006
bgp default local-preference 200
Explain:
If you don’t add local-preference 200 on R51, so traffic from R101 will cannot
follow exactly output as request from Cisco. R1 is RR, maybe it will choose R50 as
best path go to Jacob’s Headquater Network.
Verification:
R101#traceroute 172.18.1.254 numeric
Type escape sequence to abort.
Tracing the route to 172.18.1.254
VRF info: (vrf in name/id, vrf out name/id)
1 10.2.100.253 2 msec 1 msec 1 msec
2 10.2.0.14 1 msec 2 msec 1 msec
3 10.2.0.42 2 msec 2 msec 1 msec
4 10.2.0.46 2 msec 2 msec 1 msec
5 172.18.2.254 2 msec * 3 msec
SW10#traceroute 10.2.100.253
Type escape sequence to abort.
Tracing the route to 10.2.100.253
VRF info: (vrf in name/id, vrf out name/id)
1 172.18.2.1 0 msec 1 msec 0 msec
2 10.2.0.45 2 msec 1 msec 1 msec
3 10.2.0.41 1 msec 1 msec 2 msec
4 10.2.100.253 3 msec * 2 msec
R101#traceroute 172.18.2.254
Type escape sequence to abort.
Tracing the route to 172.18.2.254
VRF info: (vrf in name/id, vrf out name/id)
1 10.2.100.253 2 msec 1 msec 1 msec
2 10.2.0.5 1 msec 1 msec 1 msec
3 10.254.0.73 2 msec 2 msec 1 msec
4 10.254.0.13 [MPLS: Labels 35/46 Exp 0] 2 msec 2 msec 2 msec
5 10.254.0.18 [MPLS: Labels 38/46 Exp 0] 3 msec 3 msec 2 msec
6 10.254.0.62 [MPLS: Labels 40/46 Exp 0] 2 msec 2 msec 3 msec
7 172.18.253.5 [MPLS: Label 46 Exp 0] 3 msec 3 msec 3 msec
8 172.18.253.6 2 msec 2 msec 3 msec
9 172.18.254.254 3 msec * 3 msec
55
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
Establish OSPFv3 adjacencies in Area 0 between SW3, SW4, R15 and R16.
Do not use the command “ipv6 router ospf” anywhere in order to accomplish
the previous requirement.
Interface VLAN 100 of SW3 must be configured with default route preference
set to “high”.
Interface VLAN 100 of SW4 must be configured with default route preference
set to “medium”.
The interval between Router Advertisement transmissions on VLAN 100 must
be set 20 seconds on both SW3 and SW4.
R15
router ospfv3 1
address-family ipv6 unicast
router-id 10.255.1.15
interface e0/0
ospfv3 1 ipv6 area 0
int e0/2
ospfv3 1 ipv6 area 0
R16
router ospfv3 1
address-family ipv6 unicast
router-id 10.255.1.16
int e0/0
ospfv3 1 ipv6 area 0
int e0/2
ospfv3 1 ipv6 are 0
SW3
router ospfv3 1
address-family ipv6 unicast
router-id 10.255.1.103
int loopback 0
56
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
ospfv3 1 ipv6 area 0
int vlan 153
ospfv3 1 ipv6 area 0
int vlan 100
ospfv3 1 ipv6 area 0
ipv6 nd ra interval 20
int vlan 34
ospfv3 1 ipv6 area 0
int vlan 100
ipv6 nd router-preference high
SW4
router ospfv3 1
address-family ipv6 unicast
router-id 10.255.1.104
int loopback 0
ospfv3 1 ipv6 area 0
int vlan 164
ospfv3 1 ipv6 area 0
int vlan 100
ospfv3 1 ipv6 area 0
ipv6 nd ra interval 20
int vlan 34
ospfv3 1 ipv6 area 0
int vlan 100
ipv6 nd router-preference medium
Verification:
R15#show ipv6 ospf ne
SW3#show ipv6 os ne
57
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
LC 2001:CC1E:BEEF:10:255:1:103:103/128 [0/0]
via Loopback0, receive
O 2001:CC1E:BEEF:10:255:1:104:104/128 [110/1]
via FE80::A8BB:CCFF:FE80:8000, Vlan100
via FE80::A8BB:CCFF:FE80:8000, Vlan34
C 2001:CC1E:BEEF:34::/64 [0/0]
via Vlan34, directly connected
L 2001:CC1E:BEEF:34:10:2:0:13/128 [0/0]
via Vlan34, receive
C 2001:CC1E:BEEF:100::/64 [0/0]
via Vlan100, directly connected
L 2001:CC1E:BEEF:100:10:2:1:253/128 [0/0]
via Vlan100, receive
C 2001:CC1E:BEEF:153::/64 [0/0]
via Vlan153, directly connected
L 2001:CC1E:BEEF:153:10:2:0:6/128 [0/0]
via Vlan153, receive
O 2001:CC1E:BEEF:156::/64 [110/11]
via FE80::A8BB:CCFF:FE00:D020, Vlan153
O 2001:CC1E:BEEF:164::/64 [110/2]
via FE80::A8BB:CCFF:FE80:8000, Vlan100
via FE80::A8BB:CCFF:FE80:8000, Vlan34
L FF00::/8 [0/0]
via Null0, receive
58
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
SW3 and SW4 must provide first-hop redundancy for hosts in VLAN 100 by
sharing the virtual link-local address FE80:100::1.
