RonishPokhrel 6365387 ICTNWK603 T2

Assessment -2
ICTNWK603 Plan, configure and test advanced internetwork routing solutions
Student Must Fill this Section

Student Name: Ronish Pokhrel
Student ID: Term: 01 Year: 2021
6365387
Privacy
“I give my permission for my assessment material to be used in the
Release
auditing, assessment validation & moderation Process”.
Clause:
“I declare that:
Authenticity  The material I have submitted is my own work;
Declaration:  I have given references for all sources of information that are
not my own, including the words, ideas and images of others”.
Student Signature:
Date: 21/02/2021
Ronish Pokhrel
Assessment Outcome
Assessor Name: Tanvir Alam
Not-Yet Assessor
Attempt Competent Date
Competent Signature
Initial attempt  
2nd attempt/Re-
assessment  
WSC-ASS ICTNWK603-V1.3-10112019 Page | 1
International College of Australia Pty Ltd T/A Western Sydney College

RTO: 45360 | CRICOS: 03690M
Information for Student:
 All work is to be entirely of the student.
General Information for this assessment:
 Read the instructions for each question very carefully.

 Be sure to PRINT your FIRST name & LAST name in every place that is provided.
 Short questions must be answered in the spaces provided.
 For those activities requesting extra evidence such as: research reports, essay reports, etc. The student
must attach its own work formatted in double space, Arial 12 pts.
 All activities must be addressed correctly in order to obtain a competence for the unit of competency.
 If the student doesn’t understand the assessment, they can request help from the assessor to interpret the
assessment.
 Re-submission of assessment after the term will incur additional fees.
Re-assessment of Result& Academic Appeal procedures:
If a student is not happy with his/ her results, that student may appeal against their grade via a written letter, clearly
stating the grounds of appeal to the Chief Executive Officer. This should be submitted after completion of the subject
and within fourteen days of commencement of the new term.
Re-assessment Process:
 An appeal in writing is made to the Academic Manager providing reasons for re-assessment /appeal.
 ACADEMIC MANAGER will delegate another member to review the assessment.
 The student will be advised of the review result done by another assessor.
 If the student is still not satisfied and further challenges the decision, then a review panel is formed
comprising the lecturer/trainer in charge and the ACADEMIC MANAGER or if need be an external
assessor.
 The Institute will advise the student within 14 days from the submission date of the appeal. The decision of
the panel will be deemed to be final.
 If the student is still not satisfied with the result, he / she has the right to seek independent advice or follow
external mediation option with nominated mediation agency.
 Any student who fails a compulsory subject or appeals unsuccessfully will be required to re-enrol in that
subject.
The cost of reassessment will be borne by the Institute. The external assessor will base his/her judgement based on
principles of assessment. These principles require assessment to be reliable, fair, practical and valid.
Academic Appeals:
 If you are dissatisfied with the outcome of the re-evaluation process, you have a right to appeal through
academic appeals handling protocol.
 To appeal a decision, the person is required to complete the WSC- Request for Appeal of a Decision form
with all other supporting documents, if any. This form is available via our website. The completed Request
for Appeal form is to be submitted to the Student Support Officer either in hard copy or electronically via the
following contact details:
Student Support Officer, Western Sydney College (WSC), 55 High St, Parramatta NSW 2150, Email:
Complaints@wsc.nsw.edu.au
 The notice of appeal should be in writing addressed to the Chief Executive Officer and submitted within
seven days of notification of the outcome of the re-evaluation process.
 If the appeal is not lodged in the specified time, the result will stand and you must re-enrol in the unit.
 In emergency circumstances, such as in cases of serious illness or injury, you must forward a medical
certificate in support of a deferred appeal. The notice of appeal must be made within three working days of
the concluding date shown on the medical certificate.
 The decision of Chief Executive Officer will be final.
 Student would then have the right to pursue the claim through an independent external body as detailed in
the students’ complaint / grievance policy.

RTO: 45360 | CRICOS: 03690M
Assessment Task 2:
1. Define network resources required for implementing a complex distance-
vector routing protocol solution. Also describe a multi-area link-state routing
protocol solution and an exterior routing protocol solution on a network
A distance-vector routing protocol in data networks determines the best route for data
packets based on distance. Distance-vector routing protocols measure the distance by the
number of routers a packet must pass, one router counts as one hop. Some distance-
vector protocols also consider network latency and other factors that influence traffic on a
given route. To determine the best route across a network, routers, on which a distance-
vector protocol is implemented, exchange information with one another, usually routing
tables plus hop counts for destination networks and possibly other traffic information.
Distance-vector routing protocols also require that a router informs its neighbours of
network topology changes periodically.
Link-state routing protocols are one of the two main classes of routing protocols used in
packet switching networks for computer communications, the other being distance-vector
routing protocols. Examples of link-state routing protocols include Open Shortest Path
First (OSPF) and Intermediate System to Intermediate System (IS-IS). The link-state
protocol is performed by every switching node in the network (i.e., nodes that are
prepared to forward packets; in the Internet, these are called routers). The basic concept
of link-state routing is that every node constructs a map of the connectivity to the network,
in the form of a graph, showing which nodes are connected to which other nodes. Each
node then independently calculates the next best logical path from it to every possible
destination in the network. Each collection of best paths will then form each node's routing
table.
REF: https://en.wikipedia.org/wiki/Link-state_routing_protocol
2. Create and implement separate protocol implementation plans and

verification plans for each routing solution
The Table of Routing
Awareness of the routing table in detail is very important for troubleshooting network
problems. The awareness of the routing table model and the interview protocol will help a
lot to resolve the problems in order to identify the routing table problem. The routing table
consists of directly linked networks and various paths that are permanently or statically
learned.
Table Entries for Routing

RTO: 45360 | CRICOS: 03690M
Figure 1: Topology Sample
So, in the topology given, note that:
 The R1 router is linked to the Internet, and is connected to the default R2 and R3
static paths.
 There is a discrete network composed of R1, R2, R3, divided by one more classic
network.
 R3 introduces the super net path.
Records from the routing table provide the following information:
 Source of the route - it is described here that it has learned how to navigate. It
has strongly linked interfaces with two source codes for routes. Where C attempts
to determine the system that is connected directly, L allows to find the local path.
The automatically created local path is initialized with an active IP address when
an interface occurs.
 Destination Network - Displays the address of the different site and illustrates
how the network is connected.
 Outgoing network - it aims to clarify the platform where packets are sent to the
assets refer for exit.
The router usually has several designed interfaces. The data that is contained in the
routing table is about both remote and directly related paths. The source of the route will
identify how the routes were taught, since it is directly related to networks. Below are the
typical codes used for wireless systems:
S - It serves to clarify that an operator directly establishes the routes to access a network.
Known as route static.
D - It normally figures out how the path was discovered by using the EIGRP routing
mechanism from some other device.
O - Typically, it is used to describe how the path was learned statically from another router
using the OSPF routing mechanism.
R - Generally, it is used to describe how the path was discovered creatively using the RIP
routing protocol from some other router.
Next is Remote Network entries:

RTO: 45360 | CRICOS: 03690M
Figure 2: Remote network route entry on R1
The entry contains the data as follows:
 Source of the route - it helps to find out how it has been taught.
 Destination network - specifies the address of the remote network.
 Administrative distance - locates the paths of trustworthiness
 Metric - defines the values that are allocated to the virtual network's scope.
 Next Hop - Specifies the IPv4 address of the next network to which the packet is
to be forwarded.
 Path timestamp - used to discover when the path used has been last identified.
 Outgoing interface - connected with the response following for all the packet to
be passed to its endpoint.
3. Authenticate and test the routing protocol solution

There are two general ways that authentication is implemented by most routing protocols:
using a routing protocol centric solution that configures the passwords or keys to use
within the routing protocol configuration, or by using a broader solution that utilizes
separately configured keys that are able to be used by multiple routing protocols. Both
OSPF and BGP use the prior of these methods and configure the specific authentication
type and passwords/keys within their specific respective configurations. RIP and EIGRP
utilize the former of these methods by utilizing a separate authentication key mechanism
that is configured and then utilized for either RIP or EIGRP.

