How to make key generators?
-===========================-
Introduction
------------
I take no responsibility of the usage of this information.
This tutorial, is for educational knowledge ONLY.
Hi there, in this tutorial, I intend to teach you how to make a pretty
simple keygen, of a program called W3Filer 32 V1.1.3.
W3Filer is a pretty good web downloader...
I guess some of you might know the program.
I`ll assume you know:
A.How to use debugger (in this case, SoftIce).
B.How to crack, generally (finding protection routines,patching them,etc...).
C.How to use Disassembler (This knowledge can help).
D.Assembly.
E.How to code in Turbo Pascal (tm).
Tools you`ll need:
A.SoftIce 3.00/01 or newer.
B.WD32Asm. (Not a must).
C.The program W3Filer V1.13 (if not provided in this package), can be found in
www.windows95.com I believe.
D.Turbo Pascal (ANY version).
Well, enough blah blah, let's go cracking...
Run W3Filer 32.
A nag screen pops, and , demands registration (Hmm, this sux ;-)) Now,
We notice this program has some kind of serial number (Mine is 873977046),
Let's keep the serial in mind, I bet we`ll meet it again while we're on
the debugger.
Well, now, let's put your name and a dummy reg code...
set a BP on GetDlgItemTextA, and, press OK.
We pop inside GetDlgItemTextA, Lets find the registration routine...
I`ll save you the work, the registration routine is this:
:00404DB2 8D95A8FAFFFF lea edx, dword ptr [ebp+FFFFFAA8]
:00404DB8 52 push edx ---> Your user name here.
:00404DB9 E80B550000 call 0040A2C9 ---> Registration routine.
:00404DBE 83C408 add esp, 00000008 ---> Dunno exactly what is it.
:00404DC1 85C0 test eax, eax ---> Boolean identifier, 0 if
:00404DC3 7D17 jge 00404DDC ---> registration failed, 1 if
OK.
Well, Let's enter the CALL 40A2C9, and see what's inside it:
(Please read my comments in the code).
* Referenced by a CALL at Addresses:
|:00404DB9 , :00407F76
|
:0040A2C9 55 push ebp
:0040A2CA 8BEC mov ebp, esp
:0040A2CC 81C4B0FEFFFF add esp, FFFFFEB0
:0040A2D2 53 push ebx
:0040A2D3 56 push esi
:0040A2D4 57 push edi
:0040A2D5 8B5508 mov edx, dword ptr [ebp+08]
:0040A2D8 8DB500FFFFFF lea esi, dword ptr [ebp+FFFFFF00]
:0040A2DE 33C0 xor eax, eax
:0040A2E0 EB16 jmp 0040A2F8
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040A2FB(C)
|
:0040A2E2 0FBE0A movsx ecx, byte ptr [edx] ----> Here Starts the
interesting part.
:0040A2E5 83F920 cmp ecx, 00000020 ----> ECX is the the current
char in the user name, Hmm, 20h=' '...
:0040A2E8 740D je 0040A2F7 ----> Let's see,
:0040A2EA 8A0A mov cl, byte ptr [edx] ----> Generally, all this loop
does, is copying
the user name from
[EDX], to [ESI], WITHOUT the spaces!
(Keep this in mind! ).
:0040A2EC 880C06 mov byte ptr [esi+eax], cl
:0040A2EF 42 inc edx
:0040A2F0 40 inc eax
:0040A2F1 C6040600 mov byte ptr [esi+eax], 00
:0040A2F5 EB01 jmp 0040A2F8
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040A2E8(C)
|
:0040A2F7 42 inc edx
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0040A2E0(U), :0040A2F5(U)
|
:0040A2F8 803A00 cmp byte ptr [edx], 00
:0040A2FB 75E5 jne 0040A2E2 ----------------> This is the loop , we got
what it does,
Let's continue tracing
the code...
:0040A2FD 56 push esi --------> The user name is pushed, in order
to
Upcase it's chars.
* Reference To: USER32.CharUpperA, Ord:0000h
|
:0040A2FE E80F330000 Call User!CharUpper ---> After this, our name is in
upper case.
:0040A303 56 push esi -----> Our name in upper case here.
* Reference To: cw3220mt._strlen, Ord:0000h
|
:0040A304 E86F300000 Call 0040D378 ---> This is the length of our name.
:0040A309 59 pop ecx
:0040A30A 8BC8 mov ecx, eax ---> ECX=Length.
:0040A30C 83F904 cmp ecx, 00000004 ---> Length>=4 (MUST).
:0040A30F 7D05 jge 0040A316 ---> Let's go to this address...
:0040A311 83C8FF or eax, FFFFFFFF
:0040A314 EB67 jmp 0040A37D
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040A30F(C)
|
:0040A316 33D2 xor edx, edx
:0040A318 33C0 xor eax, eax
:0040A31A 3BC8 cmp ecx, eax
:0040A31C 7E17 jle 0040A335 ---> (Not important, just another useless
checking).
===================================================================================
============ FROM HERE AND ON, THE IMPORTANT CODE, PAY ATTENTION
==================
===================================================================================
One thing before we continue, EDX = 00000000h as we enter to the next
instructions.
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040A333(C)
|
:0040A31E 0FBE1C06 movsx ebx, byte ptr [esi+eax] ---> EBX <--- char in user
name, offset EAX.
:0040A322 C1E303 shl ebx, 03 -----> Hmm, it shl's the char by 03h...
(Remember that).
:0040A325 0FBE3C06 movsx edi, byte ptr [esi+eax] ---> Now EDI <--- Char in
user name , offset EAX.
:0040A329 0FAFF8 imul edi, eax -----> It multiplies the char by the
offset in user name! (Remember that).
:0040A32C 03DF add ebx, edi -----> Adds the result to EBX (That was
Shelled (Ding Dong =)).
:0040A32E 03D3 add edx, ebx -----> EDX=EDX+EBX!!! - This is the CORE
of this registration routine!!!
:0040A330 40 inc eax -----> Increase EAX by one (next char).
:0040A331 3BC8 cmp ecx, eax
:0040A333 7FE9 jg 0040A31E ----> If ECX<EAX then, we leave the
loop.
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040A31C(C)
|
:0040A335 A120674100 mov eax, dword ptr [00416720] ---> HMMMMMM, What's in
here?????
:0040A33A C1F803 sar eax, 03 ---------> WAIT! Please type in SIce '?
EAX'
Does this number in EAX look
familiar to us? ;-)
If you still don`t understand,
than, It's
our SERIAL NUMBER! (PLEASE, take
your time, and check by
yourself - don`t trust me!). OK,
so now we know,
That it SHR's EAX by 03 (SAR is
almost identical to SHR).
:0040A33D 03D0 add edx, eax ---------> Hmm, it adds the result from the
loop, the serial number shr'd by 03h
:0040A33F 52 push edx -------> Let's continue. (At this point, I
can tell you , the reg number, is
in EDX - only that the reg number
is in HEX --> That's how you enter it).
* Possible StringData Ref from Data Obj ->"%lx"
|
:0040A340 685EF54000 push 0040F55E
:0040A345 8D95B0FEFFFF lea edx, dword ptr [ebp+FFFFFEB0]
:0040A34B 52 push edx
* Reference To: USER32.wsprintfA, Ord:0000h
|
:0040A34C E8E5320000 Call 0040D636 -------> This one, does HEX2STR (Takes
the value from EDX, and turns it to an hex string).
:0040A351 83C40C add esp, 0000000C
:0040A354 8D8DB0FEFFFF lea ecx, dword ptr [ebp+FFFFFEB0] -----> type 'd ecx' -
THIS is the reg number! That's enough for us, the rest of
the code, is
just for comparing the correct reg code with ours.
:0040A35A 51 push ecx
* Reference To: USER32.CharLowerA, Ord:0000h
|
:0040A35B E8B8320000 Call 0040D618
:0040A360 8D85B0FEFFFF lea eax, dword ptr [ebp+FFFFFEB0]
:0040A366 50 push eax
:0040A367 FF750C push [ebp+0C]
* Reference To: cw3220mt._strcmp, Ord:0000h
|
:0040A36A E875300000 Call 0040D3E4
:0040A36F 83C408 add esp, 00000008
:0040A372 85C0 test eax, eax
:0040A374 7405 je 0040A37B
:0040A376 83C8FF or eax, FFFFFFFF
:0040A379 EB02 jmp 0040A37D
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040A374(C)
|
:0040A37B 33C0 xor eax, eax
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0040A314(U), :0040A379(U)
|
:0040A37D 5F pop edi
:0040A37E 5E pop esi
:0040A37F 5B pop ebx
:0040A380 8BE5 mov esp, ebp
:0040A382 5D pop ebp
:0040A383 C3 ret
Making the actual Keygen
~~~~~~~~~~~~~~~~~~~~~~~~
Now, after I've explained how does the program calculate the registration
code, you can either write your own keymaker, without looking at my code, or
look at my code (in Turbo Pascal - sorry for all you C lovers ;-) Next time).
That's it, here's the source of my keygen:
------------------- Cut here ---------------------------------------------
Program W3FilerKeygen;
var
Key,SerialNum,EB,ED,digit:Longint;
I,x:Byte;
Name,KeyHex:String;
begin
Writeln(' W3Filer32 V1.1.3 Keymaker');
writeln('Cracked by ^pain^ ''97 / Rebels!');
Write('Your Name:'); { Read the name }
readln(Name);
Write('Serial Number:');
readln(SerialNum); {Yes, we need the serial number for the calculation!}
Key:=0;
x:=0;
For I:=1 to length(Name) do
begin
Name[I]:=upcase(Name[i]);
If Name[I]<>' ' then begin
eb:=ord(Name[I]) shl 3; {EB = Name[I] Shl 03h}
Ed:=ord(Name[I]); {ED = Name[I]}
ed:=ed*(x); {ED=ED*Offset}
inc(x);
eb:=eb+ed; {Add ED to EB}
Key:=Key+EB; {Add EB to KEY}
end;
end;
Key:=Key+(SerialNum shr 3); { Add SerialNum shr 03h to Key}
{ From here, this is just HEX2STRING --> I`m quite sure it's
Self explaintory, else - go and learn number bases again! ;-)}
KeyHex:='';
repeat
digit:=Key mod 16;
key:=key div 16;
If digit<10 then KeyHex:=Chr(Digit+ord('0'))+KeyHex;
If digit>10 then KeyHex:=Chr(Digit-10+ord('a'))+KeyHex;
until key=0;
writeln('Your Key:',KeyHex);
writeln(' Enjoy!');
end.
--------------------- Cut here -------------------------------------------
This tutorial was written by ^pain^ / [mEXELiTE '97], Hope you enjoyed
reading it, I`m always trying to improve my writing skills =).
Hmm, I'd like to greet the following: (No special order)
Blast Soft,Teraphy,J0b,Qapla,+ORC,Fravia,Charley,GhostRdr,Odin,kOUGER
Niabi,Acpizer,Klagosong,Mystic Rioter,rANDOM,riDDLER (Come back man!
we NEED ya),yoshi,JosephCo,Leddy,Krazy_N,Vizion,Gunnar_,Volcanic,
Fant0m,Caruso,|PSA|,razzi,ThePharao,|KAIRN| + Everyone in #cracking & in
#cracking4newbies, And ofcourse - everyone else I forgot. ;)
------------ Signing off - ^pain^ --------------------------------------

Exam: CCIE-LAB
Title: CCIE-LAB
Version: 6.30-03
Note: Study the Questions and answers in this file before you take
you final test.
All material is very relevant and will help you achieve top scores.
For Updates and other information, log into the site and read latest
news. For additional help, please use Contact page on website.
The ActualTests.com Team 2003
Note 1: There are two sections, Section A and Section B. There is some
overlap between the Sections. Note 2: Section A contains 9
labs. Section B contains 8 Labs. Total number of labs is 17.
Section A – older 9 Labs
Lab 1.
Day 1, Forenoon:
1. Commserver (1 point)
Configure reverse telnet. line1-6 are R1-R6,line7 is CAT5002,line8 is
3900,line9 is backbone switch.
Answer: No exec, transport input all
2. Phycial connection (1 point)
3. Draw a topology diagram (1 point)
The Power Of Knowing
www.actualtests.com
2
Include ip address, area number, VLAN, etc. makes it updated.
4. Loopback address (1 point)
Setup loopback address as 132.Y.X.X at your router, where Y is your
rack number and X is your router number.
5. CAT5002 setup (1 point)
R3 in VLAN A, use 100, R5 in VLAN B, use 200. Set sc0 (132.3.9.9) in
VLAN A, And make the switch able to reach all the topology
through R3.
6. Address (2 points)
All the interfaces use 132.Y.0.0 network as their addresses and use
24bits mask. The frame relay interface use 27 bits mask. Draw
them on your diagram Answer: Imply that the loopback address use
24bits mask, don't use 32 bits mask.
7. Frame-relay setup (2 points)
Setup frame relay-relay, the frame relay switch is a 45000 which also
ac as a backbone router. The switch is configured as fully
meshed, but you are demanded to only use the pvc showed on the diagram
they provide. (see the diagram)
8 RIP setting (2 points)
R1 ethernet address is 150.100.1.Y. setup RIP in R1, several network
will send to R1 from Backbone 1, you are requested to permit
only 193.68.3.0 to add in your RIP routing table and advertise it and
150.100.1.0 to your topology. Also advertise only the classful
network 132.3.0.0 to your RIP domain.
Answer: Distribute-list, mutual redistribute
9.OSPF
9.1 Basic configuration (2 points)
Frame-relay interface in area 0; R4's tokenring interface in area 4;
serial interfaces between R3 and R2, R2's tokenring interface,
VLAN A in area 3; VLAN B in area 5; make area 5 as NSSA area. Put all
loopback interface in the area. Make all interfaces reach
each other.
Answer: virtual-link, nssa
9.2 default-information (2 points)
Make R2 generate a default route to area 5, make the default route
only appear on R5.
Answer: At R2: Area 5 nssa default-information originate
9.3 external route (2 points)
The Power Of Knowing
www.actualtests.com
3
Make another loopback interface in R5 (network 192.192.1.0) . male
this network able to be reached by ospf topology but you are not
allowed to put it in any area. And it must appear as different metric
at R3 and R1.
Answer: metric-type 1
9.4 OSPF timers (2 points)
You are informed that R2 use much resource to run the ospf process,
tune the R3 to run not less than 30 seconds between two process.
Answer: Timers spf 5 30
Make sure you know the difference between the two spf timers.
10. Frame-relay QoS (3 points)
You are requested to rune the frame relay include mincir,cir,bc,be as
below: mincir 16kbps; measure interval is 125ms;set DE when
48kbps;drop when 64kbps
Answer: frame-relay traffic-shaping fram-relay class QoS map-class
frame-relay QoS mincir 16000
cir 48000
bc 6000
be 2000
11. ISDN
11.1 DDR (2 points)
Traditional DDR between R3 and R5, not mentioned about ppp or
authentication. isdn switch-type is basic-5ess, no spids. numbers are
680020X01 and 68020X02, where X is your rack number.
11.2 Toll avoidance (2 points)
When R5 generate a call, R3 will drop it and call back (ppp callback).
Answer:
Ppp callback request
Ppp callback accept
Dialer map ip 132.3.100.5 name R5 class CALLBACK 68020302 Map-class
dialer CALLBACK
Dialer call-back username
11.3 routing backup (floating static) (2 points)
The Power Of Knowing
www.actualtests.com
4
Put some specific static route at R3 and a default route at R5 to:
when R3 or R5 lose some route from ospf, both them can generate a
call to each other; any router in your topology can each the active
interface of R5; Network
192.192.1.0 must still appear as different metric at R3 and R1.
When R5's ethernet interface is still up, R5 is not allowed to
generate the call???
Answer:
They don't tell you use which method, you must decide by yourself. Use
floating static At R3:
Ip route 132.3.5.5 255.255.255.0 132.3.100.5 150
Ip route 192.192.1.0 255.255.255.0 132.3.100.5 150
Router ospf 3
Redistribute static subnet route-map BACKUP
Route-map BACKUP permit 10
Match ip address 50
Set metric-type 1
Access-list 50 permit 192.192.1.0 255.255.255.0
At R5
Ip route 0.0.0.0 0.0.0.0 132.3.100.3 150
12. BGP
12.1 IBGP, EBGP (2 points)
R1 in AS 1031, R4 in AS 1034, R3, R2, R5 in AS 1099; IBGP must be fully meshed.
Answer: Straight forward.
Use loopback interface as update-source in AS 1099 is better (for the
sake of keeping the BGP peering stable when ISDN backup is
functioning, see previous and below).
The Power Of Knowing
www.actualtests.com
5
12.2 confederation and filters (2 points)
There is an external AS 254 on backbone 2 (which peer address is
150.100.2.254, and your is 150.100.2.X, where X is your rack
number). You are requested to send your topology's route to that AS
and appear as from only AS 3. AS 254 will advertise several
route to your topology, you are requested to only permit 197.68.x.0 to
be put into your topology, where x is any number, The proctor
said that the mask had no limit.
Answer: The question has no word such as 'confederation', you must
decide by yourself to implement confederation.
Bgp confederation identifier 3
Bgp confederation peer-id 1031 1099 ¨¨
12.3 route advertisement (2 points)
Make another advertisement interface in R5 (network 192.192.2.0) .
Make this network the only route to advertise to the AS 254 and
make it as the BGP route at R1' routing table.
Answer: 'No synchronous" at every router
12.4 reduce route (2 points)
For some memory consume problem, you are requested to change the
197.68.x.0 network to a supernet
197.68.0.0 expect 197.68.22.0, advertise them in your topology and do
not send them back to AS 254.
Answer: There are four network incoming: 197.68.1.0, 197.68.4.0,
197.68.5.0, 197.68.22.0, so use suppress- map and AS-SET.
Because network 150.100.2.0 is not seen by ospf, all router except R4
consider the
197.68.x.0's next hop as unreachable, they don't put them in their
routing table since the BGP routes are not the best.