SW3 must be elected as the active router and SW4 must be elected the
standby router.
In case SW3 is down, SW4 must take over the active role. If SW3 comes
back online, it must automatically recover the active role from SW4.
Ensure that HSRP Hello packets are exchanged every 10 second and that the
standby takes over the active role if three consecutive Hello packets were
missed from the active.
SW3
int vlan 100
standby ver 2
standby 1 ipv6 fe80:100::1
standby 1 timers 10 30
standby 1 priority 105
standby 1 preempt
SW4
int vlan 100
standby version 2
standby 1 ipv6 fe80:100::1
standby 1 timer 10 30
standby 1 preempt
Verification:
SW3#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl100 1 105 P Active local FE80::A8BB:CCFF:FE80:8000
FE80:100::1
Vl100 2 95 P Active local 10.2.100.254 10.2.100.1
SW3#show standby
59
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
Vlan100 - Group 1 (version 2)
State is Active
2 state changes, last state change 00:01:41
Link-Local Virtual IPv6 address is FE80:100::1 (conf)
Active virtual MAC address is aabb.cc80.6000 (MAC In Use)
Local virtual MAC address is aabb.cc80.6000 (bia)
Hello time 10 sec, hold time 30 sec
Next hello sent in 5.824 secs
Preemption enabled
Active router is local
Standby router is FE80::A8BB:CCFF:FE80:8000, priority 100 (expires in
30.128 sec)
Priority 105 (configured 105)
Group name is "hsrp-Vl100-1" (default)
Vlan100 - Group 2 (version 2)
State is Active
2 state changes, last state change 00:01:39
Virtual IP address is 10.2.100.1
Active virtual MAC address is aabb.cc80.6000 (MAC In Use)
Local virtual MAC address is aabb.cc80.6000 (bia)
Hello time 10 sec, hold time 30 sec
Next hello sent in 2.624 secs
Preemption enabled
Active router is local
Standby router is 10.2.100.254, priority 90 (expires in 30.240 sec)
Priority 95 (configured 105)
Track object 1 state Down decrement 10
Group name is "hsrp-Vl100-2" (default)
60
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
SW3#ping 239.1.1.1 source vlan 173
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 239.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 10.2.0.37
R17
ip multicast-routing
int e0/1
ip pim sparse-mode
int l0
ip pim sparse-mode
int tunnel 0
ip pim sparse-mode
ip pim bsr-candidate loopback0
ip pim rp-candidate loopback 0
R19/20/21
ip multicast-routing
int tunnel 0
ip pim sparse-mode
int e0/1
ip pim sparse-mode
ip igmp join-group 239.1.1.1
Verification:
R17#show ip mroute
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry, E - Extranet,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report,
Z - Multicast Tunnel, z - MDT-data group sender,
Y - Joined MDT-data group, y - Sending to MDT-data group,
G - Received BGP C-Mroute, g - Sent BGP C-Mroute,
N - Received BGP Shared-Tree Prune, n - BGP C-Mroute suppressed,
Q - Received BGP S-A Route, q - Sent BGP S-A Route,
V - RD & Vector, v - Vector, p - PIM Joins on route
Outgoing interface flags: H - Hardware switched, A - Assert winner, p - PIM
Join
61
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
Use the preconfigured interface Tunnel0 on all four routers in order to accomplish
this task.