RTO: 45360 | CRICOS: 03690M

RTO: 45360 | CRICOS: 03690M
4. Record the results of the routing protocol solution implementation and
verification plans for each solution
The outcomes of the development and confirmation strategies of the routing protocol
solution are as follows:
Drawings L1/L2
It is important to begin with the network diagrams first. So, to link visually, there will be
L1/L2 sketches and there is a network configuration. This drawing must also be included
with all the network equipment and the firewall needed. And in drawing, if you have an
Ether bridge between two devices, it must also be obvious. And illustration must display
the interfaces at either end of the connection. Therefore, if the forms can be used as
rectangles for switches or other devices, hexagrams can be used as a router for the
firewall and circle. This is very simple to draw, and the shapes can be positioned with
information and data. The host name, system model or management IP may be included
in the details. Our records need to be this sort, it will easily demonstrate how the network
is going to be related. The following are examples:
Drawing L3
Each computer that is in the system with networking must be involved in this layer design.
And if there are computers currently holding off on a router in layer 2, so there is no need
to have them as layer 3. All of this will assist the new reader to view the network. Layer 3
drawings are very useful for troubleshooting any problems or modifications that the
networks might need. Rather than using physical ones, logical graphs are more
advantageous and valuable.
Thus, below is the data to be depicted in layer 3 Drawings;
It is important to understand what form of data is provided in L3. If we don't know what and
how to add or not, then it is possible to mix data and make pointless diagrams. The results
found must be used to construct a useful diagram:
Subnetworks
 VLAN IDs

RTO: 45360 | CRICOS: 03690M
 role definition and its subnet mask
 The names of the appliances
L3 appliances
 Routers, firewalls and VPN computers
 The users' IP addresses
 Interfaces o Interfaces
 The most critical servers, such as DNS/ FTP servers.
Data on routing protocol
Now, let's compile the data and imagine it in the sketches:
The step by step method of drawing is as follows:
There was a collection process:

1. What we must do first one is access the command line.
2. Last, each IP address for both the frameworks needs to be picked up. Thus, in the
given case, you only have one address, i.e. 192.168.10.11 and 255.255.255.128
subnet mask. The description of the application is vlan250, and vlan250 is called
In-mgmt.
3. Afterwards, get every static route from of the setup. There is only one source
address IP in the specified situation, and that is 192.168.10.1.
Step of Drawing
1. View all the picked-up data here first. Insert the computer called ASW1, then. It
appears to be a change; we'll use the symbol for the rectangle switch here.
2. 2. After that, you need to draw a subnet as a pipe and supply it with the In-mgmt
VLAN-ID 250 name and the 192.168.10.0/25 network address.
3. 3. Next, ASW1 and subnet indications link together.
4. 4. Then attach the text box on the ASW1 line and apply the subnet symbol to it.
There, just write a conceptual application IP address and name in the text field,
vlan250 will be the name of the interface throughout the given instance and 11
may be the last octet of the IP address.
5. We now know there is another computer that has a subnet connection: In-mgmt.
We don't recognize the device's name here, so we're going to write down the IP
address.
For now, we will have the following image:

RTO: 45360 | CRICOS: 03690M
Continue and repeat the cycle in order for each computer required in the system after all
of this first diagram. Take out all the IP-related details and visualize it in the same image.
When we are all finished with any network unit, we will begin to find out about data that
has not yet been cleared. And using the MAC and ARP columns, it can be checked if
there is a computer in a position or not.
You will get a final diagram after all the steps, as follows:

RTO: 45360 | CRICOS: 03690M
It is easy to draw a practical diagram if we know the necessary and exact form. This can
easily be seen to be a manual method and time-consuming, but no magic can occur.
When we have completed the L3 diagram, we can conveniently keep it up to date.
Consequently, as follows, it is very beneficial:
 If the plan changes abruptly, then the consumer can change it in a precise and
rapid way.

RTO: 45360 | CRICOS: 03690M
 As compared to before, troubleshooting would be simpler if some issue arises.
 The firewall rules can be maintained correctly. Often there is a case where there
are firewall traffic rules, but they will not be routed. Then it will clearly demonstrate
that it does not know the logical topology.
 The sections are not logically identical after creating the layer 3 diagram.
5. Identify the network resources needed for implementing IPv6 on a network

IPv6 is a powerful enhancement to IPv4 with features that better suit current and
foreseeable network demands, including the following:
 Larger address space—IPv6 addresses are 128 bits, compared to IPv4's 32 bits.
This larger address space provides several benefits, including improved global
reachability and flexibility; the ability to aggregate prefixes that are announced in
routing tables; easier multihoming to several Internet service providers (ISPs);
autoconfiguration that includes link-layer addresses in the IPv6 addresses for "plug
and play" functionality and end-to-end communication without network address
translation (NAT); and simplified mechanisms for address renumbering and
modification.
 Simplified header—A simpler header provides several advantages over IPv4,
including better routing efficiency for performance and forwarding-rate scalability;
no requirement for processing checksums; simpler and more efficient extension
header mechanisms; and flow labels for per-flow processing with no need to
examine the transport layer information to identify the various traffic flows.
 Support for mobility and security—Mobility and security help ensure compliance
with mobile IP and IP security (IPsec) standards.
Mobility enables people to move around in networks with mobile network devices,
with many having wireless connectivity. Mobile IP is an Internet Engineering Task
Force (IETF) standard available for both IPv4 and IPv6 that enables mobile
devices to move without breaks in established network connections. Because IPv4
does not automatically provide this kind of mobility, supporting it requires additional
configurations.
In IPv6, mobility is built in, which means that any IPv6 node can use it when
necessary. The routing headers of IPv6 make mobile IPv6 much more efficient for
end nodes than mobile IPv4 does.
IPsec is the IETF standard for IP network security, available for both IPv4 and
IPv6. Although the functions are essentially identical in both environments, IPSec
is mandatory in IPv6. IPSec is enabled and is available for use on every IPv6
node, making the IPv6 Internet more secure. IPSec also requires keys for each
device, which implies global key deployment and distribution.

RTO: 45360 | CRICOS: 03690M
 Transition richness—There are a variety of ways to transition IPv4 to IPv6.
One approach is to have a dual stack with both IPv4 and IPv6 configured on the interface
of a network device.
Another technique uses an IPv4 tunnel to carry IPv6 traffic. One implementation is IPv6-
to-IPv4 (6-to-4) tunnelling. This newer method (defined in RFC 3056, Connection of IPv6
Domains via IPv4 Clouds) replaces an older technique of IPv4-compatible tunneling (first
defined in RFC 2893, Transition Mechanisms for IPv6 Hosts and Routers, which has been
made obsolete by RFC 4213, Basic Transition Mechanisms for IPv6 Hosts and Routers).
Cisco IOS Software Version 12.3(2)T (and later) also allows NAT protocol translation
(NAT-PT) between IPv6 and IPv4, providing direct communication between hosts that are
using the different protocol suites.
Ref: https://www.networkworld.com/article/2298543/chapter-10--implementing-ipv6.html
6. Create an implementation plan and a verification plan for an IPv6-based

network solution
The next IPAM characteristic is planning using the discovery information. These plans can
be as simple as tests, or full blown projects for deployment. From the discovery, they can
include what to purchase for upgrade or replacement of hardware or software, training
classes to support administrators and users, or a high level complete organization
requirements plan. The main idea though is to determine what must be changed or
modified, and how best to accomplish these tasks for the least time and cost.
As suggested earlier in this document, integrating IPv6 migration into existing
technology plans removes the need to do things twice, which reduces both time and cost
immediately, and implementing the migration over a period of time. This will also include
teams and roles designed specifically to accomplish these tasks, tackling the overall
migration as a team with a structure. If planning is done effectively, IPAM will be able to
assist when it is complete by tracking IPv6 the same way it did with IPv4 except for the
details of hardware and software. It will know where the IPv6 networks are, its DHCP
ranges, and be able to show them logically. It is important to note that this piece of IPAM
is rather technical and works best with expertise. If resources are not available in your
organization, it is best to work with an IPAM expert and solution provider. It is far better to
add a small cost now rather than a large one later.