I have put the 150.100.2.0 into ospf, 1 don't know whether it is
acceptable, but the proctor seem to not mind it.
(or use next-hop-self)
Aggregate-address 197.68.0.0 255.255.0.0 as-set suppress-map SPECIFIC
Route-map SPECIFIC permit 10
Match ip address 1
Access-list 1 permit 197.68.1.0 0.0.0.255
Access list 1 permit 197.68.4.0 0.0.0.255
Access-list 1 permit 197.68.5.0 0.0.0.255
13. dlsw+
13.1 normal setting (2 points)
The Power Of Knowing
www.actualtests.com
6
Hosts on R2's ring 1 and VLANB want to communicate with hosts on R3's VLAN A.
13.2 additional peer (2 points)
Hosts on R4's ring2 want to communicate with VLAN A on VLAN B's hosts.
You are asked to add only one new peer connection,
border peer is not allowed.
Answer: Maybe: rif passthrough , 3920 config
13.3 source-route bridge tuning (2 points)
Ring 1 in R2 experience a explore storm and cause packet drop. Tune
the R2 to let the tokenring interface to deal with 100 packets
(include day and explorer packets) at one time.
Answer: Hold-queue
13.4 SNA filter (2 points)
Set filter to make R4's dlsw only allow test explorer (0x0000) and SNA
traffic ( 0x0004, 0x0008, 0x000c) an their response frames.
Answer:
Access-list 200 permit 0x0000 0x0d0d
Dlsw remote-peer 0 tcp 132.3.4.4 lsap-output-filter 200
Day 2
IPX
…- Only Eigrp on FR and VLANB. Enable IPX on all interface except
ISDN, BB1, loopback, ATM.
…- R4 Accept a AA00 from BB2, but the ipx network number of BB2 is not
specified- AA00 should be seen on all routers.(debug)
…- Configure R2 such R5 can only receive FSERV1 on AA00.
…- no ipx client on VLAN B can receive the SAP of FSERV1, but ipx
client on VLAN B can accept others SAP.
-> Make a tunnel between R2 and R4
Appletalk
…Only Eigrp on FR. Enable apple on all interfaces except ISDN, BB1 and
BB2. The zone of Vlan A and
Vlan B is ether.
…Config R1 such that it cannot see the network of VLAN A, but it can
see the network VLAN B.
…Enable Apple on ISDN.
…The ISDN is only activated when R3-R2 link fails.
The Power Of Knowing
www.actualtests.com
7
…Disable IP on ISDN
…Static route is permitted.
…Vlan A can access R2 (Ring 1) and Vlan B, when R3-R2 fails.
…Callback is used.
Nogte: After test – Even if configuration is correct, apple callback
will not work until reboot.
IOS feature
…Mobile ARP
…When VLAN A user is roamed to VLAN B and BB1, it still can be accessed.
-->Configure as the document.
Router Access
…A specific IP address is allowed to configure R3 by a web browser o
http server with access-list
…Previliege Control
…A user with a specific password can only be allowed to enter "show" command
…Broad-Control on FR
…Exact the same as command reference, pay attention to the byte or the bit.
Catalyst
…Span
…Change spanning tree Maxage, you must ' set spantree router' too,
because the spanning tree maxage will follow the routers config
when a router is connected to the switch.
Trouble Shooting
Requisite
…All router configuration will be based on RACK 5. Say, loopback
interface is according to RACK 5.
…132.x.0.0 is 132.5.0.0.
…ISDN number, AS number, BB1 and BB2 are used the old rack number.
…Cannot change download configuration IP address
…Cannot erase a whole routing process to enter a brand new configuration.
The Power Of Knowing
www.actualtests.com
8
Wrong Connection
…A cable is inserted from 3920 to a Catalyst port (prepend a router interface)
…Serial cable is inserted in a wrong fashion.
…R5 host name is changed to R3.
…Tunnel destination disappear on R2 tunnel interface.
…Tunnel source disappear on R5 tunnel interface.
…R3 serial 0 and serial 1 configuration are interchanged.
…Token Switch configuration is erased.
…Catalyst module is disabled.
…Wrong FR map
…Wrong OSPF area, and its parameter like stub area (R5), hello
interval (R3), router ID (wrong loopback ip address), no route-map,
ospf network type.
…Wrong Apple zone
…Wrong IP address (R5, R3)
…VLAN is erased
…Wrong Catalyst IP address and allocated VLAN
…Wrong IPX network address on BB2
Other questions
1. Voip
Change the timer such that when you pick up the phoneset, the waiting
timeout before you press the digit is the longest.
-->initiate-timeout?
2. ACL
R2's serial interface has a access-list
3. 3920
2 TrBrf in 3920, the first TrBrf has an ip address. -->same as the document.
4. ISDN callback
The Power Of Knowing
www.actualtests.com
9
Use isdn callback for toll avoidance, and callback as soon as possible
when the server receive a call. chap authentication
-->isdn caller xxxxxxxx callback because the isdn cloud is the isdn
simulator, it cant send calling number, so you have to add a
command on calling site:
isdn calling-number xxxxxxx
Change enable-timeout to shortest.
LAB 2.
Note: Diagram might have some minor inaccuracies.
2503: R3, R5 2611: R1 3640: R2, R4, R6 5002: Cat5 3920: Tokenring switch
Day 1
1. Comm server (1 point)
2. Diagram (1)
Include ip address, area number, interface, make your diagram update.
Remember to mark FRSW's interface number too, you will
need it on troubleshooting.
The Power Of Knowing
www.actualtests.com
10
3. Physical connection (1)
4. cat5002 setup (1)
two VLANs, VLANA:50; VLANB:75
5. cat5 address (1)
sc0 address on VLANA, 135.x.30.30/22, where x is the rack number, make
it be reached by your topology
6. IRDP (2)
ip irdp preference 100
7. Framerelay (2)
28 bits subnet. only use the dlci showed on the given diagram ( hub &
spoke, not fully meshed).
no frame-relay inverse-arp frame map ip …
8. Loopback address (1)
All of the routers has loopback interface. 135.y.x.x, where y is the
rack num. And x is the router num.
9. Address (1)
vlana: /22 vlanb: /26; framerelay int: /28; idsn: /30; others: /24
Use 135.x.0.0 to setup all interfaces except explicitly asked. e0/0 on
R1 is 150.100.1.x (BB1); e0/0 on R4 is 150.100.2.x (BB2).
10. OSPF (3)
Frame relay cloud on area 1, vlana on area 0, R2's ring on area 2,
vlanb on area 5, isdn on area 6.
Make loopbacks on existing area.
11. OSPF cost (2)
Change the ospf cost, should not use 'ip ospf cost…' on interface.
Make cost on ethernet as 90.
auto-cost reference-bandwidth 900
12. RIP (2)
Rip on R1 e0/0, manual redistribution with ospf. Should receive only
199.172.x.0,make 199.172.1.0 and 199.172.3.0 as one network on your
ospf topology, also advertise
150.100.1.0.
only class B 135.x.0.0/16 can be advertised from ospf to rip.
The Power Of Knowing
www.actualtests.com
11
There are 4 networks received by rip: 199.200.1.0, 199.172.1.0,
199.172.3.0, 199.172.12.0
router rip redistribute ospf 3 metric 2 network 150.100.0.0
router ospf 3 redistribute rip subnet summary-address 199.172.0.0
255.255.240.0 distribute-list 1 out rip
access-list 1 permit 199.172.0.0 255.255.0.0
13. IGRP (2)
Igrp at R3 and R4. AS is x. mutual redistribute with ospf, only
configure RP3 such that R4 can receive a default route, no static
route,
summary address, additional network are permitted.
router igrp 3 network 150.100.0.0 redistribute ospf metric 2000 10 255 1 1500
ip default-network 199.172.12.0
(only this network is the classful network in R3's routing table, this
is the only answer.)
14. IPX (4)
Setup ipx network on all interfaces except ATM, loopback, ISDN,
backbone. You can use rip and/or
Eigrp. R3 and R6 should be at different network.
Different network with different encapsulation on R2. frame-relay map ipx …
15. SAP (2)
vlana's sap is interferenced by something, assume that there is no
servers on vlana, make the sap
Advertise only when it changed.
at R2, R3, R6, set on interface: ipx sap-incremental eigrp 3
16. ISDN (4)
Only R5 can generate the call, use chap authentication, but R5 should
not challenge R3, R5 should not use its own name to
authenticate, must use userx.
oneway authentication. oneway dialer map at R5:
user user3 password cisco user R3 password cisco
int bri0 dialer map ip 135.3.9.1 broadcast 68020301 ppp chap hostname user3
at R3: user user3 password cisco user R3 password cisco int bri0 ppp
authentication chap
17. ISDN routing (2)
The Power Of Knowing
www.actualtests.com
12
Setup RD and R5 such that when R5 can access the topology when its
serial interface down.
at R5 router ospf 3 network 135.5.5.0 0.0.0.255 area 5 network
135.5.55.0 0.0.0.255 area 5 area 1 virtual-link 135.5.2.2 area 1
virtual-link 135.5.3.3 int bri0 ip ospf demand-circuit
I use backup interface also, but the protor said its wrong ( if
interface is up, but the dlci mapping in telecom is wrong, the isdn
will not
up). so just demand-circuit is ok. Make the loopback interface at area
5, and setup two virtual-link to make sue the area5 and the
loopback interface is seen by the topology when serial is down and isdn is up.
18. ATM (2)
R6, no subinterface, no autolearn ip address from client. vpi: 0, vci:
10x. ip address: 192.1.x.1, remote ATM router ip: 192.1.x.254
int atm 3/0 pvc 0/103 protocol ip 192.1.3.254 broadcast no inarp
19. VPN (2)
You have a VPN client, they use CIDR 192.1.32.0/20, some of your
client's employees are connected at R5's ethernet, their gateway
is 192.1.32.175. You can use any network in 192.1.32.0/20 to build the
VPN. VPN still on function when R5's serial is down.
Setup tunnel between R5 and R6, secondary ip address at R5's e0:
R6: int tunnel 0 ip address 192.1.33.1 255.255.0 tunnel source
loopback 0 tunnel destination 135.3.5.5
R5: int tunnel 0 ip address 192.1.33.2 255.255.255.0 tunnel source
loopback0 tunnel destination 35.3.6.6 interface e0 ip address
192.1.32.175 255.255.255.0 secondary
20. VPN routing (2)
Your client are using eigrp 100, setup such that your clients
employees at R5 can be reached by their remote network, also advertise
the route received from the remote ATM router to the employees. All
the routes of your client are not allowed to be advertised out of
R5 and R6.
router eigrp 100
network 192.1.33.0
network 192.1.32.0 passive-interface …
21. VPN routing (2)
All traffic from your clients employees at R5 to outside, either
traffic to their networks to your networks, should be route to the
remote
ATM router first (assume they don't need to telnet to R5 or R6). Setup
R5 and R6 to comply this policy.
policy routing
R5: interface e0 ip policy route-map VPN
route-map VPN match ip address 2 set ip next-hop 192.1.33.1
access-list 2 permit 192.1.32.0 0.0.0.255 R6: interface tunnel 0 ip
policy route-map VPN route-map VPN match ip address 2 set
ip next-hop 192.1.3.254
The Power Of Knowing
www.actualtests.com
13
access-list 2 permit 192.1.32.0 0.0.0.255
22. dlsw
R2's ring 1 to R4's ring 2; R2's vlana to R5's vlanb. Others are not allowed.
Use bgroup-list and ring-list
R2 dlsw local-peer peer-id 135.5.2.2 dlsw remote 1 tcp 135.5.4.4 dlsw
ring-list 1 rings 1 dlsw remote 2 tcp 135.5.5.5 dlsw
bgroup-list 2 bridge 1 dlsw bridge-group 1 source-route ring-group 200
23. dlsw efficiency
R4's hosts can reach R2's hosts which mac address are 4000.2300.xxxx,
but they would not send any explorers.
R2: dlsw i-can-reach mac 4000.2200.0000 mask ffff.ffff.0000
Day 2 morning
1. BGP (3)
R4 in AS x, R2, R3, R6 in AS 100x, R1 in AS 200x, R5 in AS 300x. x,
200x, and 300x should peer with 100x.300x still peer to 100x
when R5's serial is down.
Use ebgp-multihop on the 100x and 300x peering by loopback interface.
peer to R2 or R3
2. EBGP (2)
AS 254 at backbone 2, peer 150.100.2.254. Setup R4 to peer with. Only
received network
172.68.y.0, where y is any number.
neighbor 150.100.2.254 distribute-list 1 in access-list 1 permit
172.68.0.0 0.0.255.255
3. Aggregation (2)
Aggregate networks 172.68.y.0, such that R5 can only see the
aggregated route and see it come from AS
x. other routers should see the specific routes, also, they can see
the aggregate route or not.
AS-SET maybe reasonable
4. Default information (2)
New loopback interface 192.192.4.0 at R4. Advertise it only by BGP
throughout the topology, AS 254 are asked to receive it only. R2
generate a default route to R1 as long as it receive this route.
R2: neighbor 135.3.1.1 default-information originate route-map DEFAULT
route-map DEFAULT match ip address 1
access-list 1 permit 192.192.4.0 0.0.0.255 R4:
The Power Of Knowing
www.actualtests.com
14
Distribute-list out
5. Appletalk (3)
Setup appletalk at all interface except ATM, loopback, ISDN, backbone.
VLANA zone is viana, only eigrp
on framerelay cloud.
appletalk route-redistribute no appletalk eigrp split-horizon
appletalk local-routing appletalk protocol eigrp (framerelay int)
no appletalk protocol rtmp (framerealy int) frame-relay map appletalk …
Setup vlan on tokenring switch 3920 to separate the two rings so that
appletalk can be active on each ring.
6. Appletalk filter (2)
R4 can see all the appletalk cable-range, but others cannot see the
cable-range of R4's ring2. No filter is allowed.
No appletalk send-rtmp on R4's serial 0/0 (appletalk on R3's serial 1
maybe inactive) or Appletalk eigrp on R4's ring2, rtmp on R4's
serial 0/0 and no appletalk route-redistribute
7. Appletalk filter (2)
R5 can't see zone vlana and the cable-range associate with it.
Distribute-list in on R5's serial 0
Pay attention to the setup steps, you had better setup distribute-list
first and enable appletalk eigrp last, or the zone "vlana" would
appear at R5's zone table.
8. Access-list (3)
Only setup one output access-list on R2's serial 0/0 to :
Mail traffic from ring2 to vlanb is not allowed;
R3 can ping R1, R1 cant ping R3. (just the nearest interface is
enough); Users on ring1 is allowed to use port 6000 to 7000
(inclusive)
to access vlanb; No snmp traffic is allowed:
Users on backnone1 cant use ring2's tacacs service;
Any other traffic is allowed.
access-list 100 deny tcp 135.3.22.0 0.0.0.255 135.3.55.0 0.0.127 eq
smtp access list 100 deny tcp 135.3.22.0 0.0.0.255 135.3.55.0
0.0.127 eq pop2 access-list 100 deny tcp 135.3.22.0 0.0.0.255
135.3.55.0 0.0.127 eq pop3 access list 100 deny icmp 135.3.30.3
0.0.0.0 135.3.0.1 0.0.0.0 eq echo-reply access list 100 permit udp
135.3.22.0 0.0.0.255 range 6000 7000 135.3.55.0 0.0.0.127
access-list 100 deny ip 135.3.22.0 0.0.0.255 135.3.55.0 0.0.0.127
access-list 100 deny udp any any eq snmp
access-list 100 deny udp any any eq snmp-trap access-list 100 deny tcp
135.3.44.0 0.0.0.255 eq tacacs 150.100.1.0 0.0.0.255
access-list 100 permit ip any any
The Power Of Knowing
www.actualtests.com
15
9. Broadcast control (2)
Configure vlanb on CAT5, make the broadcast traffic under 20% assume
that the frame size is 768 bytes, including preamble.
Set port broadcast 2/4 20%
10. Traffic control (2)
Webservers on ring2, configure R4 such that output rate to the
webserver is under 1.5Mbps, any traffic higher than 1.5Mbps is
dropped.
I use CAR, but the protor said rate-limit is the wrong solution. Maybe
general traffic-shaping
11. Multicast (2)
Setup R1 to join a multicast group 224.0.5.5, R2, R3, R6 can ping this
group but shouldn't be explicitly setup to join it.
ip igmp join-group 224.0.0.5
Either dense-mode or sparse-mode is ok.
12. CGMP (3)
R2 and R6 can inform CAT5 the multicast group, CAT5 can send it to R3
even it is rebooting
at R2 and R6: ip cgmp
at CAT5 set cgmp enable set cam permernant 01-00.5e-00-05-05 2/2 (2/2
connect to R3)
13. netbios filter (2)
setup a output filter on R4's tokenring interface such that: access to
host SERVxNR is not allowed, which x is any character.
netbios output-access-list host ABC netbios access-list host ABC deny
SERV?NR( ^v first to input the '?") netbios access-list
host ABC permit *
Day 2 afternoon troubleshooting (25)
Both console and aux ports in all of the routers are set to 'no exec'
except commserver. All the console ports' speed are changed-
Some consoles are set to exec-timeout 0 1
Enable secret in some routers.
Console speed of CAT5 is changed.
I use one hour to break in all the equipments, its too long.
The Power Of Knowing
www.actualtests.com
16
There are different strange characters on different speed, make sure
you remember it and have practice on it before you test.
Some physical connections are wrong.
There are many additional config on the equipments, the aim of them is
to avoid your clear the config and retype the correct, you need
to erase them which not bother your correct answer.
Rack number was changed to 5
Frame-relay mapping wrong
CAT5 module and ports disabled, vlan dispeared.
After the vlan and ports are set to right (I'm sure), all the ports
appear 'connected' and routers on backbone vlana can ping itself, but
they can't ping each other, so routing failed, this is why I failed
the test. (I don't know the reason, maybe port broadcast is set to 0%,
so arp wasn't successful). ( The routers probablely were set wrong
static arp, I hadn't ever check the arp table on each router).