62
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
VRF info: (vrf in name/id, vrf out name/id)
1 10.100.0.20 5 msec * 5 msec
R17
int tunnel 0
ip nhrp map multicast dynamic
ip nhrp network-id 12345
ip nhrp redirect
tunnel source e0/0
tunnel mode gre multipoint
R19/20/21
int tunnel 0
ip nhrp map multicast 192.0.2.2
ip nhrp map 10.100.0.1 192.0.2.2
ip nhrp nhs 10.100.0.1
ip nhrp network-id 12345
ip nhrp shortcut
tunnel source dialer1
tunnel mode gre multipoint
R17/19/20/21
int tunnel 0
tunnel protection ipsec profile DMVPNPROFILE
Verification:
R17#show dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
1 192.0.2.6 10.100.0.19 UP 02:17:23 D
1 192.0.2.10 10.100.0.20 UP 02:17:23 D
1 192.0.2.14 10.100.0.21 UP 02:17:23 D
R101#traceroute 10.3.1.254
Type escape sequence to abort.
Tracing the route to 10.3.1.254
VRF info: (vrf in name/id, vrf out name/id)
1 10.2.100.253 1 msec 1 msec 0 msec
2 10.2.0.5 1 msec 1 msec 2 msec
3 10.254.0.73 1 msec 1 msec 2 msec
4 10.254.0.13 [MPLS: Labels 27/43 Exp 0] 2 msec 2 msec 2 msec
5 10.254.0.41 [MPLS: Label 43 Exp 0] 2 msec 2 msec 2 msec
6 10.254.0.42 2 msec 2 msec 1 msec
7 10.3.254.254 2 msec * 5 msec
R1/R2
ip cef
mpls ip
mpls label protocol ldp
mpls ldp router-id loopback 0
!
int range e0/0-3
mpls ip
int e1/0
mpls ip
R3/R4
ip cef
mpls ip
mpls label protocol ldp
mpls ldp router-id loopback 0
int range e0/0, e0/2
mpls ip
R5/R6
ip cef
mpls ip
mpls label protocol ldp
mpls ldp router-id loopback 0
int rang e0/0-1
65
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
mpls ip
R7/R8
ip cef
mpls ip
mpls label protocol ldp
mpls ldp router-id loopback 0
int e0/3
mpls ip
R1
router bgp 65001
address-family vpnv4
nei IBGP route-reflector-client
nei 10.255.1.3 activate
nei 10.255.1.4 activate
nei 10.255.1.5 activate
nei 10.255.1.6 activate
nei 10.255.1.7 activate
nei 10.255.1.8 activate
R3, R4, R5, R6, R7, R8 //R2 as P router don't config VPNV4
router bgp 65001
address-family vpnv4
nei 10.255.1.1 act
66
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
Explain:
R4
ip vrf GREEN
rd 65002:16
route-target export 65002:1516
route-target import 65002:1112
route-target import 65002:1314
route-target import 65005:5556
route-target import 65007:58
R5
ip vrf GREEN
rd 65002:13
route-target export 65002:1314
route-target import 65002:1516
R6
ip vrf GREEN
rd 65002:14
route-target export 65002:1314
route-target import 65002:1516
R7
ip vrf RED
rd 65002:11
route-target export 65002:1112
route-target import 65002:1516
R8
ip vrf RED
rd 65002:12
route-target export 65002:1112
route-target import 65002:1516
67
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
Verification:
R101#traceroute 10.1.1.254
Type escape sequence to abort.
Tracing the route to 10.1.1.254
VRF info: (vrf in name/id, vrf out name/id)
1 10.2.100.253 1 msec 1 msec 1 msec
2 10.2.0.5 1 msec 1 msec 1 msec
3 10.254.0.73 2 msec 1 msec 1 msec
4 10.254.0.13 [MPLS: Labels 29/44 Exp 0] 2 msec 3 msec 2 msec
5 10.254.0.53 [MPLS: Label 44 Exp 0] 2 msec 1 msec 2 msec
6 10.254.0.54 2 msec 3 msec 2 msec
7 10.1.254.254 3 msec * 4 msec
R101#traceroute 10.3.1.254
Type escape sequence to abort.
