Zoom Technologies - Cisco Certified Network Professional

Zoom Technologies CCNP Lab Guide Zoom Technologies Cisco Certified Network Professional Lab Guide Name _ Faculty Batch Date _ Zoom Technologies CCNP Lab Guide INDEX EIGRP OSPF - ISIS 10 REDISTRIBUTION 14 BGP 19 MULTICASTING -29 IPv6 - 30 ADSL 34 VPN 36 IDS/IPS 39 FIREWALL - -40 AAA, SYSLOG, SNMP -41 MPLS 43 VLAN- 46 STP -49 Advanced STP -51 INTERVLAN ROUTING 53 HSRP -57 GLBP 59 SWITCH SECURITY -61 VOIP -64 QOS -67 WLAN 69 Zoom Technologies CCNP Lab Guide Zoom Technologies CCNP Lab Guide Important Notes How to telnet (for ZOOM CCNP Lab only) First make sure your IP address matches the one on the label on your monitor If different, please change it to the correct address Telnet to the Access-server IP address 192.168.0.1 In case you are using router number is ‘A’ , where ‘A’ can be value from to 16, in the access-server enter the following command For example, when using the first router the command must look like this Access-server1#clear line [confirm] [OK] Keeping the current telnet window open, open another command prompt to telnet to your router Enter the following command to telnet to your router C:\>telnet 192.168.0.1 200A In case you fail to connect to the router, follow steps to again NOTE: During the configuration in few of the labs, you might encounter ip addresses with the value ‘X’ in it You will have to replace ‘X’ with a number according to the router you will be configuring These are the values for X for the following routers INDIA SRILANKA MALAYSIA POLAND X=1 RUSSIA FRANCE THAILAND SPAIN SUDAN CHINA ALGERIA NIGERIA TANZANIA X=2 MONGOLIA JAPAN HONGKONG X=3 X=4 Zoom Technologies CCNP Lab Guide EIGRP *Configure the bandwidth on the WAN interfaces as per the given diagram and initiate EIGRP routing protocol on all the routers in autonomous system 65000 RA1#conf t RA1(config)#interface serial 1/0 RA1(config-if)#bandwidth 128 RA1(config)#interface serial 1/1 RA1(config-if)#bandwidth 128 RA1(config-if)#exit RA1(config)#router eigrp 65000 RA1(config-router)#network 10.0.0.0 RA1(config-router)#network 192.168.X.0 RA1(config-router)#network 172.16.0.0 RA1(config-router)#end RA2#conf t RA2(config)#interface serial RA2(config-if)#bandwidth 128 RA2(config-if)#interface serial RA2(config-if)#bandwidth 128 RA2(config-if)#exit RA2(config)#router eigrp 65000 RA2(config-router)#network 192.168.X.0 RA2(config-router)#network 20.0.0.0 RA2(config-router)#end RA3(config)#interface serial RA3(config-if)#bandwidth 64 RA3(config-if)#interface serial 1|Page Zoom Technologies CCNP Lab Guide RA3(config-if)#bandwidth 128 RA3(config-if)#exit RA3(config)#router eigrp 65000 RA3(config-router)#network 192.168.X.0 RA3(config-router)#network 30.0.0.0 RA3(config-router)#end RA4(config)#interface serial RA4(config-if)#bandwidth 128 RA4(config-if)#interface serial RA4(config-if)#bandwidth 64 RA4(config-if)#exit RA4(config)#router eigrp 65000 RA4(config-router)#net 192.168.X.0 RA4(config-router)#net 40.0.0.0 RA4(config-router)#end *Verification of EIGRP RA#show ip protocol RA#show ip eigrp neighbor RA#show ip eigrp topology RA#show ip route *Check the auto summarization of your loopback networks in your neighbor’s routing table by telnetting on their WAN IP All the Loopback interfaces networks appear as one network with the default class-full subnet mask RA4#show ip route Router#conf t Router(config)#router eigrp 65000 Router(config-router)#no auto-summary Router(config-router)#end *Check the output in neighbor router to find the Loopbacks advertised individually RA4#show ip route *Manual summarization has to be configured on a per-interface basis Calculate the summarized network ID manually and advertise it on all the interfaces of the router as follows Router (config)#interface serial 0/1/0 Router (config-if)#ip summary-address eigrp 65000 10.X.0.0 255.255.252.0 Router (config)#interface