8/22/2019 K6 OLD.pdf

1/24

K6 OLD SOLUTION BOOK

CCIE SOLDIER1.2 Implement Access Switch Ports of Switched Network

SW1

vtp domain CCIE

vtp password ciscovtp version 2

vtp mode server

SW2 SW3 SW4

vtp domain CCIE

vtp password ciscovtp version 2

vtp mode client

SW1 SW2 SW3 SW4

spanning-tree portfast defaultspanning-tree portfast bpduguard defaultinterface fa0/10

spanning-tree bpduguard disablespanning-tree bpdufilter enable

Note : Remember to configure the backbone interface before configuring theportfast defaultandportfast

bpduguard defaultglobally... as otherwise those interface would go to err-disabled state...

8/22/2019 K6 OLD.pdf

2/24

1.3 Spanning-Tree Domains for Switched Network

On SW1, SW2, SW3, SW4

spanning-tree mode mst

spanning-tree mst configuration

instance 1 vlan 11, 22, 33

instance 2 vlan 42, 44, 55, 123, 999

exit

spanning-tree mst max-age 30SW1spanning-tree mst 1 root primaryspanning-tree mst 2 root secondarySW2spanning-tree mst 2 root primaryspanning-tree mst 1 root secondary

1.4 Switch Trunking and Ether Channel

SW1, SW2, SW3, SW4interface range fastethernet 0/19-24switchport trunk encapsulation dot1qswitchport mode trunkSW1

interface range fa0/23-24

channel-group 1 mode active

SW2

interface range fa0/23-24

channel-group 1 mode passive

SW3

interface range fa0/23-24

channel-group 1 mode desirable

8/22/2019 K6 OLD.pdf

3/24

SW4

interface range fa0/23-24

channel-group 1 mode auto

1.5 Spanning-Tree Tuning

On SW1

interface fastethernet 0/19

spanning-tree mst 1 port-priority 240

On SW2

interface fastethernet 0/19spanning-tree mst 2 port-priority 240

1.6 RSPAN

SW1

vlan 999

remote-span

monitor session 1 source vlan 11 , 22 rx

monitor session 1 destination remote vlan 999

SW2

monitor session 1 source vlan 11 , 22 rx

monitor session 1 destination remote vlan 999

SW4

monitor session 1 source remote vlan 999

monitor session 1 destination interface fastEthernet 0/15

monitor session 2 source interface port-channel 34 both

monitor session 2 destination interface fastEthernet 0/16

interface range f0/15-16

no shutdown

8/22/2019 K6 OLD.pdf

4/24

1.7 PPP & CHAP

On R4

aaa new-model

aaa authentication login default line /* none required at the end only if no line password is configured */

aaa authentication ppp default group radius local-case

radius host YY.YY.44.200 key CISCO

username password 0 CCIE

username password 0 CCIE

interface s0/0/0 /* interface facing R1 */

encapsulation ppp

ppp authentication chap default

interface s0/1/0 /* interface facing R2 */

encapsulation ppp

ppp authentication chap default

On R1 & R2

interface s0/0/0 /* interface facing R4

encapsulation ppp

ppp chap password 0 CCIE

Note: If the question says to use AAA list name R1 and R2 for authenticating R1 and R2 respectively, use the

below configuration

On R4

aaa new-model

aaa authentication login default line /* none required at the end only if no line password is configured */