Tracing the route to 10.3.1.254
VRF info: (vrf in name/id, vrf out name/id)
1 10.2.100.253 1 msec 1 msec 0 msec
2 10.2.0.5 1 msec 1 msec 2 msec
3 10.254.0.73 1 msec 1 msec 2 msec
4 10.254.0.13 [MPLS: Labels 27/43 Exp 0] 2 msec 2 msec 2 msec
5 10.254.0.41 [MPLS: Label 43 Exp 0] 2 msec 2 msec 2 msec
6 10.254.0.42 2 msec 2 msec 1 msec
7 10.3.254.254 2 msec * 5 msec
Refer to the “Overall Scenario” and “Diagram 6: Merge Phase 2”. Jameson’s and
Jacob’s are entering in the second phase of the merge and have deployed two new
border routers in their respective core network. Configure the network as per the
following requirements:
R50/51/52
router bgp 65006
no bgp default ipv4-unicast
nei 10.255.1.1 remote-as 65001
nei 10.255.1.1 local-as 65001
nei 10.255.1.1 update-source l0
address-family ipv4
nei 10.255.1.1 act
address-family vpnv4
nei 10.255.1.1 act
R1
router bgp 65001
no bgp default ipv4-unicast
nei 172.30.1.50 peer-group IBGP
nei 172.30.1.51 peer-group IBGP
69
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
nei 172.30.1.52 peer-group IBGP
address-family ipv4
nei 172.30.1.50 act
nei 172.30.1.51 act
nei 172.30.1.52 act
address-family vpnv4
nei 172.30.1.50 act
nei 172.30.1.51 act
nei 172.30.1.52 act
R50
ip vrf GREEN
rd 65005:55
route-target export 65005:5556
route-target import 65002:1516
R51
ip vrf GREEN
rd 65005:56
route-target export 65005:5556
route-target import 65002:1516
R52
ip vrf BLUE
rd 65007:58
route-target export 65007:58
route-target import 65002:1516
Refer to the “Overall Scenario” and “Diagram 6: Merge Phase 2”. Jameson’s and
Jacob’s are entering in the second phase of the merge and have deployed two new
border routers in their respective core network. Configure the network as per the
following requirements:
PE routers in the JACOBS location should not contain AS65001 in the BGP
NLRI
Do not modify the BGP configuration of Jacob’s CEs (R55, R56, R58) in order
to accomplish this requirement.
Enable LDP in the merged core network as indicated in “Diagram 6: Merge
Phase2”, including the four new border router (R9, R10, R53, R54) and
Jacob’s core network.
Ensure that all LDP routers use their interface Loopback0 as their LDP router-
id.
70
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
Note:
The difference in this section with verison 1.6.1 and version 1.6
In Version 1.6.1:
PE routers in the JACOBS location should not contain AS65001 in the BGP
NLRI
In Version 1.6:
Solution:
Exactly same
R50/51/52
router bgp 65006
no bgp default ipv4-unicast
nei 10.255.1.1 remote-as 65001
nei 10.255.1.1 local-as 65001
nei 10.255.1.1 update-source l0
address-family ipv4
nei 10.255.1.1 act
address-family vpnv4
nei 10.255.1.1 act
R1
router bgp 65001
no bgp default ipv4-unicast
nei 172.30.1.50 peer-group IBGP
nei 172.30.1.51 peer-group IBGP
nei 172.30.1.52 peer-group IBGP
address-family ipv4
nei 172.30.1.50 act
nei 172.30.1.51 act
nei 172.30.1.52 act
address-family vpnv4
nei 172.30.1.50 act
nei 172.30.1.51 act
nei 172.30.1.52 act
R50
ip vrf GREEN
rd 65005:55
route-target export 65005:5556
route-target import 65002:1516
R51
ip vrf GREEN
rd 65005:56
route-target export 65005:5556
route-target import 65002:1516
R52
ip vrf BLUE
rd 65007:58
route-target export 65007:58
route-target import 65002:1516
72
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
Verification:
R50#show bgp vpnv4 uni all
BGP table version is 156, local router ID is 172.30.1.50
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
73
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
172.30.1.52 4 65001 147 307 235 0 0 02:03:40 2
***Big note that: If don’t define RT or wrong RT then PE don’t receive VPNV4 route
from PE.