RTO: 45360 | CRICOS: 03690M
With the planning phases complete, it’s time to implement dual stacking. The main
components here are utilizing all the IPAM information up to this point and follow the plan
to a successful implementation. Of course, no one can ever plan for everything, and there
could be errors despite the most careful planning, or unforeseen circumstances can arise.
IPAM is ready to assist here as well by quickly configuring new IPv6 address segments,
which should work automatically due to IPv6 DNS being part of the implementation.
Otherwise, this will need to be done manually. After implementation, it is important to
check network features to ensure they are working properly. Items such as security
policies and other IPv4 specific dependant systems may need to be modified to address
any connection or vulnerability issues.
Ref: https://www.6connect.com/resources/preparing-a-network-for-ipv6/
7. Construct IPv6 routing and IPv6 interoperation with IPv4
IPv6 routing and IPv6 interoperation with IPv4
Dual-Stack Network
Dual stack is a transition technology in which IPv4 and IPv6 operate in tandem over
shared or dedicated links. In a dual-stack network, both IPv4 and IPv6 are fully deployed
across the infrastructure, so that configuration and routing protocols handle both IPv4 and
IPv6 addressing and adjacencies.
Although dual-stack may appear to be an ideal solution, it presents two major deployment
challenges to enterprises and ISPs:
• It requires a current network infrastructure that is capable of deploying IPv6. In many
cases, however, the current network may not be ready and may require hardware and
software upgrades.
• IPv6 needs to be activated on almost all the network elements. To meet this
requirement, the existing network may need to be redesigned, posing business continuity
challenges.
Tunneling
Using the tunneling option, organizations build an overlay network that tunnels one
protocol over the other by encapsulating IPv6 packets within IPv4 packets and IPv4
packets within IPv6 packets. The advantage of this approach is that the new protocol can
work without disturbing the old protocol, thus providing connectivity between users of the
new protocol.
Tunneling has two disadvantages, as discussed in RFC 6144:
• Users of the new architecture cannot use the services of the underlying infrastructure.

RTO: 45360 | CRICOS: 03690M
• Tunneling does not enable users of the new protocol to communicate with users of the
old protocol without dual-stack hosts, which negates interoperability.
Translation
Address Family Translation (AFT), or simply translation, facilitates communication
between IPv6-only and IPv4-only hosts and networks (whether in a transit, an access, or
an edge network) by performing IP header and address translation between the two
address families.
AFT is not a long-term support strategy; it is a medium-term coexistence strategy that can
be used to facilitate a long-term program of IPv6 transition by both enterprises and ISPs.
Ref: https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/enterprise-ipv6-
solution/white_paper_c11-676278.html
8. Authenticate and test the IPv6 solution. After authenticating IPv6 solution,
make amendments if necessary
Introducing Setup Exercises:
The network, comprising two pods, each with four routers, is imagined in the setup
experiments. Via a backbone, the two pods supported are interconnected. Yet another
aspect is there is no need for contact between different pods. One more aspect is there
is no need for contact between different pods. But if the user has configured it, certain
routes might be accessible from some other pod throughout the routing tables. The
mainline used to have just one router in nearly every exercise, but in a few instances,
the user has to connect another router to the framework.
If the experiment goes through, the X is described as the number of the pod where the
modem number is referred to Y.
Objective visual
The topology that is used in the exercise has been demonstrated in the given picture.
The format used in this IPv6 address exercise is 2001:0410:000x:/64 eui-6, where:
 x = pod number
 z = 1 for the Fast Ethernet 0/0 interfaces between PxR1 and PxR3
 z = 2 for the Fast Ethernet 0/0 interfaces between PxR2 and PxR4
 z = 3 for the Serial 0/0/1 interface between PxR1 and PxR2
 z = 4 for the Serial 0/0/0 interfaces between PxR3 and PxR4
The IPv4 addresses remain in place.

RTO: 45360 | CRICOS: 03690M
Figure 1: Configuration exercise topology of IPv6 addressing
Command List
Throughout this experiment, the user uses the commands that are listed in table below
and are listed in a logical sequence.
ATTENTION- While this table shows the command syntax, the addresses displayed are
usually for PxR1 and PxR3 routers. When addressing your routers, be patient! To
answer the specifics, refer to the exercise directions and the relevant visual purpose
diagram.
Command Description
(config)#ipv6 unicast Enables IPv6 traffic forwarding.

routing
(config)#ipv6 cef Enables CEFv6.
(config-if)# ipv6 address Enables an IPv6 address on an interface (with the

2001:0410:000x:z::/64 eui- format specified earlier in this exercise) and forces
64 the router to complete the addresses' low-order 64-bit
by using the interface's link-layer address (MAC
address) in EUI-64 format.
#show ipv6 interface Displays IPv6 information about an interface.
(config)#ipv6 router ospf Enables the OSPFv3 process 100 on the router.
100
(config-rtr)#router-id Defines the OSPF router-id.

10.200.200.xy
(config-if)#ipv6 ospf 100 Identifies the IPv6 prefix assigned to this interface as
area 0 part of the OSPFv3 network for process-id 100 in

RTO: 45360 | CRICOS: 03690M
area 0.
#show ipv6 ospf interface Displays IPv6 OSPF information about an interface.
#show ipv6 ospf neighbour Displays IPv6 OSPF neighbor information.
#show ipv6 route Displays the IPv6 routing table.
#show cdp neighbour Displays detailed CDP neighbor information.

detail
#show ipv6 interface brief Displays a brief list of IPv6 interface information.
Task 1: cleaning-up
Here, the user will remove multicast routing, and the pod will be separated from the
routers that are added to the backbone.
There must be steps to follow:
 Delete the multicast setup from all pod adapters by using the No ip multicast-
routing global configuration button. And multicast configuration must be removed
from all configurations that were allowed by using the no ip pim sparse-dense-
mode command.
 On PxR1, with the no ip pim send-rp-announce loopback0 scope 3 command
and the no ip pim send-rp-discovery loopback0 scope 3 command, delete the
auto-rp setup.
 Disable the join messages with the no ip igmp join-group 224.x.x.x command on
the FastEthernet 0/0 interface on PxR4, where x is your pod number.
 Shut down Serial 0/0/0 on edge routers; IPv6 will not be used on the heart.
The Solution:
How to perform the necessary steps on the P1R1 and P1R4 routers is shown below:
P1R1(config)#no ip multicast-routing
P1R1(config)#int loopback0
P1R1(config-if)#no ip pim sparse-dense-mode
P1R1(config-if)#int fa0/0
P1R1(config-if)#int s0/0/0.1
P1R1(config-subif)#no ip pim sparse-dense-mode
P1R1(config-subif)#int s0/0/1
P1R1(config-if)#exit
P1R1(config)#no ip pim send-rp-announce Loopback0 scope 3
P1R1(config)#no ip pim send-rp-discovery Loopback0 scope 3
P1R1(config)#int s0/0/0
P1R1(config-if)#shutdown
P1R4(config)#no ip multicast-routing
P1R4(config)#int loopback0

RTO: 45360 | CRICOS: 03690M
P1R4(config-if)#int s0/0/0
P1R4(config-if)#no ip igmp join-group 224.1.1.1
Task 2: IPv6 Configuration

Here, in the second task, users allow IPv6 on the router globally, and IPv6 addresses
are configured on all interfaces that are not shut down.
After that, the following address format is used in this assignment:
2001:0410:000x:1::/64 eui-64 or 2001:0410:000x:2::/64 eui-64, where fast Ethernet
interfaces are used.
 x = number of pods
 For odd router numbers, :1 is (PxR1 and PxR3)
 :2 is also for router numbers: (PxR2 and PxR4)
The Fa0/0 IPv6 address on P1R4, for example, will be: 2001:0410:0001:2::/64. The:1
or:2 is the subnet portion of your IPv6 address, so it is essential, for instance, that the
Fa0/0 interfaces of PxR1 and PxR3 are on the same subnet.
The serial interface 0/0/1 for the network devices and the serial interface 0/0/0 for the
inner routers will be using the following address format: 2001:0410:000x:3::/64 eui-64 or
2001:0410:000x:4::/64 eui-64, respectively.
 x = number of pods
 For edge routers,:3 is for (PxR1 and PxR2)
 For the internal routers, •:4 is (PxR3 and PxR4)
The S0/0/1 IPv6 address on P1R1, for instance, will be: 2001:0410:0001:3::/64. The:3
or:4 on the serial interface is the subnet portion of your IPv6 address.
In Table 10-10, write down the IPv6 addresses for each of your routers.
Table IPv6 Addresses

Route Fa0/0 Address S0/0/0 or S0/0/1 Address
r
PxR1
PxR2
PxR3
PxR4
Follow the steps below:

The boundary and inner routers should be designed as follows:
1. Activate IPv6 and CEFv6 on all routers in each pod.
2. Configuring an IPv6 global address on all Fa0/0 interfaces
3. Install the global IPv6 address on the edge router S0/0/1 interface and the
internal router S0/0/0 interface.