serial 0/1/1 Router (config-if)#ip summary-address eigrp 65000 10.X.0.0 255.255.252.0 Router (config-if)#interface serial 0/2/0 Router (config-if)#ip summary-address eigrp 65000 10.X.0.0 255.255.252.0 2|Page Zoom Technologies CCNP Lab Guide *Check the output in neighbor’s routing table to find the summarized address with the customized subnet mask that you advertised RA4#show ip route VARIANCE RA3#show ip eigrp topology RA3#show ip route You will find the successors and feasible successors in the topology table but only the successor routes in the routing table To use the feasible successor also, we have to enable variance This can be configured only on the routers with feasible successors available in the topology table RA3# conf t RA3(config)#router eigrp 65000 RA3(config-router)#variance RA3(config-router)#end RA3#clear ip route * RA3#show ip route AUTHENTICATION Check the eigrp-neighbor table to note your neighbors First configure authentication on one of your serial interfaces, you will not be able to see the neighboring router on that interface The neighbor router will be shown in the neighbor table only if authentication has been enabled on its corresponding interface too RA1#show ip eigrp neighbor RA1(config)#key chain zoom RA1(config-keychain)#key RA1(config-keychain-key)#key-string zoom123 RA1(config-keychain-key)#exit RA1(config-keychain)#exit RA1(config)#interface serial 0/1/0 RA1(config-if)#ip authentication mode eigrp 65000 md5 RA1(config-if)#ip authentication key-chain eigrp 65000 zoom RA1(config-if)#end RA2(config)#key chain ccnp RA2(config-keychain)#key RA2(config-keychain-key)#key-string zoom123 RA2(config-keychain-key)#exit RA2(config-keychain)#exit RA2(config)#interface serial RA2(config-if)#ip authentication mode eigrp 65000 md5 RA2(config-if)#ip authentication key-chain eigrp 65000 ccnp RA2(config-if)#end RA1#show ip eigrp neighbor 3|Page Zoom Technologies CCNP Lab Guide OSPF *Configure all the routers in OSPF area Shown below are the different possible ways of advertising the directly connected networks in the OSPF process You may use any of the following methods to advertise your connected networks RA1(config)#router ospf RA1(config-router)#network 192.168.X.16 0.0.0.15 area RA1(config-router)#network 192.168.X.80 0.0.0.3 area RA1(config-router)#network 192.168.X.92 0.0.0.3 area RA1(config-router)#network 172.16.1.Y 0.0.0.3 area RA1(config-router)#end RA2#conf t RA2(config)#router ospf RA2(config-router)#net 192.168.X.0 0.0.0.255 area RA2(config-router)#end RA3(config)#router ospf RA3(config-router)#net 0.0.0.0 255.255.255.255 area RA3(config-router)#end RA4(config)#router ospf RA4(config-router)#net 192.168.X.0 0.0.0.255 area RA4(config-router)#end RA#show ip protocol RA#show ip ospf neighbor RA#show ip ospf database RA#show ip route 4|Page Zoom Technologies CCNP Lab Guide DR and BDR Election *Remove any previous routing configuration and configure all routers’ Ethernet interface ip addresses in the same network as shown in the diagram and advertise the networks in OSPF area RA4(config)#no ip routing RA4(config)#ip routing RA4(config)#interface ethernet RA4(config-if)#ip add 192.168.X0.4 255.255.255.0 RA4(config-if)#ip ospf priority RA4(config)#router ospf RA4(config-router)#net 192.168.X0.0 0.0.0.255 area RA4(config-router)#end RA3(config)#no ip routing RA3(config)#ip routing RA3(config)#interface ethernet RA3(config-if)#ip address 192.168.X0.3 255.255.255.0 RA3(config-if)#ip ospf priority 20 RA3(config-if)#exit RA3(config)#router ospf RA3(config-router)#network 192.168.X0.0 0.0.0.255 area RA3(config-router)#end RA2(config)#no ip routing RA2(config)#ip routing RA2(config)#interface ethernet RA2(config-if)#ip add 192.168.X0.2 255.255.255.0 RA2(config-if)#ip ospf priority 50 RA2(config-if)#exit RA2(config)#router ospf RA2(config-router)#net 192.168.X0.0 0.0.0.255 area RA2(config-router)#end RA1(config)#no