aaa authentication ppp R1 group radius local-case

aaa authentication ppp R2 group radius local-case

radius host YY.YY.44.200 key CISCO

username password 0 CCIE

username password 0 CCIE

interface s0/0/0 /* interface facing R1 */

8/22/2019 K6 OLD.pdf

5/24

encapsulation ppp

ppp authentication chap R1

interface s0/1/0 /* interface facing R2 */

encapsulation ppp

ppp authentication chap R2

On R1 & R2

interface s0/0/0 /* interface facing R4 */

encapsulation ppp

ppp chap password 0 CCIE

Section 2 Layer 3 Technologies

2.1 Configure OSPF Area 0, 142 and 51 as per diagram

R1

router ospf YY

router-id YY.YY.1.1

network YY.YY.1.1 0.0.0.0 area 142

network YY.YY.14.1 0.0.0.0 area 142

network YY.YY.17.1 0.0.0.0 area 142

R2

router ospf YY

router-id YY.YY.2.2

network YY.YY.24.2 0.0.0.0 area 142

network YY.YY.42.2 0.0.0.0 area 142

redistribute connected subnets route-map EXT

route-map EXT

match interface fastethernet 0/1

R3

router ospf YY

router-id YY.YY.3.3

network YY.YY.3.3 0.0.0.0 area 51

network YY.YY.35.3 0.0.0.0 area 51

8/22/2019 K6 OLD.pdf

6/24

R4

router ospf YY

router-id YY.YY.4.4

network YY.YY.4.4 0.0.0.0 area 142network YY.YY.14.4 0.0.0.0 area 142

network YY.YY.24.4 0.0.0.0 area 142

network YY.YY.44.4 0.0.0.0 area 142

R5

router ospf YY

router-id YY.YY.5.5

network YY.YY.5.5 0.0.0.0 area 51

network YY.YY.35.5 0.0.0.0 area 51

network YY.YY.55.5 0.0.0.0 area 51

SW1

ip routing

router ospf YY

router-id YY.YY.7.7

network YY.YY.7.7 0.0.0.0 area 0

network YY.YY.123.7 0.0.0.0 area 0

network YY.YY.17.7 0.0.0.0 area 142

interface vlan 123

ip ospf priority 255

SW2

ip routing

router ospf YY

router-id YY.YY.8.8

network YY.YY.8.8 0.0.0.0 area 0

network YY.YY.123.8 0.0.0.0 area 0network YY.YY.55.8 0.0.0.0 area 51

interface vlan 123

ip ospf priority 254

SW3

8/22/2019 K6 OLD.pdf

7/24

ip routing

router ospf YY

router-id YY.YY.9.9

network YY.YY.9.9 0.0.0.0 area 0network YY.YY.123.9 0.0.0.0 area 0

SW4

ip routing

router ospf YY

router-id YY.YY.10.10

network YY.YY.10.10 0.0.0.0 area 0

network YY.YY.123.10 0.0.0.0 area 0

network YY.YY.42.10 0.0.0.0 area 142

2.2 Implement IPv4 EIGRP

SW2

router eigrp 100

no auto-summary

network 150.3.YY.1 0.0.0.0

2.3 Implement RIP Version 2

R3

router rip

version 2

passive-interface default

no passive-interface f0/0 /* interface facing BB1

neighbor 150.1.YY.254

network 150.1.0.0

distribute-list 1 in fastethernet 0/0 /* interface facing BB1 */

no auto-summary

access-list 1 permit 199.172.5.0 0.0.10.0

8/22/2019 K6 OLD.pdf

8/24

2.4 Redistribute RIP into OSPF

R3

access-list 2 permit 199.172.5.0 0.0.2.0

route-map RIP permit 10

match ip address 2

set metric-type type-1

route-map RIP permit 20

set metric 30

router ospf YY

redistribute rip subnets route-map RIP

area 51 nssa

R5

router ospf YY

area 51 nssa

SW2

router ospf YY

area 51 nssa

2.5 Redistribute EIGRP into OSPF

router ospf YY

redistribute eigrp 100 subnets

area 51 nssa no-summary no-redistribution

8/22/2019 K6 OLD.pdf

9/24

2.6 Implement IPv4 BGP

R1 / R2 / R3 / R5

router bgp YY

bgp router-id YY.YY.X.X

neighbor YY.YY.8.8 remote-as YY

neighbor YY.YY.8.8 update-source loopback0

neighbor YY.YY.8.8 send-community ------> you don't need this command on R1, R5 since there is no

community on them to send it .. only on the routers facing the BB and on the route-reflector

SW2

router bgp YY

bgp router-id YY.YY.X.X

neighbor YY.YY.1.1 remote-as YYneighbor YY.YY.1.1 update-source loopback 0

neighbor YY.YY.1.1 route-reflector-client

neighbor YY.YY.1.1 send-community

neighbor YY.YY.2.2 remote-as YY

neighbor YY.YY.2.2 update-source loopback 0

neighbor YY.YY.2.2 route-reflector-client

neighbor YY.YY.2.2 send-community

neighbor YY.YY.3.3 remote-as YY

neighbor YY.YY.3.3 update-source loopback 0

neighbor YY.YY.3.3 route-reflector-client

neighbor YY.YY.3.3 send-community

neighbor YY.YY.5.5 remote-as YY

neighbor YY.YY.5.5 update-source loopback 0

neighbor YY.YY.5.5 route-reflector-client

neighbor YY.YY.5.5 send-community

R2

neighbor 150.2.YY.254 remote-as 254

neighbor 150.2.YY.254 send-communityneighbor 150.2.YY.254 route-map BB2 in

route-map BB2

set community 104 208 additive

R3

8/22/2019 K6 OLD.pdf

10/24

neighbor 150.1.YY.254 remote-as 254

neighbor 150.1.YY.254 route-map BB1 in

neighbor 150.1.YY.254 send-community

route-map BB1

set local-preference 200set community 103 207 additive

NOTE: if the question saying something like: you have to use the least command for the route-reflector .. then