RTO: 45360 | CRICOS: 03690M
The Solution:
The appropriate steps on the P1R1 router are shown below:
P1R1(config)#ipv6 unicast-routing
P1R1(config)#ipv6 cef
P1R1(config)#int fa0/0
P1R1(config-if)#ipv6 address 2001:0410:0001:1::/64 eui-64
P1R1(config-if)#ipv6 address 2001:0410:0001:3::/64 eui-64
To validate that the required configurations on all routers are configured with an
IPv6 address, show the IPv6 knowledge management.
Can you see an IPv6 address on these interfaces that you haven't installed? If so,
what's the address there?
The Solution:
The chapter provides the P1R1 router's sample output. IPv6 addresses with both the
required prefix and application ID in the EUI-64 format have been configured. On the
protocols, a link-local address has also been configured; for example, on P1R1 Fa0/0,
FE80::216:46FF:FE50:C470.0 is the link-local address.
P1R1#show ipv6 interface
FastEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::216:46FF:FE50:C470
No Virtual link-local address(es):
Global unicast address(es):
2001:410:1:1:216:46FF:FE50:C470, subnet is 2001:410:1:1::/64 [EUI]
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF50:C470
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachable are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND advertised reachable time is 0 milliseconds
ND advertised retransmit interval is 0 milliseconds
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
ND advertised default router preference is Medium
Hosts use stateless autoconfigure for addresses.
Serial0/0/1 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::216:46FF:FE50:C470
No Virtual link-local address(es):
Global unicast address(es):
2001:410:1:3:216:46FF:FE50:C470, subnet is 2001:410:1:3::/64 [EUI]
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF50:C470
MTU is 1500 bytes

RTO: 45360 | CRICOS: 03690M
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachable are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
Hosts use stateless autoconfigure for addresses.
P1R1#
Task 3: Allow OSPF IPv6

You allow IPv6 OSPF on all of the pod routers in this mission.
Follow the steps below:
1. Trigger OSPF for IPv6 internationally on each routers in your pod and set the router
ID to be same quality as the IPv4 address of the routing protocol 0 interface.
2. Enable OSPF IPv6 in area 0 on all FastEthernet and Serial interfaces available
(those that are not shut down).
The Solution:
The appropriate steps on the P1R1 router are shown below:
P1R1(config)#ipv6 router ospf 100
P1R1(config-rtr)#router-id 10.200.200.11
P1R1(config-rtr)#int fa0/0
P1R1(config-if)#ipv6 ospf 100 area 0
3. To confirm that you have allowed OSPF for IPv6 on your routers, show the IPv6
OSPF interface information.
The Solution:
The following shows the sample performance on the P1R1 router; on all interfaces,
OSPF for IPv6 is allowed, with process ID 100 in area0.0.
P1R1#show ipv6 ospf interface
Serial0/0/1 is up, line protocol is up
Link Local Address FE80::216:46FF:FE50:C470, Interface ID 7
Area 0, Process ID 100, Instance ID 0, Router ID 10.200.200.11
Network Type POINT_TO_POINT, Cost: 781
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:09
Index 1/2/2, flood queue length 0
Next 0x0(0)/0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 4
Last flood scan time is 0 mesc, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 10.200.200.12
Suppress hello for 0 neighbor(s)
FastEthernet0/0 is up, line protocol is up
Link Local Address FE80::216:46FF:FE50:C470, Interface ID 4
Area 0, Process ID 100, Instance ID 0, Router ID 10.200.200.11

RTO: 45360 | CRICOS: 03690M
Network Type BROADCAST, Cost: 1
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 10.200.200.11, local address FE80::216:46FF:FE50:C470
Backup Designated router (ID) 10.200.200.13, local address FE80::216:46FF:FE10
:FDB0
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:03
Index 1/1/1, flood queue length 0
Next 0x0(0)/0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 4
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 10.200.200.13 (Backup Designated Router)
Suppress hello for 0 neighbor(s)
4.Verify that you see your OSPFv3 neighbors.
Solution:
The following shows sample output on the P1R1 router; both neighbors are displayed.
P1R1#show ipv6 ospf neighbor
Neighbor ID Pri State Dead Time Interface ID Interface

10.200.200.12 1 FULL/ - 00:00:30 7 Serial0/0/1
10.200.200.13 1 FULL/BDR 00:00:36 4 FastEthernet0/0
P1R1#
5.View the IPv6 routing table on your routers.
Solution:
The following shows sample output on the P1R1 router.
P1R1#show ipv6 route

IPv6 Routing Table - 8 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
C 2001:410:1:1::/64 [0/0]
via ::, FastEthernet0/0
L 2001:410:1:1:216:46FF:FE50:C470/128 [0/0]
O 2001:410:1:2::/64 [110/782]
via FE80::216:46FF:FE10:FC00, Serial0/0/1
C 2001:410:1:3::/64 [0/0]
via ::, Serial0/0/1
L 2001:410:1:3:216:46FF:FE50:C470/128 [0/0]
via ::, Serial0/0/1
O 2001:410:1:4::/64 [110/782]
via FE80::216:46FF:FE10:FDB0, FastEthernet0/0
L FE80::/10 [0/0]

RTO: 45360 | CRICOS: 03690M
via ::, Null0
L FF00::/8 [0/0]
via ::, Null0
P1R1#
Ref: https://www.hindawi.com/journals/scn/2017/5838657/
9. Document results of IPv6 implementation. You have to document the

verification plans as well.
To configure the IPv6 tunnel manually, the exercise is as follows.
In the table listed, commands are displayed. Command syntax is also shown in the
table, usually for PxR1 and PxR3 routers. Here, we have to very closely approach the
router.
Command Description
(config)#interface tunnel 0 Specifies a tunnel interface number (0) on which to

enable a configured tunnel.
(config-if)#ipv6 address Statically assigns an IPv6 address and a prefix length to

2001:410:x:A::y/64 the tunnel interface.
(config-if)#tunnel source Defines the local IPv4 address used as the source
10.x.0.y address for the tunnel interface.
(config-if)#tunnel Defines the tunnel endpoint's destination IPv4 address;

destination 10.x.0.y in other words, the address of the remote end of the
tunnel.
(config-if)#tunnel mode Specifies a manual IPv6 tunnel.

ipv6ip
(config-if)#ipv6 ospf 100 Identifies the IPv6 prefix assigned to this interface as
area 0 part of the OSPFv3 network for process 100 in area 0.
#show interface tunnel 0 Displays information about the tunnel 0 interface.

RTO: 45360 | CRICOS: 03690M
#show run | begin interface Displays the running configuration, starting at the words
Tunnel "interface Tunnel."
#show ipv6 route Displays the IPv6 routing table.
#clear counters tunnel 0 Clears the counters displayed in the show interface
tunnel 0 command.
For the tunnel interface configuration:

In order to carry IPv6 packets, an IPv4 tunnel interface needs to be prepared. So, we
need to follow the steps below:
1. Disable the 0/0/0 serial interface on the internal routers first. Only edge routers
on their serial 0/0/1 interface can be activated by using the manual tunnel.
2. Delete the IPv6 address of serial 0/0/1 from the edge routers.
3. Then, build a tunnel and bring both ends of the tunnel into the same IPv6. That's
2001:410:x:A::y:64, the pod number is going to be in this X and y is known as
the path number. Next, at the source of the tunnel and the endpoint of the
tunnel, configure both ends of the tunnel. For example, PxR1 points to the serial
interface of PxR2 for the destination of the tunnel and its own serial interface for
the source of the tunnel. For a manual IPv6 tunnel, customize tunnel mode.
Enable OSPF IPv6 routing on the tunnel interface.
Solution:
The following shows how to configure the required steps on the P1R1, P1R2, and P1R3
routers.
P1R1(config-if)#no ipv6 address
P1R1(config-if)#int tunnel0
P1R1(config-if)#ipv6 address 2001:410:1:A::1/64
P1R1(config-if)#tunnel source 10.1.0.1
P1R1(config-if)#tunnel destination 10.1.0.2
P1R1(config-if)#tunnel mode ipv6ip

P1R2(config-if)#no ipv6 address
P1R2(config)#int tunnel 5
P1R2(config-if)#ipv6 address 2001:410:1:A::2/64
P1R2(config-if)#tunnel source 10.1.0.2
P1R2(config-if)#tunnel destination 10.1.0.1
P1R2(config-if)#tunnel mode ipv6ip

P1R3(config-if)#shutdown
1. Confirm your configuration by displaying information about the tunnel interface on

your edge routers.
Solution:

RTO: 45360 | CRICOS: 03690M
The following shows sample output on the P1R1 router. The tunnel is up.
P1R1#show int tunnel 0
Tunnel0 is up, line protocol is up
Hardware is Tunnel
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 10.1.0.1, destination 10.1.0.2
Tunnel protocol/transport IPv6/IP
Tunnel TTL 255
Fast tunneling enabled
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Last input 00:00:06, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5-minute input rate 0 bits/sec, 0 packets/sec
5-minute output rate 0 bits/sec, 0 packets/sec
26 packets input, 3500 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
47 packets output, 4972 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
P1R1#
Use the show run | begin interface Tunnel command to see your tunnel configuration
Solution:
The following shows sample output on the P1R1 router.
P1R1# show run | begin interface Tunnel
interface Tunnel0
no ip address
ipv6 address 2001:410:1:A::1/64
ipv6 ospf 100 area 0
tunnel source 10.1.0.1
tunnel destination 10.1.0.2
tunnel mode ipv6ip
!
<output omitted>
Look at your IPv6 routing table. Are you learning an OSPF route over the tunnel?
Solution:
The following shows sample output on the P1R1 router. An OSPF route is being learned
over the tunnel.
P1R1#show ipv6 route
IPv6 Routing Table - 7 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
C 2001:410:1:1::/64 [0/0]
L 2001:410:1:1:216:46FF:FE50:C470/128 [0/0]

RTO: 45360 | CRICOS: 03690M
O 2001:410:1:2::/64 [110/11112]
via FE80::A01:2, Tunnel0
C 2001:410:1:A::/64 [0/0]
via ::, Tunnel0
L 2001:410:1:A::1/128 [0/0]
via ::, Tunnel0
L FE80::/10 [0/0]
via ::, Null0
L FF00::/8 [0/0]
via ::, Null0
P1R1#
The user will be able to ping over the tunnel at this stage. We need to use the IPv6
address we replicated in the last setup and verify that it is possible for packets to go
through the tunnel.
The Solution:
The following displays production on the routers P1R1 and P1R2. P1R1 pings the Fa0/0
interface of P1R2 in the first sample. P1R2 pinges P1R1's Fa0/0 interface in the second
sample. Both pings were successful.
P1R1#ping 2001:410:1:2:216:46FF:FE10:FC00 2001:410:2:216:46
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:410:1:2:216:46FF:FE10:FC00, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/33/36 ms
P1R1#

P1R2#ping 2001:410:1:1:216:46FF:FE50:C470

Sending 5, 100-byte ICMP Echos to 2001:410:1:1:216:46FF:FE50:C470, timeout is 2
seconds:
!!!!!
P1R2#
Then, it is essential to validate that traffic is passing through the tunnel and that the
monitors on the tunnel interface must be visible. View the tunnel details again, and try to
ping the IPv6 address again and then display the tunnel information one more time.
The Solution:
The following shows the P1R1 router's sample output. Following the ping, the counters
on the interface increased.
P1R1#clear counters tunnel 0
Clear "show interface" counters on this interface [confirm]

RTO: 45360 | CRICOS: 03690M
P1R1#
*Jul 10 01:58:18.295: %CLEAR-5-COUNTERS: Clear counter on interface Tunnel0 by
console

Hardware is Tunnel
Keepalive not set
Tunnel TTL 255
Fast tunneling enabled
Last clearing of "show interface" counters 00:00:05

P1R1#ping 2001:410:1:2:216:46FF:FE10:FC00

Sending 5, 100-byte ICMP Echos to 2001:410:1:2:216:46FF:FE10:FC00, timeout is 2
seconds:
!!!!!

Hardware is Tunnel
Keepalive not set
Tunnel TTL 255
Fast tunnelling enabled
Last clearing of "show interface" counters 00:00:28

RTO: 45360 | CRICOS: 03690M
P1R1#
10. Create an IPv4 or IPv6 redistribution implementation plan. After that verify
the plan based on the outcomes of a network redistribution analysis
When using the IPv4 IOS version, the transformation process consists of two stages. Now
we have to presume that we are supposed to reallocate the OSPFv2 and RIPv2 under the
OSPF method by issuing the 'redistribute rip subnets' order. The first thing we need to do
is verify by adding the "show ip route rip" output command to the router. All of the prefixes
that are accessible are all candidates for redistribution in the OSPF process. You need to
check and send the command "Show connected ip route" output after this router. The
routes that are related to the RIPv2 interfaces are also recognized as candidates for
redistribution from this production run.
Because although, the action mentioned situation is often not involved in the older IOS
models. But in most networking protocols, especially in the service provider setting, in the
network packet, the transit links itself are not provided as described. So, with the concept.
Traffic is sent only "through" the network, while the "to" network can not be sent. However,
with the revised version, the redistribution of the linked interface can be easily performed,
except for IS-IS.
But if IOS IPv6 occurs, whether or not linked links are included, all the redistribution
depends on the preference when the setup is completed. When we convert IPv4 to IPv6,
the actions won't be exactly the same. In this redistribution, it is possible to issue a
different "redistribution connected" command under OSPFv3 to get the interface linked.
And it will automatically connect all the interfaces to IPv6. This design is the first choice as
it is very versatile for the particular networks we select for ads as opposed to others
11. After discussing with the client, configure and verify the redistribution
solution for the network

RTO: 45360 | CRICOS: 03690M
Routing consists of more than sending packets from one network location to another. The
routing process also includes learning routes and determining the most efficient ways to
handle network traffic.
Routers are configured in several ways that enable them to learn a route. The simplest
method is to manually configure static routes. A static route tells the router exactly where
to send packets. For example, a static route tells Router 1 to route packets to Router 2,
and then Router 2 is manually configured to send packets to Router 3.
The issue with static routes is that many routes change configurations — and the patch
from one router to another often changes as a network grows. You can have thousands of
different routes, and if one changes, you could be left manually configuring several
routers. This can be a time-consuming process, especially when it comes to larger
networks.
Route redistribution runs on the router that connects two networks. It's really the main
"shared" location between the two networks that translates protocols and routes for
seamless integration. When working with routing protocols and redistribution, you might
hear it referred to as mutual redistribution. Route redistribution is the process in which one
shared resource maps and translates each route — regardless of the protocol used on
different network segments. Typically, route redistribution is only needed on larger
networks. But even small office networks can grow into massive segments that need route
redistribution. Think about your own network and its connection to the internet. Why
configure your router when its protocols can handle redistribution and find the best path
for its network traffic?
When you redistribute one protocol into another, remember that the metrics of each
protocol play an important role in redistribution. Each protocol uses different metrics. For
example, the Routing Information Protocol (RIP) metric is based on hop count, but Interior
Gateway Routing Protocol (IGRP) and Enhanced Interior Gateway Routing Protocol
(EIGRP) use a composite metric based on bandwidth, delay, reliability, load, and
maximum transmission unit (MTU), where bandwidth and delay are the only parameters
used by default. When routes are redistributed, you must define a metric that is
understandable to the receiving protocol. There are two methods to define metrics when
redistributing routes.
Ref: https://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-
protocol-eigrp/8606-redist.html
12. Explain results of redistribution, implementation and verification plans

RTO: 45360 | CRICOS: 03690M
Route redistribution runs on the router that connects two networks. It's really the main
"shared" location between the two networks that translates protocols and routes for
seamless integration. When working with routing protocols and redistribution, you might
hear it referred to as mutual redistribution. Route redistribution is the process in which one
shared resource maps and translates each route — regardless of the protocol used on
different network segments. Typically, route redistribution is only needed on larger
networks. But even small office networks can grow into massive segments that need route
redistribution.
Verification of routing redistribution
It helps to show the recent state of the routing table

Router#show ip route
Router#show ipv6 route

Router#show ip eigrp EIGRP topology table is displayed by it
topology
Router#show ipv6 eigrp

topology
Router#show ip Help to show parameters and the current state of any
protocols
active routing process
Router#show ipv6
protocols
Router#show ip rip Displays summary address entries in the RIP routing
database
database
Router#show ipv6 rip
database
Router#show ip ospf Displays the link-state advertisement (LSA) types within the
database
link-state database (LSDB)
Router#show ipv6 ospf
database
And following is the difference between imp[lamentation of IPv4 and IPV6

redistribution solution.
To virtualize the bridging table of second layer switches, the VLAN is used. And it
helps to create virtual switching topologies, which overlays the physical network. The
traffic cannot be going through another topology, which is already travelling in one
topology i.e. VLAN. So, this is the way where traffic can be kept secure and isolated
from one group of devices to another.