Refer to the “Overall Scenario” and “Diagram 6: Merge Phase 2”. Configure the
network as per the following requirements:
Jameson’s headquarters (VPN RED), main office (VPN GREEN) and Jacob’
office (VPN BLUE) must receive datacenter prefixes (VPN GREEN).
Jameson’s main office (VPN GREEN) may not receive prefixes from Jacob
(headquarters (VPN RED) prefixes and Office (VPN GREEN) prefixes).
74
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
R7/R8
ip vrf RED
route-target import 65002:1516
R50/51
ip vrf GREEN
route-target import 65002:1516
R52
ip vrf BLUE
route-target import 65002:1516
Verification:
R11#show bgp ipv4 uni
BGP table version is 56, local router ID is 10.255.1.11
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
75
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
*> 10.254.0.53 0 65001 65001 ?
* i 10.100.0.20/32 10.255.1.12 0 100 0 65001 65001 ?
*> 10.254.0.53 0 65001 65001 ?
* i 10.100.0.21/32 10.255.1.12 0 100 0 65001 65001 ?
*> 10.254.0.53 0 65001 65001 ?
*> 10.255.1.11/32 0.0.0.0 0 32768 ?
* i 10.255.1.12 11 100 0 ?
*> 10.255.1.12/32 10.1.254.2 11 32768 ?
* i 10.255.1.12 0 100 0 ?
* i 10.255.1.15/32 10.255.1.12 0 100 0 65001 65001 ?
*> 10.254.0.53 0 65001 65001 ?
* i 10.255.1.16/32 10.255.1.12 0 100 0 65001 65001 ?
*> 10.254.0.53 0 65001 65001 ?
* i 10.255.1.17/32 10.255.1.12 0 100 0 65001 65001 ?
*> 10.254.0.53 0 65001 65001 ?
* i 10.255.1.18/32 10.255.1.12 0 100 0 65001 65001 ?
*> 10.254.0.53 0 65001 65001 ?
Network Next Hop Metric LocPrf Weight Path
* i 10.255.1.19/32 10.255.1.12 0 100 0 65001 65001 ?
*> 10.254.0.53 0 65001 65001 ?
* i 10.255.1.20/32 10.255.1.12 0 100 0 65001 65001 ?
*> 10.254.0.53 0 65001 65001 ?
* i 10.255.1.21/32 10.255.1.12 0 100 0 65001 65001 ?
*> 10.254.0.53 0 65001 65001 ?
*> 10.255.1.101/32 10.1.254.254 11 32768 ?
* i 10.255.1.12 11 100 0 ?
* i 10.255.1.103/32 10.255.1.12 0 100 0 65001 65001 ?
*> 10.254.0.53 0 65001 65001 ?
* i 10.255.1.104/32 10.255.1.12 0 100 0 65001 65001 ?
*> 10.254.0.53 0 65001 65001 ?
* i 172.18.1.0/24 10.255.1.12 0 100 0 65001 65001 ?
*> 10.254.0.53 0 65001 65001 ?
76
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
B 10.255.1.19/32 [20/0] via 10.254.0.53, 02:10:08
B 10.255.1.20/32 [20/0] via 10.254.0.53, 02:10:08
B 10.255.1.21/32 [20/0] via 10.254.0.53, 02:10:08
B 10.255.1.103/32 [20/0] via 10.254.0.53, 02:10:08
B 10.255.1.104/32 [20/0] via 10.254.0.53, 02:10:08
172.18.0.0/24 is subnetted, 1 subnets
B 172.18.1.0 [20/0] via 10.254.0.53, 01:24:39
77
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
*> 10.254.0.41 0 65001 65001 ?
* i 10.255.1.104/32 10.255.1.14 0 100 0 65001 65001 ?
*> 10.254.0.41 0 65001 65001 ?
* i 172.18.1.0/24 10.255.1.14 0 100 0 65001 65001 ?