ip routing RA1(config)#ip routing RA1(config)#interface fa 0/0 RA1(config-if)#ip add 192.168.X0.1 255.255.255.0 RA1(config-if)#ip ospf priority 100 RA1(config-if)#exit RA1(config)#router ospf RA1(config-router)#net 192.168.X0.0 0.0.0.255 area RA4#show ip ospf neighbor 5|Page Zoom Technologies CCNP Lab Guide *Use the show ip ospf neighbor command to find the DR and BDR in the neighbor table In case of the wrong routers elected as the DR and BDR, restart the election process; clear the OSPF process on all the routers at the same time RA3#clear ip ospf process Reset ALL OSPF processes? [no]: y RA4#show ip ospf neighbor AUTHENTICATION - MD5 *Configure OSPF authentication on router to accept updates only from authenticated OSPF neighbors RA1(config)#router ospf RA1(config-router)#area authentication message-digest RA1(config-router)#exit RA1(config)#interface fa 0/0 RA1(config-if)#ip ospf message-digest-key md5 zoom123 RA2(config)#router ospf RA2(config-router)#area authentication message-digest RA2(config-router)#exit RA2(config)#interface ethernet RA2(config-if)#ip ospf message-digest-key md5 zoom123 *Verify by checking the routing table to see from which routers you receive updates RA1#show ip route RA2#show ip route 6|Page Zoom Technologies CCNP Lab Guide *Configuring Inter-VLAN routing with the help on an external router * This method is also called Router-On-Stick This is done by connecting the switch to the routers Ethernet/Fastethernet port That Ethernet port is then logically divided into sub-interfaces Each sub-interface in turn acts as a gateway for each of the VLANs Switch configuration *Configure the numbers of vlan as per requirement and implement in layer switch S2950-229(config)#vlan 10 S2950-229(config-vlan)#exit S2950-229(config)#vlan 20 S2950-229(config-vlan)#vlan 30 S2950-229(config-vlan)#exit S2950-229(config)#interface fa 0/12 S2950-229(config-if)#switchport mode access S2950-229(config-if)#switchport access vlan 10 S2950-229(config-if)#exit S2950-229(config)#interface fa 0/14 S2950-229(config-if)#switchport mode access S2950-229(config-if)#switchport access vlan 20 S2950-229(config-if)#exit S2950-229(config)#interface fa 0/16 S2950-229(config-if)#switchport mode access S2950-229(config-if)#switchport access vlan 30 55 | P a g e Zoom Technologies CCNP Lab Guide *The port on the switch connected to the router must be configured as a trunk port since it carries information from more than one VLAN S2950-229(config)#interface fa 0/3 S2950-229(config-if)#switchport mode trunk S2950-229(config-if)#end Router Configuration *On the router’s Ethernet interface, remove the ip address and create subinterfaces as given below Each sub-interface has to be configured with the right encapsulation so that it can interpret the data coming from the trunk port of the switch Sudan#conf t Sudan(config)#ip routing Sudan(config)#interface fa 0/1 Sudan(config-if)#no ip address Sudan(config-if)#no shutdown Sudan(config-if)#exit Sudan(config)#interface fa 0/1.1 Sudan(config-subif)#encapsulation dot1q native Sudan(config-subif)#ip address 192.168.0.50 255.255.255.0 Sudan(config-subif)#exit Sudan(config)#interface fa 0/1.10 Sudan(config-subif)#encapsulation dot1q 10 Sudan(config-subif)#ip address 192.168.10.1 255.255.255.0 Sudan(config-subif)#exit Sudan(config)#interface fa 0/1.20 Sudan(config-subif)#encapsulation dot1q 20 Sudan(config-subif)#ip address 192.168.20.1 255.255.255.0 Sudan(config-subif)#exit Sudan(config)#interface fa 0/1.30 Sudan(config-subif)#encapsulation dot1q 30 Sudan(config-subif)#ip address 192.168.30.1 255.255.255.0 Sudan(config-subif)#exit *Verify by using the following commands and also by pinging from a PC in one VLAN to a PC in another VLAN R#show ip route S#show vlan S#show interface trunk 56 | P a g e Zoom Technologies CCNP Lab Guide HSRP *In this practical, we configure two routers connected on the same LAN