CCIE Routing & Switching Lab Workbook Version 4.0

Lab 17

Copyright © 2007 Internetwork Expert

www.InternetworkExpert.com

- 317 -

IEWB-RS Lab 17

Difficulty Rating (10 highest): 8

Lab Overview:

The following scenario is a practice lab exam designed to test your skills at
configuring Cisco networking devices. Specifically, this scenario is designed to
assist you in your preparation for Cisco Systems’ CCIE Routing and Switching
Lab exam. However, remember that in addition to being designed as a
simulation of the actual CCIE lab exam, this practice lab should be used as a
learning tool. Instead of rushing through the lab in order to complete all the
configuration steps, take the time to research the networking technology in
question and gain a deeper understanding of the principles behind its operation.

Lab Instructions:

Prior to starting, ensure that the initial configuration scripts for this lab have been
applied. For a current copy of these scripts, see the Internetwork Expert
members site at

http://members.internetworkexpert.com

Refer to the attached diagrams for interface and protocol assignments. Any
reference to X in an IP address refers to your rack number, while any reference
to Y in an IP address refers to your router number.

Upon completion, all devices should have full IP reachability to all networks in the
routing domain, including any networks generated by the backbone routers
unless explicitly specified.

Lab Do’s and Don’ts:

• Do

not

change

or

add

any

IP

addresses

from

the

initial

configuration

unless otherwise specified

• Do

not

change

any

interface

encapsulations

unless

otherwise

specified

• Do

not

change

the

console,

AUX,

and

VTY

passwords

or

access

methods

unless otherwise specified

• Do

not

use

any

static

routes,

default

routes,

default

networks,

or

policy

routing unless otherwise specified

• Save

your

configurations

often

CCIE Routing & Switching Lab Workbook Version 4.0

Lab 17

Copyright © 2007 Internetwork Expert

www.InternetworkExpert.com

- 318 -

Grading:

This practice lab consists of various sections totaling 100 points. A score of 80
points is required to achieve a passing score. A section must work 100% with the
requirements given in order to be awarded the points for that section. No partial
credit is awarded. If a section has multiple possible solutions, choose the solution
that best meets the requirements.

Grading for this practice lab is available when configured on Internetwork
Expert’s racks, or the racks of Internetwork Expert’s preferred vendors. See
Internetwork Expert’s homepage at

http://www.internetworkexpert.com

for more

information.

Point Values:

The point values for each section are as follows:

Section

Point Value

Bridging & Switching

16

Frame Relay

8

HDLC/PPP

6

Interior Gateway Routing

22

Exterior Gateway Routing

9

IP Multicast

8

IPv6

6

QoS

5

Security

6

System Management

8

IP Services

6

GOOD LUCK!

CCIE Routing & Switching Lab Workbook Version 4.0

Lab 17

Copyright © 2007 Internetwork Expert

www.InternetworkExpert.com

- 319 -

1. Bridging & Switching

1.1. VLAN Assignments

• Configure

the

VTP

domain

CISCO

between

SW1,

SW2,

SW3,

and

SW4.

• Authenticate

the

VTP

domain

with

the

password

CISCO.

• Create

and

configure

the

VLAN

assignments

as

follows:

Catalyst Port

Interface

VLAN

SW1 Fa0/1

R1 - Fa0/0

137

SW2 Fa0/2

R2 - Fa0/0

23

SW1 Fa0/3

R3 - E0/0

137

SW2 Fa0/4

R4 - E0/0

46

SW1 Fa0/5

R5 - E0/0

52

SW2 Fa0/6

R6 – G0/0

46

SW1 Fa0/10

N/A

4

SW1 Fa0/11

N/A

4

SW1 Fa0/13

SW2 Fa0/13

Trunk

SW1 Fa0/14

SW2 Fa0/14

Trunk

SW1 Fa0/15

SW2 Fa0/15

Trunk

SW1

VLAN 73

73

SW1

VLAN 137

137

SW3 Fa0/3

R3 - E0/1

23

SW4 Fa0/4

R4 - E0/1

4

SW3 Fa0/5

R5 - E0/1

5

SW2 Fa0/13

SW1 Fa0/13

Trunk

SW2 Fa0/14

SW1 Fa0/14

Trunk

SW2 Fa0/15

SW1 Fa0/15

Trunk

SW2 Fa0/22

Cisco FastHub

137

SW2 Fa0/23

Cisco FastHub

137

SW2 Fa0/24

BB2

52

SW2

VLAN 8

8

SW2

VLAN 23

23

SW3 Fa0/24

BB3

73

SW3

VLAN 109

109

SW4

VLAN 109

109

SW4

VLAN 5

5

SW3

VLAN 4

4

3 Points

CCIE Routing & Switching Lab Workbook Version 4.0

Lab 17

Copyright © 2007 Internetwork Expert

www.InternetworkExpert.com

- 320 -

1.2. EtherChannel

• Configure

an

EtherChannel

between

SW1’s

interfaces

Fa0/13,

Fa0/14,

&

Fa0/15 and SW2’s interfaces Fa0/13, Fa0/14, & Fa0/15.

