Sunteți pe pagina 1din 14

Solved BY Ibrahim CCIE

Tick 1

SW2 :

- Edit ACL 1

no access-list 1

access-list 1 permit 172.0.0.0 0.255.255.255

----------------------------------------------------

Tick 2

R17 :

- enable encapsulation ppp

- ppp chap hostname UberMarket_Spoke_R17

- ppp chap password CCIEr0cks!

- ppp ipcp route default

- allow icmp in UBER_R17 ACL

permit icmp any any

- allow telnet in UBER_R17 ACL

permit tcp an host 145.67.89.22 eq 23


R11 :

- remove passive interface in Eigrp for Eth0/0

- int eth 2/0

no shut

Test Telnet from R11 to R17 >> Work

-------------------------------------------------------

Tick 3

R3 :

- no passive interface eth 0/0

R5 :

- no passive interface eth 0/0

- router-id 123.5.5.5

- max-metric router-lsa on-startup 5

R21 :

- interface eth 2/0

no shut
---------------------------------------------------------

Tick 4

R13 :

- no passive-interface eth 1/0

- no passive-interface eth 0/0

R12 :

- no passive-interface eth 1/0

- int eth 1/0

delay 100

------------------------------------------------------------

Tick 5

R2 :

- int eth 0/0

mpls ip
R1 :

- ip cef

R3 :

- route-map CPS permit 5

R5 :

- route-map NEXT-HOP permit 5

R4 :

- EDIT route-map MED Metric

route-map MED permit 10

match ip address 123

set metric 50

route-map MED permit 20

match ip address 134

set metric 500


---------------------------------------------------------

Tick 6

R114 :

- Int eth 0/0

ipv6 address autoconfig def

R25 :

- Establish BGP with AS 12345 via IPv6 address

- apply next-hop IPv6 using IPv4 address next-hop of R22

- Adv R25 IPv6 LAN into BGP

- Fix the ACL in S4/0

sequence 10 permit tcp an an

R22 :

- Establish BGP with 10001 in IPv6

- Establish BGP with R25 in IPv6

- apply next-hop IPv6 using IPv4 address next-hop of R25

- Fix the ACL in S4/0

sequence 10 permit tcp an an

R114 >> ping ipv6 2001:beef:cafe::26

!!!!!!
----------------------------------------------------------------

Tick 7

I got stuck for 2 hours only here !!!!!

NEW issue came in here

R14 :

- fix the bgp neighbor password of INTERNAL peer group

This issue was first time seen

- edit the ACL of R17

permit esp an host 145.67.89.22

- edit CPS ACL to allow ESP , udp non-isakmp , isakmp

- fix the DHCP pool of R18

R15 :

- ADD >> ip nhrp map multicast dynamic

- edit the ACL of CPS


permit 200.0.0.0 0.255.255.255

permit 215.0.0.0 0.255.255.255

- int tun 0

ip nhrp redirect

R17 :

- inter tun 0

ip nhrp shortcut

R18 :

- fix the nhrp multicast maping in tun 0

- edit R18 ACL to allow ESP , ICMP

- fix the tunnel nhrp authentication ubermark spelling

- add nhrp shoutcut in tunnel 0

- change the client-identifier in the DHCP pool of PC111

- Check R17,R18,19 >> LAN PCs to have the required IP

-----------------------------------

Tick 8
R7 :

- edit redist connected command

resit connected route-map DENY

ip prefix-list DENY seq 5 deny 0.0.0.0/0 le 32

route-map DENY permit 10

match ip address prefix-list DENY

- establish ibgp with R8 sourced loop 0

- next-hop-self with R8

- establish bgp with as 12345 via 125.45.67.21

- establish default-originate with 123.45.67.21

- add default route to 125.45.67.21

- fix the nat interfaces ( 0/0.123 0/0.124 >> inside ) ( 0/0.125 outside )

- edit the area range under ospf

area 0 range 172.16.0.0 255.255.0.0 not-advertise

R8 :

- establish ibgp with R7 sourced loop 0

- next-hop-self with R7

- fix the bgp router-id

- add ip cef

- remove as-set in aggregate address under bgp

- establish bgp with as 12345 via 125.45.67.25

- add neighbor 123.45.67.25 default-originate route-map MED


- add ip nat inside source list 172 interface Ethernet0/0.125 ov

- fix nat interfaces

- add default route to 125.45.67.25

R3 :

- Edit VRF details

ip vrf BancoBank_ToHub

rd 65100:2

no route-target export 65100:101

no route-target export 65100:102

no route-target export 65100:100

route-target import 65100:101

route-target import 65100:102

route-target import 65100:100

ip vrf BancoBank_ToSpoke

rd 65100:1

no route-target import 65100:100

route-target export 65100:100

- establish bgp with 125.45.67.22


R4 :

- Edit VRF details

ip vrf BancoBank_ToHub

rd 65100:2

no route-target export 65100:101

no route-target export 65100:102

no route-target export 65100:100

route-target import 65100:101

route-target import 65100:102

route-target import 65100:100

ip vrf BancoBank_ToSpoke

rd 65100:1

no route-target import 65100:100

route-target export 65100:100

- establish bgp with 125.45.67.26

- add ospf cost 50 in interface eth 2/0

R6 :
- add ospf cost 50 in interface eth 2/0

R10 :

- There is redis ospf 11 under bgp >> keep it

- ADD redis ospf 1 under bgp

SW 4 :

- add network 172.16.201.1 0.0.0.0 area 0 into ospf

PC 106 :

- ping from pc 106 to 172.16.200.200

R9 :

- add redist ospf 1 under bgp

PC 105 :

- ping 8.8.8.8

>> Failover Working

>> tracing working


---------------------------------------------------------

Tick 9

R21 :

- edit CPS ACL to allow ICMP , non-isakmp

ip access-list extended CPS

permit udp host 134.56.78.10 any eq isakmp

permit esp host 134.56.78.10 any

permit icmp any any

permit udp host 134.56.78.10 any eq non500-isakmp

R23 :

- add 192 access-list for NAT

R24 :

- add NAT-T

- inter tun 0 >> add R7 NBMA address

- enable ip domain lookup to test ping server1

R109 :
ping server1

!!!!

------------------------------------------------

Tick 10

R23 :

- edit the client-identifier for R108

- ip name-server 8.8.8.8

- ip dns server

R21 :

- Edit CPS ACL

permit tcp host 134.56.78.10 any established

R33 :

edit the ip host of www.cciecloud.net to be 192.168.1.4


--------------------------------

S-ar putea să vă placă și