|
|
HI,
+ C* s$ x) H, @3 H7 o* a, h! H
) X) r# B" b- iNew account but old user, for know reasons:)
: Z {9 C$ I) S9 T9 F
) ~, U3 W& I( S: {/ M s8 ?Took K8 recently and failed. If you have your lab scheduled in Europe then be ready. Everyone in Brussels is getting it now.+ p" y9 z" B1 L% j
$ T$ \' V- e; [Below is what I remember from the exam, can someone update main K8 thread with the relevant information?0 l4 A2 A i1 Q; m. \' L7 D
9 ]' w& C% S- x0 I/ \' F( c" p- w* L
I have also drawn physical, ipv6, vpnv4 and igp topologies - check out shared section.
" H& |! t% _5 F& b+ v" C/ Y7 m% d2 v, H
. p) m8 K1 r6 N; m2 ~; T( Y9 G0 `IP addressing2 f. N3 {0 x% V6 X' H# E* K+ K' ]
Loopbacks: 10Y.X.X.X8 w B* b% E7 ], U& ^/ ^# D
EIGRP domain: 10.Y.XX.X
, H7 a- w' v) C) k) d2 `RIP domain: 10.10Y.XX.X. }6 h9 F( K0 z T! n
OSPF domain: 10.20Y.XX.X
3 S/ r( H- {; V; `6 P3 G8 J% R9 N- Y) s' @7 F: ^2 e: C4 F
Layer2
! K6 z/ W+ l; M7 K& iBlock unknown unicast/multicast+ s+ d7 T! P# Q
3 portchannels – defined load balancing method
# h; |8 c, i& k' r* e2 fEnable bpdu filter on all BB links on 3 switches. Fa0/10 on sw4 was shutdown.
1 l. H$ o7 d5 e. }Vlan1 to be tagged on all switches.
G& i. d2 ], o! ]STP – rpvst on all switches, with default timers. Sw1 to be root for all vialns 1-4094, sw2 to be secondary. Question indicated to make sure it always stays as root. Used priority 0' R3 F# Y9 ^& F/ ]
Back to back Frame raly links. – configured # frame-relay switching + interface-type dce5 k, [" c4 k b7 h0 [
PPP encapsulation between R5 R3. No auth, just encapsulation ppp.
" R) N# L. g2 t0 D# [% MDisble DTP on all trunks F; Q7 K# Z; f% R( g/ v; U
All unused ports on all switches to be assigned into vlan 999 and shutdown. Including Gig ports3 }" Y8 l/ z- {& S
Ports in on sw1 I think connecting to routers R3 and R1 should have port – security enabled. 1 mac address per port, dynamically learned and it should survive reboot.# U5 p4 F0 H) M5 ?7 f
2 l& h! I1 S6 ^4 [: f& }L2 security# x5 I7 ^2 d; X1 J& D9 f5 L/ L3 n
5 users will connect to ports in vlan500. Users connected to these ports should not be able to talk to each other, just to their gateway. Also portfast to be enabled on those.- M, S1 q3 {6 f: g+ D3 O8 y: A% C
L2 Acl – reference single named ACL to block SMTP, DNS and HTTP traffic to users from and to Vlan500 on sw3
% M8 F) T* y) P0 Q" _) n: O, o
5 I" r# k3 o0 S' \& F: DLayer3
( H( b$ G. \; C# P8 z* q) L6 uLoopback were shown as belonging to OSPF, however in guidelines they said that loopbacks can be advertised into both EIGRP and OSPF (helpful with iBGP peering)7 L; [* n: D+ x# H3 i6 I/ X
Enable OSPF 100 as per diagram0 d* E |+ M4 W. P
SW1 vlan 13, 16 and 68 should always be designated router.
, c- r/ I; {, a; ]! |7 AR3 and R1 ports (connecting to SW1) – should always be in DROTHER state* S0 {' y! B& |2 Y( c( T
Area 1 to be stub but with ability to have exterior routes redistributed into it.
