Section 1: Bridging and Switching (16 Points)


Section 1.1: Frame Relay Configuration (5 Points)

  • Configure the Frame Relay portion of the network as shown in Figure 3-11 and ensure that DLCIs 110 and 104 between R1 and R6 are not used. Do not configure any subinterfaces, nor rely on inverse ARP, nor use the command broadcast in your configuration. Assume a CIR of 128 kbps per PVC for IGP reference.

The question clearly states that DLCIs 110 and 104 are not to be used and that you should not use subinterfaces; you must, therefore, configure your physical serial interfaces and disable inverse-arp on R1, R4, and R6. Your map statements under the physical interfaces must be configured without broadcast capability; hence, you will need to configure OSPF to unicast further on in the lab. You should configure a bandwidth statement of 128 kbps on each router to ensure that OSPF can assign an accurate cost to the Frame Relay connectivity. If you have configured these items correctly as shown in Example 3-1 through Example 3-3, you have scored 2 points.

Example 3-1. R1 Frame Relay Solution Configuration
 interface Serial0/1  bandwidth 128  ip address 10.100.100.1 255.255.255.240  encapsulation frame-relay  frame-relay map ip 10.100.100.2 101  frame-relay map ip 10.100.100.3 101  no frame-relay inverse-arp 

Example 3-2. R4 Frame Relay Solution Configuration
 interface Serial0/0  bandwidth 128  ip address 10.100.100.3 255.255.255.240  encapsulation frame-relay  frame-relay map ip 10.100.100.1 100  frame-relay map ip 10.100.100.2 102  no frame-relay inverse-arp 

Example 3-3. R6 Frame Relay Solution Configuration
 interface Serial5/0  bandwidth 128  ip address 10.100.100.2 255.255.255.240  encapsulation frame-relay  frame-relay map ip 10.100.100.1 103  frame-relay map ip 10.100.100.3 103  no frame-relay inverse-arp 

  • Configure the MTU on R1 and R6 to be 950 and leave the MTU on R4 as default.

Simply configure ip mtu 950 on R1 s0/1 and R6 s5/0; this will cause you issues with OSPF as forming an adjacency OSPF requires neighbors to have the same MTU configured. This is in addition to having the same OSPF area, the same type of area such as stub or NSSA, the same subnet and subnet mask, and the same OSPF Hello and Dead timer values. Example 3-4 shows the OSPF initialization state of R4 as it attempts to form an adjacency later on when OSPF is configured; without rectification, it will not progress past this point.

Example 3-4. R4 OSPF Adjacency Problems
 R4#sh ip ospf neigh Neighbor ID       Pri   State                  Dead Time   Address         Interface 10.6.6.6           1    EXCHANGE/DR            00:01:14    10.100.100.2    Serial0/0 N/A                1    ATTEMPT/DROTHER         -          10.100.100.1    Serial0/0 

Example 3-5 shows an OSPF adjacency debug from R1. It can be seen that R1 is aware that R4 has a larger MTU than itself and the adjacency cannot complete.

Example 3-5. R1 Debug OSPF Adjacency
 R1#debug ip ospf adj OSPF adjacency events debugging is on R1# 01:14:17: OSPF: Rcv DBD from 10.4.4.4 on Serial0/1 seq 0x581 opt 0x42 flag 0x7 len 32  mtu 1500 state EXSTART 01:14:17: OSPF: Nbr 10.4.4.4 has larger interface MTU 01:14:19: OSPF: Send DBD to 10.4.4.4 on Serial0/1 seq 0x1D9B opt 0x42 flag 0x7 len 32 01:14:19: OSPF: Retransmitting DBD to 10.4.4.4 on Serial0/1 [14] 01:14:22: OSPF: Rcv DBD from 10.4.4.4 on Serial0/1 seq 0x581 opt 0x42 flag 0x7 len 32  mtu 1500 state EXSTART 

By configuring ip ospf mtu-ignore on R1 and R6 under the physical Frame Relay interfaces, you can successfully form a neighbor relationship. Although the OSPF issue comes later in the lab if you have configured this correctly, you have scored 3 points. If you have only configured the MTU without the OSPF fix, you have scored 1 point.

