CCIE Routing & Switching Online Graded Lab #1

(https://labs.ine.com/workbook/toc/rs-online-graded-lab) 
Online Graded Lab #1

Lab 1 Configuration
 Lab 1 Diagnostics (/workbook/view/rs-online-graded-lab/task/lab-1-diagnostics-MzAxMA%3D%3D) | undefined 

Last updated: July 12, 2016

Note:
Click the "Resources" link on the right to access the topology diagram for this section.

Lab Overview
Do not change the following configuration on any device:
Hostname
Any passwords
Console or VTY configuration
VRF Mgmt-intf, Gig0/0, or its static default route
Use the username cisco and password cisco for any authentication.
Do not add new interfaces or IP addresses unless otherwise specified.
Do not change any interface encapsulations unless otherwise specified.
Do not remove or shut down any physical or logical interfaces unless otherwise specified.
Static unicast and multicast routes or default routes are not permitted unless otherwise specified.
Routes to null0 that are generated as a result of a dynamic routing protocol solution are permitted.
Do not change or add any IP addresses from the initial configuration unless otherwise specified.
If additional IP addresses are needed but not specifically permitted by the task, use IP unnumbered.

LAN Switching
VLANs & Trunking
Configure VLANs on SW1 – SW5 per the diagram.
Switch to Switch links should be statically set for open standards based trunking.
Trunk only necessary VLANs from SW1 down towards the access layer.
Once complete you should have IPv4 reachability from SW1 to VLANs 10 & 20 on R1 & R2, from SW5 to
R12, R13, & R14, and between R5, R6, & R7.

Score: 3 Points

Link Aggregation
 Configure the links between SW1 and SW2 in Port-Channel 12.
Configure the links between SW2 and SW3 in Port-Channel 23.
Use open standards based channel negotiation.

Score: 3 Points

Spanning-Tree Convergence
Configure all trunk links between SW1, SW2, and SW3, in addition to their access layer links, for rapid STP
convergence.
Do not manually define any STP instances to accomplish this.

Score: 3 Points

STP Path Selection

Modify SW1, SW2, and SW3 so that VLAN 10 traffic between R1 & R2 forwards through SW1.
VLAN 20 traffic between R1 & R2 should forward directly between SW2 and SW3.
Do not change any interface level parameters to accomplish this.

Score: 3 Points
IPv4 Routing
EIGRP Routing
Enable IPv4 EIGRP routing within the Remote Sites, the DC, and the HQ networks.
Advertise all internal transit links and the Loopback0 networks into EIGRP.
Ensure that EIGRP Wide Metrics are supported.
Once complete, full intra-site IPv4 connectivity should be established.

Score: 3 Points

BGP Routing
ISPs A, B, & C are preconfigured to peer with your Enterprise edge routers per the diagram.
Configure R3, R4, R5, R8, R16, and R17 to support these EBGP peerings.
Do not modify any configurations on the ISP A, B, or C routers to accomplish this.
R3 & R4 and R16 & R17 should peer iBGP using their Loopback0 interfaces.
Advertise R3 & R4’s Loopback1 interfaces into BGP.
Once complete, the edge routers in the remote sites and the HQ should be able to reach the BGP loopbacks
of R3 and R4 in the Data Center site.

Score: 4 Points
VPN
MPLS
 Configure OSPFv2 and LDP on all of the devices in the MPLS core.
Authenticate all LDP adjacencies with the password MPLSCORE.
Do not advertise MPLS labels for the transit links between the MPLS core devices.
Use the minimum configuration necessary to accomplish these tasks.

Score: 4 Points

MPLS Layer 3 VPN

Configure an MPLS Layer 3 VPN to provide IPv4 transport from Remote Sites 1 & 3 to the Data Center as
follows:
Use VRF “ENTERPRISE”
Use RD’s in the format 10.X.X.X:31337, where X is the device number.
Use RT’s in the format 8675:31337.
R19, R20, & R22 should peer iBGP with R23.
R3, R4, R6 & R10 should peer EBGP with the MPLS Provider.
Redistribute where necessary to provide connectivity between Remote Sites 1 & 3 and the Data Center
through the MPLS Provider, but do not advertise private IP address space to the public WAN (e.g. ISPs A, B,
& C)

Score: 6 Points

DMVPN
Configure DMVPN Tunnel 3 on R5, R8, R16, & R17 with R3 as the hub.
Use the subnet 10.1.103.X/24 for Tunnel 3, where X is the device number.
Configure DMVPN Tunnel 4 on R5, R8, R16, & R17 with R4 as the hub.
Use the subnet 10.1.104.X/24 for Tunnel 4, where X is the device number.
Use the Loopback1 interfaces of R3 and R4 as their NBMA interfaces.
The spokes should use their physical links to their respective ISPs.
Encrypt traffic over the DMVPN with AES and use SHA for integrity checking.

Score: 3 Points

Routing over DMVPN

Enable EIGRP AS 31337 on both DMVPN tunnels.
Traffic from the spoke sites to VLAN 10 should prefer to use Tunnel 3.
Traffic from the spoke sites to VLAN 20 should prefer to use Tunnel 4.
If either tunnel goes down, traffic should be automatically re-routed via the other available hub.
Spoke to Spoke traffic should not be required to forward through the hub; do not disable split-horizon on R3
or R4 to accomplish this.

Score: 4 Points

Extranet Routing
The Extranet partner network requires access to servers in VLANs 10 and 20 in the Data Center, but you do
not want them to have access to other portions of your Enterprise network. Configure routing as follows to
 accomplish this:
Enable OSPF area 0 on the VLANs 12, 13, & 14 networks of the devices in the Extranet into OSPF.
Configure OSPF area 913 between R9 and R13.
Configure OSPF area 1112 between R11 and R12.
Redistribute as necessary on R9 and R11.
Do not allow the Extranet to accidentally be used as transit for any of the Remote Sites, the HQ or DC.
Do not perform any manual filtering on the Extranet routers or use any access-lists to accomplish this.
Once complete, the 4 Extranet devices should have IP reachability to VLANs 10 & 20 on R1 and R2, but no
other networks throughout your Enterprise network.
This reachability should be maintained if R9 or R11 goes down.

Score: 4 Points

Control Plane Security

For additional security, configure the Extranet OSPF neighbor relationships to be SHA authenticated with the
password “EXTRANET”.

Score: 3 Points
IP Services

NAT
Configure R3 and R4 to advertise the IPv4 address space 112.94.32.0/22 into BGP.
Traffic from the Data Center that is going to the public WAN (i.e. not the DMVPN or MPLS L3VPN
destinations) via ISP A or ISP B should be PAT translated to this address block.

Score: 4 Points

Multicast
The HQ requires access to multicast based IP camera video feeds in Remote Site 1.
Configure R5 and R17 to tunnel these IPv4 multicast feeds over their existing unicast infrastructure.
Use R16’s Loopback0 interface as the Rendezvous Point.
Join the multicast group 229.9.9.9 on R15’s Loopback0.
R7 should be able to ping this multicast group.
You are allowed one non-default static multicast route on each device to accomplish this.

Score: 4 Points
 Lab 1 Diagnostics (/workbook/view/rs-online-graded-lab/task/lab-1-diagnostics-MzAxMA%3D%3D) | undefined 