network with HSRP By doing that, the two routers create a Virtual Router with a VirtualIP that we mention in the configuration This virtual-IP is to be used as the default-gateway to the devices in the LAN *Make sure that both router’s LAN interface belongs to the same network and both routers are configured with the same standby group Sudan#conf t Sudan(config)#interface fa 0/0 Sudan(config-if)#ip address 192.168.1X0.100 255.255.255.0 Sudan(config-if)#no shutdown Sudan(config-if)#standby X0 ip 192.168.1X0.1 Sudan(config-if)#standby X0 priority 150 Sudan(config-if)#standby X0 preempt Sudan(config-if)#exit Sudan(config)#ip route 192.168.0.0 255.255.255.0 s 0/2/0 Poland#conf t Poland(config)#interface fa 0/0 Poland(config-if)#ip address 192.168.1X0.200 255.255.255.0 Poland(config-if)#no shutdown Poland(config-if)#standby X0 ip 192.168.1X0.1 Poland(config-if)#standby X0 priority 120 Poland(config-if)#standby X0 preempt Poland(config-if)#exit Poland(config)# ip route 192.168.0.0 255.255.255.0 s 0/2/0 CORE#conf t CORE(config)# ip route 192.168.1X0.0 255.255.255.0 s CORE(config)# ip route 192.168.1X0.0 255.255.255.0 s 57 | P a g e Zoom Technologies CCNP Lab Guide *Verify using the following command, which router is the ACTIVE router and which router is the STANDBY Router#show standby *Shutdown the Ethernet interfaces of the active (Sudan) Router and verify which router now becomes the ACTIVE router Sudan#conf t Sudan(config)#interface fa 0/0 Sudan(config-if)#shutdown Sudan(config-if)#end *Bring up the Ethernet interface again and now configure interface tracking in Sudan router Sudan#conf t Sudan(config)#interface fa 0/0 Sudan(config-if)#no shutdown Sudan(config-if)#standby X0 track serial 0/2/0 50 *The above statement implies that for group X0, if the interface serial 0/2/0 goes down, decrease the standby priority of this router by a value of 50 such that the other router, now, has the higher priority and it becomes the ACTIVE router *Shutdown the serial 0/2/0 interface and verify the output Sudan(config)#interface Serial 0/2/0 Sudan(config-if)# shutdown Router#show standby 58 | P a g e Zoom Technologies CCNP Lab Guide GLBP *In this practical, we configure two routers connected on the same LAN network with GLBP By doing that, the two routers create a Virtual Router with a VirtualIP that we mention in the configuration This virtual-IP is to be used as the default-gateway to the devices in the LAN *Make sure that both router’s LAN interface belongs to the same network and both routers are configured with the same standby group Sudan(config)#interface fa 0/0 Sudan(config-if)#ip address 192.168.1X0.100 255.255.255.0 Sudan(config-if)#no shutdown Sudan(config-if)#glbp X0 ip 192.168.1X0.1 Sudan(config-if)#exit Sudan(config)# ip route 192.168.0.0 255.255.255.0 s 0/2/0 Poland(config)#interface fa 0/0 Poland(config-if)#ip address 192.168.1X0.200 255.255.255.0 Poland(config-if)#no shutdown Poland(config-if)#glbp X0 ip 192.168.1X0.1 Poland(config-if)#exit Poland(config)# ip route 192.168.0.0 255.255.255.0 s 0/2/0 CORE#conf t CORE(config)# ip route 192.168.1X0.0 255.255.255.0 s CORE(config)# ip route 192.168.1X0.0 255.255.255.0 s 59 | P a g e Zoom Technologies CCNP Lab Guide *Verify using the following command, which router is the ACTIVE router Router#sh glbp *Shutdown the Ethernet interfaces of the active (Sudan) Router and verify the output Sudan#conf t Sudan(config)#interface fa 0/0 Sudan(config-if)#shutdown Sudan(config-if)#end *Bring up the Ethernet interface again and now configure interface tracking in Sudan router Sudan#conf t Sudan(config)#track 50 interface serial 0/2/0 line-protocol Sudan(config-track)#exit Sudan(config)#interface fa 0/0 Sudan(config-if)#glbp X0 weighting track 50 decrement 100 *Configure using the following commands to reduce the preempt delay in both the routers Sudan(config-if)#glbp X0 forwarder preempt delay minimum