Serial between R3 and R4's clockrate dispeared. appletalk was set to
no send-rtmp.
LAB 3.
The Power Of Knowing
www.actualtests.com
17
Day 1
1. Diagram (1)
Draw diagram, including IP addresses of all interface, ospf area, BGP
AS number, IPX network number, physical links. Make your
diagram update.
Answer: mark as many as you can, include the serial ports of the FRSW,
esi or PVC or ATM, Ip addresses outside your topology,
routes from outside, the addresses you need to filter, summarize or
aggregate. It's very important for your troubleshooting.
2. Physical connection (1)
3. Names & password (1)
The Power Of Knowing
www.actualtests.com
18
Names are: RackYYRX, which YY is your rack num, X is the router
num.(for example,rack4 router3 is Rack04R3)
Set password: cisco, set exec-timeout never,users can access on con, aux, ttys.
Answer:
You should add 'loggin' command on line con 0, line aux 0, line vtys.
4. Framerelay (3)
Same as the diagram, not fully mesh.
Answer: disable the inverse-arp
5. Address (1)
Loopback address is 138.Y.X.X, Backbone1 is 150.100.1.X, Backbone2 is
150.100.2.X.
6. Address (1)
Use 138.Y.0.0 as your topology address scheme. Framerelay cloud is
/29, isdn is /20, ring 10 has 10 hosts, make your subnet mask
decision. (that means /28), others are /24.
7. Vlan (2)
VLANA(20), VLANB(30), VLANC(50), VLAND(70), VLANE(80)
8. Tokenring switch
Setup two Trbrf, use bridge number as 1 and 2, ring number as
10(R2&R6) and 20(R4).
Answer:
Note that the ring number in questions and routers is deximal, but in
3920 is hexadeximal.
9. Trunk (2)
Setup trunk at CAT5, VLANE is not allowed in trunk. R6 connect to
trunk. Be careful that not all switch ports are able to be a trunk.
10. OSPF (3)
Framerelay at area 0, ethernet at area 3, ring20 at area 4. No
additional area is allowed. Routers in area 4 have not enough memory
to
handle lots routes, configure R4 to adjust it.
Answer:
Make area 4 totally stub area.
The Power Of Knowing
www.actualtests.com
19
11. RIP (3)
R5's serial port and R1 run RIP, inject the specific routes from ospf
into RIP, but only advertise 138.Y.0.0 to BB1, no summary and
static route are permitted. Only permit one route 193.67.15.0/24
received from BB1. mutual redistribute between RIP and OSPF.
Answer:
Use rip version 2 but send and receive version 1 on R1's ethernet.
Distribute-list on R1's ethernet.
Remember to use debug to check the route update whether it is right.
Make a redistribute-list at R5's OSPF, just permit the routes
belongs to rip to be redistributed from rip to ospf, or the isdn will flap.
bri as passive interface
12. ISDN (2)
Just R5 can initiate the call, use pap authentication with different
passwords at each side.
Answer: 'dialer map' at R5 only, ppp pap sent ….
13. ISDN routing (3)
BRI interface at area 3, when ethernet down, keep topology consistent.
Flapping is not allowed.
Answer: demand circuit
14. ATM (3)
PVC 0/10Y, autolearn is not allowed, ip address 192.1.1.Y pvc peak
rate 100M, minimum rate 10M.
Answer:
Use static map, ubr+
15. EIGRP (3)
ATM, tokenring on R2 and R6 run EIGRP, only configure R6, permit
128.20.0.0 and 4.1.1.0 into R6, permit
128.28.0.0, 4.1.1.0, 192.1.1.0 into R2 by EIGRP.
Configure R2 or R6, such that OSPF and EIGRP can redistribute each other
Answer:
No auto-summary, set distribute-list at 'arm in', 'tokenring out' ,
also set 'tokenring in' to deny all eigrp update from R2, to prevent
R2 advertising the 138.Y.0.0 by EIGRP instead of OSPF. (because of its
lower distance).
16. DHCP (2)
R6 as a dhcp server and you should not define a database agent.
The Power Of Knowing
www.actualtests.com
20
Answer: no ip dhcp conflict logging ip dhcp exclude ip dhcp pool
…
17. HSRP (2)
Define HSRP on R2 and R6 ring 10, R6 as the primary, when tokenring or
ethernet interface of R6 fail, R2 as the primary.
Answer: Use 'track interface' at R6
18. BGP (4)
R3, R4, R5, R6 in AS Y, BB2, in AS 254, R1 in AS 10Y. AS Y are not
full mesh, when R4 or R6 failed, other routers can still receive
all the other BGP routes. Just allow 192.200.0.0 received from BB2.
Answer:
R4 and R6 act as Route Reflector. input prefix-list at R4 is the best.
19. BGP advertisement (2)
Another loopback interface at R1( 195.82.Y.Y/32), advertise it
throughout the network. Another loopback interface at R3(
195.83.Y.Y/32), advertise these two route only to BB2.
Answer:
Assign distribute-list out at R4 although eventually there are just
two BGP routes advertise to BB2. Do what they ask you to do
perfectly and accurately.
20. BGP filter (3)
Configure R5 such that 195.83.Y.Y is not seen on R1, but you can't use
any filter base on ip address.
Answer:
Use filter-list (as-path). Don't use community, because you have to
change community based on ip address.
21. Voice (1)
R6: port 2/0/0 is 50YO, port 2/0/1 is 60Y2, remote phone is 3002,
remote peer 128.28.2.8 (behind ATM cloud). Make you voices able
to call each other and 3002.
Answer:
Make sure you can reach 128.28.2.8 and 128.28.2.8 can reach your
topology (not just the ATM int). Redistributing OSPF to EIGRP is
important.
22. Voice (2)
Configure R6 so that when port 2/0/1 offhook, you can reach 3002
without inputting any digits.
The Power Of Knowing
www.actualtests.com
21
Answer:
'connection plar' at port 2/0/1.
Day 2
1. Multicast (3)
R1, R5, R6. R5 as RP, R5 join group 224.1.2.3, setup R1 and R6 so that
R5 as the only RP for 224.1.2.3.
Answer:
I think I lost the points. Check this command: ip pim rp x.x.x.x.
[ACL]; ip pim accept-rp x.x.x.x [ACL]
2. Multicast (2)
Inform Catalyst the multicast group.
Answer: CGMP at R5 and CAT.
3. IPX (4)
Atm, loopback, isdn, BB1 are not running ipx, rip on R5's serial int
and R1, others are eigrp only. you don't know the BB2's ipx
network and the encapsulation type, find it.
Answer:
'denbug ipx packet' and try all the encapsulation type in R4's
ethernet, you can find the encapsulation and network number.
Remember to configure the framerelay mapping at FR cloud, or you cant
ping each other although your routing table is right.
4. IPX filter (2)
Assume that you will have an additional wan link between R1 and R5,
configure R1 so that it can use both links to each other
networks that are not connected directly to R1.
Only configure R5, just allow network aa00 and service FSERV1 into R1.
Answer: ipx maximum-path 2 ipx output-network-filter, ipx output-sap-filter.
5. IOS feature (2)
At VLANB, there are some users have not setup their gateways,
configure VLANB such that these users cant access your topology by
anyway.
Answer: Disable proxy-arp at R3 and R6's VLANB subinterface.
The Power Of Knowing
www.actualtests.com
22
6. Menu (2)
Setup a menu, include 'show interface', 'show ip route', 'show
startup', 'exit menu'.
Answer: Search the document.
7. Link efficiency (3)
Use compression method predict (software) to compress the link between
R1 and R5.
Answer:
Change encapsulation to PPP, and you can use preditor now.
8. Dlsw (3)
Bridge connectivity between ring10 and ring20, ring10's host
communicate with ring20's host through R6, when R6's tokenring
interface fail, they will use R2 instead. When R6resume, R2's
connection must be undone, but should be maintained 6 minutes before
disconnect. R2 and R6 should not be configured a remote peer.
Source-bridge number must be consistent with tokenring switch.
Answer:
Backup peer, linger as 6. R4's remote peer must be R2 and R6's
tokenring interface. Promicous. Redistribute eigrp into ospf in R2 but
not R6, because of the redistribution is in R6, when R6's tokenring
down, the network of the ring will be down, and cant be distribute
into ospf, R4 will not have the ip routing connectivity to R2's
tokenring interface.
9 Dlsw (2)
A mainframe in ring10, make R4 have this mainframe's mac address in
its cache, and can only reach this host.
Answer: icanreach, icanreach max-exclude.
10. Catalyst feature (1)
VLANE have end station only, and have heavy traffic, configure it to
reduce the BPDU traffic.
Answer: Disable the spanning tree on VLANE.
11. Catalyst feature (1)
Port 2/11 belongs to VLANE, and connect to a host with a mac address,
configure the switch so that it need not learn the hosts mac
address event at bootup period.
Answer:Set cam peranent. Set the port belongs to VLANE
12. Catalyst feature (1)
Port 2/12 connect to a host, and belongs to VLANE, configure the
switch so that only this host can use this port.
The Power Of Knowing
www.actualtests.com
23
Answer: Set port security. Set the port belongs to VLANE.
13. Autoinstall (3)
A TFTP server with address 150.100.2.17 on BB2, a router with no
startup-config in FR cloud, configure R4 such that the router can
bootup with a startup-config which in the TFTP server, use CLCI 110.
Answer:
frame-relay map ip 138.5.234.5 110 (the ip address must be in your FR
cloud's subnet)
ip help-address 150.100.2.17
Day 2 Troubleshooting
Use rack number 6 instead of your original rack number.
Wrong console speed, no exec at con or aux, exec-timeout 0 1 at con or
aux R3's host name was changed to R5, and ipx routing also
was changed to 5.5.5 to make you confused.
One FR serial cable failed; R3's s0 config was moved to s1. Wrong
mapping at every serial interfaceS.
Wrong ospf network type, ospf authentication at one side but not in other side.
Wrong network or wrong area.
Wrong BGP AS number. Wrong peering.
Rip was changed to version 1.
Wrong ATM ip address. Wring distribute-list in EIGRP.
Wrong ipx network.
Catalyst module and ports are disabled, vlan removed.
Anyhow, you have to correct everything when you are troubleshooting.
Other questions:
1. IRB
Use IRB at R6. --> Different bridges for different subinterfaces. Add
"bridge X route ip" in R6.
2. OSPF security
The requirement is that in every VLAN, only Rx(2 or 3 or 5) can have
adjacency with R6, assume that there are other routers in that
VLAN. --> Do not use non-broadcast type and the neighbor command.
Because the other routers can have adjacency with R6 by
putting neighbor command with R6 although R6 do not have the neighbor
command with it.
The Power Of Knowing
www.actualtests.com
24
Method 1:
Add a tunnel in every VLAN, and make the ethernet interface passive.
Networks will be increased. This method was proved by the
proctor.
Method 2:
Add mac-address filter at R6.
Not only make the neighborship secure but also break the connectivity
of the VLAN (maybe wrong)
3. SNAPSHOT
Isdn run ipx rip, active period: 5 minutes; quiet period: 120 minutes.
--> Idle-timeout 120 seconds is too short and make the snapshoot
bounce, set it longer, say 250 seconds.
4. ATM arp-server
R6 as ATM arp-server; ESI is 1111.0000.00YY.00, which YY is your rack
number. Setup PVC 0/5 to handle SVC signaling; setup
PVC =0/16 to get the prefix. Arp-server self.
LAB 4.
The Power Of Knowing
www.actualtests.com
25
Day 1
1. Framerelay
R5 as hub, 2 subinterface, point-to-point subinterface connect to R4,
point-to-multipoint subinterface connect to R2 and R3.
2. Addressing
BB1, 150.100.1.Y; BB2 150.100.2.Y; framerelay cloud(R2,R3,R5) /28;
VLANA /25; Ring1 /27; VLANC /29; ISDN /30.
others /24.
3. OSPF
The Power Of Knowing
www.actualtests.com
26
Framerelay cloud (2,3,5), ISDN in area 0; VLANA and ring1 in area 3;
R5 and R6's serial interface in area 5; VLANC in area 6. -->
R2 and R3 need to establish virtual-link for area 0, prevent the
inconsistence of backbone once the framerelay pvc is down. (Ask the
proctor whether you need to do this) Use the most secure method to
authenticate ospf neighbor in backbone and ethernet. --> MD5
authentication, note that level 7 may have problem.
Change the dead-interval, but you are not allowed to explicitly change
the dead-interval timer. --> Change the hello-interval.
4. EIGRP
R1 and R2's serial interface run EIGRP, 4 loopback interfaces in R1,
place them in EIGRP, summarize them into one network and
advertise it to R2. --> Summary in interface. Redistribute OSPF and
EIGRP mutually in R2, cost of routes redistributed to OSPF
should have a fix value. --> metric-type.
5. RIP
R1's ethernet interface run RIP, redistribute even network into EIGRP.
--> wildcard mask!
6. IGRP
R4 and R5's link (p2p framerelay), Ring2, VLANB run IGRP. Redistribute
OSPF and IGRP mutually in R5. Loopback of R4
shouldn't be placed in IGRP, should be redistribute in it?? You are
permitted to add a static route but not a default-route in R4
pointing to BB1. --> Because IGRP is a classful protocol, you must add
a static route 'ip route 133.Y.0.0 255.255.0.0
150.100.1.Y' (for example) in R4, so that R4 can reach all the subnets
in ospf topology.
7. ISDN
Only R5 can make a call, chap authentication, R5's hostname should not
be itself.
Ospf routing. --> demand-circuit (be careful for the redistribution)
8. ATM
PVC, you are 192.1.1.Y, remote peer 192.1.1.254.
Should not add a default-route, networks behind ATM can reach your
topology? --> ATM run EIGRP? Then use summary in ATM
interface?
9. BGP
R1,2,3,4,5,6 are in AS Y. -->IBGP
All the routers in IBGP must receive bgp routes from R5. -->R5 as RR.
BB1 and BB2 are both in AS 254, setup R1 and R4 so that the
bgp routes from AS254 have weight 1000. -->route-map in
AS Y shouldn't be a transit AS, but you are not allowed to use AS-path
to filter it. --> Apply no-export community to the BGP routes
coming from AS254. R1 and R4 advertise networks of Ring1, Ring2,
VLANA, VLANB such that outside world reach RING1,
VLANA through R1, reach RING2, VLANB through R2.--> route-map out with
different metrics. Configure R1 and R4 so that only
the new routes from AS254 are received???
The Power Of Knowing
www.actualtests.com
27
DAY 2
A) DLSW
Ring1, VLANA of R2 and Ring2 have bridge connectivity, R2 should not
add a remote-peer.--> promiscuous R3 act as backup of
VLANA peering to R4; LLC of R4 use R2 to deliver SNA traffic when R2
isn't down. --> cost.
A SNA host in VLANA, configure R4's Ring2 so that R4's explorer for
this host should not cross the FR cloud, at CAT5 you can see
the host's mac address is X.X.X. --> proxy-explorer, pay attention to
the canonical and non-canonical address style.
B) IPX
R2,3,4,5 run ipx, EIGRP only in FR.
You don't know BB2's ipx encapsulation type and network.--> debug ipx
packet. Only allow AA00-AAFF coming from BB2.--
>input-network-filter. Client of Ring1 only get one ipx service: PTSVR. -->output-sap-filter.
C) Other questions
1. OSPF non-broadcast type
-->use neighbor
2. BGP
set origin IGP prefix-list
3. CAT5
set spanning tree root
Seriously Real for the Really Serious
LAB 5.
The Power Of Knowing
www.actualtests.com
28
Day One
FR – non broadcast
ISDN – Chap, One-way authentication, different hostname. R5 to R3 OSPF
– Summarization, filter
IGRP – R3 generate default route to R4
IPX routing – R3, R6 different network, SAP incremental update on VLan
A, no server is allowed on Vlan A ATM- PVC to remote
backbone router
EIGRP – Run over ATM
VPN – Make a tunnel from R5 to BB1
DLSW – Icanreach, Token to Token, Eth to Eth
Day Two
The Power Of Knowing
www.actualtests.com
29
Multicast routing
Appletake –filter
BGP – Announce default route, no RR, but like previous exam
Access control
LAB 6.
The Power Of Knowing
www.actualtests.com
30
1. Setup the network with 137.2.0.0
1a. Frame relay use 140.2.10.0/255.255.255.240 1b. TR2 use
137.2.44.0/255.255.255.248 1c. ISDN use 137.2.25.0/255.255.255.252
1d. BB1 use 150.100.1.0/24 1e. BB2 use 150.100.2.0/24 1f. TR1 use
137.2.26.0/24 1g. Make a loopback interface in each router, the
loopback address need to be advertised on the following setup. The
loopback ip address can be put into any area or routing process. 1f.
A low memory router will be connected to TR2, select the best way. 1g.
R1 is a RIP only router. It can send unicast update to RR1.
1h. R5 and R1 run RIP. R1 can reach throughout the network.
Summarization is now allowed.
The Power Of Knowing
www.actualtests.com
31
2. Establish VLANA(20), VLAN B(3), VLAN C(50), VLAN D(70), VLAN E(80).
Catalyst is located in the VLAN D.
R2 -> VLAN A
R3 -> VLAN B
R5 -> VLAN C
R6 -> ISL
2a. Set up ISL with R6 and Catalyst. 2b. VLAN E is not allowed in the ISL
3.IRB
Use R2, R3, R6 are routed through R6 by IRB
4. Security
R2 can only establish adjacency with R6. R3 and R5 do the same as R2.
Authentication or address filtering cannot be used.
I used Non-broadcast and Neighbour, it is wrong. I tested that if the
timer of others router is changed to the same to the R6 and R2, the
others router can establish adjacency with R2 and R6.
ISDN switch: basic-5ess, No Spid
5a.
Only IP traffic can bring up the ISDN interface. If the error rate is
more than 10%, put it into "Down" state.
5b.
ip ospf demand-circuit. ??