you should make the Peer group

2.7 Implement Performance Routing

on R1/2/4

key chain PFR

key 1

key-string cisco

on R1/2

pfr border

local Loopback0

master yy.yy.4.4 key-chain PFR

active-probe address source interface Loopback0

on R1interface Tunnel12

ip address 12.12.12.1 255.255.255.252

tunnel source Loopback0

tunnel destination yy.yy.2.2

on R2

interface Tunnel12

ip address 12.12.12.2 255.255.255.252

tunnel source Loopback0

tunnel destination yy.yy.1.1

on sw2

router bgp yy

network yy.yy.55.0 mask 255.255.255.0 route-map COMM

route-map COMM permit 10

set community no-export

8/22/2019 K6 OLD.pdf

11/24

on R5

ip sla responder

on r4

pfr master

policy-rules PFR

no max-range-utilization

logging

!

border yy.yy.2.2 key-chain PFR

interface Serial0/0/0 internal

interface Tunnel12 internal

interface fastEthernet0/0 external

link-group R2

!border yy.yy.1.1 key-chain PFR

interface Tunnel12 internal

interface Serial0/0/0 internal

interface fastEthernet0/0 external

link-group R1

!

periodic 90

no resolve range

no resolve utilization

learn

periodic-interval 0

monitor-period 1

pfr-map PFR 10

match traffic-class access-list CS2

set mode route control

set mode select-exit good

set mode monitor active

set active-probe echo yy.yy.55.5set link-group R1

!