Sudan(config-if)#end *Reducing the preempt delay in Poland Poland (config-if)#glbp X0 forwarder preempt delay minimum *Shutdown the serial 0/2/0 interface in Sudan router and verify the output Sudan#conf t Sudan(config)#interface s 0/2/0 Sudan(config-if)# shutdown 60 | P a g e Zoom Technologies CCNP Lab Guide PORT-SECURITY Fa 0/12 Mac-address xxxx.xxxx.xxxx *This practical is to configure port-security on a switch by binding the macaddress of a PC to a particular port By doing so, we allow only that PC to work on that port Any other PC trying to use that port is not allowed to so since it would be having a different mac-address S3560#conf t S3560(config)#interface fa 0/12 S3560(config-if)#switchport mode access S3560(config-if)#switchport port-security S3560(config-if)#switchport port-security mac-address xxxx.xxxx.xxxx S3560(config-if)#switchport port-security violation shutdown *You can verify the output by disconnecting the PC from the port and connecting another PC to the same port and trying to start communication on it You will find that as soon as the new PC tries to establish communication, the port goes into an err-disabled state and is shut down S3560#show port-security S3560#show interface status S3560#show port-security interface fa 0/12 61 | P a g e Zoom Technologies CCNP Lab Guide VACL *Two PCs belonging to the same VLAN on the same switch can communicate with each other by default In cases where we not want them to communicate and there is no router available to configure access-lists, we can configure VLAN access-lists or VACL * Assign 192.168.0.3 and 192.168.0.203 ports in vlan 10 They can ping each other normally The required scenario here is that the ping request from the pc192.168.0.3 to pc-192.168.0.203 should not happen and the ping request from pc192.168.0.203 to pc-192.168.0.3 must be allowed S3560(config)#access-list 110 permit icmp host 192.168.0.3 host 192.168.0.203 echo S3560(config)#vlan access-map zoom 10 S3560(config-access-map)#match ip address 110 S3560(config-access-map)#action drop S3560(config-access-map)#exit S3560(config)#vlan access-map zoom 20 S3560(config-access-map)#exit S3560(config)#vlan filter zoom vlan-list 10 *Verify the output by having ping ON between the two machines 62 | P a g e Zoom Technologies CCNP Lab Guide DOT1X AUTHENTICATION *An open port is open for anybody to connect their device and start communication with the LAN Our goal here is to authenticate any user that connects to the switch and allow access only if he is properly authenticated Authentication is done with the help of a AAA server *Make sure the test-PC is enabled for dot1x authentication s2950-229(config)#aaa new-model s2950-229(config)#aaa authentication dot1x default group radius s2950-229(config)#dot1x system-auth-control s2950-229(config)#radius-server host 192.168.0.3 key zoom123 s2950-229(config)#interface fa 0/16 s2950-229(config-if)#switchport mode access s2950-229(config-if)#dot1x port-control auto s2950-229(config-if)#exit *Verify using the following commands and also by disconnecting and connecting the device from the switch and then going through the authentication process when prompted s2950-229#show dot1x all 63 | P a g e Zoom Technologies CCNP Lab Guide VOIP *To enable VOIP, the pre-requisite is to have routing enabled on the network between the different voice devices For that, we are configuring EIGRP protocol between routers India and Sudan INDIA#conf t INDIA(config)#router eigrp 100 INDIA(config-router)#network 192.168.1.0 INDIA(config-router)#net 172.16.0.0 INDIA(config-router)#end CORE#conf t CORE(config)#no ip routing CORE(config)#ip routing CORE(config)#router eigrp 100 CORE(config-router)#network 172.16.0.0 CORE(config-router)#end Sudan#conf t Sudan(config)#no ip routing Sudan(config)#ip routing Sudan(config)#router eigrp 100 Sudan(config-router)#net 172.16.0.0 Sudan(config-router)#net 