6. ATM
6a. R6 is acting as LECS with a specified IP address. (do not use the
auto load address) 6b. R6 is acting as LES.
6c. LANE name RACKY.
6d. R6 can ping ATM core router. 6e. Only R2, R6 Token ring interface
and ATM interface run EIGRP 100. Other interface are not
allowed to send EIGRP.
7. IP feature
7.1 There is DHCP client in TR1. Make R6 as the DHCP server, it can
distribute the default gateway to the client and the lease period
will be infinity.
7.2 Configure HSRP on R6 and R2, R6 will be the active gateway. If the
R6 fast ethernet is flapped, R2 will be the active gateway.
The Power Of Knowing
www.actualtests.com
32
8. BGP
8.1 R4 peer with RR2
8.2 R3, R4, R5, R6 is IBGP. They are NOT fully meshed. If either R4 or
R6 is not available, other IBGP peer can obtain full route
from other peer. R4 and R6 will advertise the route to other Internal peer.
8.3 Make a loopback interface in R1, this is the only route to be seen
on RR2. (137.2.0.0? no need to be seen in RR2)
8.4 Make a look interface in R3, this is the only route to be seen on
RR2. R1 cannot see this route. Filtering is not allowing.
9. VOIP
9.1 Assign number to two phone on the FSX with the number 5020, 5021.
9.2 A no show router is located in somewhere behind ATM core router
which IP address is 128.x.x.x Try to make a call to 3001 to test
the call.
9.3 Once the FSX phone is picked up, it would dial to 3001 automatically.
Answer:
3. Put different VLAN in different bridge group
4. By input filter
6. "lane config config-atm-address" in interface and "lane
config-atm-address" in sub-interface
IPX (11 points)
DLSW, broder, Dynamic peer (9 points)
Catalyst, Port Security, Spanning Tree, multicast(pim, sparse) (5 points)
LAB 7.
Day 1
YY=your rack number, X=your router number, Z= random number, You are
given a classful B network: 139.YY.0.0, If not specify,
use 24 subnet mask, Create a loopback address for each router use:139.YY.X.X
Catalyst5000's sc0 ip address is 139.YY.0.50/24, all your router can
ping this address Create two VLAN:VLAN A(2/2,2/5-6) vlan id
256 and VLAN B(2/3) vlan id 30
Catalyst3920's ip address is 139.YY.20.11/24, all your router can
telnet to 3920 use this address through ring 1,
Between R1 and R2's serial support 2 hosts,
Ring2 support up to 30 hosts,
ISDN support 2 hosts,
On R5's e0, there are two range network, the main range network is
139.YY.25.0/24, the other range network is
139.YY.0.0/24
The Power Of Knowing
www.actualtests.com
33
R1 to backbone1 address is 150.100.1.YY/24
R4 to backbone2 address is 150.100.2.YY/24
Frame-relay sw is full mesh, but you only can use the dlci number in
the figure, R3's serial cannot use subinterface.
OSPF area
Between R1 and R4's serial: area 0
Between R1 and R2's serial : area 1
R2's token ring: area 2
R4's token ring : area 4
RIP(3)
From backbon1 you can only let 199.172.1.9 and 199.172.3.9 appear on
R1 all through your routers, the two network must have
different metric on R4 all your routers can ping the ip address
150.100.1.253 You are allowed to let the subnets of your network
139.YY.0.0/16 to get to backbone1
EIGRP
EIGRP AS number is 100
You can redistribute between OSPF and EIGRP ONLY on R2
On R4, do not allow ospf route, VLAN A and/or RIP route appear as EIGRP
Create a access-list on R4 to prevent loop route.
ISDN
(2) R3 and R5 can ping each other, when isdn is up, only permit IP
packet pass through the isdn
(3) It is not permitted any ip protocol on the isdn, you can create a
default route on R3 and several specify static route on R5, if R3's
serial interface is administely pulled out from the router, the isdn
should be up.
BGP basic
R1,R4,R3 are in AS YY, R2,R5 are in AS 10+YY,R6 is in AS 100+YY
Backbone2 is AS 254
Let loopback to update route
Ebgp: only between R4 and backbone2, only between R1 and R2, only
between R3 and R5, only between R2 and R6, only between
R5 and R6.
R1,R4,R3 are full mesh ibgp.
The Power Of Knowing
www.actualtests.com
34
From backbone 2, there are network : 197.68.Z.0,200.200.1.0
Only allow 197.68.Z.0 pass through your routers, R1 and R3 can see
them as ip route and ip bgp route.
BGP feature 1
Create a loopback 192.YY.42.132 on R6, put it into bgp route, let all
your routers can see it. On the R4, you have two pathes to get to
the network 192.YY.42.1/32, you must let R4 prefer R2 to get to
192.YY.42.1/32, do not use access-list based on ip address or 'next-hop'.
BGP feature 2
On R5, there are routes from AS 254 pass through R2 and R3, you must
let R5 prefer the routes from AS 254 from R2, do not do it
based on ip address.
Multicast
Config multicast on R1's serials, R2's token ring and serial, R4's
serial and token ring Use sparse-dense-mode
Only on R2's token ring interface join two ip address: 224.1.1.1,
244.2.2.2. on other router, do not join the two groups explicitly
On R2 it is only 224.1.0.0/16 group's rp address.
R4 can not explicitly announce rp address, R4 only see one of the rp
address, do not see another rp address. But can ping the two ip
address.
ATM
Config ATM arp server
ATM esi-address:1111000000YY.00
Get snap address from ATM sw
R6'atm3/0 ip address:192.2.YY.1/24
Put atm3/0 into EIGRP
From arm router, there are many route, only allow 198.2.1.0 appear on
R6 and all your routers R6 only advertise 139.YY.0.0/16 to
ATM
Catalyst3920
Config 3 vlans
Port 2, R2's to0/0 ring# (decimal)1, Bridge # (decimal)11
Port 4, R4's to0/0 ring# (decimal)1, Bridge # (decimal)12
Port 6, R6's to0/0 ring# (decimal)3, Bridge #(decimal)13
The Power Of Knowing
www.actualtests.com
35
DAY 2
1. Unicast RPF (3 point)
2. Access-list (2 point=
Config a access-list(in) on R6's to0/0 only allow source from
FRC1918's private address (class A, class B, class
C)
3. Telnet-1 (2 point)
Only allow your ip address 139.YY.0.0 can telnet to R6, on R6 can
identify the request against permit.
4. Telnet-2 (2 point)
For security, in order to increase the security, when you telnet to
R6, you must be request to input user name:userYY, input
password:cisco
5. Ipx (5 point)
look ipx figure
IPX RIP:R6's to 0/0, VLAN A, Backbone 2
There are twp ipx network on R6's to0/0: 100+YY,1000+YY, all routers
must see them From backbone2, do not know the
backbone2's ipx network, ipx network encap Only allow ipx network AA00
appear on R4 and all your router.
Config R6, do load share, R6 can see two pathes, when R6's to0/0's
stations access backbone2's ipx network AA00, they must use the
same path and are not out of order.
6. DLSW+ (2+3)
6.1 Stations on VLANA want to communicate with stations on ring2, R4
want to build peer with R2 and R6, must be
CONNECT.config R2, when stations on ring 2 want to access VLANA, R4
should prefer R2.
6.2 Dlsw+ on frame-relay(3)
VLANB want to communicate ring 2, do not use TCP and FST encap.
7.voice (2+2)
7.1 Config R6, use ring number 4YY0 and 4YY1 under port 2/0/0 and
2/0/1 respectively, they can ring each other. There are many
rings number with extention number 3002 on a hub or server, its ip address is
192.2.YY.254, you can not config exactly using the number 3002 or
multi-period(….).
7.2 there are a ring number 526-83456(not remember) on ATM router, its
ip address is 192.2.YY.254, config R6, when you dial 3002
or 52683456, it will ring. (not remember exactly)
8.Catalyst
The Power Of Knowing
www.actualtests.com
36
8.1 config catalyst 5000, syslog server ip address is 150.100.1.240,
facility level is SYSLOG,
8.2 set port 2/10 port level is HIGH
8.3 Bridge (not remember exactly): set port 2/6's cost, let it have
high priority to be root port prefer the port with default cost.
LAB 8.
The Power Of Knowing
www.actualtests.com
37
The Power Of Knowing
www.actualtests.com
38
Description:
1.Equipment:
There may be totally 7 routers and 3 switches you need to configure.
Commserver:2511
R1:2610
R3,R5:2500
R2,R4,R6:3640
Ethernet switch:CAT5002
Tokenring switch:3900
Backbone switch:2924M-XL
This Lab doesn't want you to configure the R6 which have ATM interface
and voice interfaces.
2.lab time
Day1: 9:30----17:20 (lunch time: 11:30----12:00)
45 points, 30 to pass to day2
Day2: 9:00----12:00
35 points, total 60 to pass to afternoon's troubleshooting
15:00-18:00
troubleshooting, total 80 to get your number
3.Requirement
At troubleshooting, the parameters may be changed except the topology,
include ip address, area number, process tag, etc. But this is
not the fault, for example, you are not allowed to change the ip
address when they change the network from 132.3.0.0/16 to
132.7.0.0/16, but the subnet mask may be wrong, exactly that's what
you want to troubleshoot. Additional, the scoring is block by
block, but each score is not more than 4 points.
No static routes are permit (include to null0 or default-network)
except explicitly request.
Day 1:
1. Commserver (1 point)
Configure reverse telnet. line1-6 are R1-R6, line 7 is CAT5002, line87
is 3900, line9 is backbone switch.
The Power Of Knowing
www.actualtests.com
39
Answer:
No exec, transport input all
2. Physical connection (1 point)
Make the right connection
Answer:
Straight forward. Normally. all the cables they provide to you must be
used, if you find that there are some left, check carefully if you
are right.
3. Draw a topology diagram (1 point)
Include ip address, area number, VLAN, etc. Make it updated.
4. loopback address (1 point)
Setup loopback address as 132.Y.X.X at your router, where Y is your
rack number and X is your router number.
5. CAT5002 setup (1 point)
R3 in VLAN A, use 100, R5 in VLAN B, use 200. Set sc0 (132.3.9.9) in
VLAN A, and make the switch able to reach all the topology
through R3.
Answer:
Set vtp domain
Set vlan
Set vlan name
Set ip route default 132.3.9.3 255.255.255.0
6. address (2 points)
All the interfaces use 132.Y.0.0 network as their addresses and use
24bits mask. The frame relay interface use 27 bits mask. Draw
them on your diagram.
Answer:
Imply that the loopback address use 24bits mask, don't use 32 bits mask.
7. frame-relay setup (2 points)
Setup frame-relay, the frame relay switch is a 4500 which also act as
a backbone router. The switch is configured as fully meshed, but
you are demanded to only use pvc showed on the diagram they provide
(see diagram).
The Power Of Knowing
www.actualtests.com
40
Answer:
No frame-relay inarp
Frame-relay map ip ……
8.RIP setting (2 points)
R1 ethernet address is 150.100.1.Y. Setup RIP in R1, several network
will send to R1 from Backbone 1, you are requested to permit
only 193.68.3.9 to add in your RIP routing table and advertise it and
150.100.1.0 to your topology. Also, advertise only the classful
network 132.3.0.0 to your RIP domain.
Answer:
Distribute-list, mutual redistribute
Router rip
Distribute-list x in ethernet 0
Redistribute ospf 3 match internal external 1 external 2 route-map o2r
Route-map o2r
Match ip address y
Set metric
Router ospf 3
Redistribute rip subnet
9. OSPF
9.1 basic configuration (2 points)
Frame-relay interface in area 0; R4's tokenring interface in area 4;
serial interfaces between R3 and R2, R2's tokenring interface,
VLAN A in area 3; VLAN B in area 5; make area 5 as NSSA area. Put all
loopback interface in the area.
Make all interfaces reach each other.
Answer:
Ip ospf network point-to-multipoint
Router ospf 3
Area 0 …., area 3…..,……..
Area 3 virtual-link 132.3.3.3, Area 3 virtual-link 132.3.2.2 Area 5 nssa
The Power Of Knowing
www.actualtests.com
41
9.2 default-information (2 points)
Make R2 generate a default route to area 5, make the default route
only appear on R5.
Answer:
At R2: Area 5 nssa default-information originate
9.3 external route (2 points)
Make another loopback interface in R5 (network 192.192.1.0) . make
this network able to be reached by ospf topology but you are not
allowed to put it in any area. And it must appear as different metric
at R3 and R1.
Answer:
Redistribute connected subnet metric-type 1 route-map c20 Route-map c20
Match ip address x
9.4 OSPF timers (2 points)
You are informed that R3 use much resource to run the ospf process,
tune the R3 to run not less than 30 seconds between two
processed.
Answer:
Timers spf 5 30
Make sure you know the difference between the two spf timers.
10.frame-relay QoS (3 points)
You are requested to rune the frame relay include mincir,cir,bc,be as
below: mincir 16kbps; measure interval is 125ms;set DE when
48kbps;drop when 64 kbps
Answer: frame-relay traffic shaping fram-relay class QoS map-class
frame-relay QoS mincor 1600
cir 48000
bc 6000
be 2000
11. ISDN
11.1 DDR ( 2 points)
Traditional DDR between R3 and R5, not mentioned about ppp or
authentication. Isdn switch-type is basic-5ess, no spids. Number is
68020X01 and 68020X02, where X is your rack number.
Answer:
The Power Of Knowing
www.actualtests.com
42
Username R3 password cisco
Username R5 password cisco
Encapsulation ppp
PPP authentication chap
Dialer map ip 132.3.100.3 name R3 68020301
Dialer map ip 132.3.100.5 name R5 68020302
Isdn switch-type basic-5ess
Dialer-group 1
Dialer-list 1 protocol ip permit
11.2 Toll avoidance (2 points)
When R5 generate a call, R3 will drop it and call back (ppp callback).
Answer:
Ppp callback request
Ppp callback accept
Dialer map ip.132.3.100.5 name R5 class CALLBACK 68020302 Map-class
dialer CALLBACK
Dialer class-back username
11.3 routing backup (floating static) (2 points)
Put some specific static route at R3 and a default route at R5 to:
when R3 or R5 lose some route from ospf, both them can generate a
call to each other; any router in your topology can reach the active
interface of R5; Network 192.192.1.0 must still appear as different
metric at R3 and R1. When R5's ethernet interface is still up, R5 is
not allowed to generate the call???
Answer:
They would not tell you use which method, you must decide by yourself.
Use floating static At R3:
Ip route 132.3.5.5 255.255.255.0 132.3.100.5 150
Ip route 192.192.1.0 255.255.255.0 132.3.100.5 150
Router ospf 3
Redistribute static subnet route-map BACKUP
The Power Of Knowing
www.actualtests.com
43
Route-map BACKUP permit 10
Match metric-type 1
Access-list 50 permit 192.192.1.0 255.255.255.0
At R5
Ip route 0.0.0.0 0.0.0.0 132.3.100.3 150
12. BGP
12.1 IBGP, EBGP (2 points)
R1 in AS 1031, R4 in AS 1034, R3, R2, R5 in AS 1099; IBGP must be fully meshed.
Answer: Straight forward
Use loopback interface as update-source in AS 1099 is better (for the
sake of keeping the BGP peering stable when ISDN
backup is functioning, see previous and below).
12.2 Confederation and filters (2 points)
There is an external AS 254 on backbone 2 (which peer address is
150.100.2.254, and yours is 150.100.2.X, where X is your rack
number). You are requested to send your topology's route to that AS an
appear as from only AS 3.
AS 254 will advertise several route to your topology, you are
requested to only permit 197.68.x.0 to be put into your topology,
where
x is any number. The proctor said that mask had no limit.
Answer:
The question has no word such as 'confederation', you must decide by
yourself to implement confederation. Bgp confederation
identifier 3
Bgp confederation peer-id 1031 1099
….
….
Neighbor 150.100.2.254 distribute-list 2 in
Access-list 2 permit 197.68.0.0 0.0.255.255
12.3 route advertisement (2 points)
Make another loopback interface in R5 (network 192.192.2.0). Make this
network the only route to advertise to the AS 254 and make
it as the BGP route at R1's routing table.
The Power Of Knowing
www.actualtests.com
44
Answer: 'No synchronous' at every router
Neighbor 150.100.2.254 distribute-list 1 out
Access-list 1 permit 192.192.2.0 0.0.0.255
12.4 reduce route (2 points)
For some memory consume problem, you are requested to change the
197.68.x.0 network to a supernet
197.68.0.0 to except 197.68.22.0, advertise them in your topology and
do not send them back to AS 254.
Answer:
There are four network incoming: 197.68.1.0, 197.68.4.0, 197.68.5.0,
197.68.22.0, so use suppress-map and AS-SET
Because network 150.100.2.0 is not seen by ospf, all router except R4
consider the 197.68.x.0's next hop as unreachable, they don't
put them in their routing table since the BGP routes are not the best.
I have to put the
150.100.2.0 into ospf, I don't know whether it is acceptable, but the
proctor seem to not mind it.
(or use next-hop self)
Aggregate-address 197.68.0.0 255.255.0.0 as-set suppress-map SPECIFIC
Route-map SPECIFIC permit 10
Match ip address 1
Access-list 1 permit 197.68.1.0 0.0.0.255
Access-list 1 permit 197.68.4.0 0.0.0.255
Access-list 1 permit 197.68.5.0 0.0.0.255
13. dlsw+
13.1 Normal setting (2 points)
Hosts on R2's ring 1 and VLANB want to communicate with hosts on R3's VLAN A.
Answer:
Dlsw local-peer peer-id 132.3.2.2
Dlsw remote-peer 0 tcp 132.3.3.3
Dlsw bridge-group 1
Source-route ring-group 1000
Source-route transparent 1000 500 1 1
Bridge-group 1 protocol ieee
The Power Of Knowing
www.actualtests.com
45
Interface ethernet 0
Bridge-group 1
Interface tokenring 0
Source-route 200 1 1000
13.2 Additional peer (2 points)
Hosts on R4's ring2 want to communicate with VLAN A and VLAN B'S
hosts. You are asked to add only one new peer connection,
border peer is not allowed.
