Section 1.1: Frame Relay Configuration (5 Points)
The question clearly states that DLCIs 110 and 104 are not to be used and that you should not use subinterfaces; you must, therefore, configure your physical serial interfaces and disable inverse-arp on R1, R4, and R6. Your map statements under the physical interfaces must be configured without broadcast capability; hence, you will need to configure OSPF to unicast further on in the lab. You should configure a bandwidth statement of 128 kbps on each router to ensure that OSPF can assign an accurate cost to the Frame Relay connectivity. If you have configured these items correctly as shown in Example 3-1 through Example 3-3, you have scored 2 points. Example 3-1. R1 Frame Relay Solution Configurationinterface Serial0/1 bandwidth 128 ip address 10.100.100.1 255.255.255.240 encapsulation frame-relay frame-relay map ip 10.100.100.2 101 frame-relay map ip 10.100.100.3 101 no frame-relay inverse-arp Example 3-2. R4 Frame Relay Solution Configurationinterface Serial0/0 bandwidth 128 ip address 10.100.100.3 255.255.255.240 encapsulation frame-relay frame-relay map ip 10.100.100.1 100 frame-relay map ip 10.100.100.2 102 no frame-relay inverse-arp Example 3-3. R6 Frame Relay Solution Configurationinterface Serial5/0 bandwidth 128 ip address 10.100.100.2 255.255.255.240 encapsulation frame-relay frame-relay map ip 10.100.100.1 103 frame-relay map ip 10.100.100.3 103 no frame-relay inverse-arp
Simply configure ip mtu 950 on R1 s0/1 and R6 s5/0; this will cause you issues with OSPF as forming an adjacency OSPF requires neighbors to have the same MTU configured. This is in addition to having the same OSPF area, the same type of area such as stub or NSSA, the same subnet and subnet mask, and the same OSPF Hello and Dead timer values. Example 3-4 shows the OSPF initialization state of R4 as it attempts to form an adjacency later on when OSPF is configured; without rectification, it will not progress past this point. Example 3-4. R4 OSPF Adjacency Problems R4#sh ip ospf neigh Neighbor ID Pri State Dead Time Address Interface 10.6.6.6 1 EXCHANGE/DR 00:01:14 10.100.100.2 Serial0/0 N/A 1 ATTEMPT/DROTHER - 10.100.100.1 Serial0/0 Example 3-5 shows an OSPF adjacency debug from R1. It can be seen that R1 is aware that R4 has a larger MTU than itself and the adjacency cannot complete. Example 3-5. R1 Debug OSPF AdjacencyR1#debug ip ospf adj OSPF adjacency events debugging is on R1# 01:14:17: OSPF: Rcv DBD from 10.4.4.4 on Serial0/1 seq 0x581 opt 0x42 flag 0x7 len 32 mtu 1500 state EXSTART 01:14:17: OSPF: Nbr 10.4.4.4 has larger interface MTU 01:14:19: OSPF: Send DBD to 10.4.4.4 on Serial0/1 seq 0x1D9B opt 0x42 flag 0x7 len 32 01:14:19: OSPF: Retransmitting DBD to 10.4.4.4 on Serial0/1 [14] 01:14:22: OSPF: Rcv DBD from 10.4.4.4 on Serial0/1 seq 0x581 opt 0x42 flag 0x7 len 32 mtu 1500 state EXSTART By configuring ip ospf mtu-ignore on R1 and R6 under the physical Frame Relay interfaces, you can successfully form a neighbor relationship. Although the OSPF issue comes later in the lab if you have configured this correctly, you have scored 3 points. If you have only configured the MTU without the OSPF fix, you have scored 1 point. Section 1.2: 3550 LAN Switch Configuration (10 Points)
The switch in this instance is isolated again as in Chapter 1 and 2 so there is no need to configure it as a VTP server. From the VLAN database, add the required VLANs and name them accordingly. You should note that you can not change the VLAN name of VLAN1. You must ensure that the port speed and duplex is fixed to 100 Mbps and full duplex if your routers support this; leaving your ports in auto mode could cause connectivity problems. If you have configured these items correctly as in Example 3-6, you have scored 2 points. Example 3-6. 3550 Switch1 Initial ConfigurationSwitch1#vlan database Switch1(vlan)#vlan 2 name VLAN2 VLAN 2 modified: Name: VLAN2 Switch1(vlan)#vlan 3 name VLAN3 VLAN 3 modified: Name: VLAN3 Switch1(vlan)#vlan 4 name VLAN4 VLAN 4 modified: Name: VLAN4 Switch1(vlan)#vlan 5 name VLAN5 VLAN 5 modified: Name: VLAN5 Switch1(vlan)#exit APPLY completed. Exiting.... hostname Switch1 ! enable password cisco interface FastEthernet0/1 switchport access vlan 2 switchport mode access no ip address duplex full speed 100 ! interface FastEthernet0/2 switchport mode access no ip address duplex full speed 100 ! interface FastEthernet0/3 switchport mode access no ip address duplex full speed 100 ! interface FastEthernet0/4 switchport access vlan 3 switchport mode access no ip address duplex full speed 100 ! interface FastEthernet0/5 switchport access vlan 4 switchport mode access no ip address duplex full speed 100 ! interface FastEthernet0/6 switchport access vlan 2 switchport mode access no ip address duplex full speed 100 ! interface FastEthernet0/7 switchport access vlan 5 switchport mode access no ip address duplex full speed 100 ! interface FastEthernet0/8 switchport access vlan 2 switchport mode access no ip address duplex full speed 100 ! interface FastEthernet0/9 switchport access vlan 5 switchport mode access no ip address duplex full speed 100 NOTE The VLAN configuration is completed under Vlan database.