*> 10.254.0.41 0 65001 65001 ?
78
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
Protect R17’s control-plane from TTL expiry attacks so that match IP packets
with a TTL of 0 or 1 are dropped before the CPU processes them.
Legit packets include expected control protocols running on the link.
R17
ip access-list extended TTL
deny ospf any any
deny tcp any any eq bgp
deny tcp any eq bgp any
deny pim any any
deny esp any any
deny gre any any
deny udp any any eq 500
deny udp any any eq 4500
permit ip any any ttl eq 0
permit ip any any ttl eq 1
class-map match-all TTL
match access-group name TTL
policy-map TTL
class TTL
drop
!
Control-plane
service-policy input TTL
Verification:
R17#show ip access-lists TTL
Extended IP access list TTL
10 deny ospf any any (1762 matches)
20 deny tcp any any eq bgp (275 matches)
30 deny tcp any eq bgp any
40 deny pim any any (683 matches)
50 deny esp any any
79
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
60 deny gre any any (17 matches)
70 deny udp any any eq isakmp (15 matches)
80 deny udp any any eq non500-isakmp
90 permit ip any any ttl eq 0
100 permit ip any any ttl eq 1 (217 matches)
SW5 and SW6 must filter DHCP message received by untrusted hosts by
comparing the source MAC address and the DHCP client hardware address. If
the address match, the switches must forward the packet. If the addresses
do not match, the switches must drop the packet.
Ensure that these access switches do not filter DHCP packets on their
uplinks.
Ensure that the DHCP relay switches (refer to item 5.1) allow DHCP message
received on their interface VLAN 100 with the added Option 82 and
uninitialized GIADDR field to be accepted.
SW5
ip dhcp snooping
ip dhcp snooping vlan 100
80
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
ip dhcp snooping information option
interface port-channel 35
ip dhcp snooping trust
sw6
ip dhcp snooping
ip dhcp snooping vlan 100
ip dhcp snooping information option
interface port-channel 46
ip dhcp snooping trust
Verification:
SW6#show ip dhcp snooping
Switch DHCP snooping is enabled
DHCP snooping is configured on following VLANs:
100
DHCP snooping is operational on following VLANs:
100
DHCP snooping is configured on the following L3 Interfaces:
81
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
Ensure that the distribution switches SW3 and SW4 forward DHCP discover
broadcast message received from VLAN 100’s hosts to interface Loopback0 of
R15 as unicast messages.
R15 must assign hosts in VLAN 100 a valid IP address from the prefix
10.2.100.0/24.
Ensure that addresses that were statically configured will never be assigned
to any host.
The DHCP offer must include the IP address 10.2.100.1/24 as the default
gateway for VLAN 100 users.
Ensure that the server R101 effectively receives an IP address from the
expected prefix 10.2.1.0/24 as well as its default gateway information.
R15
ip dhcp pool R101
host 10.2.100.2 255.255.255.0
client-identifier 01aa.bbcc.00a0.00
default-router 10.2.100.1
!
ip dhcp pool VLAN 100
network 10.2.100.0 255.255.255.0
default-router 10.2.100.1
ip dhcp excluded-address 10.2.100.1
ip dhcp excluded-address 10.2.100.253
ip dhcp excluded-address 10.2.100.254
SW3/SW4
interface vlan 100
ip helper-address 10.255.1.15
ip dhcp relay information trusted
82
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
Explain:
R101#show int e0/0
Ethernet0/0 is up, line protocol is up
Hardware is AmdP2, address is aabb.cc00.a000 (bia aabb.cc00.a000)
Internet address is 10.2.100.2/24
MTU 1500 bytes, BW 10000 Kbit/sec, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Verification:
R101#show ip int br
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 10.2.100.2 YES DHCP up up
Ethernet0/1 unassigned YES NVRAM administratively down down
Ethernet0/2 unassigned YES NVRAM administratively down down
Ethernet0/3 unassigned YES NVRAM administratively down down
83
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
Refer to “Diagram 1: Initial Topology”. Configure the network as per the following
requirements:
SW1#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/4 ms
SW2#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/4 ms
SW10#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/3/4 ms
SW11#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/3/3 ms
R19#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
84
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
R17
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 1 permit 172.0.0.0 0.255.255.255
!
ip nat inside source list 1 interface e0/0 overload
interface e0/0
ip nat outside
interface e0/1
ip nat inside
interface t0
ip nat inside
R58
router eigrp 10
summary-metric 0.0.0.0/0 distance 80
Verification:
R101#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms
SW1#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/4 ms
SW2#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/4 ms
SW10#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/3/4 ms
SW11#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
85
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/3/3 ms
R19#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
SW3 and SW4 must use the multicast address 224.0.0.102 in order to
negotiate the active and standby roles.