Answer:
Maybe rif passthrough, 3920 config
13.3 Source-route bridge tuning (2 points)
Ring 1 in R2 experience a explore storm and cause packet drop. Tune
the R2 to let the tokenring interface to deal with 100 packets
(include data and explorer packets) at one time.
Answer: Hold-queue
13.4 SNA filter (2 points)
Set filter to make R4's dlsw only allow test explorer (0x0000) and SNA
traffic (0x0004, 0x0008, 0x000c) and their response frames.
Answer:
Access-list 200 permit 0x0000 0x0d0d
Dlsw remote-peer 0 tcp 132.3.4.4 lsap-output-filter 200
Day 2:
Ipx and its filter
Appletalk and appletalk DDR
Mobile arp
Frame-relay broadcast queue
My experience:
xBe careful and serious. Pay attention to the words such as 'only',
'allowed', 'permit', etc. Do not make stupid mistakes.
xBe familiar with Documentation, know how to get the detail in the
CD. Search the CD as fast as possible.
The Power Of Knowing
www.actualtests.com
46
LAB 9.
Address
Use 135.YY.0.0/16
Frame relay between R3, R4 and use R6 use 29 bits sub mask, ring 100
use 27 bits sub mask. Others use 24 bit sub mask.
Frame relay
Use multipoint subinterface on R4, you can not use subinterface on
other routers. You can use only the PVC provided in the figure.
Switch
1 VLAN
VLAN A : 10
VLAN B: 20
VLAN C: 30
VLAN_CAT: 30
BACKBONE 1: 11
BACKBONE 2: 12
Cat 500 sc0 interface in VLAN_CAT, ip is 135.YY.36.30_
All routers can access the switch.
2 VTP pruning
Enable VTP pruning except VLAN B and VLAN C.
3 link fast
The Ethernet interface of R3, R5, R2, R6 should be up immediately when
boot. All the interfaces are 10M and half duplex.
4 trunk
Set link to R6 as trunk, and only traffic of VLANA, VLANB and VLAN_CAT
be allowed on the trunk.
CAT 3920
Ring 100 belong to bridge 1 and ring 200 belongs to bridge 15.
The Power Of Knowing
www.actualtests.com
47
IRB
R6 bridges between VLAN B and VLAN_CAT, route between VLANA and other VLANs.
RIP
On link between R1 and R3, only version 2 update is allowed.
R1 receives route 199.172.z.0 (z is any number) from backbone, only
permit odd routes into your rack, and with the least commands
to do this.
Only 135.YY.0.0/16 can be advised to bb1. You can not use summary.
OSPF
Ring 100 is area 0, frame relay between R3, R4 and R6 is area 1, ring
100 is area 2, vlan B is area 33. Area 0 us simple text
authentication, area 1 use MD5 authentication.
Area 2 is NSSA.
Redistribute between OSPF and RIP on R3. 199.172.z.0 should appear on R2.
EIGRP
AS number is 100.
Distribute between EIGRP and OSPF.
R2 should forward packet through to0 and you can not use policy
routing. You should accept only some of the routes from ATM
backbone and advertise nothing to ATM backbone.
IGRP
VLAN A uses IGRP, AS number 10.
When calculating metric, load should be used.
Redistribute between OSPF and IGRP on R6.
R5 can communicate with all other routes.
ATM
R6 have atm interface 3/0. Do not use subinterface and should not
learn IP through arp server. Address of ATM interface is
192.1.YY.1, the other end ip add is 192.1.YY.254. You should ping this
ip address. All routers can ping the ATM interface.
ISDN
Only R5 can initial the call. Use chap as authentication method. R5
should not challenge R3. ON R5, when traffic is more than 25%,
bring up another B channel and split packet on 2 B channels.
The Power Of Knowing
www.actualtests.com
48
ISDN routing
Configure IGRP on ISDN interface and redistribute between ospf and
IGRP on R3. When Ethernet interface of R5 is down, R5 can
still communicate with all other routers. You can use snap shot
routing or watch list.
HSRP
Configure HSRP on R3 and R6, R6 is preferred. IP is 135.YY.36.100.
When R6's frame relay or VLAN C is down, R3 is used as default router.
Telnet
On R2, other routers can telnet to it. You should see their host name,
instead of IP address. The telnet users should not see the
mapping between IP and host name.
Access control
Enable http server on R6.
On R3, deny users form BB1 to access the http server, but when they
telnet to R3 and authenticated, they can access the http server.
IPX
Configure IPX on all routers except ISDN, ATM loopback interfaces and
the link between R1 and R3. Use EIGRP on frame relay
backbone.
On R6 token ring interface, configure IPX network FFFFFFFF.
R1 should learn route with next hop R5.
DLSW
VLAN A and ring 100 can communicate with each other.
Peer should be connected only when traffic is forwarding.
R5 should prefer R2 to access ring 100 and you can not use "cost".
When other routers want to access ring 100, they should prefer R4,
without using backup peer. R5 should wait 5 min before mark a SNA or
Netbios resource as unreachable.
Bandwidth allocation
On R5 e0, DLSW traffic should use 50% bandwidth.
Voice QOS
On frame-relay PVC, allocate bandwidth for voicecall.
Voice
The Power Of Knowing
www.actualtests.com
49
Two phones on R6 can call each other
Phone son R6 can call a phone 3002 through ATM, GW is 128.28.8.2 When
phone on 1/0/0 dial 1, it can call to phone on 1/0/1.
Set ip precedence of voice to 5.
BGP
1 IBGP
R2, R4, R6 is AS YY.
R2 and R6 can not be peer.
You can not disable synchronization.
On R6, add a loop back interface with IP 200.200.1.x/24, and advertise
it, you can not use network command. You can put
200.200.1.x into IGP.
2 EBGP
R1 is in AS 65000+YY and R3 in AS 5000+YY.
R1 and R3 is peer, R3 and R6 is peer.
R4 is peer with BB2, AS 254.
There are some routes form BB2, you should only accept 197.68.x.0 and
200.200.YY.0. On R1, add a loop back interface with IP add
199.199.1.x/24 and advertise it. On AS YY, this route should appear as
originated from AS 5000+YY.
199.199.1.x should appear on BGP table of all routers and advertised to BB2.
Section B – Newer 8 Labs
Lab 1.
Forenoon
The following parts record the real whole course:
1. config terminal server:
R1-R6,Cat3550
2. draw network topology map
Update as soon as there arechanges.
The Power Of Knowing
www.actualtests.com
50
3. Configure ip addresses
Use CIDR block 50.1.0.0/16 to assign all with /24 mask other than:
3.1 isdn use /29
3.2 VlanA use /24
3.3 Framerelay use /28
3.4 VlanB use /27
3.5 Backbone 1 R1's e0 has ip add: 150.2.1.x/24
3.6 Backbone 2 R4's e0 has ip add:150.2.2.x/24
3.7 R6's ATM has add 172.2.2.x/24
3.8 set VlanA, VlanB in Cat3550, sc0 with ip add 50.1.30/22.
4. Configure each router a loop interface
ip add like 50.1.x.x (x is router number)
5. Config framerelay
,
Even if there are many dlci in framerelay switch, you can only use the
diagram. You can not use subinterface on R1 and R2.
6. OSPF
6.1 area 0 include vlanB
6.2 area 1 include vlanA
6.3 area 3 include ISDN only
6.4 area 5 include framerelay
6.5 area 6 include R2'token 0
6.6 put all router's loopback is OSPF
7. RIP
7.1 put R1's e0 in RIP
7.2 you can get many routes, you can only input 60.172.1.0, 60.172.3.0,60.172.0.
7.3 On R1:redistribute between RIP on OSPF, let RIP only know
50.1.0.0/16, let ospf only see 60.172.12.0 and another route, it can
reach 60.172.1.9 and 60.172.3.0.
8. IGRP
8.1 config IGRP between R3, R4, and R4's all interfaces.
8.2 On R3:redistribute between ospf and igrp, let all ospf router can
see all routes from igrp
8.3 On R3:product default-network to R4, let R4 can ping all ospf router.
9. Dlsw
9.1 build dlsw on R5, R2, R4.
9.2 let VlanB bridge to VlanA but not to ring1
9.3 on R4 it is can not send out any mac with 4000.8888.xxxx to ring1,
but communication still ok.
The Power Of Knowing
www.actualtests.com
51
10. VPN
10.1 R6's atm interface have a pvc 0/100 to custom's atm router 199.1.1.1
10.2 custom have some employee in vlanB want to access there source
connect to atmrouter123.2.2.2, they use eigrp 100.
10.3 custom's address, routes can not in any route except R5 and R6,
and custom routers can not know any routes of your routes.
Seriously for the Really Serious
End of Forenoon
Afternoon
11. BGP
11.1 R5 in As 2,RI in As 3, R2,R3,R6 in As 1, R4 in As 4
11.2 build ebgp and ibgp relation, 3-1,2-1,4-1
11.3 1 has a connect to 150.2.2.254 which is As 100, you can receive
many bgp route. Only send
200.200.1.0/24, 200.200.2.0/24, 200.200.9.0/24 to As1000
11.4 On R2: only send 200.200.9.0/24 and one bgp route include
200.200.1.0 and 200.200.2.0 to As2000, and let R5 find those route
is original from As400.
12.
config R4's ethernet to Backbone2's www server limited below 1.5Mbps.
13.
config ethernet broadcast in CAT3550's can not reach 20%
14. Multicast
14.1 config multicast on R1,R2,R3,R6, let R1 join a igmp group, you
can ping it from others.
14.2 let R2,R6 support Cat3550s multicast function.
15. Access
15.1 only config outbound on R2's framerelay.
15.2 deny smtp,pop3 from VlanB to VlanA
15.3 deny www from ring2 to vlan B
15.4 deny R3's ping to R1
15.5 deny vlana's any udp port great than 6000 to Backbone1
The End
The Power Of Knowing
www.actualtests.com
52
Lab 2
Note: Some IP configuration might contain some small errors. Compare
with the picture on the next page.
The Power Of Knowing
www.actualtests.com
53
Forenoon
1. Commserver (1 point)
Configure reverse telnet. line1-6 are R1-R6,line7 is CAT3550,line8 is
3900,line9 is backbone switch.
Answer: No exec, transport inout all
2. Physical connection (1 point)
3. Draw a topology diagram (1 point)
Include ip address, area number, VLAN, etc. Make it updated.
4. Loopback address (1 point)
Setup loopback address as 132.Y.X.X at your router, where Y is your
rack number and X is your router number.
5.CAT3550 setup (1 point)
R3 in VLAN A, use 100, R5 in VLAN B, use 200. Set sc0 (132.3.9.9) in
VLAN A, and make the switch able to reach all the topology
through R3.
6.address (2 points)
The Power Of Knowing
www.actualtests.com
54
All the interfaces use 132.Y.0.0 network as their addresses and use
24bits mask. The frame relay interface use 27 bits mask. Draw
them on your diagram.
Answer:
Imply that the loopback address use 24bits mask, don't use 32 bits mask.
7.frame-relay setup (2 points)
Setup frame-relay, the frame relay switch is a 4500 which also act as
a backbone router. The switch is configured as fully meshed, but
you are demanded to only use the pvc showed on the diagram they
provide (see the diagram).
8.RIP setting (2 points)
R1 ethernet address is 150.100.1.Y. setup RIP in R1, several network
will send to R1 from Backbone 1, you are requested to permit
only 192.68.3.9 to add in your RIP routing table and advertise it and
150.100.1.0 to your topology.
Also, advertise only the classful network 132.3.0.0 to your RIP domain.
Answer: Distribute-list, mutual redistribute
9.OSPF
9.1 basic config (2 points)
Frame-relay interface in area 0; R4's tokenring interface in area4;
serial interfaces between R3 and R2, R2's interface, VLAN A in
area 3; VLAN B in area 5; make area 5 as NSSA area. Put all loopback
interface in the area. Make all interfaces reacheach other.
Answer: virtual-link, nssa
9.2 default-information (2 points)
Make R2 generate a default route to area 5, make the default route
only appear on R5.
Answer:
At R2: Area 5 nssa default-information originate
9.3 external route (2 points)
Make another loopback interface in R5 (network 192.192.1.0). Make this
network able to be reached by ospf topology but you are not
allowed to put it in any area.
And it must appear as different metric at R3 and R1.
Answer: metric-type 1
9.4 OSPF timers (2 points)
You are informed that R3 use much resource to run the ospf process,
tune the R3 to run not less than 30 seconds between two process.
The Power Of Knowing
www.actualtests.com
55
Answer: Timers spf 5 30
Make sure you know the difference between the two spf timers.
10.frame-relay QoS (3 points)
You are requested to rune the frame relay include mincir,cir,bc,be as
below: mincir 16kbps; measure interval is 125ms;set DE when
48kbps;dop when 64kbps
Answer: frame-relay traffic-shaping fram-relay class QoS map-class
frame-relay QoS mincir 16000
cir 48000
bc 6000
be 2000
11.ISDN
11.1 DDR (2 points)
Traditional DDR between R3 and R5, not mentioned about ppp or
authentication. lsdn switch-type is basic-5ess, no spids. numbers are
68020X01 and 68020X02, where X is your rack number.
11.2 Tool avoidance (2 points)
When R5 generate a call, R3 will drop it and call back (ppp callback).
Answer:
Ppp callback request
Ppp callback accept
Dialer map ip 132.3.100.5 name R5 class CALLBACK 68020302 Map-class
dialer CALLBACK
Dialer call-back username
11.3 Routing backup (floating static) (2 points)
Put some specific static route at R3 and a default route at R5 to:
when R3 or R5 lose some route from ospf, both them can generate a
call to each other; any router in your topology can reach the active
interface of R5; Network 192.192.1.0 must still appear as different
metric at R3 and R1. When R5's ethernet interface is still up, R5 is
not allowed to generate the call???
Answer:
They don't tell you use which method, you must decide by yourself. Use
floating static At R3: Ip route 132.3.5.5 255.255.255.0
132.3.100.5 150
Ip route 192.192.1.0 255.255.255.0 132.3.100.5 150
Router ospf 3
The Power Of Knowing
www.actualtests.com
56
Redistribute static subnet route-map BACKUP
Route-map BACKUP permit 10
Match ip address 50
Set metric-type 1
Access-list 50 permit 192.192.1.0 255.255.255.0 At R5 Ip route 0.0.0.0
0.0.0.0 132.3.100.3. 150
12. BGP
12.1 IBGP, EBGP (2 points)
R1 in AS 1031, R4 in AS 1034, R3, R2, R5 in AS 1099; IBGP must be fully meshed.
Answer:
Straight forward.
Use loopback interface as update-source in AS 1099 us better (for the
sake of keeping the BGP peering stable when ISDN backup is
functioning, see previous and below).
12.2 Confederation and filters (2 points)
There is an external AS 254 on backbone 2 (which peer address is
150.100.2.254, and yours is 150.100.2.X, where X is your rack
number). You are requested to send your topology s route to that AS
and appear as from only AS 3. AS 254 will advertise several
route to your topology, you are requested to only permit 197.68.x.0 to
be put into your topology, where x is any number. The proctor
said that the mask had no limit.
Answer:
The question has no word such as confederation, you must decide by
yourself to implement confederation. Bgp confederation
identifier 4
Bgp confederation peer-id 1031 1099.
12.3 Route advertisement (2 points)
Make another loopback interface in R5 (network 192.192.2.0). Make this
network the only route to advertise to the AS 254 and make
it as the BGP route at R1 routing table.
Answer: No synchronous at every router
12.4 Reduce route (2 points)
The Power Of Knowing
www.actualtests.com
57
For some memory consume problem, you are requested to change the
197.68.x.0 network to a supernet
197.68.0.0 except 197.68.22.0, advertise them in your topology and do
not send them back to AS 254.
Answer:
There are four network incoming: 197.68.1.0, 197.68.4.0, 197.68.5.0,
197.68.22.0, so use suppress-map and AS-SET. Because
network 150.100.2.0 is not seen by ospf, all router except R4 consider
the 197.68.x.0's next hop as unreachable, they don't put them in
their routing table since the BGP routes are not the best. I have to
put the 150.100.2.0 into ospf, I don't know whether it is acceptable,
but the proctor seem to not min it. (or use next-hop-self)
Aggregate-address 197.68.0.0 255.255.0.0 as-set suppress-map SPECIFIC
Route-map SPECIFIC permit 10
Match ip address 1
Access-list 1 permit 197.68.1.0 0.0.0.255
Access-list 1 permit 197.68.4.0 0.0.0.255
Access-list 1 permit 197.68.5.0 0.0.0.255
13 dlsw+
13.1 Normal setting (2 points)
Hosts on R2's ring 1 and VLANB want to communicate with hosts on R3'S VLANA.
13.2 Additional peer (2 points)
Hosts on R4's ring2 want to communicate with VLAN A and VLAN B's
hosts. You are asked to add only one new peer connection,
border peer is not allowed.
Answer:
Maybe rif passthrough, 3920 config???
13.3 Source-route bridge tuning (2 points)
Ring 1 in R2 experience a explore storm and cause packet drop. Tune
the R2 to let the tokenring interface to deal with 100 packets
(include data and explorer packets) at one time.
Answer:
Hold-queue
13.4 SNA filter (2 points)
The Power Of Knowing
www.actualtests.com
58
Set filter to make R4's dlsw only allow test explorer (0x0000) and SNA
traffic (0x0004, 0x0008, 0x000c) and their response frames.
Answer:
Access-list 200 permit 0x0000 0x0d0
Dlsw remote-peer 0 tcp 132.3.4.4 lsap-output-filter 200
Afternoon
Appletalk
- Only Eigrp on FR. Enable apple on all interfaces except ISDN, BB1
and BB2. The zone of Vlan A and Vlan B is ether. - Config R1
such that is cannot see the network of VLAN A, but it can see the
network of VLAN B. - Enable Apple on ISDN.
