SEPracticeCCIELab V1.4 MichiganChannelsSEPracticeCCIELab Cisco Systems Internal Use Only 1 SEPracticeCCIELab V1.4 Token Ring ISDN ISP IBM Mainframe FEP Frame Relay VLAN A VLAN B s0/1 s0 s0/0 s1/3 s1/2 s1/1 s1/0 E0/0 FA1/0 3/1 3/2 e0/1 e0/0 s0/1 s0 e0 t0 to0 s0/0 s0 BRI BRI s0/0 2611 2611 3640 2513 2502 Cat 5K e0/0 Network Schematic Cisco Systems Internal Use Only 2 SEPracticeCCIELab V1.4 Token Ring ISDN IGRP ISP IBM Mainframe FEP 1 3 5 2 Frame Relay IGRP VLAN A VLAN B 6 3/2 2611 2611 3640 2513 2502 Cat 5K BGP IGRP Frame Relay OSPF area 1 OSPF AREA 3 OSPF AREA 2 x.25 EIGRP OSPF AREA 0 EIGRP Routing Topology Cisco Systems Internal Use Only 3 SEPracticeCCIELab V1.4 To R3 To R5 To R2 To R4 Serial 1/0 Serial 1/3 Serial 1/1 Serial 1/2 Cisco 3620 DLCI 20 DLCI 40 DLCI 50 DLCI 150 to DLCI 50 DLCI 120 to DLCI 20 DLCI 140 to DLCI 40 Cisco Systems Internal Use Only 4 SEPracticeCCIELab V1.4 Cisco Lab Guidelines At no time should the hardware/software configuration of frame switch (router 7) or ISP (router 8) be modified in any way At no time are Static or Default routes to be used Do not configure loopback interfaces unless requested Create the Network Diagram Review all of the steps in this document before you begin. Some steps must take into account information found later in this document. Create a network diagram on a separate piece of paper. Include all network numbers, subnet masks, and host addresses. Catalyst Configuration 1.0 Create 2 VLAN’s on the Catalyst 5000. Port 3/1 in VLANA and port 3/2 in VLANB 2.0 Configure R2s’s e0/0 as 129.45.80.1/30 which in connected to VLANB 3.0 Configure R3’s e0/0 as 129.45.80.49/30 which is connected to VLANA Topology and Basic IP Setup 4.0 Configure R5’s s1 as 129.45.80.74 with a 2 host subnet 5.0 Configure IP addresses on the rest of the network with the address 129.45.80/24 5.1 Allow at least 6 hosts per subnet on ethernet and token ring interfaces 5.2 Allow at least 2 hosts per subnet on each WAN link 6.0 Configure IP across the Frame-Relay nework 6.1 Configure R3 using two sub-interfaces 6.2 Use a sub-interface for the connection to R5 and use one sub-interface for the connection to R2 and R4. Do not configure sub-interfaces for R2, R4, or R5 6.3 Ensure that you can ping from any router to any interface including your own 7.0 Configure the ISDN link. Verify pings from R3 – R5 8.0 Configure X.25 for the connection from R1 to R2 9.0 Configure async routing between the auxillary ports on R1 and R4 Cisco Systems Internal Use Only 5 SEPracticeCCIELab V1.4 Configure Routing Protocols per the Routing Topology Diagram 10.0 Configure OSPF as shown in the diagram 11.0 Setup Area 3 as a Stubby Area and configure OSPF MD5 authentication throughout area 1 12.0 Configure IGRP as shown in the diagram. Redistribute these routes with other routing protocols to allow full network connectivity 13.0 Configure EIGRP as shown in the diagram. Redistribute these routes with other routing protocols to allow full network connectivity 14.0 Configure R5 and R2 to be IBGP neighbors 14.1 Configure R2 and R4 to be IBGP neighbors 14.2 Do not configure peering statements between R5 and R4 14.3 Configure BGP on R5, R4 and R2 with an AS of 5 14.4 Configure R5 such that it will pass routes to an EBGP neighbor (ISP) 129.45.80.73/30 AS 254 14.5 Make sure that the only external BGP route that is accepted by R5 is that of the network 192.78.5.0 14.6 Configure BGP supernetting using ip address 129.45.0.0. This is to be advertised to AS 254 only. Make sure that there are no update problems with this route being advertised back into your IGP and IBGP. Verify that all BGP speakers can see the proper BGP routes 15.0 Ensure that routing advertisements for all protocols are only being sent out on the interfaces noted in the diagram. Ensure that the best path is taken as the limits of your routing protocols allow. Remember NO static or default routing of any kind 16.0 At this point you should be able to ping from any interface to nearly any other interface throughout the ENTIRE network 16.1 Verify network connectivity Configure Fault Tolerance 17.0 Configure ISDN using these numbers: 17.1 Port1 SPID1 0835866101 DN 835-8661 (Router 3) 17.2 Port1 SPID2 0835866301 DN 835-8663 17.3 Port2 SPID1 0835866201 DN 835-8662 (Router 5) 17.4 Port2 SPID2 0835866401 DN 835-8664 17.5 Switch type is NI1 18.0 R5 should be set up as the dialer when its serial link goes down 18.1 Use ISDN as a backup link, when the frame-relay connection to R3 is lost 18.2 Use CHAP authentication 19.0 Configure fault tolerance between R2 and R4’s Ethernet. Make sure that no packets from the Ethernet network are lost when the