pfr-map PFR 20

match traffic-class access-list CS4

set mode route control

set mode select-exit good

set mode monitor active

8/22/2019 K6 OLD.pdf

12/24

set active-probe echo yy.yy.55.5

set link-group R2

ip access-list extended CS2

permit ip yy.yy.44.0 0.0.0.255 yy.yy.55.0 0.0.0.255 dscp cs2

ip access-list extended CS4

permit ip yy.yy.44.0 0.0.0.255 yy.yy.55.0 0.0.0.255 dscp cs4

2.8 Implement Performance Routing -2

on R4

ip access-list extended VOICE

permit udp yy.yy.44.0 0.0.0.255 yy.yy.55.0 0.0.0.255 range 16384 32768 dscp ef

pfr-map PFR 30

match traffic-class access-list VOICE

set delay threshold 40

set mode route control

set mode select-exit good

set mode monitor fast

set jitter threshold 5

set active-probe jitter yy.yy.55.5 target-port 32767

set probe frequency 2

2.9 Implement IPv6

R1

ipv6 unicast-routing

ipv6 cef

ipv6 router ospf YY

router-id YY.YY.1.1

interface Serial 0/0/0

ipv6 address fec1:cc1e:14::1/64

ipv6 ospf YY area 142

interface fastethernet 0/0

8/22/2019 K6 OLD.pdf

13/24

ipv6 address fec1:cc1e:17::1/64

ipv6 ospf YY area 142

R2

ipv6 unicast-routingipv6 cef

ipv6 router ospf YY

router-id YY.YY.2.2

interface Serial 0/0/0

ipv6 address fec1:cc1e:24::2/64

ipv6 ospf YY area 142

interface FastEthernet 0/0

ipv6 address fec1:cc1e:42::2/64ipv6 ospf YY area 142

R3

ipv6 unicast-routing

ipv6 cef

ipv6 router ospf YY

router id YY.YY.3.3

interface Serial 0/0/0ipv6 address fec1:cc1e:35::3/64

ipv6 ospr YY area 51

R4

ipv6 unicast-routing

ipv6 cef

ipv6 router ospf YY

router-id YY.YY.4.4

interface fastethernet 0/1

ipv6 address fec1:cc1e:44::4/64

ipv6 ospf YY area 142

interface Serial 0/0/0

ipv6 address fec1:cc1e:14::4/64

ipv6 ospf YY area 142

8/22/2019 K6 OLD.pdf

14/24

interface serial 0/0/1

ipv6 address fec1:cc1e:24::4/64

ipv6 ospf YY area 142

R5

ipv6 unicast-routing

ipv6 cef

ipv6 router ospf YY

router-id YY.YY.5.5

interface Serial 0/0/1

ipv6 address fec1:cc1e:35::5/64

ipv6 ospf YY area 51

interface FastEthernet 0/0

ipv6 address fec1:cc1e:58::5/64

ipv6 ospf YY area 51

SW1

sdm prefer dual-ipv4-and-ipv6 default

ipv6 unicast-routing

ipv6 cef

ipv6 router ospf YY

router-id YY.YY.7.7

interface fastethernet 0/1

ipv6 address fec1:cc1e:17::7/64

ipv6 ospf YY area 142

interface vlan 123

ipv6 address fec1:cc1e:123::7/64

ipv6 ospf YY area 0

ipv6 ospf priority 255

SW2

sdm prefer dual-ipv4-and-ipv6 default

ipv6 unicast-routing

ipv6 cef

8/22/2019 K6 OLD.pdf

15/24

ipv6 router ospf YY

router-id YY.YY.8.8

redistribute connected route-map loopback8

interface vlan 55ipv6 address fec1:cc1e:58::8/64

ipv6 ospf YY area 51

interface vlan 123

ipv6 address fec1:cc1e:123::8/64

ipv6 ospf YY area 0

ipv6 ospf priority 254

interface loopback 8

ipv6 address 2011:cc1e:88:88:88::88/128

route-map loopback8 permit 10

match interface loopback8

SW3

sdm prefer dual-ipv4-and-ipv6 default

ipv6 unicast-routing

ipv6 cef

ipv6 router ospf YYrouter-id YY.YY.9.9

interface vlan 123

ipv6 address fec1:cc1e:123::9/64

ipv6 ospf YY area 0

ipv6 ospf priority 0

SW4

sdm prefer dual-ipv4-and-ipv6 default

ipv6 unicast-routing

ipv6 cef

ipv6 router ospf YY

router-id YY.YY.10.10

8/22/2019 K6 OLD.pdf

16/24

interface vlan 42

ipv6 address fec1:cc1e:42::10/64

ipv6 ospf YY area 142

interface vlan 123

ipv6 address fec1:cc1e:123::10/64ipv6 ospf YY area 0

ipv6 ospf priority 0

R1/ R2 /R4 /SW1 /SW4

ipv6 router ospf YY

area 142 nssa

2.10 Implement Advanced IPv6 feature

ipv6 cef

ipv6 flow-export version 9

ipv6 flow-export source Loopback0

ipv6 flow-export template timeout-rate 2

ipv6 flow-export destination yy.yy.44.100 9876

ipv6 flow-aggregation cache protocol-port

cache entries 20000

cache timeout inactive 180

export version 9

export template timeout-rate 2

export destination yy.yy.44.100 9876

enabled

!

interface FastEthernet0/0

ipv6 flow egress

Section 3 IP Multicast

3.1 IPv4 Multicast

R1

ip multicast-routing

interface loopback0

ip pim sparse-mode

8/22/2019 K6 OLD.pdf

17/24

interface serial0/0/0

ip pim sparse-mode

interface fastethernet 0/0

ip pim sparse-mode

ip pim rp-candidate loopback0 priority 254

R2

ip multicast-routing

interface loopback0

ip pim sparse-mode

interface serial0/0/0

ip pim sparse-mode

interface fastethernet 0/1

ip pim sparse-mode

ip pim rp-candidate loopback0 priority 255

R4

ip multicast-routing

interface loopback0

ip pim sparse-mode

interface serial0/0/0

ip pim sparse-mode

interface serial0/0/1

ip pim sparse-mode

interface fastethernet0/0ip pim sparse-mode

ip pim bsr-candidate loopback0

SW1

ip multicast-routing distributrd

8/22/2019 K6 OLD.pdf

18/24

interface loopback0

ip pim sparse-mode

interface fastethernet0/1

ip pim sparse-mode

interface vlan 123

ip pim sparse-mode

SW2

ip multicast-routing distributrd

interface loopback0

ip pim sparse-mode

interface vlan 123

ip pim sparse-mode

interface vlan 33

ip pim sparse-mode

ip igmp join-group 239.YY.YY.1

SW3

ip multicast-routing distributrd

interface loopback0

ip pim sparse-mode

interface vlan 123

ip pim sparse-mode

SW4

ip multicast-routing distributrd

interface loopback0ip pim sparse-mode

interface vlan 42

ip pim sparse-mode

interface vlan 123

ip pim sparse-mode

8/22/2019 K6 OLD.pdf

19/24

3.2 PIM Tuning

SW1

interface vlan 123

ip pim dr-priority

SW4

interface vlan 123

ip pim dr-priority

Section 4 Advanced Services

4.1 Network Address Translations (NAT)

SW1

interface loopback100

ip address 100.100.17.7 255.255.255.0ip route 100.100.42.0 255.255.255.0 YY.YY.17.1