192.168.100.0 Sudan(config-router)#exit Sudan(config)#interface fa 0/1 Sudan(config-if)#ip address 192.168.100.1 255.255.255.0 Sudan(config-if)#no shut Sudan(config-if)#end 64 | P a g e Zoom Technologies CCNP Lab Guide *Router INDIA has two FXS ports to which two analog phones are connected Below is the configuration for assigning phone numbers to the analog phones by configuring the dial-peer as POTS (plain old telephone system) INDIA(config)#dial-peer voice 10 pots INDIA(config-dial-peer)#destination-pattern 2001 INDIA(config-dial-peer)#port 2/0/0 INDIA(config-dial-peer)#exit INDIA(config)#dial-peer voice 20 pots INDIA(config-dial-peer)#destination-pattern 2002 INDIA(config-dial-peer)#port 2/0/1 INDIA(config-dial-peer)#exit *Verify the output by dialing the extension number from one to another phone *Here we have to configure the call routing from India to Sudan It mentions the destination IPV4 network to which the VOIP packets have to be routed if a call to the mentioned phone number has to be made INDIA(config)#dial-peer voice 30 voip INDIA(config-dial-peer)#destination-pattern 300 INDIA(config-dial-peer)#session target ipv4:172.16.1.5 INDIA(config-dial-peer)#end *Below is the configuration of Sudan router to which two IP phones have been connected *First we have to configure a DHCP pool from which an ip-address will be assigned to the IP phone Sudan(config)#ip dhcp pool voip Sudan(dhcp-config)#network 192.168.100.0 Sudan(dhcp-config)#default-router 192.168.100.1 Sudan(dhcp-config)#option 150 ip 192.168.100.1 Sudan(dhcp-config)#exit Sudan(config)# ip dhcp excluded-address 192.168.100.1 *Below is the configuration for telephony-service where we configure various parameters such as number of dial-numbers and ephones, assigning of phone numbers to the e-phones and binding the mac-address of the ip-phone to the ephone Sudan(config)#telephony-service Sudan(config-telephony)#max-dn 10 Sudan(config-telephony)#max-ephone Sudan(config-telephony)#ip source-address 192.168.100.1 Sudan(config-telephony)#exit Sudan(config)#ephone-dn Sudan(config-ephone-dn)#number 3001 Sudan(config-ephone-dn)#name zoom 65 | P a g e Zoom Technologies CCNP Lab Guide Sudan(config-ephone-dn)#exit Sudan(config)#ephone-dn Sudan(config-ephone-dn)#number 3002 Sudan(config-ephone-dn)#name ccnp Sudan(config-ephone-dn)#exit Sudan(config)#ephone-dn Sudan(config-ephone-dn)#number 3003 Sudan(config-ephone-dn)#name ccna Sudan(config-ephone-dn)#exit Sudan(config)#ephone-dn Sudan(config-ephone-dn)#number 3004 Sudan(config-ephone-dn)#name cisco Sudan(config-ephone-dn)#exit Sudan(config)#ephone Sudan(config-ephone)# mac-address ****.****.**** Sudan(config-ephone)#button 1:1 Sudan(config-ephone)#exit Sudan(config)#ephone Sudan(config-ephone)#mac-address ****.****.**** Sudan(config-ephone)#button 1:2 Sudan(config-ephone)#exit *Here we have to configure the call routing from Sudan to India It mentions the destination Ipv4 network to which the VOIP packets have to be routed if a call to the mentioned phone number has to be made Sudan(config)#dial-peer voice 10 voip Sudan(config-dial-peer)#destination-pattern 200 Sudan(config-dial-peer)#session target ipv4:172.16.1.1 Sudan(config-dial-peer)#exit 66 | P a g e Zoom Technologies CCNP Lab Guide QOS *Initially, configure routing between the LANs of the two routers The LAN of India router contains the HTTP and FTP server and the LAN of CORE router contains the client PCs from where the resources will be accessed India#config t India(config)#ip route 192.168.0.0 255.255.255.0 s1/2 India(config)#exit CORE#config t CORE(config)#ip route 0.0.0.0 0.0.0.0 s CORE(config)#exit CORE(config)#int s0 CORE(config-if)#clock rate 1000000 CORE(config-if)#end *Using the above configuration, we have enabled routing between the two networks and also configured the rate of flow over the serial interface between the routers to be of 1Mbps *We now