• This

EtherChannel

should

also

be

configured

as

a

trunk

link.

• In

order

to

ensure

future

support

for

non

Cisco

devices

installed

throughout the switch block your corporate policy dictates that only
industry standard negotiation and trunking protocols should be used.

• Configure

your

network

to

reflect

this

policy.

3 Points

1.3. Traffic Filtering

• Ports

Fa0/10

and

Fa0/11

of

SW1

connect

to

your

web

and

mail

servers

respectively. Since they are in the same VLAN, your security
administrators are concerned about one server being compromised and
an attack being launched on the other from inside your network.

• In

order

to

prevent

this

configure

SW1

so

that

these

servers

cannot

pass

traffic between each other.

2 Points

1.4. Traffic Filtering

• As

an

additional

protective

measure

configure

SW1

so

that

an

attacker

who has compromised your servers can not circumvent your security by
sending frames to random unicast and multicast MAC addresses.

2 Points

1.5. Legacy Support

• Some

of

your

users

in

VLANs

8

and

23

are

still

using

legacy

NetBEUI

based applications.

• Configure

SW2

to

allow

these

users

to

communicate

with

each

other.

3 Points

CCIE Routing & Switching Lab Workbook Version 4.0

Lab 17

Copyright © 2007 Internetwork Expert

www.InternetworkExpert.com

- 321 -

1.6. Traffic Filtering

• Ports

Fa0/22

and

Fa0/23

on

SW2

connect

to

the

legacy

shared

portion

of

your network. Recently you have been getting complaints from users in
VLAN 137 about slow network response time. After further investigation
you have determined that too many users are connecting to the hubs
attached to SW2. In order to help alleviate this congestion while additional
connections are added to your switch block a new policy has been
implemented which states that maximum of 5 hosts can be connected to
either of these ports at the same time.

• Configure

SW2

to

reflect

this

policy.

• Traffic

received

from

excess

hosts

should

be

dropped.

• In

order

to

ensure

that

inactive

hosts

do

not

unnecessarily

take

up

one

of

these spots ensure that their MAC addresses are flushed out of the CAM
table if they have been inactive for over 5 minutes.

3 Points

2. Frame Relay

2.1. Hub-and-Spoke

• Configure

a

Frame

Relay

hub-and-spoke

network

between

R1,

R2,

and

R5 with R5 as the hub.

• R1

and

R4

should

use

their

main

interface.

• R5

should

use

a

subinterface

per

the

diagram.

• Use

only

the

DLCIs

specified

in

the

diagram.

• Do

not

use

the

frame-relay

map command on R5.

• Ensure

that

R1

and

R2

have

IP

reachability

to

each

other.

3 Points

2.2. Point-to-Point

• Configure

a

point-to-point

Frame

Relay

circuit

between

R4

and

R5.

• Use

only

the

DLCIs

specified

in

the

diagram.

• Do

not

use

the

frame-relay

map command on R5.

• Do

not

use

Frame

Relay

Inverse-ARP.

3 Points

CCIE Routing & Switching Lab Workbook Version 4.0

Lab 17

Copyright © 2007 Internetwork Expert

www.InternetworkExpert.com

- 322 -

2.3. Point-to-Point

• Configure

a

point-to-point

Frame

Relay

circuit

between

R6

and

BB1

per

the diagram.

• Do

not

use

Frame

Relay

Inverse-ARP

to

accomplish

this.

2 Points

3. HDLC/PPP

3.1. Fault Tolerance

• The

HDLC

link

between

R4

and

R5

will

be

used

as

a

backup

of

the

Frame

Relay circuit between them. Configure the network in such a way that this
link is activated if the Frame Relay circuit between these devices goes
down at any point throughout the provider cloud.

3 Points

3.2. PPP

• Configure

PPP

on

the

Serial

links

between

R1

&

R3

and

R2

&

R3.

• R3

should

challenge

R1

and

R2

to

authenticate

via

CHAP.

• Use

the

minimum

amount

of

username commands on R3 to accomplish

this.

3 Points