4 k" s7 c+ ^% k) r! @, l. ^SW1 to originate default route everywhere in OSPF domain
# l' i: c' m( w3 G+ K" V6 ~& `7 s# z. z5 k* X* @4 S- g
Enable EIGRP YY as per diagram0 L% v/ S1 z4 h: ~% a C4 o2 m
Redistribute EIGRP into OSPF and vice versa on R5 only. Make sure prefixes are still reachable when link between R5 R4 goes down.
8 [* U/ `! ]1 W3 Y( N8 gRedistribute on Sw1 from RIP to OSPF (or both do not remember at the moment) –question said to make sure there are no routing loops and not to use any static routes to solve them.
6 m R$ P% ~" [% u$ u/ Z: a
2 Z9 d/ @$ R/ S/ R: g; v* \- [: ZIPv66 o4 _, w, |( e# q% S% e1 K
Enable ipv6 OSPF and EIGRP . Redistribute between both on SW3% _/ X( a& V: n1 m- s
Create tunnel between R1 and R3 – they give you all the details for it and run EIGRP on that.! _7 J. U. p" g) W: c7 @
8 h) w: _9 P0 A, K/ Q$ U7 R
BGP,. U& F: d7 u6 Z1 F$ @& ~( S+ \5 h
iBGP with R1 as route reflector. R1 can only start bgp session. Use md5 for each session$ @: t2 g w/ w$ F
eBGP – enable from R4 and R5 to AS 254. Need as-path prepending on on R5 and next-hop-self on both routers.
# r' ^) w5 u6 P* D# u
* H/ s6 E. s/ l. w* O5 IL3 MPLS
% g' V- d" k' u, E9 `MPLS ldp to be enabled between R3, R5, R1 and R2
, ?+ Z1 h( ]- f/ ]( q7 aF0/1 on R3 is simulating connection to cust SITE1 vrf" v0 X$ Q( b' A6 B/ l4 O8 P" s* y
Fo/1 on R2 is simulating connection to cust SITE2 vrf* f: V* I0 f& O8 |4 X& ~& |
They ask you to ping and traceroute and to make sure traffic between both loopbacks goes over MPLS.) H4 k, ?8 }$ n& D
R3 connects to Sw2 int f0/4 (I think) – interfaces is a L3 interface" m6 x$ q! Z" v# M' [- c+ c/ G
R2 connects to Sw2 int f0/2 – interface is a L2 interface.
7 X$ b# W% ?+ W* t! V, |! P! Z3 gR3 talks to R5 using rd 3:3 (pretty much exact wording)
5 w7 {9 T- }3 u5 B/ fR2 talks to R5 using rd2:2
& u% o; t' W# a6 Z) y$ XSW2 has got 2 loopback interfaces L71 71.71.71.71 and L72 72.72.72.72. you need to make sure there are two separate routing tables on R2 for vrf SITE1 and vrf Site2. You will need to put loopbacks and L3 uplinks into corresponding VRFs2 w$ x. n0 b- A9 h: A
They also want you to enable BGP as a PE-CE protocol with customer’s ASN set to BGP777
* Y. L- j' x1 HR5 is acting as a RR for VPN traffic only. They do not allow you to configure direct R2 – R3 vpnv4 neighbor. All needs to be done via R5.1 I3 G$ x2 Y0 s1 K. N2 I
% e+ n- \! ~. C6 z0 i, vServices:
* @* B6 k# w: }) S; ]
" [: E* G: k: p) w) MNTP:
?' k h9 o0 V: ]8 lEnable NTP between R1 and R3, R5 make sure it survives reload?6 c: e: @, t0 j( h2 I
GLBP – between R4 R5 on vlan 45. Assign IP to the group, configure R5 with weighting of 150 and make sure that it handles 3 responses to R4’s 1. ) I set R4 as 50.+ b0 ] W, X" | W, k
The also ask you to enable Md5 password using key-string* }3 h; ~. O6 g& Z4 O, w* ~! m$ L
SYSLOG