need to monitor the rate of flow two types of traffic, one HTTP and the other FTP For this, we use a download manager software on the client side PC to observe the download speed of each type of traffic *You might observe that when we have traffic via both the protocols, they share the available bandwidth equally, but in absence of the one, the other takes up the entire bandwidth Our aim is to allocate certain amount of bandwidth to each type of traffic For this, we need to configure QOS in the INDIA router *Step1: Create separate class-maps for each type of traffic by matching it by the protocol it is using INDIA(config)#class-map httpclass INDIA(config-cmap)#match protocol http INDIA(config-cmap)#exit 67 | P a g e Zoom Technologies CCNP Lab Guide INDIA(config)#class-map ftpclass INDIA(config-cmap)#match protocol ftp INDIA(config-cmap)#exit *Create a policy-map to define what has to be done with each type of traffic that have been defined in the class-maps INDIA(config)#policy-map ccnpqos INDIA(config-pmap)#class httpclass INDIA(config-pmap-c)#bandwidth percent 10 INDIA(config-pmap-c)#exit INDIA(config-pmap)#class ftpclass INDIA(config-pmap-c)#bandwidth percent 60 INDIA(config-pmap-c)#exit INDIA(config-pmap)#exit *The policy-map now has to be implemented on the proper interface in the proper direction on the router close to the source of the traffic INDIA(config)#interface serial 1/2 INDIA(config-if)#service-policy output ccnpqos INDIA(config-if)#end *You will observe that in absence of traffic from one protocol, the other takes up the entire bandwidth To prevent this, we can configure ‘policing’ to limit the bandwidth usage of a certain type of data flow to a fixed value INDIA(config)#policy-map ccnpqos INDIA(config-pmap)#class httpclass INDIA(config-pmap-c)# police rate percent 10 INDIA(config-pmap-c-police)#exceed-action drop INDIA(config-pmap-c-police)#end *Now you will observe that even though you stop the FTP data, the HTTP download does not cross 10% of the total available bandwidth 68 | P a g e Zoom Technologies CCNP Lab Guide WIRELESS LAN *For a wireless router, there are two main interfaces One wired and the other wireless The wired interface is the VLAN interface where users from the LAN can be connected to the router The wireless interface is the radio antenna through which users with wireless end systems can connect to the router *Configure an ip address on the Dot11Radio interface adslrouter#config t adslrouter(config)# interface Dot11Radio adslrouter(config-if)#ip address 192.168.200.1 255.255.255.0 *Configuring SSID and broadcast Users trying to connect to the wireless network now will be able to connect without any authentication adslrouter(config-if)#ssid ccnp adslrouter(config-if-ssid)#guest-mode adslrouter(config-if-ssid)#authentication open adslrouter(config-if-ssid)#exit adslrouter(config-if)#channel 11 adslrouter(config-if)#speed default *In case we require the users trying to connect to the wireless network to be authenticated before they can access the resources, we can configure the authentication mode and key in the following way adslrouter(config-if)#encryption mode wep mandatory adslrouter(config-if)#encryption key size 128 01234567899876543210012345 adslrouter(config-if)#exit *Configure a DHCP pool on the wireless router to assign ip address to any user trying to connect to the router through the wireless network adslrouter(config)#ip dhcp pool wireless adslrouter(dhcp-config)#network 192.168.200.0 255.255 adslrouter(dhcp-config)#default-router 192.168.200.1 adslrouter(dhcp-config)#dns-server 192.168.200.1 69 | P a g e [...]