- The ISDN is only activated when R3-R2 link fails.
- Disable IP on ISDN
- Static route is permitted.
- Vlan A can access R2(Ring 1) and Vlan B, when R3-R2 fails.
- Callback is used.
Note: After test – Even config is correct, appletalk callback will not
work until reboot.
IOS feature
------------
- Mobile ARP - When VLAN A user is roamed to VLAN B and BB1, it still
can be accessed. --> Configure as the document.
- Router Access - A specific IP address is allowed to configure R3 by
a web browser --> http server with access-list
- Privilege Control - A user with a specific password can only be
allowed to enter "show" command - Broad-Control on FR - Exact
the same as command reference, pay attention to the byte or the bit.
Catalyst
- Span - Change spanning tree Maxage, you must 'set spantree router'
too, because the spanning tree maxage will follow the routers
config when a router is connected to the switch
Lab 3
2503: R3, R5 2611: R1 3640: R2, R4, R6 3550: Cat5
The Power Of Knowing
www.actualtests.com
59
Forenoon
1. Comm server ( 1 point)
2. Diagram (1)
Include ip address, area number, interface, make your diagram update.
Remember to mark FRSW's interface number too, you will
need it on troubleshooting.
3 Physical connection (1)
4. cat3550 setup (1)
Two VLANs, VLANA:50; VLANB:75
5 cat5 address (1)
sc0 address on VLANA, 135.x.30.30/22, where x is the rack number, make
it be reached by your topology
6. IRDP (2)
The Power Of Knowing
www.actualtests.com
60
Vlana's host use irdp, male R6 most preferred and R3 least preferred.
ip irdp preference 100
7. Framerelay (2)
28 bits subnet. Only use the dlci showed on the given diagram (hub &
spoke, not fully meshed).
no frame-relay inverse-arp frame map ip …
8. Loopback address (1)
All of the routers has loopback interface. 135.y.x.x, where y is the
rack num. And x is the router num.
9. Address (1)
vlana: /22; vlanb: /26; framerelay int: /28; isdn: /30; others: /24
use 135.x.0.0 to setup all interfaces except explicitly asked.
e0/0 o R1 is 150.100.1.x (BB1); e0/0 on R4 is 150.100.2.x (BB2).
10. OSPF (3)
Frame relay cloud on area 1, vlana on area 0, R2's ring on area 2,
vlanb on area 5, isdn on area 6.
Make loopbacks on existing area.
11. OSPF cost (2)
Change the ospf cost, should not use 'ip ospf cost …' on interface.
Make cost on ethernet as 90.
auto-cost-reference-bandwidth 900
12. Rip (2)
Rip on R1 e0/0, mutual redistribution with ospf. Should receive only
199.172.x.0, make 199.172.1.0 and
199.172.3.0 as one network on your ospf topology, also advertise
150.100.1.0. Only class B 135.x.0.0/16 can be advertised from ospf
to rip.
There are 4 networks received by rip: 199.200.1.0, 199.172.1.0,
199.172.3.0, 199.172.12.0
router rip redistribute ospf 3 metric 2 network 150.100.0.0
router ospf 3 redistribute rip subnet summary-address 199.172.0.0
255.255.240.0 distribute-list 1 out rip
access-list 1 permit 199.172.0.0 255.255.0.0
13. SAP (2)
vlana's sap is interferenced by something, assume that there is no
servers on vlana, make the sap advertise only when it changed.
At R2, R3, R6, set on interface: ipx sap-incremental eigrp 3
The Power Of Knowing
www.actualtests.com
61
14. ISDN (4)
Only R5 can generate the call, use chap authentication, but R5 should
not challenge R3, R5 should not use its own name to
authenticate, must use userx.
Oneway authentication. Oneway dialer map
At R5:
user user3 password cisco user R3 password cisco
ini bri0 dialer map ip 135.3.9.1 broadcast 68020301 ppp chap hostname user3
At R3: user user3 password cisco user R3 password cicso int bri0 ppp
authentication chap
15. ISDN routing (2)
Setup R3 and R5 such that when R5 can access the topology when its
serial interface is down.
At R5 router ospf 3 network 135.5.5.0 0.0.0.255 area 5 network
135.5.55.0.0 0.0.0.255 area 5 area 1 virtual-link 135.5.2.2 area 1
virtual-link 135.5.3.3 int bri0
ip ospf demand-circuit
I use backup interface also, but the protor said its wrong (if
interface is up, but the dlci mapping in telecom is wrong, the isdn
will not
up). So just demand-circuit is ok.
Make the loopback interface at area 5, and setup two virtual-link to
make sure the area5 and the loopback interface is seen by the
topology when serial is down and isdn is up.
16 ATM (2)
R6, no subinterface, no autolearn ip address from client. vpi: 0, vci:
10x. ip address: 192.1.x.1, remote ATM router ip:
192.1.x.254
int atm 3/0
pvc 0/103
protocol ip 192.1.3.254 broadcast
no inarp
17. VPN (2)
You have a VPN client, they use CIDR 192.1.32.0/20, some of your
client's employees are connected at R5's ethernet, their gateway
is 192.1.32.175. You can use any network in 192.1.32.0/20 to build the
VPN. VPN still on function when R5's serial is down.
Setup tunnel between R5 and R6's secondary ip address at R5's e0:
R6: int tunnel 0 ip address 192.1.33.1 255.255.255.0 tunnel source
loopback 0 tunnel destination 135.3.5.5
R5: int tunnel 0 ip address 192.1.33.2 255.255.0 tunnel source
loopback0 tunnel destination 35.3.6.6 interface e0 ip address
192.1.32.175 255.255.255.0 secondary
18. VPN routing (2)
The Power Of Knowing
www.actualtests.com
62
Your client are using eigrp 100, setup eigrp such that your clients
employees at R5 can be reached by their remote network, also
advertise the route received from the remote ATM router to the
employees. All the routes of your client are not allowed to be
advertised out of R5 and R6.
router eigrp 100 network 192.1.33.0 network 192.1.32.0 passive-interface …
19. VPN routing (2)
All traffic from your client's employees at R5 to outside, either
traffic to their networks or to your networks, should be route to the
remote ATM router first (assume they don't need to telnet to R5 or
R6). Setup R5 and R6 to comply this policy.
policy routing:
R5: interface e0 ip policy route-map VPN route-map VPN match ip
address 2 set ip next-hop 192.1.33.1 access-list 2 permit
192.1.32.0 0.0.0.255 R6: interface tunnel 0 ip policy route-map VPN
route-map VPN match ip address 2 set ip next-hop
192.1.3.254 access-list 2 permit 192.1.32.0 0.0.0.255
20. Dlsw
R2's ring 1 to R4's ring 2; R2's vlana to R5's vlanb. Others are not allowed.
use brgoup-list and ring-list
R2 dlsw local-peer peer-id 135.5.2.2 dlsw remote 1 tcp 135.5.4.4 dlsw
ring-list 1 rings 1 dlsw remote 2 tcp 135.5.5.5 dlsw
bgroup-list 2 bridge 1 dlsw bridge-group 1 source-route ring-group 200
21. Dlsw efficiency
R4's host can reach R2's hosts which mac address are 4000.2200.xxxx,
but they would not send any explores.
R2: dlsw i-can-reach mac 4000.2200.0000 mask ffff.ffff.0000
Afternoon
1. BGP (3)
R4 in AS x, R2, R3, R6 in AS 100x, R1 in AS 200x, R5 in AS 300x. x,
200x, and 300x should peer with 100x.300x still peer to 100x
when R5's serial is down.
Use ebgp-multihop on the 100x and 300x peering by loopback interface.
peer to R2 or R3
2. EBGP (2)
AS 254 at backbone 2, peer 150.100.2.254. Setup R4 to peer with it.
Only received network 172.68.y.0, where y is any number.
neighbor 150.100.2.254 distribute-list 1 in access-list 1 permit
172.68.0.0 0.0.255.255
3. Aggregation (2)
The Power Of Knowing
www.actualtests.com
63
Aggregate networks 172.68.y.0, such that R5 can only see the
aggregated route and see it come from AS x. Other routers should see
the specific routes, also, they can see the aggregate route or not.
AS-SET maybe reasonable ??
4. Default information (2)
New loopback interface 192.192.4.0 at R4. Advertise it only by BGP
throughout the topology, AS 254 are asked to receive it only. R2
generate a default route to R1 as long as it receive this route.
R2: neighbor 135.3.1.1 default-information originate route-map DEFAULT
route-map DEFAULT
match ip address 1
access-list 1 permit 192.192.4.0 0.0.0.255
R4: distribute-list out
5. Appletalk (3)
Setup appletalk at all interface except ATM, loopback, ISDN, backbone.
VLANA zone is vlana, only eigrp on framerelay cloud.
appletalk route-redistribute
no appletalk eigrp split-horizon
appletalk local-routing appletalk protocol eigrp (framerelay int) no
appletalk protocol rtmp (framerelay int) frame-relay map
appletalk … setup vlan on tokenring switch 3920 to separate the two
rings so that appletalk can be active on each ring.
6. Appletalk filter (2)
R4 can see all the appletalk cable-range, but others cannot see the
cable-range of R4's ring2. No filter is allowed.
No appletalk send-rtmp on R4's serial 0/0 (appletalk on R3's serial 1
maybe inactive) or appletalk eigrp on R4's ring2, rtmp
on R4's serial 0/0 and no appletalk route-redistribute
7. Appletalk filter (2)
R5 can't see zone vlana and the cable-range associate with it.
distribute-list on R5's serial 0
Pay attention to the setup steps, you had better setup distribute-list
first and enable appletalk eigrp last, or the zone "vlana" would
appear at R5's zone table.
8. Access-list (3)
Only setup one output access-list on R2's serial 0/0 to: Mail traffic
from ring1 to vlanb is not allowed;
R3 can ping R1, R1 can't ping R3. (just the nearest interface is
enough); Users on ring1 is allowed to use udp port 6000 to 7000
(inclusive) to access vlanb; No snmp traffic is allowed;
Users on backbone1 can't use ring2's tacacs service;
Any other traffic is allowed. access-list 100 deny tcp 135.3.22.0
0.0.0.255 135.3.55.0 0.0.0.127 eq smtp access-list 100 deny tcp
135.3.22.0 0.0.0.255 135.3.55.0 0.0.0.127 eq pop2 access-list 100 deny
tcp 135.3.22.0 0.0.0.255 135.3.55.0 0.0.0.127 eq pop3
access-list 100 deny icmp 135.3.30.3 0.0.0.0 135.3.0.1 0.0.0.0 eq
echo-reply access-list 100 permit udp 135.3.22.0 0.0.0.255 range
6000 7000 135.3.55.0 0.0.0.127 access-list 100 deny ip 135.3.22.0
0.0.0.255 135.3.55.0 0.0.0.127 access-list 100 deny udp any any
The Power Of Knowing
www.actualtests.com
64
eq snmp access-list 100 deny udp any any eq snmp-trap access-list 100
deny tcp 135.3.44.0 0.0.0.255 eq tacacs 150.100.1.0
0.0.0.255 access-list 100 permit ip any any
9. Broadcast control (2)
Configure vlanb on CAT5, make the broadcast traffic under 20%, assume
that the frame size is 768 bytes, including preamble.
Set port broadcast 2/4 20%
10. Traffic control (2)
Webservers on ring2, configure R4 such that output rate to the
webserver is under 1.5Mbps, any traffic higher than 1.5Mbps id
dropped.
I use CAR, but the protor said rate-limit is the wrong solution.
Maybe: general traffic-shapping.
11. Multicast (2)
Setup R1 to join a multicast group 224.0.5.5, R2, R3, R6 can ping this
group but shouldn't be explicitly setup to join it.
ip igmp join-group 224.0.0.5
Either dense-mode or sparse-mode is ok.
12. cgmp (3)
R2 and R6 can inform CAT5 the multicast group, CAT5 can send it to R3
even it is rebooting. At R2 and R6:
ip cgmp
at CAT5
set cgmp enable set cam permernant 01-00-5e-00-05-05 2/2 (2/2 connect to R3)
13. Netbios filter (2)
Setup a output filter on R4's tokenring interface such that: Access to
host SERVxNR is not allowed, which x is any character. netbios
output-access-list host ABC netbios access-list host ABC deny SERV?NR
(^v first to input the "?") netbios access-list host
ABC permit*
Lab 4.
Note: Compare Section A, Lab2
The Power Of Knowing
www.actualtests.com
65
Forenoon
1. Diagram (1)
Draw diagram, including ip addresses of all interfaces, ospf area, BGP
AS number, number, physical links. Make sure your diagram
update.
Answer:
Mark as many as you can, include the serial ports of the FRSW, esi or
PVC of ATM, ip addresses outside your topology, routes from
outside, the addresses you need to filter, summarize or aggregate, Its
very important for your troubleshooting.
2. Physical connection (1)
3. Names & password (1)
Names are: RackYYRX, which YY is your rack num, X is the router num.
(for example, rack4 router3 is Rack04R3)
Set password: cisco, set excec-timeout never, users can access on con,
aux, ttys.
Answer:
You should add 'login' command on line con 0, line aux 0, line vtys.
The Power Of Knowing
www.actualtests.com
66
4. Framerelay (3)
Same as the diagram, not fully mesh.
Answer: disable the inverse-arp.
5. Address (1)
Loopback address is 138.Y.0.0 as your topology address scheme.
Framerelay cloud is /29, isdn is /30, ring 10 has 10 hosts, make your
subnet mask decision. (that means /28), others are /24.
7. Vlan (2)
VLANA(20), VLANB(30), VLANC(50), VLAND(70), VLANE(80)
8. CAT3550
Setup two Trbrf, use bridge number as 1 and 2, ring number as
10(R2&R6) and 20(R4).
Answer:
Note that the ring number in question and routers is decimal, but in
3550 is hexadeximal.
9. Trunk (2)
Setup trunk at CAT5, VLANE is not allowed in trunk. R6 connect to
trunk. Be careful that not all switch ports are able to be a trunk.
10. OSPF (3)
Framerelay at area 0, ethernet at area 3, ring20 at area 4. No
additional area is allowed. Routers in area 4 have not enough memory
to
handle lots routes, configure R4 to adjust it.
Answer: Make area 4 totally stub area.
11. RIP (3)
R5's serial port and R1 run RIP, inject the specific routes from ospf
into RIP, but only advertise 138.Y.0.0 to BB1, no summary and
static route are permitted. Only permit one route 193.67.15.0/24
received from BB1. Mutual redistribute between RIP and OSPF.
Answer:
Use rip version 2 but send and receive version 1 on R1's ethernet.
Distribute-list out on R1's ethernet. Remember to use debug to
check the route update whether it is right. Make a redistribute-list
at R5's OSPF, just permit the routes belongs to rip to be
redistributed from rip to ospf, or the idsn will flap. Bri as passive interface.
12. ISDN (2)
Just R5 can initiate the call, use pap authentication with different
passwords at each side.
The Power Of Knowing
www.actualtests.com
67
Answer:
'dialer map' at R5 only, ppp pap sent ….
13. ISDN routing (3)
BRI interface at area 3, when ethernet down, keep topology consistent.
Flapping is not allowed.
Answer: demand-circuit
14. ATM (3)
PVC 0/10Y, autolearn is not allowed, ip address 192.1.1.Y. pvc peak
rate 100M, minimum rate 10M
Answer: Use static map, & ubr+
15. EIGRP (3)
ATM, tokenring on R2 and R6 run EIGRP, only configure R6, permit
128.28.0.0 and 4.1.1.0 into R6, permit
128.28.0.0, 4.1.1.0, 192.1.1.0 into R2 by EIGRP.
Configure R2 or R6, such that OSPF and EIGRP can redistribute each other.
Answer:
No auto-summary, set distribute-list at 'atm in', 'tokenring out',
also set 'tokenring in' to deny all eigrp update from R2, to prevent
R2
advertising the 138.Y.0.0 by EIGRP instead of OSPF. (because of its
lower distance).
16. DHCP (2)
R6 as a dhcp server and you shouldn't define a database agent.
Answer: no ip dhcp conflict logging ip dhcp exclude ip dhcp pool
…
17. HSRP (2)
Define HSRP on R2 and R6 ring 10, R6 as the primary, when tokenring or
Ethernet interface of R6 fail, R2 as the primary.
Answer: Use 'track interface' at R6
18. BGP (4)
R3, R4, R5, R6 in AS Y, BB2 in AS 254, R1 in AS 10Y. AS Y are not full
mesh, when R4 or R6 failed, other routers can still receive
all the other BGP routes. Just allow 192.200.0.0 receive from BB2.
Answer:
R4 and R6 act as Route Reflector.
The Power Of Knowing
www.actualtests.com
68
Input prefix list at R4 is the best.
19. BGP advertisement (2)
Another loopback interface at R1(195.82.Y.Y/32), advertise it
throughout the network. Another loopback interface at
R3(195.83.Y.Y/32), advertise these two route only to BB2.
Answer:
Assign distribute-list out of R4 although eventually there are just
two BGP routes advertise to BB2. Do what they ask you to do
perfectly and accurately.
20. BGP filter (3)
Configure R5 such that 195.83.Y.Y is not seen on R1, but you can't use
any filter base on ip address.
Answer:
Use filter-list (as-path). Don't use community, because you have to
change community based on ip address.
21. Voice (1)
R6: port 2/0/0 is 50YO, port 2/0/1 is 50Y2, remote hone is 3002,
remote peer 128.28.2.8 (behind ATM cloud). Make you voice able to
call each other and 3002.
Answer:
Make sure you can reach 128.28.2.8 and 128.28.2.8 can reach your
topology (not just the ATM int). Redistributing OSPF to EIGRP is
important.
22. Voice (2)
Configure R6 so that when port 2/0/1 offhook, you can reach 3002
without inputting any digits.
Answer:
'connection plar' at port 2/0/1.
