1 Wichita State University Department of Electrical and Computer Engineering CCIE Preparation Laboratory WSU CCIE Lab #2 Advanced Multiprotocol Skills Lab Version 4.01.1-324, 11-6-2000 • Configure the network using network 138.10.x.x • Use an 8 bit subnet mask unless otherwise specified • If a password is needed, use cisco for the password • At the end of each exercise, verify connectivity between all devices R4 Frame Relay OSPF area 0 ISDN /28 Ring 2 /27 OSPF area 5 Ring 1 VLAN 25 OSPF area 2 Backbone 2 160.100.2.1 /24 Diagram 1: Network Backbone 1 160.200.1.1 /24 IGRP EIGRP Class B: 138.10.X.X R3 R2 R6 R7 ATM /30 2 Diagram 2: Frame Relay Setup TERMINAL SERVER Setup R5 as the terminal server, so that all routers can be accessed via reverse telnet. R5’s asynchronous serial lines are connected as follows: R2 – line 2002 R3 – line 2003 R4 – line 2004 SW1 – line 2005 R6 – line 2006 R7 – line 2007 dlci 110 R2 R7 R6 R3 S3/0 S3/1 S3/2 S3/3 R8 dlci 110 dlci 110 dlci 100 dlci 140 dlci 104 3 NETWORK DIAGRAM Make a network diagram that includes all addresses, frame relay DLCI’s and other pertinent information. IP ADDRESSING Use the class B network address 138.10.0.0 throughout the network, except on the backbone interfaces. Use the subnet masks shown on diagram 1. If a subnet mask is not given for an interface, use /24. For Backbone 1 use the address 160.200.1.1 /24. For Backbone 2 use the address 160.100.2.1 /24. FRAME RELAY R8 is configured as the frame-relay switch. Configure frame relay between R6, R2, R3 and R7. Refer to diagram 2 for the DLCI routing setup on the frame switch. • The PVC between R2 and R6 should be on its own subnet. • Use 1 PVC between R2 and R3, and one PVC between R2 and R7. • The PVC’s between R2, R3 and R7 should be on a single subnet. • For the PVC between R2 and R6, let the average and peak rates of transmission be 32Kbps and 64Kbps respectively. VLAN Configure the switch so that R7 and R3’s ethernet interfaces are in VLAN 25. • Set the switch’s VTP domain to WSU. • Configure the switch so that you can ping any device on VLAN 25’s subnet from the switch. • Ensure that if another switch were added to VLAN 25 your switch would be the root switch. • Set the forwarding delay on VLAN 25 to 10 seconds. OSPF Configure OSPF for the frame relay links between R2, R3 and R7, for VLAN 25 and for Ring 2. • The frame relay network should be in area 0. • VLAN 25 should be in area 2. • Ring 2 should be in area 5. • Configure MD5 authentication in area 2. • The rest of the network should not see the 160.100.2.0 network. IGRP & EIGRP Configure IGRP on R6 and the frame relay link between R6 and R2. Configure EIGRP on R4, over the serial link and on Backbone 1. Backbone 1 should not receive routing updates from R4. 4 REDISTRIBUTION Redistribute so that all routes, except Backbone 2, are visible on all routers. ISDN Configure the ISDN link between R2 and R3 as a backup for the frame relay network. Do not use floating static routes, or the ‘backup interface’ command. • R2 should call R3. • Should the frame network go down all routes should still be visible on both R2 and R3. • The link should come up for any network topology changes. • Broadcast traffic should not bring the link up. • Use CHAP authentication. BGP Configure BGP on R2. • R2 should be in AS 2. • There is a BGP router on Backbone 2. Its AS is 20 and its IP address is 160.100.2.20. R2 should establish an EBGP session with this router. • Filter on R2 such that routes that pass through AS 40 are not accepted into AS 2. Configure IBGP on R7 and R4. • Both routers should be in AS 2. • BGP should not be synchronized. • R7 should be peered with both R2 and R4. • R4 should be peered only with R7. R2 should be peered only with R7 and the external router. • R4 should see the routes from AS 20. • Configure R2 so that it advertises only the aggregate route 192.10.0.0 to the other routers in AS 2. NTP Configure Network Timing Protocol (NTP) on all routers and the Catalyst switch. The UNIX NTP server is at 160.100.2.60, and its clock is synchronized for UTC. All clocks should read Central Standard Time (CST). HSRP Configure HSRP for VLAN 25. If the switched ethernet connection to R3 goes down R7 should pick up the connection and visa versa. Test your configuration with the Catalyst switch. 5 FIREWALL Configure R7 as a firewall between R4 and the rest of the network. Apply all access lists in on R7’s HDLC serial interface. • All routing traffic should be permitted. • NTP should still work through the firewall. • The rest of the network should be able to ping R4. • The Traceroute utility should work through the firewall. • After it authenticates, with a password at R7, R4 should be able to ping any router in the network. If R4 has not authenticated, it should not be able to ping through the firewall. • All other IP traffic from R4 should be denied. DLSW+ Configure DLSW+ between ring 1 and Backbone 1. • R6 should not have a remote peer statement. • The connection should use TCP for transport. Make any changes necessary on the firewall. • Configure DLSW+ for R3’s ethernet. • R3 should have a peer connection to R4. • If the LLC2 connection between R4 and R3 should go down R4 should setup a peer connection with R7 so that bridging is not disrupted. When the connection between R3 and R4 is again established the connection to R7 should be dropped. • There are two Netbios hosts on Backbone 1, MOZART and BACH. Filter so that R3 and R6 only see MOZART. IPX Configure IPX on each of the routers. Do not configure IPX on any loopbacks. • Use RIP/SAP routing on all of R4’s interfaces, on the serial link, over the ISDN link and on Backbone 1. • Use EIGRP on all other interfaces. • All routes should be visible on all routers. • The ISDN link should only come up periodically for routing updates. • There are SAPs being advertised on Backbone 1, only allow IPXSERV1 to be seen by the rest of the network. • There is a router advertising routes on Backbone 1, allow only the networks 0xEC00 through 0xECFF to be seen by the rest of the network. • Novell hosts on Ring 1 should not be able to learn about IPXSERV1, but any routers on Ring 1 should still receive advertisements for IPXSERV1. APPLETALK Configure AppleTalk on all routers. Do no configure AT on the Backbones or over the ISDN link. • Wherever possible use EIGRP as the routing protocol. • Configure Ring 1 and Ring 2 in the same zone. • Filter on R7, such that R4 sees the cable-ranges for Ring 1 and 2 but does not see their zone. 6 VOICE Configure VoIP between R4 and R6. R4 should be able to make a clear call to R6, provide any QoS needed. Use 4401 as the number for the 1 st FXS port and 4402 for the 2 nd FXS port on R4. Use 6601 as the number for the 1 st FXS port and 6602 for the 2 nd FXS port on R6. Any port should be able to dial any other port. Guaranty the across the network. Make any changes necessary on the firewall. VPN Configure a VPN between R7 E0 and R6 ATM 2/0. A few clients on VLAN 25 have been configured with 192.2.80.1 as there default gateway. Provide access for these clients to the 192.2.0.0 network. ATM Configure R6’s ATM interface with the IP address 192.2.Y.6 /24, where Y is the rack #. Use PVC 10Y, where Y is the rack #. RIP R6 should receive IP RIP route from the ATM cloud. Only R6 and R7 are to know about these routes for the 192.2.0.0 network. Both of these routers must be able to ping 192.2.3.1.