RTO: 45360 | CRICOS: 03690M
Using VLAN traffic isolation
Suppose that, there is two VLAN”s connected to each terminate of router and that router
has IP address for every VLAN, therefore, the devices in that network are free to
communicate with each other while going via the router. To maintain the traffic isolation in
layer 3, there is a way. Which is called virtual routing a forwarding. In layer 3, router and
switch to be virtualized through VRF that allow in the routing table. Each virtualized table
available there will have unique set of entries that were forwarding. Following are 3 main
concepts of VRF:
 Access control
 Shared services
 Path isolation
Access control
Access control refer the term that at the edge of network, how end devices are segmented
and identified. In both wireless and wired networks access methods, access control must
take as first consideration. Two of the most common methods for segmenting wired end
`devices is by static VLAN assignment and 802.1X Network Access Control. Static VLAN
assignment is where a VLAN is configured on an edge port and that VLAN does not
change regardless of who or what is plugged in.
switch(config-if)# switchport mode access

switch(config-if)# switchport access vlan 101
the method that we talked about it is very simple to implement, but it is proved costly for
the maintenance of it. There are chances to change in the VLAN, when any new device is
plugged in the new port. If the port is in office of someone then there is last chance to
happen. but if the port has located in a meeting room it can be a nightmare if you have a
mixture of employees and guests plugging in. Additionally, if the port is left on the
employee VLAN and a guest plugs in, they are now on the employee network and can
access the same network resources as employees. This is well known risk. Moreover, it is
difficult to maintain, whereas, assignment of VLAN is easy to maintain and not very costly.
There is no need of any additional equipment or training.
If we talk about advanced alternative for the static VLAN assignments, there is need to
employ of 802.1X on all ports of edges. This method is for authenticating the devices that
are on the backend to the network. But it is one of the complex methods. As there is need
to add some more equipment to implement the authentication and to execute the policy

RTO: 45360 | CRICOS: 03690M
engine which determines thing like VLAN.
Controlling on edge ports
And for the wireless one, end devices can be segmented by way of separate SSIDs for
different groups of users. The method SSIDs is able to create for guests, customers and
employees, where each of them is bound with its own VLAN on the side of the uplink
wireless controller. 802.1x is a mechanism can also be employed as wireless connections.
Picture is showing wireless access control
13. What are the differences between implementing an IPv4 and an IPv6
redistribution solution

RTO: 45360 | CRICOS: 03690M
IPv4
 IPv4 has 32-bit address length
 It Supports Manual and DHCP address configuration
 In IPv4 end to end connection integrity is Unachievable
 It can generate 4.29×109 address space
 Security feature is dependent on application
 Address representation of IPv4 is in decimal
 Fragmentation performed by Sender and forwarding routers
 In IPv4 Packet flow identification is not available
 In IPv4 checksum field is available
 It has broadcast Message Transmission Scheme
 In IPv4 Encryption and Authentication facility not provided
IPv6
 IPv6 has 128-bit address length
 It supports Auto and renumbering address configuration
 In IPv6 end to end connection integrity is Achievable
 Address space of IPv6 is quite large it can produce 3.4×1038 address space
 IPSEC is inbuilt security feature in the IPv6 protocol Address Representation of
IPv6 is in hexadecimal
 In IPv6 fragmentation performed only by sender
 In IPv6 packet flow identification are Available and uses flow label field in the
header
 In IPv6 checksum field is not available In IPv6 multicast and any cast message
transmission scheme is available
 In IPv6 Encryption and Authentication are provided
Ref: https://www.geeksforgeeks.org/differences-between-ipv4-and-ipv6/
14. Based on the outcomes of a network redistribution analysis, produce a

layer 3 path control implementation plan and a verification plan

RTO: 45360 | CRICOS: 03690M
Next is the design of the implementation plan for layer 3 path control and a verification
plan based on the results of a network redistribution solution.
The VLAN is used to virtualize the second layer switches' bridging table. And it helps to
establish topologies for virtual switching, which overlays the physical network. The traffic
will not go through another topology that is already going through one topology, i.e. Uh.
VLAN. So, this is the way to keep traffic safe and segregated from one set of devices to
another.
Using VLAN traffic isolation
Suppose that, there is two VLAN”s connected to each terminate of router and that router
has IP address for every VLAN, therefore, the devices in that network are free to
communicate with each other while going via the router. To maintain the traffic isolation in
layer 3, there is a way. Which is called virtual routing a forwarding. In layer 3, router and
switch to be virtualized through VRF that allow in the routing table. Each virtualized table
available there will have unique set of entries that were forwarding. Following are 3 main
concepts of VRF:
 Access control
 Shared services
 Path isolation
Access control
Access control refer the term that at the edge of network, how end devices are segmented
and identified. In both wireless and wired networks access methods, access control must
take as first consideration. Two of the most common methods for segmenting wired end
`devices is by static VLAN assignment and 802.1X Network Access Control. Static VLAN
assignment is where a VLAN is configured on an edge port and that VLAN does not
change regardless of who or what is plugged in.
switch(config-if)# switchport mode access

switch(config-if)# switchport access vlan 101
the method that we talked about it is very simple to implement, but it is proved costly for
the maintenance of it. There are chances to change in the VLAN, when any new device is
plugged in the new port. If the port is in office of someone then there is last chance to
happen. but if the port has located in a meeting room it can be a nightmare if you have a
mixture of employees and guests plugging in. Additionally, if the port is left on the

RTO: 45360 | CRICOS: 03690M
employee VLAN and a guest plugs in, they are now on the employee network and can
access the same network resources as employees. This is well known risk. Moreover, it is
difficult to maintain, whereas, assignment of VLAN is easy to maintain and not very costly.
There is no need of any additional equipment or training.
If we talk about advanced alternative for the static VLAN assignments, there is need to
employ of 802.1X on all ports of edges. This method is for authenticating the devices that
are on the backend to the network. But it is one of the complex methods. As there is need
to add some more equipment to implement the authentication and to execute the policy
engine which determines thing like VLAN.
Controlling on edge ports
And for the wireless one, end devices can be segmented by way of separate SSIDs for
different groups of users. The method SSIDs is able to create for guests, customers and
employees, where each of them is bound with its own VLAN on the side of the uplink
wireless controller. 802.1x is a mechanism can also be employed as wireless connections.
Picture is showing wireless access control
At the end, what is needed to do the solutions segregate the end devices by changing

RTO: 45360 | CRICOS: 03690M
them with accurate and most suitable VLAN. For segregating the end device traffic, an
assignment of VLAN is first step to do. Traffic which is going to enter in. the network on
that VLAN will eventually hit with a Layer 3 device where it will be forwarded based on the
routing table that is part of the VRF to which the VLAN is bound.
Traffic is hitting a VRF
Path isolation
This term is referred to the method that is used to keep all the VRF traffic isolated within
one core of network. As we mentioned above, that layer 3 device, once hits by the traffic,
as normal it will be forwarded between interfaces, which m ay give the permission to route
between the VLANs. The methods of the path isolation, each method keep the traffic
inside the assigned VRF and always travel between layer 3 devices.
Process routing between the VLANs
There are another 2 types.

RTO: 45360 | CRICOS: 03690M
First is hop-by-hop switched virtual interfaces: The hop-by-hop method creates switched
virtual interfaces (SVIs) on top of 802.1q tags between each Layer 3 device in the
network. There is SVI will be created for each pair of connected devices, per VRF. Unlike
a Layer 2 network where VLAN tags are bridged end-to-end, each tag is used only on one
interconnect and each device acts as a Layer 3 hop in the traffic path.
Hop-by-Hop SVI interface
If we talk about alternative that has more scalability to hop-by-hop is for encapsulating an
each VRFs traffic inside the tunnel. Since in the tunnel, there is nothing will be touch to the
core of the network, as that can be provisioned directly between two edge routers. It all
will help to minimise the risk, where mistake can be made on a core router while
provisioning. If the process of provision is completed accurately, then tunnel helps to
provide the built-in path redundancy. It is not possible that tunnelling can perform all type
of devices or hardware, even sometime protocols also not support tunnelling.
Edge-to-Edge tunnels

RTO: 45360 | CRICOS: 03690M
But the most scalable method is MPLS, because MLPS helps to create path dynamically
from edge router to edge router for transporting the VRF traffic via the network. As it is
more scalable, but it is complex as well.
Shared services
Some things like DNS, DHCP or access to the internet are very common things for all the
VRFs. Here, user stand up with only one set of servers which can provide the service to
everyone, rather than implementing and executing the set of DNS server or set of DHCP
server for each virtual network. Here will be the same internet access. It is normally share
among all the VRFs, as execution of several internet services is very expensive and also
wasting of time.
Generally, these services have their own location that are little module which hangs of the
edge of the network. The module often known as tricky or can be said risky part for
enabling VRF network, because in it, it is very easy foe happening an accident that
leaking of traffic between VRFs, if there is no one is caring properly. It would be really
easy to accidentally allow routes from VRF A to be advertised through the shared services
module into VRF B (and vice-versa) thus allowing devices in A and B to freely
communicate.