Afternoon
1. Multicast (3)
R1, R5, R6. R5 as RP, RP join group 224.1.2.3, setup R1 and R6 so that
R5 as the only RP for 224.1.2.3.
Answer:
I think I lost the points. Check this command: ip pim rp x.x.x.x.
[AC]; ip pim accept-rp x.x.x.x [ACL]
The Power Of Knowing
www.actualtests.com
69
2. Multicast (2)
Inform Catalyst the multicast group.
Answer: CGMP at R5 and CAT.
3. IOS feature (2)
At VLANB, there are some users have not setup their gateways,
configure VLANB such that these users can't access your topology
by anyway.
Answer: Disable proxy-arp at R3 and R6's VLANB subinterface.
4. Menu (2)
Setup a menu, include 'show interface', 'show ip route', 'show
startup', 'exit menu'.
Answer: Search the document
5. Link efficiency (3)
Use compression method predict (software) to compress the link between
R1 and R5.
Answer: Change encapsulation to PPP, and you can use preditor now.
6. Dlsw (3)
Bridge connectivity between ring10 and ring20, ring10's hosts
communicate with ring20's host through R6, when R6's tokenring
interface fail, they will use R2 instead. When R6 resume, R2's
connection must be undone, but should be maintained 6 minutes before
disconnect. R2 and R6 should not be configured a remote peer.
Source-bridge number must be consistent with tokenring switch.
Answer:
Backup peer, linger as 6. R4's remote peer must be R6 and R6's
tokenring interface. Promicous. Redistribute eigrp into ospf in R2 but
not R6, because if the redistribution is in R6, when R6's tokenring
down, the network of the ring will be down, and can't be distribute
into ospf, R4 will not have the ip routing connectivity to R2's
tokenring interface.
7. Dlsw (2)
A mainframe in ring10, make R4 have this mainframe's mac address in
its cache, and can only reach this host.
Answer: icanreach, icanreach mac-exclude.
8. Catalyst feature (1)
VLANE have end station only, and have heavy traffic, configure it to
reduce the BPDU traffic.
Answer: Disable the spanning tree on VLANE.
The Power Of Knowing
www.actualtests.com
70
9. Catalyst feature (1)
Port 2/11 belongs to VLANE, and connect to a host with a mac address,
configure the switch so that it need not learn the host's mac
address event at bootup period.
Answer: Set cam peranent. Set the port belongs to VLANE.
10. Catalyst feature (1)
Port 2/12 connect to a host, and belongs to VLANE, configure the
switch so that only this host can use this port.
Answer: Set port security. Set the port belongs to VLANE.
11. Autoinstall (3)
A TFTP server with address 150.100.2.17 on BB2, a router with no
startup-config in FR cloud, configure R4 such that the router can
bootup with a startup-config which in the TFTP server, use DLCI 110.
Answer: frame-relay map ip 138.5.234.6 110 (the ip address must be in
your FR cloud's subnet) ip help-address 150.100.2.17
Lab 5.
Note: Compare Lab3, Section A
The Power Of Knowing
www.actualtests.com
71
Forenoon
framerelay
R5 as hub, 2 subinterface, point-to-point subinterface connect to R4,
point-to-multipoint subinterface
Connect to R2 and R3.
addressing
BB1 150.100.1.Y; BB2, 150.100.2.Y;framerelay cloud(R2, R3, R5) /28;
VLANE /25; Ring1 /27; VLANC /29; ISDN /30.
others /24
OSPF
The Power Of Knowing
www.actualtests.com
72
Framerelay cloud (2, 3, 5), ISDN in area 0; VLANA and ring1 in area 3;
R5 and R6's serial interface in area 5; VLANC in area 6. -->
R2 and R3 need to establish virtual-link for area 0, prevent the
inconsistence of backbone once the framerelay pvc is down. (ask the
proctor whether you need to do this) use the mist secure method to
authenticate ospf neighbor in backbone and ethernet. --> MD5
authentication, note that level 7 may have problem.
Change the dead-interval, but you are not allowed to explicitly change
the dead-interval timer. --> Change the hello-interval.
EIGRP
R1 and R2's serial interface run EIGRP, 4 loopback interfaces in R2,
place them in EIGRP, summarize them into one network and
advertise it to R2. --> Summary in interface. Redistribute OSPF and
EIGRP mutually in R2, cost of routes redistributed to OSPF
should have a fix value. --> Metric type.
RIP
R1's ethernet interface run RIP, redistribute even network into EIGRP.
--> wildcard mask!
IGRP
R4 and R5's link(p2p framerelay), Ring2, VLANB run IGRP. Redistribute
OSPF and IGRP mutually in R5. Loopback of R4
shouldn't be placed in IGRP, should be redistribute in it??? You are
permitted to add a static route but not a default-route in R4
pointing to BB1. --> Because IGRP is a classful protocol, you must add
a static route 'ip route 133.Y.0.0 255.255.0.0
150.100.1.Y' (for example)
In R4, so that R4 can reach all the subnets in ospf topology.
ISDN
Only R5 can make a call, chap authentication, R5's hostname should not
be itself. ospf routing. --> demand-circuit (be careful for the
redistribution)
ATM
PVC, you are 192.1.1.Y, remote peer 192.1.1.254.
Should not add a default-route, networks behind ATM can reach your
topology? --> ATM run EIGRP? then use summary in ATM
interface?
BGP
R1, 2, 3, 4, 5, 6 are in AS Y. --> IBGP
All the routers in IBGP must receive bgp routes from R5. --> R5 as a
RR. BB1 and BB2 are both in AS 254, setup R1 and R4 so that
the bgp routes from AS254 have weight 1000. --> route-map in
AS Y shouldn't be a transit AS, but you are not allowed to use AS-path
to filter it. --> Apply no-export community to the BGP routes
coming from AS254. R1 and R4 advertise networks of Ring1, Ring2,
VLANA, VLANB such that outside world reach Ring1.
VLANA through R1, reach Ring2, VLANB through R2. --> route-map out
with different metrics. Configure R1 and R4 so that only
the new routes from AS254 are received?
The Power Of Knowing
www.actualtests.com
73
Afternoon
DLSW
Ring1, VLANA of R2 and RING2 have bridge connectivity, R2 should not
add a remote-peer. --> promicous R3 act as backup of
VLANA peering to R4; LLC of R4 use R2 to deliver SNA traffic when R2
isn't down. --> cost.
A SNA host in VLANA, configure R4's Ring2 so that R4's explorer for
this host should not cross the FR cloud, at CAT5 you can see
the host's mac address is X.X.X. ---> proxy-explorer, pay attention to
canonical and noncanonical address style.
Other questions:
1. ospf non-broadcast type
--> Use neighbor
2. bgp
Set origin IGP prefix-list
3. CAT5
Set spanning tree root
IP Address
Only use 132.X.0.0 X is your Rack Number
Each Router establish a Loopback address 132.X.Y.Y
Frame Relay is Full Mesh but you can only use the PVC drawn on the picture
Lab 6
Note: Compare Lab 4, Section A
The Power Of Knowing
www.actualtests.com
74
Forenoon
OSPF
Area 0 Frame Relay
Area 3 the Serial Port link between R2 and R3 Vlan A Ring 10
Area 4 the Token Ring Port of R4
Area 5 Vlan B
Loopback Address belong to appropriate Area
The Power Of Knowing
www.actualtests.com
75
They could connect each other after the setup is accomplished.
Area5 is NSSA Section set up a Loopback address 192.192.1.0 on R5,
this address comes into OSPF in the form of exterior Router at
the same time R1 and R3 should see different Metric Set up the default
Router for NSSA on R2;
R3 is quite busy, not to allow the routing process exhaust the power
of CPU, config the OSPF routing less frequent than once per 30
sec.
RIP
R1 is joined Backbone1 only allow one Router enter and broadcast out
to ospf. Backbone1 can only see 132.1.0.0/16 from R1
ATM
R6 has an ATM Port IP address is 192.1.Y.0 the address of ATM Router
is 192.1.Y.254 PVC use VPI=0 VCI=100+Y
Not allowed to use inverarp
define ATM Qos the maximal speed is 100M minimum is 10M
interface ATM 1/0
ip addr 192.1.6.1 255.255.255.0
pvc 10 0/106
ubr+ 100000 10000
protocol ip 192.1.6.254 broadcast
BGP
R4 belongs to AS1034 R1 belongs to AS1031 R3 R2 R5 belongs to AS1099
Backbone2 belongs to AS254 AS1034 set up the
Neighbor relation with the other three AS
AS1034 AS1099 AS1031 unify as AS1 for external
Establish Loopback address 192.192.2.0/24 on R5 only this address can
send to AS254 only allow
197.68.z.0/16 come in from BB2
For preventing the Router Table become too big, set ip gater on R4 the
Router come in from AS254 was gathered as 197.68.0.0/16
only 192.68.22.0/24 and 197.68.0.0/16 could be acquired by AS1099
AS1031 overpass EBGP
DLSW+
Set up the peer relationshipR3 and R3 make sure that the host computer
of VLAN A could communicate with VLANB Ring 10
Ring 10 has a lot of traffic so configure the token ring interface to
allow AT LEAST 100 packets/sec to be processed.
Set up the filtration on R2 only allow Explorer and 04 08 0C get
across access-list 200 permit 0x0000 0x0D0D dlsw remote-peer 1
tcp x.x.x.x lsap-output-list 200
ISDN
R3 and R5 dial-up each other successfully:
The Power Of Knowing
www.actualtests.com
76
When dial-up from R5 to R3 considering the change R3 should Callback
R5 can not use PPP Callback Use static Router realize the
Router backup
isdn callerid xxxxxxx callback
Catalyst 3550 setting
Set up two bridge group
EIGRP
R6 is AS 100 only ATM Port support EIGRP acquire a great deal of
Router from ATM just allow A Sort address enter
Afternoon
Voice
R6 connect with two telephones 2/0/0 is PhoneA Number 3010 2/0/1 is
PhoneB Number 3011 make two telephones could call each
other.
There is a ateway in the far Port Number 3002 PhoneA and PhoneB should
dial-up this number, and could listen a record make sure
even the uster say nothing, data still be transmit to the far Port.
Security
Ser up the out call control list on the Serial Port of R2
The Telnet in Vlan B is not allowed
Vlan B could only receive the mail from Ring 20
Both direction WWW is not allowed
Set up user group on R3 make the people who knows the Password CCIE
Could use the show order privilege exec level 2 show
enable password level 2 ccie
Catalyst setting
Set up maxage for Blan B on the PBX set spantree maxage 30 100
Frame Relay Broadcast setting
Too many broadcasts on Frame Relay make only allow 80 normal broadcast
ackages or 240K/sec pass most 160 packages.
frame-relay broadcast-queue 80 240000 160
The end
Lab 7
Note: Compare tp Lab 6, Section A
The Power Of Knowing
www.actualtests.com
77
1) Terminal server
The Power Of Knowing
www.actualtests.com
78
address 137.rack.0.0 each router should also have a loopback address
137.2.x.x which x is your router number. The vty/aux/console
should never timeout.
2) Rip
Config rip on r(e0,s0) and r5(s1), backbone will have a address
150.100.1.254, make r1 not broadcast rip in e0, (use passive interface
and neighbor 150.100.1.254) config on r1 so only allowed route can get
into r1 (filter-list) r1 must can connect to all other router but
not allowed using any summary/static/default-route (RIPv2)
2. Vlan and isl
1)Config catalyst 3550 and r2 r3 r5 according to the vlan (r2
e0-vlan20, r3vlan-vlan20 r5e0-vlan50, catalyst sc0-vlan70)
2) Config trunk at r6 100M ethernet so that r5 r3 r2 can connect to
each other (using trunk and irb)
3) ospf security, make security when r3 r2 r5 make adjacency. Do not
allowed to use ospf authentication and ip access-list (use the
bridge access-list or static bridge let it not study other MAC address)
4) Config ospf as map
5) r4 tokenring area4 router want using less memory and process (using
totally stub area)
6) isdn -->4 point
Only r5 can initial the call to r3. There must not route flapping!!!
(redistribute the necessary RIP route to OSPF and passive all other
ospf interface in the RIP rout) config pap authentication, r3 and r5
should using different password (ppp pap send username xxx
password
xxx) if the error rate r3 bri port is bigger then 10%, autodisconnect
the phone (ppp quality 90)
7) hsrp and dhcp -->4 point
Config hsrp on tokenring interface of r2 and r6 make r2 is preferred
than r6 and when either r2 ethernet and tokenring interface down,
r6 should prefer (standby track)
8) The DHCP server
any appeared on 12.xT version and no log conflict. (do not log any
info to anyplace) there are some host on ring 1 make the can use
dhcp to fet address, config r6 as dhcp (ios 12.0.5t) using ip dhcp
local pool comment, remember to exclude r2 and r6 stokenring
address and the hsrp address and remember to config default router.
9) atm v7 and Eigrp -->7 point
Config lane using atm address as the prector tell you, use lane config
config-atm-address command. The R6 ATM connected to the
EIGRP clouds and the R6/R2 tokenring interface run Eigrp. Let the R6
redistribute Eigrp to ospf but not allowed for OSPF to be
redistributed to EIGRP. Again have all the connection.
ATM v71
It use RFC1483 PVC and the QoS (vc-class and UBR+) to define the rate.
The Power Of Knowing
www.actualtests.com
79
10) Bgp
(1) config r1 as as12, r3 r4 r5 r6 as as2, backbone is as 254
(2) bgp filter filter route from backbone 2
(3) R4 and R6 as RR, R3 and R5 is the client.
VOIP -->4 POINT
11) Voice
config r6 call backbone at a phone number given to you, r6 fxs has twp
phone using one phone number 22 21 two extension. They
should both be called and can calling backbone.
12) Config auto dial
at once of r6 extension, when it picked up, it should auto call a
phone number. Attached is map by r1 e0 address 150.100.1.Rack r4 e0
address 150.100.2.Rack
13) Multicast-->4 point
R2/R3/R4 run multicast (V7), should use access-list to permit the RP
only be the 243.1.2.3's RP. Set cgmp properly on the r6 and
Catalyst.
Note: R1 and R5 run multicast for V7.1 and no trick here.
14) DLSW --->9 point
1.DLSW backup of R6's tokenring with R2 from R4 side
2. Border peer
3. icanreach
4. dlsw bridge-group x for R3
15) Autoinstall
from R4's F/R interface --->3 point
16) Set cam
, set spantree disable vlan80 and port security on cat3550 --->3 point
Lab 8
The Power Of Knowing
www.actualtests.com
80
Cat3550
Console> (enable) sh config ….. ……….
……….
begin set password $1$FMFQ$HfZR5DUszVHIRhrz4h6V70 set enablepass
$1$FMFQ$HfZR5DUszVHIRhrz4h6V70 set
prompt Console>
set length 24 default
set logout 20
set banner motd ^C^C
!
#system set system baud 9600 set system modem disable set system name
set system location set system contact
!
#snmp set snmp community read-only public set snmp community
read-write private set snmp community read-write-all
secret set snmp rmon disable set snmp trap disable module set snmp
trap disable chassis set snmp trap disable bridge set snmp
trap disable repeater set snmp trap disable vtp set snmp trap disable
auth set snmp trap disable ippermit set snmp trap
disable vmps set snmp trap disable entity set snmp trap disable config
set snmp trap disable stpx
!
The Power Of Knowing
www.actualtests.com
81
#ip set interface sc0 1 150.100.14.242 255.255.255.240 150.100.14.255
set interface sc0 up
set interface sl0 0.0.0.0 0.0.0.0
set interface sl0 up
set arp agingtime 1200
set ip redirect enable
set ip unreachable enable
set ip fragmentation enable set ip route 0.0.0.0 150.100.14.241 1 set
ip alias default 0.0.0.0
!
#Command alias !
#vmps set vmps server retry 3 set vmps server reconfirminterval 60 set
vpms tfpserver 0.0.0.0 vmps-config-database.1 set
vmps state disable
!
#dns set ip dns disable !
#tacacs+ set tacacs attempts 3 set tacacs directedrequest disable set
tacacs timeout 5
set authentication login tacacs disable set authentication login local
enable set authentication enable tacacs disable set
authentication enable local enable
!
#bridge set bridge IP snaptoether 8023raw set bridge IP 8022toether
9023 set bridge IP 8023rawtofddi snap
!
#vtp set vtp domain ccie set vtp mode server set vtp v2 disable set
vtp pruning disable set vtp pruneeligible 2-1000 clear vtp
pruneeligible 1001-1005 set vlan 1 name default type ethernet mtu 1500
said 100001 state active set vlan 2 name vlan2 type
ethernet mtu 1500 said 100002 state active set vlan 3 name back1 type
ethernet mtu 1500 said 100004 state active set vlan 4
name back2 type ethernet mtu 1500 said 100004 state active set vlan 5
name other type ethernet mtu 1500 said 100005 state
active set vlan 1002 name fddi-default type fddi mtu 1500 said 101002
state active set vlan 1004 name fddinet-default type
fddinet mtu 1500 said 101004 state active bridge 0x0 stp ieee set vlan
1005 name trnet-default type trbrf mtu 1500 said 101005
state active bridge 0x0 stp ibm set vlan 1003 name token-ting-default
type trcrf mtu 1500 said 101003 state active parent 0 ring
0x0 mode srb aremaxhop 7 stemaxhop 7
!
#spantree #uplinkfast groups set spantree uplinkfast disable
#backbonefast set spantree backbonefast disable #vlan 1
set spantree enable 1 set spantree fwddeflay 15 1 set spantree hello 2
1 set spantree maxage 20 1 set spantree priority 32768 1
#vlan 2
set spantree enable 2 set spantree fwddelay 15 2 set spantree hello 2
2 set spantree maxage 20 2
set spantree priority 32768 2 #vlan 3 set spantree enable 3 set
spantree fwddelay 15 3 set spantree hello 2 3 set spantree
maxage 20 3 set spantree priority 32768 3 #vlan 4 set spantree enable
4 set spantree fwddelay 15 4 set spantree hello 2 4 set
spantree maxage 20 4 set spantree priority 32768 4 #vlan 5 set
spantree enable 5 set spantree fwddelay 15 5 set spantree hello 2
5 set spantree maxage 20 5 set spantree priority 32768 5 #vlan 1003
set spantree enable 1003 set spantree fwddelay 15 1003 set
spantree hello 2 1003 set spantree maxage 20 1003 set spantree
priority 32768 1003 set spantree portstate 1003 auto 0 set
spantree portcost 1003 62 set spantree portpri 1003 4 set spantree
portfast 1003 disable #vlan 1005 set spantree disable 1005
set spantree fwddelay 15 1005 set spantree hello 2 1005 set spantree
maxage 20 1005 set spantree priority 32768 1005 set
spantree multicast-address 1005 ieee !