Information logged to the buffer would be lost in the event of a reset but you have the ability to log to Flash on the 3550. You will need to set the clock on the switch and configure timestamps for debugging. If you have configured this correctly as shown in Example 3-7, you have scored 2 points. Example 3-7. 3550 Debug Logging Setupclock set 16:51:00 18 july 2004 Switch1#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch1(config)#service timestamps debug datetime Switch1(config)#logging file flash:debug.text debugging Switch1(config)#^Z Switch1#debug ip packet Switch1#sh flash Directory of flash:/ 2 -rwx 316 Mar 01 1993 03:44:44 system_env_vars 3 -rwx 72 Jul 18 2004 16:51:35 debug.text 4 -rwx 3823261 Mar 01 1993 03:20:20 c3550-i5q3l2-mz.121-12c.EA1.bin 5 -rwx 3298 Mar 01 1993 01:48:12 config.text 6 -rwx 916 Mar 01 1993 00:00:35 vlan.dat 7 drwx 192 Mar 01 1993 00:02:57 c3550-i9q3l2-mz.121-11.EA1 22 -rwx 0 Mar 01 1993 03:44:44 env_vars 23 -rwx 5 Mar 01 1993 01:48:12 private-config.text NOTE A debug command is issued to the switch to begin logging to flash for verification purposes.
If IP routing was running on the switch, you could simply configure an IP access list to block Telnet between the routers and apply this to the relevant interface but you are requested to apply your solution to the entire VLAN. This requires a VACL (VLAN access control list) as shown in Example 3-8, with the verification testing from R1. If you have configured this correctly, you have scored 3 points. Example 3-8. 3550 VACL Configuration and Testingip access-list extended telnet permit tcp host 10.80.80.1 host 10.80.80.2 eq telnet Exit ip access-list extended allowed permit ip any any exit vlan access-map no-R1-R6 10 match ip add telnet action drop exit vlan access-map no-R1-R6 20 match ip add allowed action forward exit vlan filter no-R1-R6 vlan 2 R1#ping 10.80.80.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.80.80.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms R1#telnet 10.80.80.2 Trying 10.80.80.2 ... % Connection timed out; remote host not responding
You may have initially thought of configuring rate limiting and matching the entire multicast IP address range but a much simpler method is available. You are required to configure storm control multicast level 3.00 under each interface on the switch that is connected to VLAN3, which is only port fe0/4 that connects to R4 fe0/0. If you are using routers with 10BASE-T interfaces, you should have configured the value to 30.00. If you have configured this correctly, you have scored 2 points.
You will need to configure an ip default-gateway 10.80.80.1 onto the 3550; this could also point to 10.80.80.2. You will also have to create an additional VLAN interface of VLAN2 on the 3550 and configure an IP address of 10.80.80.8/24 under this new interface. If you have configured this correctly, you have scored 1 point. Section 1.3: ATM Configuration (3 Points)
You are faced with a similar configuration to that of the Frame Relay in Lab 2. Usually, you would keep your Layer 3 information under the subinterface but it can be configured in another place. The clues to the question are not configuring Layer 3 and making it secure. Again, the only way of achieving this is using PPP. ATM is capable of running PPP but it requires the encapsulation type aal5ciscoppp and the reference to a virtual-template interface. The virtual-template, which is by default a PPP interface, can then contain the Layer 3 address and CHAP statement required to make the PPP connection secure. You will also need a username and password as with ISDN CHAP. You should include the broadcast statement under your PVC configuration to ensure correct operation for your OSPF. If you have configured these items correctly as in Example 3-9 and Example 3-10, you have scored 3 points. Example 3-9. R5 ATM and PPP Configurationusername R6 password 0 cisco ! interface ATM3/0 no ip address no atm ilmi-keepalive ! interface ATM3/0.99 point-to-point pvc 0/99 protocol ip 10.99.99.1 broadcast encapsulation aal5ciscoppp Virtual-Template1 ! interface Virtual-Template1 ip address 10.99.99.2 255.255.255.248 ppp authentication chap Example 3-10. R6 ATM and PPP Configurationusername R5 password 0 cisco ! interface ATM1/0 no ip address no atm ilmi-keepalive ! interface ATM1/0.99 point-to-point pvc 0/99 protocol ip 10.99.99.2 broadcast encapsulation aal5ciscoppp Virtual-Template1 ! interface Virtual-Template1 ip address 10.99.99.1 255.255.255.248 ppp authentication chap |