CCIE Routing & Switching Lab Workbook Version 4.0 Lab 17
IEWB-RS Lab 17
Difficulty Rating (10 highest): 8
Lab Overview:
The following scenario is a practice lab exam designed to test your skills at
configuring Cisco networking devices. Specifically, this scenario is designed to
assist you in your preparation for Cisco Systems CCIE Routing and Switching
Lab exam. However, remember that in addition to being designed as a
simulation of the actual CCIE lab exam, this practice lab should be used as a
learning tool. Instead of rushing through the lab in order to complete all the
configuration steps, take the time to research the networking technology in
question and gain a deeper understanding of the principles behind its operation.
Lab Instructions:
Prior to starting, ensure that the initial configuration scripts for this lab have been
applied. For a current copy of these scripts, see the Internetwork Expert
members site at http://members.internetworkexpert.com
Refer to the attached diagrams for interface and protocol assignments. Any
reference to X in an IP address refers to your rack number, while any reference
to Y in an IP address refers to your router number.
Upon completion, all devices should have full IP reachability to all networks in the
routing domain, including any networks generated by the backbone routers
unless explicitly specified.
Lab Do s and Don ts:
" Do not change or add any IP addresses from the initial configuration
unless otherwise specified
" Do not change any interface encapsulations unless otherwise specified
" Do not change the console, AUX, and VTY passwords or access methods
unless otherwise specified
" Do not use any static routes, default routes, default networks, or policy
routing unless otherwise specified
" Save your configurations often
Copyright © 2007 Internetwork Expert www.InternetworkExpert.com
- 317 -
CCIE Routing & Switching Lab Workbook Version 4.0 Lab 17
Grading:
This practice lab consists of various sections totaling 100 points. A score of 80
points is required to achieve a passing score. A section must work 100% with the
requirements given in order to be awarded the points for that section. No partial
credit is awarded. If a section has multiple possible solutions, choose the solution
that best meets the requirements.
Grading for this practice lab is available when configured on Internetwork
Expert s racks, or the racks of Internetwork Expert s preferred vendors. See
Internetwork Expert s homepage at http://www.internetworkexpert.com for more
information.
Point Values:
The point values for each section are as follows:
Section Point Value
Bridging & Switching 16
Frame Relay 8
HDLC/PPP 6
Interior Gateway Routing 22
Exterior Gateway Routing 9
IP Multicast 8
IPv6 6
QoS 5
Security 6
System Management 8
IP Services 6
GOOD LUCK!
Copyright © 2007 Internetwork Expert www.InternetworkExpert.com
- 318 -
CCIE Routing & Switching Lab Workbook Version 4.0 Lab 17
1. Bridging & Switching
1.1. VLAN Assignments
" Configure the VTP domain CISCO between SW1, SW2, SW3, and SW4.
" Authenticate the VTP domain with the password CISCO.
" Create and configure the VLAN assignments as follows:
Catalyst Port Interface VLAN
SW1 Fa0/1 R1 - Fa0/0 137
SW2 Fa0/2 R2 - Fa0/0 23
SW1 Fa0/3 R3 - E0/0 137
SW2 Fa0/4 R4 - E0/0 46
SW1 Fa0/5 R5 - E0/0 52
SW2 Fa0/6 R6  G0/0 46
SW1 Fa0/10 N/A 4
SW1 Fa0/11 N/A 4
SW1 Fa0/13 SW2 Fa0/13 Trunk
SW1 Fa0/14 SW2 Fa0/14 Trunk
SW1 Fa0/15 SW2 Fa0/15 Trunk
SW1 VLAN 73 73
SW1 VLAN 137 137
SW3 Fa0/3 R3 - E0/1 23
SW4 Fa0/4 R4 - E0/1 4
SW3 Fa0/5 R5 - E0/1 5
SW2 Fa0/13 SW1 Fa0/13 Trunk
SW2 Fa0/14 SW1 Fa0/14 Trunk
SW2 Fa0/15 SW1 Fa0/15 Trunk
SW2 Fa0/22 Cisco FastHub 137
SW2 Fa0/23 Cisco FastHub 137
SW2 Fa0/24 BB2 52
SW2 VLAN 8 8
SW2 VLAN 23 23
SW3 Fa0/24 BB3 73
SW3 VLAN 109 109
SW4 VLAN 109 109
SW4 VLAN 5 5
SW3 VLAN 4 4
3 Points
Copyright © 2007 Internetwork Expert www.InternetworkExpert.com
- 319 -
CCIE Routing & Switching Lab Workbook Version 4.0 Lab 17
1.2. EtherChannel
" Configure an EtherChannel between SW1 s interfaces Fa0/13, Fa0/14, &
Fa0/15 and SW2 s interfaces Fa0/13, Fa0/14, & Fa0/15.