SW3 must be elected as the active router and SW4 must be elected as the
standby router.
In case SW3 is down, SW4 must take over the active role. If SW3 comes
back online, it must automatically recover the active role from SW4.
Ensure that HSRP hello packets are exchanged every 10 second and that the
standby takes over the active role if three consecutive Hello packets were
missed from the active.
Both routers must share the virtual IP address 10.2.100.1 that will be used
as default gateway for VLAN 100’s hosts.
SW3
interface vlan 100
standby 2 ip 10.2.100.1
standby 2 timers 10 30
standby 2 priority 105
standby 2 preempt
standby version 2
SW4
interface vlan 100
standby 2 ip 10.2.100.1
standby timers 10 30
86
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
standby 2 preempt
standby version 2
Note
Many guys feedbacked for me, they got a problem with HSRP in the Real Lab,
EVE-NG, IOU. After they configured VTP and Standby verion 2 (HSRP), it is okay.
So please follow this workbook and configure VTP and Standby version 2.
Verification:
SW3#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl100 1 105 P Active local FE80::A8BB:CCFF:FE80:8000
FE80:100::1
Vl100 2 105 P Active local 10.2.100.254 10.2.100.1
SW3#show standby
Vlan100 - Group 1 (version 2)
State is Active
2 state changes, last state change 13:31:11
Link-Local Virtual IPv6 address is FE80:100::1 (conf)
Active virtual MAC address is aabb.cc80.6000 (MAC In Use)
Local virtual MAC address is aabb.cc80.6000 (bia)
Hello time 10 sec, hold time 30 sec
Next hello sent in 3.168 secs
Preemption enabled
Active router is local
Standby router is FE80::A8BB:CCFF:FE80:8000, priority 100 (expires in 28.896 sec)
Priority 105 (configured 105)
Group name is "hsrp-Vl100-1" (default)
Vlan100 - Group 2 (version 2)
State is Active
2 state changes, last state change 13:31:07
Virtual IP address is 10.2.100.1
Active virtual MAC address is aabb.cc80.6000 (MAC In Use)
Local virtual MAC address is aabb.cc80.6000 (bia)
Hello time 10 sec, hold time 30 sec
Next hello sent in 7.888 secs
Preemption enabled
Active router is local
Standby router is 10.2.100.254, priority 100 (expires in 28.368 sec)
Priority 105 (configured 105)
Track object 1 state Up decrement 10
Group name is "hsrp-Vl100-2" (default)
87
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
SW3 and SW4 must monitor the reachability of their OSPF IPv4 default route
and in case it is not available, the HSRP priority must be decreased by 10
SW3/SW4
track 1 ip route 0.0.0.0 0.0.0.0 reachability
interface vlan 100
standby 2 track 1 decrement 10
Verification:
SW3#show track
Track 1
IP route 0.0.0.0 0.0.0.0 reachability
Reachability is Up (OSPF)
2 changes, last change 01:24:55
First-hop interface is Vlan173
Tracked by:
HSRP Vlan100 2
SW4#show track
Track 1
IP route 0.0.0.0 0.0.0.0 reachability
Reachability is Up (OSPF)
2 changes, last change 01:24:59
First-hop interface is Vlan34
Tracked by:
HSRP Vlan100 2
88
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
After you finished the LAB, Exam is requested you test as following:
R11#show ip bgp 10.2.0.0/16
BGP routing table entry for 10.2.0.0/16, version 568
Paths: (2 available, best #2, table default)
Advertised to update-groups:
20
Refresh Epoch 1
65001 65001, (aggregated by 65002 10.255.1.16)
10.255.1.12 (metric 11) from 10.255.1.12 (10.255.1.12)
Origin IGP, metric 0, localpref 100, valid, internal, atomic-aggregate
rx pathid: 0, tx pathid: 0
Refresh Epoch 1
65001 65001, (aggregated by 65002 10.255.1.15)
10.254.0.53 from 10.254.0.53 (10.255.1.7)
Origin IGP, localpref 100, valid, external, atomic-aggregate, best
rx pathid: 0, tx pathid: 0x0
R101#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
R19#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
SW1#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms
SW2#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/4 ms
R101#ping 172.18.1.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.18.1.254, timeout is 2 seconds:
89
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms
R101#traceroute 172.18.1.254
Type escape sequence to abort.
