Вы находитесь на странице: 1из 14

Solved BY Ibrahim CCIE

Tick 1

SW2 :

- Edit ACL 1

no access-list 1 access-list 1 permit 172.0.0.0 0.255.255.255

----------------------------------------------------

Tick 2

R17

:

- enable encapsulation ppp

- ppp chap hostname UberMarket_Spoke_R17

- ppp chap password CCIEr0cks!

- ppp ipcp route default

- allow icmp in UBER_R17 ACL permit icmp any any

- allow telnet in UBER_R17 ACL permit tcp an host 145.67.89.22 eq 23

R11

:

- remove passive interface in Eigrp for Eth0/0

- int eth 2/0 no shut

Test Telnet from R11 to R17 >> Work

-------------------------------------------------------

Tick 3

R3

:

- no passive interface eth 0/0

R5

:

- no passive interface eth 0/0

- router-id 123.5.5.5

- max-metric router-lsa on-startup 5

R21 :

- interface eth 2/0 no shut

---------------------------------------------------------

Tick 4

R13 :

- no passive-interface eth 1/0

- no passive-interface eth 0/0

R12

:

- no passive-interface eth 1/0

- int eth 1/0 delay 100

------------------------------------------------------------

Tick 5

R2 :

- int eth 0/0 mpls ip

R1 :

- ip cef

R3 :

- route-map CPS permit 5

R5 :

- route-map NEXT-HOP permit 5

R4 :

- EDIT route-map MED Metric

route-map MED permit 10 match ip address 123 set metric 50 route-map MED permit 20 match ip address 134 set metric 500

---------------------------------------------------------

Tick 6

R114 :

- Int eth 0/0 ipv6 address autoconfig def

R25 :

- Establish BGP with AS 12345 via IPv6 address

- apply next-hop IPv6 using IPv4 address next-hop of R22

- Adv R25 IPv6 LAN into BGP

- Fix the ACL in S4/0 sequence 10 permit tcp an an

R22 :

- Establish BGP with 10001 in IPv6

- Establish BGP with R25 in IPv6

- apply next-hop IPv6 using IPv4 address next-hop of R25

- Fix the ACL in S4/0 sequence 10 permit tcp an an

R114 >> ping ipv6 2001:beef:cafe::26 !!!!!!

----------------------------------------------------------------

Tick 7

I got stuck for 2 hours only here !!!!! NEW issue came in here

R14 :

- fix the bgp neighbor password of INTERNAL peer group This issue was first time seen

- edit the ACL of R17 permit esp an host 145.67.89.22

- edit CPS ACL to allow ESP , udp non-isakmp , isakmp

- fix the DHCP pool of R18

R15 :

- ADD >> ip nhrp map multicast dynamic

- edit the ACL of CPS

permit 200.0.0.0 0.255.255.255 permit 215.0.0.0 0.255.255.255

- int tun 0 ip nhrp redirect

R17 :

- inter tun 0 ip nhrp shortcut

R18 :

- fix the nhrp multicast maping in tun 0

- edit R18 ACL to allow ESP , ICMP

- fix the tunnel nhrp authentication ubermark spelling

- add nhrp shoutcut in tunnel 0

- change the client-identifier in the DHCP pool of PC111

- Check R17,R18,19 >> LAN PCs to have the required IP

-----------------------------------

R7 :

- edit redist connected command resit connected route-map DENY ip prefix-list DENY seq 5 deny 0.0.0.0/0 le 32 route-map DENY permit 10 match ip address prefix-list DENY

- establish ibgp with R8 sourced loop 0

- next-hop-self with R8

- establish bgp with as 12345 via 125.45.67.21

- establish default-originate with 123.45.67.21

- add default route to 125.45.67.21

- fix the nat interfaces ( 0/0.123 0/0.124 >> inside ) ( 0/0.125

- edit the area range under ospf area 0 range 172.16.0.0 255.255.0.0 not-advertise

R8 :

outside )

- establish ibgp with R7 sourced loop 0

- next-hop-self with R7

- fix the bgp router-id

- add ip cef

- remove as-set in aggregate address under bgp

- establish bgp with as 12345 via 125.45.67.25

- add neighbor 123.45.67.25 default-originate route-map MED

- add ip nat inside source list 172 interface Ethernet0/0.125 ov

- fix nat interfaces

- add default route to 125.45.67.25

R3 :

- Edit VRF details

ip vrf BancoBank_ToHub rd 65100:2 no route-target export 65100:101 no route-target export 65100:102 no route-target export 65100:100 route-target import 65100:101 route-target import 65100:102 route-target import 65100:100

ip vrf BancoBank_ToSpoke rd 65100:1 no route-target import 65100:100 route-target export 65100:100

- establish bgp with 125.45.67.22

R4 :

- Edit VRF details

ip vrf BancoBank_ToHub rd 65100:2 no route-target export 65100:101 no route-target export 65100:102 no route-target export 65100:100 route-target import 65100:101 route-target import 65100:102 route-target import 65100:100

ip vrf BancoBank_ToSpoke rd 65100:1 no route-target import 65100:100 route-target export 65100:100

- establish bgp with 125.45.67.26

- add ospf cost 50 in interface eth 2/0

R6 :

-

add ospf cost 50 in interface eth 2/0

R10 :

- There is redis ospf 11 under bgp >> keep it

- ADD redis ospf 1 under bgp

SW 4 :

- add network 172.16.201.1 0.0.0.0 area 0 into ospf

PC 106 :

- ping from pc 106 to 172.16.200.200

R9 :

- add redist ospf 1 under bgp

PC 105 :

- ping 8.8.8.8

>> Failover Working >> tracing working

---------------------------------------------------------

Tick 9

R21 :

- edit CPS ACL to allow ICMP , non-isakmp

ip access-list extended CPS permit udp host 134.56.78.10 any eq isakmp permit esp host 134.56.78.10 any permit icmp any any permit udp host 134.56.78.10 any eq non500-isakmp

R23 :

- add 192 access-list for NAT

R24 :

- add NAT-T

- inter tun 0 >> add R7 NBMA address

- enable ip domain lookup to test ping server1

R109 :

ping server1

!!!!

------------------------------------------------

Tick 10

R23 :

- edit the client-identifier for R108

- ip name-server 8.8.8.8

- ip dns server

R21 :

- Edit CPS ACL permit tcp host 134.56.78.10 any established

R33 :

edit the ip host of www.cciecloud.net to be 192.168.1.4

--------------------------------