frame-relay links on either Cisco Systems Internal Use Only 6 SEPracticeCCIELab V1.4 of the routers goes down IP Firewall 20.0 Allow the partner subnet 192.64.5.0 access to R5’s s1 network via R4 only 20.1 Make sure all other subnets access R5’s s1 via R2 21.0 Configure an outbound access list on R5’s Serial1 Interface 21.1 Permit FTP originating from R1’s Token Ring network 21.2 Deny TFTP anywhere 21.3 Allow smtp, www, and ping from anywhere Network Address Translation 22.0 Configure NAT on R5’s ethernet interface 22.1 Host addresses are 1.1.1.1 to 1.1.1.30 22.2 Use the valid network on R5’s ethernet interface as the outside addresses Network Time Protocol 23.0 Configure authenticated NTP on all routers 23.1 Make R2 the authoritative NTP server 23.2 Only allow R3 to synchronize with the time on R2 the master timeserver 23.3 Configure R2s clock to represent the correct time Desktop Protocols 24.0 Enable IPX RIP on all LAN segments 25.0 Enable IPX EIGRP on the frame-relay, ISDN and x.25 network connections 26.0 Configure 2 static SAPs on R4’s Token Ring 27.0 Filter SAP on R4’s E0 such that it will only advertise 1 SAP 28.0 Verify that these 2 SAPs appear in R2’s SAP table 29.0 Configure IPX route filtering such that R3 will not see IPX routes from R5 30.0 Configure LAT between R3 and R5 30.1 Verify that you can establish LAT sessions between R3 and R5 30.2 Ensure that the connections made are always LAT and never telnet 31.0 Enable AppleTalk RTMP on all LAN segments 32.0 AppleTalk EIGRP on all possible WAN segments besides ISDN. 33.0 Configure tunnels in the Frame Relay Network Cisco Systems Internal Use Only 7 SEPracticeCCIELab V1.4 33.1 Make sure that the tunnel for the connection between R3 and R5 uses no AppleTalk cable ranges, while the other connections do. 34.0 Filter AppleTalk zones on R4 such that users on the token ring will only sees its own zone. DLSW+ 35.0 Configure DLSW+ on R4’s token ring and R1’s and R3s ethernet interfaces 36.0 Configure R4 as a DLSW+ Border Peer to both R2 and R3 36.1 Use TCP for the connection between R3 and R4 36.2 Use FST for the connection between R2 and R4 37.0 Allow only SNA from R3 to R1 and R4 38.0 Allow only Netbios between R1 and R4 39.0 Setup filters such that the Token Ring announces only the Mac address of the FEP. Mac for the FEP on R4 is 4444.4444.4444 40.0 Adjust DLSW+ Timers. 41.0 Verify that your configuration is correct by checking the peer capabilities Additional Questions 42.0 Configure IP multicast such that a multicast server on R3s e0 can send multicast packets to receivers on R1’s and R4’s token interfaces. 43.0 Add IPX to the ISDN configuration 43.1 Verify that all updates and routing is available in the event the frame goes down 44.0 Configure IPX on the ISDN such that RIP and SAP updates are kept to a minimum. Cisco Systems Internal Use Only 8 SEPracticeCCIELab V1.4 Frame Relay Switch Configuration version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname switch ! ip subnet-zero no ip domain-lookup ! ip audit notify log ip audit po max-events 100 frame-relay switching cns event-service server ! interface FastEthernet0/0 no ip address no ip directed-broadcast shutdown duplex auto speed auto ! interface Serial1/0 no ip address no ip directed-broadcast encapsulation frame-relay no ip mroute-cache no fair-queue clockrate 64000 frame-relay lmi-type ansi frame-relay intf-type dce frame-relay route 40 interface Serial1/2 140 ! interface Serial1/1 no ip address no ip directed-broadcast encapsulation frame-relay clockrate 64000 frame-relay lmi-type ansi frame-relay intf-type dce frame-relay route 20 interface Serial1/2 120 ! interface Serial1/2 no ip address no ip directed-broadcast encapsulation frame-relay clockrate 64000 frame-relay lmi-type ansi frame-relay intf-type dce Cisco Systems Internal Use Only 9 SEPracticeCCIELab V1.4 frame-relay route 120 interface Serial1/1 20 frame-relay route 140 interface Serial1/0 40 frame-relay route 150 interface Serial1/3 50 ! interface Serial1/3 no ip address no ip directed-broadcast encapsulation frame-relay clockrate 64000 frame-relay lmi-type ansi frame-relay intf-type dce frame-relay route 50 interface Serial1/2 150 ! ip classless no ip http server ! line con 0 exec-timeout 0 0 transport input none line aux 0 line vty 0 4 password cisco login ! end Cisco Systems Internal Use Only 10 . SE Practice CCIE Lab V1.4 Michigan Channels SE Practice CCIE Lab Cisco Systems Internal Use Only 1 SE Practice CCIE Lab V1.4 Token Ring. Topology Cisco Systems Internal Use Only 3 SE Practice CCIE Lab V1.4 To R3 To R5 To R2 To R4 Serial 1/0 Serial 1/3 Serial 1/1 Serial 1/2 Cisco 3620 DLCI 20