Section 1.2: 3550 LAN Switch Configuration (10 Points)

  • Configure VLAN numbers, VLAN names, and port assignment as per the topology diagram.

The switch in this instance is isolated again as in Chapter 1 and 2 so there is no need to configure it as a VTP server. From the VLAN database, add the required VLANs and name them accordingly. You should note that you can not change the VLAN name of VLAN1. You must ensure that the port speed and duplex is fixed to 100 Mbps and full duplex if your routers support this; leaving your ports in auto mode could cause connectivity problems. If you have configured these items correctly as in Example 3-6, you have scored 2 points.

Example 3-6. 3550 Switch1 Initial Configuration
 Switch1#vlan database Switch1(vlan)#vlan 2 name VLAN2 VLAN 2 modified:     Name: VLAN2 Switch1(vlan)#vlan 3 name VLAN3 VLAN 3 modified:     Name: VLAN3 Switch1(vlan)#vlan 4 name VLAN4 VLAN 4 modified:     Name: VLAN4 Switch1(vlan)#vlan 5 name VLAN5 VLAN 5 modified:     Name: VLAN5 Switch1(vlan)#exit APPLY completed. Exiting.... hostname Switch1 ! enable password cisco interface FastEthernet0/1  switchport access vlan 2  switchport mode access  no ip address  duplex full  speed 100 ! interface FastEthernet0/2  switchport mode access  no ip address  duplex full  speed 100 ! interface FastEthernet0/3  switchport mode access  no ip address  duplex full  speed 100 ! interface FastEthernet0/4  switchport access vlan 3  switchport mode access  no ip address  duplex full  speed 100 ! interface FastEthernet0/5  switchport access vlan 4  switchport mode access  no ip address  duplex full  speed 100 ! interface FastEthernet0/6  switchport access vlan 2  switchport mode access  no ip address  duplex full  speed 100 ! interface FastEthernet0/7  switchport access vlan 5  switchport mode access  no ip address  duplex full  speed 100 ! interface FastEthernet0/8  switchport access vlan 2  switchport mode access  no ip address  duplex full  speed 100 ! interface FastEthernet0/9  switchport access vlan 5  switchport mode access  no ip address  duplex full  speed 100 

NOTE

The VLAN configuration is completed under Vlan database.


  • The switch should be configured to log all debug information locally in a method so that it will not be lost in the event of a reset, it should also contain a timestamp.

Information logged to the buffer would be lost in the event of a reset but you have the ability to log to Flash on the 3550. You will need to set the clock on the switch and configure timestamps for debugging. If you have configured this correctly as shown in Example 3-7, you have scored 2 points.

Example 3-7. 3550 Debug Logging Setup
 clock set 16:51:00 18 july 2004 Switch1#conf t Enter configuration commands, one per line.  End with CNTL/Z. Switch1(config)#service timestamps debug datetime Switch1(config)#logging file flash:debug.text debugging Switch1(config)#^Z Switch1#debug ip packet Switch1#sh flash Directory of flash:/     2  -rwx         316     Mar 01 1993 03:44:44  system_env_vars     3  -rwx          72       Jul  18 2004 16:51:35  debug.text     4  -rwx     3823261  Mar 01 1993 03:20:20  c3550-i5q3l2-mz.121-12c.EA1.bin     5  -rwx        3298     Mar 01 1993 01:48:12  config.text     6  -rwx         916      Mar 01 1993 00:00:35  vlan.dat     7  drwx         192     Mar 01 1993 00:02:57  c3550-i9q3l2-mz.121-11.EA1    22  -rwx           0      Mar 01 1993 03:44:44  env_vars    23  -rwx           5      Mar 01 1993 01:48:12  private-config.text 

NOTE

A debug command is issued to the switch to begin logging to flash for verification purposes.