RTO: 45360 | CRICOS: 03690M
Shared services
The big challenge that can be face in shared services is the fact that VRFs can have issue
of overlapping the space of IP address. In this case it may be necessary to have multiple
servers that serve a subset of VRFs or even just an individual VRF.
15. Design and verify layer 3 path control for the network
When Layer 3 switches use SVIs, the physical interfaces on the switches act like they
always have: as Layer 2 interfaces. That is, the physical interfaces receive Ethernet
frames. The switch learns the source MAC address of the frame, and the switch forwards
the frame based on the destination MAC address. To perform routing, any Ethernet
frames destined for any of the SVI interface MAC addresses trigger the processing of the
Layer 2 switching logic, resulting in normal routing actions like stripping data-link headers,
making a routing decision, and so on.
Alternately, the Layer 3 switch configuration can make a physical port act like a router
interface instead of a switch interface. To do so, the switch configuration makes that port a
routed port. On a routed port, the switch does not perform Layer 2 switching logic on that
frame. Instead, frames arriving in a routed port trigger the Layer 3 routing logic, including
1. Stripping off the incoming frame’s Ethernet data-link header/trailer
2. Making a Layer 3 forwarding decision by comparing the destination IP address to

the IP routing table
3. Adding a new Ethernet data-link header/trailer to the packet
4. Forwarding the packet, encapsulated in a new frame
This third major section of the chapter examines routed interfaces as configured on Cisco
Layer 3 switches, but with a particular goal in mind: to also discuss Layer 3
EtherChannels. The exam topics do not mention routed interfaces specifically, but the
exam topics do mention L3 EtherChannels, meaning Layer 3 EtherChannels.
You might recall that Chapter 10, “RSTP and EtherChannel Configuration,” discussed
Layer 2 EtherChannels. Like Layer 2 EtherChannels, Layer 3 EtherChannels also treat
multiple links as one link. Unlike Layer 2 EtherChannels, however, Layer 3 EtherChannels
treat the channel as a routed port instead of switched port. So this section first looks at
routed ports on Cisco Layer 3 switches and then discusses Layer 3 EtherChannels
The following image is showing that we are going to use RIPv2 and OSPF in our network.

RTO: 45360 | CRICOS: 03690M
The configurations of the routers are as follow:
RouterA#show run
!
hostname RouterA
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface Loopback1
ip address 1.1.2.1 255.255.255.0
!
interface Loopback2
ip address 1.1.3.1 255.255.255.0
!
interface Loopback3
ip address 1.1.4.1 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
router rip
version 2
network 1.0.0.0

RTO: 45360 | CRICOS: 03690M
network 192.168.1.0
no auto-summary
!

RouterB#sh run
!
hostname RouterB
!
ip address 192.168.1.2 255.255.255.0
duplex auto
speed auto
!
ip address 192.168.2.2 255.255.255.0
duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
network 192.168.2.2 0.0.0.0 area 0
!
router rip
version 2
network 192.168.1.0
no auto-summary
!

RouterC#sh run
!
hostname RouterC
!

RTO: 45360 | CRICOS: 03690M
interface Loopback0
ip address 2.2.2.1 255.255.255.0
ip ospf network point-to-point
!
interface Loopback1
ip address 2.2.3.1 255.255.255.0
!
interface Loopback2
ip address 2.2.1.1 255.255.255.0
!
interface Loopback3
ip address 2.2.4.1 255.255.255.0
!
ip address 192.168.2.3 255.255.255.0
duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
network 2.2.0.0 0.0.255.255 area 0
network 192.168.2.3 0.0.0.0 area 0
!
https://www.ciscopress.com/articles/article.asp?p=2990405&seqNum=4

RTO: 45360 | CRICOS: 03690M
16. Establish basic teleworker and branch services
Telework is a “work flexibility arrangement under which an employee performs the duties
and responsibilities of such employee's position, and other authorized activities, from an
approved worksite other than the location from which the employee would otherwise
work.” Teleworking is a broad term referring to conducting work by connecting to a
workplace from a remote location, with the assistance of telecommunications. Efficient
teleworking is possible because of broadband Internet connections, virtual private
networks (VPN), and more advanced technologies, including Voice over IP (VoIP) and
videoconferencing. Teleworking can save money otherwise spent on travel, infrastructure,
and facilities support.
More and more companies are finding it beneficial to have teleworkers. With advances in
broadband and wireless technologies, working away from the office no longer presents the
challenges it did in the past. Workers can work remotely almost as if they were in the next
cubicle or office. Organizations can cost-effectively distribute data, voice, video, and real-
time applications extended over one common network connection, across their entire
workforce no matter how remote and scattered they might be.
The benefits of telecommuting extend well beyond the ability for businesses to make
profits. Telecommuting affects the social structure of societies, and can have positive
effects on the environment.
For day-to-day business operations, it is beneficial to be able to maintain continuity in
case weather, traffic congestion, natural disasters, or other unpredictable events affect
workers from getting to the workplace. On a broader scale, the ability of businesses to
provide increased service across time zones and international boundaries is greatly
enhanced using teleworkers. Contracting and outsourcing solutions are easier to
implement and manage.
Ref: http://www.myskycruel.xtgem.com/web%20pages/CCNA%204%20Chapter
%206%20Teleworker%20Services.html
17. Assess and compare broadband technologies and VPN technologies

Broadband technology refers to a high-speed, higher bandwidth connection to
the Internet than is offered by a standard telephone line. The greater bandwidth of a
broadband connection allows for more data to be transmitted at higher speeds than a
conventional telephone line. While the definition of broadband data transmission rates
vary, 144 Kbps (thousands of bits per second) represents a minimum broadband
transmission rate, compared to 56 Kbps for a telephone modem. Unlike telephone line
connections to the Internet, which typically involve dialling in to use the service,
broadband connections are always on. Broadband technology includes cable modem and
digital subscriber line (DSL) connections to the Internet as well as a number of alternative
technologies. DSL technology uses ordinary copper telephone lines to deliver a high-
bandwidth connection to the Internet, with typical data transmission speeds ranging from
512 Kbps to 1.5 Mbps (millions of bits per second). However, DSL service requires a
certain proximity to the DSL provider's central office, and DSL providers must set up many
such offices to serve a large area. If a DSL subscriber was more than 20,000 feet from the
central office of the DSL provider, then the service was typically unavailable.
Virtual private networks, or VPNs, extend the reach of LANs without requiring owned or
leased private lines. Companies can use VPNs to provide remote and mobile users with
network access, connect geographically separated branches into a unified network and

RTO: 45360 | CRICOS: 03690M
enable the remote use of applications that rely on internal servers. VPNs can use one or
both of two mechanisms. One is to use private circuits leased from a trusted
communications provider: alone, this is called a trusted VPN. The other is to send
encrypted traffic over the public Internet: alone, this is called a secure VPN. Using a
secure VPN over a trusted VPN is called a hybrid VPN. Combining two kinds of secure
VPN into one gateway, for instance, IPsec and Secure Sockets Layer (SSL), is also called
a hybrid VPN.
Ref: https://www.encyclopedia.com/economics/encyclopedias-almanacs-transcripts-and-
maps/broadband-technology
Ref: https://www.computerworld.com/article/2546283/what-you-need-to-know-about-vpn-
technologies.html
Practicals
 EIGRP Configutation
1. Assigning IP address to PC0

RTO: 45360 | CRICOS: 03690M
2. Configuring IP address using fast ethernet on router 0

RTO: 45360 | CRICOS: 03690M
3. Configuring IP address on serial interface in router 0

RTO: 45360 | CRICOS: 03690M

RTO: 45360 | CRICOS: 03690M

RTO: 45360 | CRICOS: 03690M

RTO: 45360 | CRICOS: 03690M

RTO: 45360 | CRICOS: 03690M

RTO: 45360 | CRICOS: 03690M
9. EIGRP configuration on router 5

RTO: 45360 | CRICOS: 03690M

RTO: 45360 | CRICOS: 03690M
10. EIgrp configuration on router 2

RTO: 45360 | CRICOS: 03690M

RTO: 45360 | CRICOS: 03690M

RTO: 45360 | CRICOS: 03690M

RTO: 45360 | CRICOS: 03690M
14. Test successfull
 OSPF Configuration

RTO: 45360 | CRICOS: 03690M
1. Assigning IP to PC0

RTO: 45360 | CRICOS: 03690M
2. Assigning IP address to the interface of router
3. Assigning IP address to serial interface of router 0

