Exam Code: CFG: LAB1、LAB1+、LAB2、LAB2+、LAB3
TS: TS1(5 sets)、TS2(3 sets)
DIAG:DIAG 1~DIAG 8(8 sets)
Certification Provider: Cisco
Certification Exam Name:CCIE Routing and Switching Lab
Update Date: Dec 21,2024
The following requirements were pre-configured
l VTP is turned off in all switches
l All required VLAN, including access-ports configuration in all relevant switches are provisioned.
l All required SVI interface in all relevant switches (including IP address and subnets mask) are provisioned.
Configure the network in all sites as per the following requirements:
l Access-port must immediately transition to the forwarding state upon link up, as long as they do not receive a BPDU. Use the minimal number of commands per switch to enable this feature.
l If an access-port receive a BPDU, it must automatically shutdown. Use the minimal commands per switch to enable this feature.
l Ports that were shutdown must attempt to automatically recover after 10 minutes.
l None of the switches may generate a TC.
configure the headquarters’ network as well as the large and medium office networks as per the following requirements:
l all trunks must use dot1q encapsulation
l negotiation of trunking protocol must be disabled in all switches
l distribution switches (SW300, SW301, SW400, SW401, SW500, SW501) must initiate etherchannel negotiation using LACP
l configure layer 2 etherechannel’s number as shown in the ‘diagram 1: main topology’ and ‘diagram 5: layer 2 connections’ (that is use only Po1 and/or Po2)
l ensure that all ports included in etherchannels are effectively in use and bundled in the expected channel
l access switches must see similar output as shown below:
configure the headquarters‘network as per the following requirements:
l SW300 must be the spanning-tree root bridge and must maintain a single spanning-tree instance for the following VLANs: 2000, 2002, 2004, 2006, 2008 (use instance number 2)
SW301 must be the spanning-tree root bridge and must maintain a single spanning-tree instance for the following VLANs: 2001, 2003, 2005, 2007, 2009 (use instance number 1)
l all other VLANs, except 3001, must share the default spanning-tree instance
l ensure that interface E0/2 of SW 300 and SW 301 is a dot1q trunk and that it switches frames for VLAN 3001 only
l SW300, SW301, and SW 310 must not have any blocked ports for any access VLAN (2000-2009)
l SW310 must have the least chance of being elected the root bridge for any VLAN
l none of the three switches may run more than four instance of spanning-tree at any point in time
configure all access switches in both datacenter networks (SW110, SW111, SW210, SW211) as per the following requirements:
l use 32-bit based values for the default port path cost
l all four switches must use the default value for their interface cost
configure the home router R70 as per following requirements:
l the Ethernet WAN link must rely on a layer 2 protocol that supports authentication and layer 3 protocol negotiation
l the service provider expects that R70 completes a three-way handshake by providing the expected response of a challenge requested
l R70 must use the hostname “R70”and password “CCIE” (without quotes)
l R70 must receive an IP address from R8 and must install a default route pointing to 201.99.8.8
l ensure that R70 can successfully ping 8.8.8.8, which is located in the ISP#2 cloud
l you are not allowed to configure any static route in R70 in order to achieve the previous requirements
l use the pre-configured Dialer 1 interface as appropriate
configure the headquarters network (BGP AS#65003) as per the following requirements:
l both gateway routers of the headquarters network must always advertise a default route into the ospf domain
l all four devices produce the exact same output as shown below. everything must match, except the “dead time” counters and line order
in order to speed up OSPF convergence in the datacenter#1 network, limit the number of IP prefixes that are carried in OSPF LSAs that OSPF is preconfigured in all required devices in datacenter#1
configure the datacenter#1 network as per the following requirements:
l all OSPF devices must exclude the IP prefixes of connected networks when advertising their type 1 router LSA, except for prefixes associated with loopbacks or passive interfaces
l host loopbacks are the only OSPF intra-area prefixes that may appear in any DC devices ‘routing table
l your solution must still apply if any new interface was added to the OSPF domain
l don not use any prefix-list or another explicit filter anywhere
l do not configure any interface as unnumbered
l do not remove any pre-configuration
R100 is located in the partner#1 network and is connected to R42. it supports OSPF only. configure the large office network as per the following requirements:
l R42 must run a separate OSPF process with R100
l as mentioned in item 2.6, the site gateways R40 and R41 area not allowed to redistribute OSPF into BGP and vice versa
l R42 is allowed to redistribute OSPF into BGP and vice versa
At the end of the exam:
l The server 2 (that is located in the Datacenter#2) must be able to ping the IP address 100.100.100.100/24 (that is located in the partner#1 network)
R100, the partner router, must receive the external prefixes as shown below and no other prefixes:
Friends who are studying the security direction of CCIE definitely have some understanding of URPF technology, so today we will explain the URPF technology.I. Introduction to URPF TechnologyGenerally, after receiving the data packet, the router obtains the destination IP address in the data packet, searches the local routing forwarding table for the destination IP address,ccie lab exam sample, and forwards the data packet if there is a corresponding forwarding entry; otherwise, discards the packet. . From this point of view, when the router forwards the message, it does not care about the source address of the packet. This gives the source address spoofing attack a chance.The source address spoofing attack constructs a series of packets with the spoofed source address and frequently accesses the device or host where the destination address resides. Even if the response packet cannot reach the attacker, the attacker will cause a certain degree of damage to the attacked object.The main function of unicast reverse path forwarding (URPF) is to prevent network attack behavior based on source address spoofing. After the URPF function is enabled on the interface of the router, when the interface receives the data packet, it checks the legality of the source address of the data packet. The forwarding entry of the address enters the packet forwarding process; otherwise, the packet is discarded.Second, the working mechanism of URPFThe URPF checks the legality of the source address of the packet into strict (strict) and loose (loose) types:Strict-type URPF: not only requires the router to forward the table, but also has a route to the source address of the packet. It also requires that the inbound interface of the packet is the same as the outgoing interface to the source address. The message is considered to be a legitimate message. In some special cases (such as the existence of asymmetric paths), strict type checking will incorrectly discard non-attack messages.
Here is the most accurate CISCO CCIE WRITTEN exam questions and answers. All study materials need to be carefully selected by professional certification experts to ensure that you spend the least amount of money, time, and pass the high quality exam. There is also a professional service team that can customize your study plan for you to answer all your questions, PASSHOT's CCIE Written Dumps is definitely the biggest boost for you to test CCIE that helping you pass any Cisco exam at one time.
Cisco Dumps Popular Search:
ccnp route ine ccna exam lab questions ccnp tshoot 642-832 pdf ccna cloud 210-451 dumps ccie security version 5 ccnp route implementing ip routing pdf ccnp route v7 final exam answers ccie security course in bangalore ccnp route syllabus pdf ccie r&s introduction to qos classification & mark
Copyright © 2024 PASSHOT All rights reserved.