... RA3(config-route-map)#match ip address 21 RA3(config-route-map)#set metric 500 RA3(config-route-map)#set metric-type type-2 RA3(config-route-map)#exit RA3(config)#route-map zoom deny 20 RA3(config-route-map)#match ip address 22 RA3(config-route-map)#exit RA3(config)#route-map zoom permit 30 RA3(config-route-map)#match ip address 23 RA3(config-route-map)#set metric-type type-1 RA3(config-route-map)#set... RA3(config-route-map)#exit RA3(config)#route-map zoom permit 40 RA3(config-route-map)#match ip address 24 RA3(config-route-map)#set metric 250 RA3(config-route-map)#set metric-type type-2 RA3(config-route-map)#exit 17 | P a g e Zoom Technologies CCNP Lab Guide RA3(config)#route-map zoom permit 50 RA3(config-route-map)#set metric 2000 RA3(config-route-map)#set metric-type type-2 RA3(config-route-map)#exit... RA1(config)#route-map R1toR2 permit 20 RA1(config-route-map)#exit RA1(config)#route-map R1toR4 permit 10 RA1(config-route-map)#match ip address 40 42 RA1(config-route-map)#set local-preference 600 RA1(config-route-map)#exit RA1(config)#route-map R1toR4 permit 20 RA1(config-route-map)#exit 25 | P a g e Zoom Technologies CCNP Lab Guide *Implement the route-map by defining one route-map for each neighbor in the appropriate... RA3(config-router)#neighbor 192.168.X.85 remote-as 650X5 27 | P a g e Zoom Technologies CCNP Lab Guide RA3(config-router)#neighbor 192.168.X.90 remote-as 650X5 RA3(config-router)#neighbor 192.168.X.85 route-reflector-client RA3(config-router)#neighbor 192.168.X.90 route-reflector-client RA3(config-router) #network 30.X.0.0 mask 255.255.255.0 RA3(config-router) #network 30.X.1.0 mask 255.255.255.0 RA3(config-router) #network. .. 20 RA1(config-router) #network 192.168.X.80 0.0.0.3 RA1(config-router) #network 192.168.X.16 0.0.0.15 RA1(config-router)#exit RA2(config)#router eigrp 20 RA2(config-router) #network 192.168.X.80 RA2(config)#router rip RA2(config-router)#version 2 RA2(config-router)#no auto-summary RA2(config-router)#net 192.168.X.0 RA2(config-router) #network 20.0.0.0 RA2(config-router)#end 14 | P a g e Zoom Technologies. .. RA2(config-route-map)#set metric 50 RA2(config-route-map)#exit RA2(config)#route-map med-alg permit 20 RA2(config-route-map)#exit RA2(config)#router bgp 650X5 RA2(config-router)#neighbor 192.168.X.81 route-map med-alg out RA2(config-router)#end RA2#clear ip bgp 192.168.X.81 RA4(config)#access-list 30 permit 30.X.0.0 0.0.0.255 RA4(config)#access-list 31 permit 30.X.1.0 0.0.0.255 RA4(config)#route-map med-tan... RA2(config-router) #network 20.X.0.0 0.0.255.255 area 10 RA2(config-router)#exit RA3(config)#router ospf 3 RA3(config-router) #network 192.168.X.0 0.0.0.255 area 10 RA3(config-router)#exit RA3(config)#router rip RA3(config-router)#version 2 RA3(config-router) #network 30.0.0.0 RA3(config-router)#no auto-summary RA3(config-router)#exit 7|Page Zoom Technologies CCNP Lab Guide RA4(config)#router ospf 4 RA4(config-router) #network. .. RA1(config-router) #network 192.168.X.80 0.0.0.3 area 0 RA1(config-router) #network 192.168.X.92 0.0.0.3 area 20 RA1(config)#router EIGRP 100 RA1(config-router)#no auto-summary RA1(config-router) #network 10.0.0.0 RA1(config-router)#exit RA2(config)#router ospf 2 RA2(config-router) #network 192.168.X.80 0.0.0.3 area 0 RA2(config-router) #network 192.168.X.32 0.0.0.15 area 10 RA2(config-router) #network 192.168.X.84... mentioned networks RA1(config)#access-list 40 permit 40.X.0.0 0.0.0.255 RA1(config)#access-list 42 permit 40.X.2.0 0.0.0.255 *Create route-maps , one for each neighbor Each route-map contains a matchand-set condition RA1(config)#route-map R1toR2 permit 10 RA1(config-route-map)#match ip address 40 42 RA1(config-route-map)#set local-preference 800 RA1(config-route-map)#exit RA1(config)#route-map R1toR2... isis RA3(config-if)#int loopback 2 RA3(config-if)#ip router isis RA3(config-if)#int loopback 3 RA3(config-if)#ip router isis RA3(config-if)#int loopback 4 RA3(config-if)#ip router isis RA3(config-if)#end RA4(config)#no router isis RA4(config)#router isis RA4(config-router)#net 49.0300.1921.6800.X065.00 RA4(config-router)#is-type level- 1-2 RA4(config-router)#interface serial 1 RA4(config-if)#ip router