Tracing the route to 172.18.1.254
VRF info: (vrf in name/id, vrf out name/id)
1 10.2.100.253 1 msec 1 msec 1 msec
2 10.2.0.14 1 msec 1 msec 0 msec
3 10.2.0.42 2 msec 2 msec 2 msec
4 10.2.0.46 2 msec 2 msec 2 msec
5 172.18.2.254 2 msec * 3 msec
R101#traceroute 172.18.2.254
Type escape sequence to abort.
Tracing the route to 172.18.2.254
VRF info: (vrf in name/id, vrf out name/id)
1 10.2.100.253 2 msec 1 msec 1 msec
2 10.2.0.5 1 msec 1 msec 1 msec
3 10.254.0.73 2 msec 3 msec 2 msec
4 10.254.0.13 [MPLS: Labels 58/81 Exp 0] 3 msec 2 msec 3 msec
5 10.254.0.18 [MPLS: Labels 38/81 Exp 0] 2 msec 2 msec 3 msec
6 10.254.0.62 [MPLS: Labels 20/81 Exp 0] 4 msec 3 msec 4 msec
7 172.18.253.5 [MPLS: Label 81 Exp 0] 10 msec 3 msec 4 msec
8 172.18.253.6 3 msec 3 msec 3 msec
9 172.18.254.254 3 msec * 4 msec
R101#traceroute 172.18.254.254
Type escape sequence to abort.
Tracing the route to 172.18.254.254
VRF info: (vrf in name/id, vrf out name/id)
1 10.2.100.253 2 msec 2 msec 1 msec
2 10.2.0.5 2 msec 1 msec 2 msec
3 10.254.0.73 1 msec 2 msec 2 msec
4 10.254.0.13 [MPLS: Labels 58/27 Exp 0] 3 msec 2 msec 3 msec
5 10.254.0.18 [MPLS: Labels 38/27 Exp 0] 2 msec 3 msec 3 msec
6 10.254.0.62 [MPLS: Labels 20/27 Exp 0] 2 msec 2 msec 2 msec
7 172.18.253.5 [MPLS: Label 27 Exp 0] 3 msec 3 msec 4 msec
8 172.18.253.6 3 msec 2 msec 2 msec
9 172.18.254.254 2 msec * 4 msec
R18
Router bgp 65002
Neighbor 10.2.0.46 shutdown
R101#ping 172.18.1.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.18.1.254, timeout is 2 seconds:
!!!!!
90
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/4/5 ms
R101#traceroute 172.18.1.254
Type escape sequence to abort.
Tracing the route to 172.18.1.254
VRF info: (vrf in name/id, vrf out name/id)
1 10.2.100.253 1 msec 1 msec 1 msec
2 10.2.0.5 2 msec 1 msec 1 msec
3 10.254.0.73 2 msec 1 msec 1 msec
4 10.254.0.13 [MPLS: Labels 58/84 Exp 0] 4 msec 5 msec 3 msec
5 10.254.0.18 [MPLS: Labels 38/84 Exp 0] 4 msec 4 msec 3 msec
6 10.254.0.62 [MPLS: Labels 20/84 Exp 0] 4 msec 5 msec 4 msec
7 172.18.253.5 [MPLS: Label 84 Exp 0] 4 msec 3 msec 3 msec
8 172.18.253.6 3 msec 4 msec 4 msec
9 172.18.254.254 4 msec * 5 msec
Note: remember no shutdown bgp peer after you test backup path.
R18
Router bgp 65002
no neighbor 10.2.0.46 shutdown
91
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.