R1

ip route 100.100.42.0 255.255.255.0 YY.YY.14.4

SW4

interface loopback100

ip address 100.100.42.10 255.255.255.0

ip route 100.100.17.0 255.255.255.0 YY.YY.42.2

R2

ip route 100.100.17.0 255.255.255.0 YY.YY.24.4

R4

8/22/2019 K6 OLD.pdf

20/24

interface serial0/0/0

ip nat outside

interface serial0/0/1

ip nat outside

ip nat inside source static YY.YY.17.7 100.100.17.7

ip nat inside source static YY.YY.42.10 100.100.42.10

4.2 MLS QoS

SW1 SW2 SW3 SW4

mls qos

mls qos srr-queue input cos-map queue 1 1 /* Default */mls qos srr-queue input cos-map queue 2 5 --> you have to put it

mls qos srr-queue input threshold 1 40 100

mls qos srr-queue input threshold 2 100 100 /* Default */

interface range fastethernet 0/19 24

mls qos trust cos

SW1

interface range fastethernet 0/1 5

mls qos cos 1

mls qos trust cos

4.3 QoS Class Based Weighted Fair Queuing (CBWFQ)

R2

class-map BB2

match input-interface f0/1 --> interface facing the BB2

policy-map CBWFQclass BB2

bandwidth 10000

interface fastethernet0/0

service-policy output CBWFQ

8/22/2019 K6 OLD.pdf

21/24

R3

class-map BB1

match input-interface f0/0 --> interface facing the BB1

policy-map CBWFQclass BB1

bandwidth 1000

interface serial0/0/0

service-policy output CBWFQ

4.4 Implement Routing Protocol Authentication

SW1 SW2 SW3 SW4

no service password-encryption

interface vlan 123

ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 cisco

4.5 Implement DHCP

R4

Service DHCP

ip dhcp pool POOL

network YY.YY.44.0 255.255.255.0

default-router YY.YY.44.4

dns-server YY.YY.55.50 YY.YY.55.51

domain-name cisco.com

ip dhcp excluded-address YY.YY.44.4 /* Interface fastethernet 0/0 */

ip dhcp excluded-address YY.YY.44.100 /* Printer IP Address Statically configured ... Also the IPv6

Netflow Server IP Address */ip dhcp excluded-address YY.YY.44.200 /* Radius Server */

On SW1

ip dhcp snoopingip dhcp snooping vlan 44

8/22/2019 K6 OLD.pdf

22/24

no ip dhcp snooping information option

interface fastethernet0/4

switchport mode access

switchport access vlan 44

ip dhcp snooping trust

interface fastethernet0/14

switchport mode access

switchport access vlan 44

switchport port-security

switchport port-security maximum 3

switchport port-security violation shutdown /* Shutdown the port when violation occurred*/

ip dhcp snooping limit rate 100

no shutdown

4.6 Implement Layer 2 Security

ip dhcp snooping binding abcd.abcd.abcd vlan 44 YY.YY.44.100 interface fastEthernet 0/14 expiry

4294967295

ip dhcp snooping verify mac-address /*Default */

ip dhcp snooping database flash:CCIE.TXT

ip arp inspection vlan 44

interface f0/4ip arp inspection trust

inter f0/14

ip verify source

no shutdown /* dont forget this */

exit

4.7 Web Caching Communication Protocol (WCCP)

R4

ip wccp ver 2 --> dont need this, its default and you can check it by show ip wccp

8/22/2019 K6 OLD.pdf

23/24

ip wccp 61

ip wccp 62ip wccp check services all

interface serial 0/0

ip wccp 61 redirect in

ip wccp 62 redirect out

interface serial 0/1

ip wccp 61 redirect in

ip wccp 62 redirect out

interface fastethernet 0/1

ip wccp redirect exclude in

Section 5 Optimize the Network

5.1 Implement SNMPR5

snmp-server community CiscoWorks RW 55

snmp-server enable traps bgp

snmp-server host YY.YY.55.240 CiscoWorks bgp

access-list 55 permit host YY.YY.55.240

5.2 Embedded Event Manager

R3

logging on

logging consolearchive

log config

logging enable

event manager applet CONF_CHANGE

event syslog pattern ".*SYS-5-CONFIG_I.*"

action 1.0 cli command "enable"

8/22/2019 K6 OLD.pdf

24/24

action 2.0 cli command "show clock | append flash:ConfSave.txt"

action 3.0 syslog Priority informational msg "Configuration changed"