! F; {$ S0 {# S' {To make sure that any config changes are logged and syslog is notified. They said that local memory should not store nay information. Only 10 lines to be stored and sensitive information should not be logged – hidekeys
# {- c ~% D! Q+ w4 J! cPolicy based routing" B; W7 E( |( k# \# s4 {& D# S
Loopback 148 – on switch 3 – 148.0.0.8/32" J9 x( n; T" y) J) |& U4 \& F* D
Loopback 148 – on R4 – 148.0.0.4/327 X* G/ k, G7 G' G
Make sure that traffic from L148 on Sw3 to L148 on R4, and only that traffic is routed via vlan18. If vlan 18 is down the traffic should be dropped. Advertise both loopbacks into eigrp. q* m6 S) f8 J$ ?- d& ~: q
# T" f1 v0 {4 w. g/ vEEM- P: c# h7 }1 Y5 x; X# R% j1 K" {
They give you pattern to match and ask you to bounce interfaces in certain order. 3 j" l( j2 y: p. M
Username authentication
( K7 m5 T4 r* R7 L$ ^2 users, admin and guest.; A6 o/ N5 ^0 j ?3 V+ k
When admin logs in then he should go straight to enable. Guest is needs to go to normal moed, the one with Router> mode.
* R( d' I! n/ DLines vty 0 16 should use ssh, your config should not affect console.
( O( ]$ t% L4 a( H7 D5 U
3 j( I* s* E( d& V+ O" G3 b. C5 dMulticast:
+ l2 B9 Y( k3 ]* i) {# s- TEnable industry standard method of advertising RP.
9 K& o9 H* F/ j% t# @) M; SConfigure Loopback1 with 200.100.100.100 on R3 and R2 and advertise these to OSPF/EIGRP5 c t3 S7 E9 A
There will be senders in vlan68 and int f0/1 of R4 will join the 232.1.1.1 group.
; `/ A6 q/ u$ h4 R1 zUse sparse-mode everywhere in OSPF and EIGRP domains.
9 [: p. g/ W6 A! vR2 and R3 should advertise Loopback 1 as RP
$ g% o- P6 n' O% ^R2 and R3 should have MSDP enabled.
7 Y! q+ Z, m& `3 TLater question asks to only allow vlan68 to allow to register wit RP – restriction on both RPs
8 p# w" f; Y- u: |7 J* U6 l, c
2 i$ \% J" p$ N7 E1 dQoS, k% A$ F, F" U
Policy on R5 with 3 class maps. Classification based on ACL’s. They tell you what naming convention to use. 1 class for for SSH traffic – police based on cir,
) c9 h, ~5 j) Y; X6 K+ d2nd for WWW, HTTPS traffic- drop all traffic (match any)) z7 S& B9 M" M* D& ~0 S4 W5 q
and the last one was and ACL for icmp echo and echo reply – police based on packet rate.
; \% c9 I# k: k. y1 N& L
V5 c2 _7 @* |0 R, q" s1 ZL3 MPLS VPN QoS' K6 K, [7 L9 n. e. _
Didn’t do this one – it was saying something about traffic leaving our core towards CE should be classified based on the last MPLS tag?? – something like that
6 O1 K |% M- g8 f) tAlso something about possible need of reconfiguring class maps.6 ]# @: Z, B- Y9 W$ u+ ^
Config has some predefined MPLS class-maps and the classification is done based on qos-groups.
" @+ [/ M* K5 u3 r& N: Q' I+ F" J+ ?: v, \ n" |
Hope this helps: X. B, U4 N% y S# Q
5 w& K5 M1 P$ a. r8 U, b3 S. u" m8 c |
|
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
[复制链接]
发表于 2013-4-26 17:19:44
置顶卡
喧嚣卡
变色卡
千斤顶
成长值: 56260