" This EtherChannel should also be configured as a trunk link.
" In order to ensure future support for non Cisco devices installed
throughout the switch block your corporate policy dictates that only
industry standard negotiation and trunking protocols should be used.
" Configure your network to reflect this policy.
3 Points
1.3. Traffic Filtering
" Ports Fa0/10 and Fa0/11 of SW1 connect to your web and mail servers
respectively. Since they are in the same VLAN, your security
administrators are concerned about one server being compromised and
an attack being launched on the other from inside your network.
" In order to prevent this configure SW1 so that these servers cannot pass
traffic between each other.
2 Points
1.4. Traffic Filtering
" As an additional protective measure configure SW1 so that an attacker
who has compromised your servers can not circumvent your security by
sending frames to random unicast and multicast MAC addresses.
2 Points
1.5. Legacy Support
" Some of your users in VLANs 8 and 23 are still using legacy NetBEUI
based applications.
" Configure SW2 to allow these users to communicate with each other.
3 Points
Copyright © 2007 Internetwork Expert www.InternetworkExpert.com
- 320 -
CCIE Routing & Switching Lab Workbook Version 4.0 Lab 17
1.6. Traffic Filtering
" Ports Fa0/22 and Fa0/23 on SW2 connect to the legacy shared portion of
your network. Recently you have been getting complaints from users in
VLAN 137 about slow network response time. After further investigation
you have determined that too many users are connecting to the hubs
attached to SW2. In order to help alleviate this congestion while additional
connections are added to your switch block a new policy has been
implemented which states that maximum of 5 hosts can be connected to
either of these ports at the same time.
" Configure SW2 to reflect this policy.
" Traffic received from excess hosts should be dropped.
" In order to ensure that inactive hosts do not unnecessarily take up one of
these spots ensure that their MAC addresses are flushed out of the CAM
table if they have been inactive for over 5 minutes.
3 Points
2. Frame Relay
2.1. Hub-and-Spoke
" Configure a Frame Relay hub-and-spoke network between R1, R2, and
R5 with R5 as the hub.
" R1 and R4 should use their main interface.
" R5 should use a subinterface per the diagram.
" Use only the DLCIs specified in the diagram.
" Do not use the frame-relay map command on R5.
" Ensure that R1 and R2 have IP reachability to each other.
3 Points
2.2. Point-to-Point
" Configure a point-to-point Frame Relay circuit between R4 and R5.
" Use only the DLCIs specified in the diagram.
" Do not use the frame-relay map command on R5.
" Do not use Frame Relay Inverse-ARP.
3 Points
Copyright © 2007 Internetwork Expert www.InternetworkExpert.com
- 321 -
CCIE Routing & Switching Lab Workbook Version 4.0 Lab 17
2.3. Point-to-Point
" Configure a point-to-point Frame Relay circuit between R6 and BB1 per
the diagram.
" Do not use Frame Relay Inverse-ARP to accomplish this.
2 Points
3. HDLC/PPP
3.1. Fault Tolerance
" The HDLC link between R4 and R5 will be used as a backup of the Frame
Relay circuit between them. Configure the network in such a way that this
link is activated if the Frame Relay circuit between these devices goes
down at any point throughout the provider cloud.
3 Points
3.2. PPP
" Configure PPP on the Serial links between R1 & R3 and R2 & R3.
" R3 should challenge R1 and R2 to authenticate via CHAP.
" Use the minimum amount of username commands on R3 to accomplish
this.
3 Points
Copyright © 2007 Internetwork Expert www.InternetworkExpert.com
- 322 -