RTO: 45360 | CRICOS: 03690M

RTO: 45360 | CRICOS: 03690M

RTO: 45360 | CRICOS: 03690M

RTO: 45360 | CRICOS: 03690M

RTO: 45360 | CRICOS: 03690M

RTO: 45360 | CRICOS: 03690M
9. Configuring OSPF protocol in router 0

RTO: 45360 | CRICOS: 03690M

RTO: 45360 | CRICOS: 03690M

RTO: 45360 | CRICOS: 03690M

RTO: 45360 | CRICOS: 03690M

RTO: 45360 | CRICOS: 03690M

RTO: 45360 | CRICOS: 03690M

RTO: 45360 | CRICOS: 03690M

RTO: 45360 | CRICOS: 03690M
17. Connection successful

RTO: 45360 | CRICOS: 03690M
 RIP Configuration

RTO: 45360 | CRICOS: 03690M

RTO: 45360 | CRICOS: 03690M
3. Configuring iP address to Router 0

RTO: 45360 | CRICOS: 03690M
4. Assigning IP address to router 0

RTO: 45360 | CRICOS: 03690M

RTO: 45360 | CRICOS: 03690M
7. Configuring RIP protocol in Router 0

RTO: 45360 | CRICOS: 03690M

RTO: 45360 | CRICOS: 03690M

RTO: 45360 | CRICOS: 03690M
10. Testing connectivity from PC to PC1

RTO: 45360 | CRICOS: 03690M
11. Connection successful

RTO: 45360 | CRICOS: 03690M
 Static routing Configuration

RTO: 45360 | CRICOS: 03690M
2. Assigning Ip address on fast Ethernet in router 0

RTO: 45360 | CRICOS: 03690M
3. Assigning IP address to serial interface in router 0

RTO: 45360 | CRICOS: 03690M

RTO: 45360 | CRICOS: 03690M
5. Assigning Ip address to serial interface in router 2

RTO: 45360 | CRICOS: 03690M

RTO: 45360 | CRICOS: 03690M
7. configuring static route on router 1

RTO: 45360 | CRICOS: 03690M

RTO: 45360 | CRICOS: 03690M

RTO: 45360 | CRICOS: 03690M
10. Test successful.

RTO: 45360 | CRICOS: 03690M
Practical Tasks
Please provide the evidence of:
 Link State Routing in Cisco Packet Tracer

 Dynamic Routing Configuration in Cisco Packet Tracer
 OSPF Protocol Configuration in Cisco Packet Tracer
 Distance Vector Routing configuration in Cisco Packet Tracer
 Configure BGP in Cisco Packet Tracer
What your assessor will be looking for as evidence:

RTO: 45360 | CRICOS: 03690M
Evidence checklist:
Evidence MUST be Submitted Tick off Items When Submitted
Completed research and answered 
Assessment Task 1 – Marking Guide
Student Name Ronish Pokhrel Student ID 6365387
Assessor Name Tanvir Alam
Assessment Date/s 21/02/2021
Outcomes
Satisfactory
Did the student
Yes Yes

RTO: 45360 | CRICOS: 03690M
Completed research and answered
Performance indicators
Satisfactory
Does the candidate meet the following criteria
Yes Yes
1. Explained broadband technologies relevant to advanced

internetworking routing solutions
2. Summarised business justifications for having integrated and

unified enterprise networks
3. Outlined emerging viable business and social technologies
4. Clarified external developments or factors that affect network

design
5. Summarised ipv4 and ipv6 technologies and solutions
6. Outlined maintenance and management tools and practices

suitable for complex networks to achieve availability and
resilience
7. Summarised network topologies
8. Explained regulations, standards and certifications relevant to

advanced internetworking routing solutions
9. Explained risk management strategies and practices suitable for
a complex network environment
10. Outlined routing tables, protocols and operational processes
11. Summarised routing technologies for an enterprise environment
12. Summarised security for enterprise networks
13. Explained security standards and technologies for network
environments
14. Outlined the benefits of formal or structured approaches to
network management
15. Summarised virtual private network (VPN) technologies.

RTO: 45360 | CRICOS: 03690M
Comments/Feedback to Students
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
Outcome: Successful Unsuccessful
Ronish Pokhrel
Student Signature:
Assessor Name: Tanvir Alam
Assessor Signature:

RTO: 45360 | CRICOS: 03690M

RonishPokhrel 6365387 ICTNWK603 T2

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

RonishPokhrel 6365387 ICTNWK603 T2

Uploaded by

Copyright:

Available Formats

Assessment -2

ICTNWK603 Plan, configure and test advanced internetwork routing solutions

Student Must Fill this Section

Assessor Name: Tanvir Alam

WSC-ASS ICTNWK603-V1.3-10112019 Page | 1

International College of Australia Pty Ltd T/A Western Sydney College

General Information for this assessment:

 Read the instructions for each question very carefully.

WSC-ASS ICTNWK603-V1.3-10112019 Page | 2

International College of Australia Pty Ltd T/A Western Sydney College

2. Create and implement separate protocol implementation plans and

Table Entries for Routing

WSC-ASS ICTNWK603-V1.3-10112019 Page | 3

International College of Australia Pty Ltd T/A Western Sydney College

WSC-ASS ICTNWK603-V1.3-10112019 Page | 4

International College of Australia Pty Ltd T/A Western Sydney College

3. Authenticate and test the routing protocol solution

WSC-ASS ICTNWK603-V1.3-10112019 Page | 5

International College of Australia Pty Ltd T/A Western Sydney College

International College of Australia Pty Ltd T/A Western Sydney College

WSC-ASS ICTNWK603-V1.3-10112019 Page | 7

International College of Australia Pty Ltd T/A Western Sydney College

Data on routing protocol

Now, let's compile the data and imagine it in the sketches:

The step by step method of drawing is as follows:

There was a collection process:

For now, we will have the following image:

WSC-ASS ICTNWK603-V1.3-10112019 Page | 8

International College of Australia Pty Ltd T/A Western Sydney College

WSC-ASS ICTNWK603-V1.3-10112019 Page | 9

International College of Australia Pty Ltd T/A Western Sydney College

WSC-ASS ICTNWK603-V1.3-10112019 Page | 10

International College of Australia Pty Ltd T/A Western Sydney College

5. Identify the network resources needed for implementing IPv6 on a network

WSC-ASS ICTNWK603-V1.3-10112019 Page | 11

International College of Australia Pty Ltd T/A Western Sydney College

6. Create an implementation plan and a verification plan for an IPv6-based

WSC-ASS ICTNWK603-V1.3-10112019 Page | 12

International College of Australia Pty Ltd T/A Western Sydney College

7. Construct IPv6 routing and IPv6 interoperation with IPv4

IPv6 routing and IPv6 interoperation with IPv4

WSC-ASS ICTNWK603-V1.3-10112019 Page | 13

International College of Australia Pty Ltd T/A Western Sydney College

The IPv4 addresses remain in place.

WSC-ASS ICTNWK603-V1.3-10112019 Page | 14

International College of Australia Pty Ltd T/A Western Sydney College

(config)#ipv6 unicast Enables IPv6 traffic forwarding.

(config)#ipv6 cef Enables CEFv6.

(config-if)# ipv6 address Enables an IPv6 address on an interface (with the

#show ipv6 interface Displays IPv6 information about an interface.

(config-rtr)#router-id Defines the OSPF router-id.

WSC-ASS ICTNWK603-V1.3-10112019 Page | 15

International College of Australia Pty Ltd T/A Western Sydney College

#show ipv6 ospf neighbour Displays IPv6 OSPF neighbor information.

#show ipv6 route Displays the IPv6 routing table.

#show cdp neighbour Displays detailed CDP neighbor information.

WSC-ASS ICTNWK603-V1.3-10112019 Page | 16

International College of Australia Pty Ltd T/A Western Sydney College

Task 2: IPv6 Configuration

Table IPv6 Addresses

Follow the steps below:

WSC-ASS ICTNWK603-V1.3-10112019 Page | 17

International College of Australia Pty Ltd T/A Western Sydney College