  • Configure your switch not to allow R1 to Telnet into R6. Use VLAN2 addresses for your configuration. Your solution should be applied to the whole VLAN as opposed to individual ports.

If IP routing was running on the switch, you could simply configure an IP access list to block Telnet between the routers and apply this to the relevant interface but you are requested to apply your solution to the entire VLAN. This requires a VACL (VLAN access control list) as shown in Example 3-8, with the verification testing from R1. If you have configured this correctly, you have scored 3 points.

Example 3-8. 3550 VACL Configuration and Testing
 ip access-list extended telnet    permit tcp host 10.80.80.1 host 10.80.80.2 eq telnet    Exit ip access-list extended allowed   permit ip any any  exit vlan access-map no-R1-R6 10    match ip add telnet    action drop    exit vlan access-map no-R1-R6 20    match ip add allowed    action forward    exit vlan filter no-R1-R6 vlan 2 R1#ping 10.80.80.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.80.80.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms R1#telnet 10.80.80.2 Trying 10.80.80.2 ... % Connection timed out; remote host not responding 

  • Do not allow all ports on VLAN3 to multicast above 3 Mbps.

You may have initially thought of configuring rate limiting and matching the entire multicast IP address range but a much simpler method is available. You are required to configure storm control multicast level 3.00 under each interface on the switch that is connected to VLAN3, which is only port fe0/4 that connects to R4 fe0/0. If you are using routers with 10BASE-T interfaces, you should have configured the value to 30.00. If you have configured this correctly, you have scored 2 points.

  • Ensure the switch is reachable via the IP address of 10.80.80.8/24.

You will need to configure an ip default-gateway 10.80.80.1 onto the 3550; this could also point to 10.80.80.2. You will also have to create an additional VLAN interface of VLAN2 on the 3550 and configure an IP address of 10.80.80.8/24 under this new interface. If you have configured this correctly, you have scored 1 point.

Section 1.3: ATM Configuration (3 Points)

  • Configure the ATM PVCs as shown in Figure 3-12. Use point-to-point subinterfaces and use the new format PVC vpi/vci when configuring the PVCs. Ensure that the ATM subinterfaces contain purely Layer 2 information, configure virtual Layer 3 addresses elsewhere for the ATM connectivity, and make this connectivity as secure as possible. This configuration does not require any form of bridging.

You are faced with a similar configuration to that of the Frame Relay in Lab 2. Usually, you would keep your Layer 3 information under the subinterface but it can be configured in another place. The clues to the question are not configuring Layer 3 and making it secure. Again, the only way of achieving this is using PPP. ATM is capable of running PPP but it requires the encapsulation type aal5ciscoppp and the reference to a virtual-template interface. The virtual-template, which is by default a PPP interface, can then contain the Layer 3 address and CHAP statement required to make the PPP connection secure. You will also need a username and password as with ISDN CHAP. You should include the broadcast statement under your PVC configuration to ensure correct operation for your OSPF. If you have configured these items correctly as in Example 3-9 and Example 3-10, you have scored 3 points.

Example 3-9. R5 ATM and PPP Configuration
 username R6 password 0 cisco ! interface ATM3/0  no ip address  no atm ilmi-keepalive ! interface ATM3/0.99 point-to-point  pvc 0/99   protocol ip 10.99.99.1 broadcast   encapsulation aal5ciscoppp Virtual-Template1 ! interface Virtual-Template1  ip address 10.99.99.2 255.255.255.248  ppp authentication chap 

Example 3-10. R6 ATM and PPP Configuration
 username R5 password 0 cisco ! interface ATM1/0  no ip address  no atm ilmi-keepalive ! interface ATM1/0.99 point-to-point  pvc 0/99  protocol ip 10.99.99.2 broadcast  encapsulation aal5ciscoppp Virtual-Template1 ! interface Virtual-Template1  ip address 10.99.99.1 255.255.255.248  ppp authentication chap 




CCIE Routing and Switching Practice Labs
CCIE Routing and Switching Practice Labs
ISBN: 1587051478
EAN: 2147483647
Year: 2006
Pages: 268

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net