#cgmp set cgmp disable set cgmp leave disable !
#syslog set logging console enable set logging server disable
The Power Of Knowing
www.actualtests.com
82
set logging level cdp 2 default set logging level mcast 2 default set
logging level dtp 5 default set logging level dvlan 2 default set
logging level earl 2 default set logging level fddi 2 default set
logging level ip 2 default set logging level pruning 2 default set
logging level snmp 2 default set logging level spantree 2 default set
logging level sys 5 default set logging level tac 2 default set
logging level tcp 2 default set logging level telnet 2 default set
logging level tftp 2 default set logging level vtp 2 default set
logging level vmps 2 default set logging level kernel 2 default set
logging level filesys 2 default set logging level drip 2 default
set logging level pagp 5 default set logging level mgmt 5 default set
logging level mls 5 default set logging level protfilt 2 default
set logging level security 2 default !
#ntp set ntp broadcastclient disable set ntp broadcastdelay 3000 set
ntp client disable clear timezone set summertime disable
!
#permit list set ip permit disable !
#drip set tokenring reduction enable set tokenring distrib-crf disable !
#igmp set igmp disable !
#module 1 :2-port 100BaseTX Supervisor
set module name 1 set vlan 5 1/1-2 set port channel 1/1-2 off set port
channel 1/1-2 auto set port enable 1/1-2 set port level 1/1-2
normal set port duplex 1/1-2 half set port trap 1/1-2 disable set port
name 1/1-2 set port security 1/1-2 disable set port
broadcast 1/1-2 100% set port membership 1/1-2 static set cdp enable
1/1-2 set cdp interval 1/1-2 60 set trunk 1/1 auto isl 1-
1005 set trunk 1/2 auto isl 1-1005 set spantree portfast 1/1-2 disable
set spantree portcost 1/1-2 19 set spantree portpri 1/1-2 32
set spantree portvlanpri 1/1 0 set spantree portvlanpri 1/2 0 set
spantree portvlancost 1/1 cost 18 set spantree portvlancost 1/2
cost 18 !
#module 2: 12-port 10/100BaseTX Ethernet set module name 2
set module enable 2
set vlan 1 2/3
set vlan 2 2/2,2/5
set vlan 3 2/1,2/11
set vlan 4 2/4,2/12
set vlan 5 2/6-8,2/10 set port enable 2/1-12 set port level 2/1-12
normal set port speed 2/1-12 auto set port trap 2/1-12 disable set
port name 2/3 vlan 1 set port name 2/1-2,2/4-12 set port security
2/1-12 disable set port broadcast 2/1-12 0 set port membership
2/1-12 static set cdp enable 2/1-12 set cdp interval 2/1-12 60 set
trunk 2/1 auto isl 1-1005
set trunk 2/2 auto isl 1-1005 set trunk 2/3 auto isl 1-1005 set trunk
2/4 auto isl 1-1005 set trunk 2/5 auto isl 1-1005 set trunk 2/6
auto isl 1-1005 set trunk 2/7 auto isl 1-1005 set trunk 2/8 auto isl
1-1005 set trunk 2/9 auto isl 1-1005 set trunk 2/10 auto isl 1-
1005 set trunk 2/12 auto isl 1-1005 set spantree portfast 2/1-12
disable set spantree porcost 2/1-12 100 set spantree portpri 2/1-
12 32 set spantree portvlanpri 2/1 0 set spantree portvlanpri 2/2 0
set spantree portvlanpri 2/3 0 set spantree portvlanpri 2/4 0
set spantree portvlanpri 2/5 0 set spantree portvlanpri 2/6 0 set
spantree portvlanpri 2/7 0 set spantree portvlanpri 2/8 0 set
spantree portvlanpri 2/9 0 set spantree portvlanpri 2/10 0 set
spantree portvlanpri 2/11 0 set spantree portvlanpri 2/12 0 set
spantree portvlancost 2/1 cost 99 set spantree portvlancost 2/2 cost
99 set spantree portvlancost 2/3 cost 99 set spantree
portvlancost 2/4 cost 99 set spantree portvlancost 2/5 cost 99 set
spantree portvlancost 2/6 cost 99 set spantree portvlancost 2/7
cost 99 set spantree portvlancost 2/8 cost 99 set spantree
portvlancost 2/10 cost 99 set spantree portvlancost 2/11 cost 99 set
spantree portvlancost 2/12 cost 99 !
#module 3 empty !
#module 4 empty !
#module 5 empty !
The Power Of Knowing
www.actualtests.com
83
#switch port analyzer
set span 2/8 2/9 both inpkts disable !set span enable!
#cam set cam agingtime 1-5, 1003, 1005 300 end
FR
FR_SW#sh ru
Bulding configuration…
Current configuration:
!
version 11.2 no service password-encryption no service
udp-small-servers no service tcp-small-servers
!
hostname FR_SW !
enable secret 5 $1$ZHha$31Wqsz9TgXO6zdiilpwaq0 !
no ip domain-lookup ip host TES 150.100.1.154 ip host CGS 19
150.100.1.254 ip host ECS 7 150.100.1.254 ip host WWS 80
150.100.1.254
IP routing 0010.0010.0010 frame-relay switching
!
interface Loopback0 ip address 150.1.0.1 255.255.0.0
IP network AA00
!
interface Loopback1 ip address 150.2.0.1 255.255.0.0
IP network AA01
!
interface Loopback2 ip address 150.3.0.1 255.255.0.0
IP network CC01
!
interface Loopback3 ip address 150.4.0.1 255.255.0.0 !
interface Loopback4 ip address 199.172.5.1 255.255.255.0 !
interface Loopback5 ip address 199.172.1.1 255.255.255.0 !
interface Loopback6 ip address 199.172.10.10.1 255.255.255.0 !
The Power Of Knowing
www.actualtests.com
84
interface Loopback7 ip address 199.172.20.1 255.255.255.0 !
interface Loopback20 ip address 197.68.2.1 255.255.255.0 !
interface Loopback21 ip address 197.68.3.1 255.255.255.0 !
interface Loopback 22 ip address 197.68.4.1 255.255.255.0 !
interface Loopback100 ip address 150.100.251.1 255.255.255.0 !
interface Loopback101 ip address 150.100.252.1 255.255.255.0 !
interface Loopback102 ip address 150.100.253.1 255.255.255.0 !
interface Ethernet0 description This segment is known as BackBone_A ip
address 150.100.1.254 255.255.255.0 media-type
100BaseT
!
interface Ethernet1 description This segment is known as BackBone_B ip
address 150.100.2.254 255.255.255.0 media-type
10BaseT
IP network BB88
!
interface Ethernet2 no ip address shutdown
!
interface Ethernet3 no ip address shutdown
!
interface Serial0 no ip address encapsulation frame-relay no
fair-queue clockrate 2000000 frame-relay lmi-type ansi framerelay
intf-type dce frame-relay route 100 interface Serial3 100 frame-relay
route 101 interface Serial2 110 frame-relay route
102 interface Serial1 201 !
interface Serial1 no ip address encapsulation frame-relay clockrate
2000000 frame-relay lmi-type ansi frame-relay intf-type
dce frame-relay route 201 interface Serial0 102 !
interface Serial2 no ip address encapsulation frame-relay clockrate
2000000 frame-relay lmi-type ansi frame-relay intf-type
dce frame-relay route 110 interface Serial0 101 !
interface Serial3 no ip address encapsulation frame-relay clockrate
2000000 frame-relay lmi-type ansi frame-relay intf-type
dce frame-relay route 100 interface Serial0 100 !
router ospf 6764
redistribute igrp 1000 subnets network 150.100.1.254 0.0.0.0 area 10 !
router rip network 197.68.2.0 network 197.68.3.0 network 197.68.4.0
network 150.100.0.0 default-metric 100
!
router igrp 1000 network 150.1.0.0 network 150.2.0.0 network 150.3.0.0
network 150.4.0.0 !
The Power Of Knowing
www.actualtests.com
85
router bgp 254 network 199.172.5.0 network 199.172.1.0 network
199.172.10.0 network 199.172.20.0 neighbor 150.100.2.1
remote-as 1 neighbor 150.100.2.1 route-map InsertAS out neighbor
150.100.2.2 remote-as 2 neighbor 150.100.2.2 route-map
InsertAS out neighbor 150.100.2.3 remote-as 3 neighbor 150.100.2.3
route-map InsertAS out neighbor 150.100.2.4 remote-as 4
neighbor 150.100.2.4 route-map InsertAS out neighbor 150.100.2.5
remote-as 5 neighbor 150.100.2.5 route-map InsertAS out !
ip http server no ip classless access-list 2 permit 199.172.5.0
0.0.0.255 access-list 3 permit 199.172.1.0 0.0.0.255 access-list 3
permit 199.172.10.0 0.0.0.255 access-list 4 permit 199.172.20.0 0.0.0.255 !
!
IP router nlsp !
!
!
tftp-server flash c4500-ds-ms_112-12 route-map InsertAS permit 10
match ip address 2 set as-patch prepend 100 200 300
!
route-map InsertAS permit 20 match ip address 3 set as-patch prepend 100 200
!
route-map InsertAS permit 30 match ip address 4
!
!
line con 0 line aux 0 line vty 0 4 password cicso login
!
end
Router1
r1#sh ru
Building configuration…
Current configuration:
!
version 11.2 no service password-encryption no service
udp-small-servers no service tcp-small-servers
!
hostname r1 !
enable password cisco !
no ip domain-lookup
The Power Of Knowing
www.actualtests.com
86
IP routing 0001.0001.0001 !
interface Loopback0 ip address 150.100.10.1 255.255.255.240
!
interface Ethernet0 ip address 150.100.1.3 255.255.255.0 !
interface Serial0 ip address 150.100.14.1 255.255.255.252
IP network 15
no fair-queue
clockrate 64000
!
interface Serial1 no ip address shutdown
!
router ospf 100 redistribute rip subnets network 150.100.14.0
0.0.0.255 area 3 network 150.100.10.0 0.0.0.15 area 4 distributelist
1 out rip area 0 authentication message-digest area 3 virtual-link
150.100.100.5 message-digest-key 1 md5 cisco area 4
range 150.100.10.0 255.255.0
!
router rip passive-interface Loopback0 passive-interface Serial0
network 150.100.0.0 distribute-list 1 in
!
router bgp 3 no synchronization neighbor 150.100.100.4 remote-as 3 !
no ip classless access-list 1 permit 197.68.3.0 0.0.0.255 !
!
!
IP router eigrp 3 network 15
!
!
IP router rip no network 15
!
!
!
!
line con 0 line aux 0 line vty 0 4 password cisco login
!
The Power Of Knowing
www.actualtests.com
87
end
Router2
r2#sh ru
Building configuration…
Current configuration:
!
version 11.2 no service password-encryption no service
udp-small-servers no service tcp-small-servers
!
hostname r2 !
netbios access-list host serverfit deny SERVER* enable password cisco
!
username joeccie password 0 cisco no ip domain-lookup ip
multicast-routing ip dvmrp route-limit 20000 appletalk routing
eigrp 2 appletalk route-redistribution
IP routing 0002.0002.0002 source-bridge ring-group 100 dlsw local-peer
peer-id 150-100.20.2 dlsw remote-peer 0 tcp
150.100.15.33 keepalive 0 lsap-output-list 200 timeout 12 00 dlsw
remote-peer 0 tcp 150.100.14.241 keepalive 0 timeout 1200
!
interface Ethernet0
ip address 150.100.23.2 255.255.255.0 ip access-group 110 in ip pim
dense-mode ip igmp join-group 224.1.1.1 appletalk cablerange
23-23 23.2 appletalk zone vlan2 appletalk protocol eigrp no appletalk
protocol rtmp
IP network 23
!
interface Serial0 no ip address shutdown
!
interface Serial1 no ip address shutdown
!
interface TokenRing0 ip address 150.100.20.2 255.255.255.0 appletalk
cable-range 20-20 20.2 appletalk zone ring1 appletalk
protocol eigrp no appletalk protocol rtmp
IP network 20
ring-speed 16 source-bridge 1 1 100 netbios output-access-filter host
serverfit !
router igrp 3 network 150.100.0.0 !
no ip classless access-list 110 permit igrp any any access-list 110
permit icmp any any echo access-list 110 permit icmp any any
echo-reply access-list 110 permit tcp any any eq www access-list 110
permit tcp any eq www any access-list 110 dynamic
joeccie timeoute 5 permit ip any any access-list 110 permit tcp any
150.100.20.0 0.0.0.255 eq telnet access-list 110 permit tcp
The Power Of Knowing
www.actualtests.com
88
host 150.100.14.250 eq telnet host 150.100.23.1 access-list 110 permit
tcp any any eq 2065 access-list 110 permit tcp any eq 2065
any access-list 200 permit 0x0404 0x0001
access-list 200 permit 0x0004 0x0001 !
!
IP route ABCD 20.0080.a.1b.1.c1d1 !
IP sap 4 IPSERVER ABCD.0000.0000.0001 451 2 !
!
line con 0 line aux 0 line vty 0 4 password cisco login local
autocommand access-enable host time-out 5 !
end
Router3
r3#sh ru
Building configuration…
Current configuration:
!
version 11.2 no service password-encryption no service
udp-small-servers no service tcp-small-servers
!
hostname r3 !
enable password cisco !
username r3 password 0 cisco username r5 password 0 cisco no ip
domain-lookup ip multicast-routing ip dvmrp route-limit
20000 appletalk routing eigrp 3 appletalk route-redistribution
IP routing 0003.0003.0003 isdn switch-type basic-net3
!
interface Tunnel0 no ip address appletalk cable-range 35-35 35.3
appletalk zone r35 appletalk protocol eigrp no appletalk
protocol rtmp tunnel source Serial0.1 tunnel destination 150.100.100.5 !
interface Ethernet0 ip address 150.100.23.0 255.255.255.0 ip pim
dense-mode appletalk cable-range 23-23 23.3 appletalk zone
vlan2 appletalk protocol eigrp no appletalk protocol rtmp
IP input-sap-filter 1000
IP network 23
!
The Power Of Knowing
www.actualtests.com
89
interface Serial0 no ip address encapsulation frame-relay frame-relay
lmi-type ansi !
interface Serial0.1 point-to.point ip address 150.100.100.3 255.255.0
ip pim dense-mode ip ospf message-digest-key 2 md5 cisco
ip ospf network point-to-multipoint no arp frame-relay
IP network 345 frame-relay interface-dlci 110
!
interface Serial1 no ip address shutdown
!
interface BRI0 ip address 150.100.14.6 255.255.255.252 encapsulation ppp
IP network 35 dialer idle-timeout 60 dialer map IP 35.0005.0005.0005
name r5 broadcast 81752310 dialer map ip 150.100.14.5
name r5 broadcast 81752310
dialer load-threshold 100 outbound dialer-group 1
no fair-queue ppp authentication chap ppp multilink
!
router ospf 100 summary-address 150.100.23.0 255.255.255.0
summary-address 150.100.20.0 255.255.255.0 redistribute igrp 3
subnets network 150.100.100.0 0.0.0.255 area 0 network 150.100.14.0
0.0.0.255 area 3 distribute-list 1 out igrp 3 area 0
authentication message-digest
!
router igrp 3 redistribute ospf 100 metric 10000 100 255 1 1500
passive-interface BRI0 passive-interface Serial0.1 network
150.100.0.0
!
no ip classless ip route 150.100.14.240 255.255.255.240 150.100.14.5
150 access-list 1 permit 150.100.23.0 0.0.0.255 access-list 1
permit 150.100.20.0 0.0.0.255 access-list 100 deny up any host
255.255.255.255 access-list 100 deny ospf any any access-list 100
permit ip host 150.100.14.6 host 150.100.14.5 access-list 100 permit
ip 150.100.23.0 0.0.0.255 150.100.14.240 0.0.0.15 access-list
900 deny sap any sap any sap access-list 900 deny rip any rip any rip
access-list 900 deny any any all any 457 access-list 900
permit any 23 all 50 all access-list 1000 deny ABCD 4 IPSERVER
access-list 1000 permit FFFFFFFF
!
!
IP route 50 35.0005.0005.0005 floating-static !
IP router eigrp 3 network 345
!
!
IP router rip
no network 345 !
!
The Power Of Knowing
www.actualtests.com
90
!
dialer-list 1 protocol ip list 100 dialer-list 1 protocol IP list 900 !
line con 0 line aux 0 line vty 0 4 password cicso login
!
end
Router4
r4#sh ru
Building configuration…
Current configuration:
!
version 11.2 no service password-encryption no service
udp-small-servers no service tcp-small-servers
!
hostname r4 !
enable password cisco !
no ip domain-lookup appletalk routing eigrp 4 appletalk route-redistribution
IP routing 0004.0004.0004 source-bridge ring-group 200 dlsw local-peer
peer-id 150.100.15.33 dlsw remote-peer 0 tcp
150.100.14.241 dlsw remote-peer 0 tcp 150.100.20.2 keepalive 0 timeout 120 !
interface Loopback0 ip address 199.55.3.4 255.255.255.0
!
interface Tunnel0 no ip address appletalk cable-range 45-45 45.4
appletalk zone r45 appletalk protocol eigrp no appletalk
protocol rtmp tunnel source Serial0.1 tunnel destination 150.100.100.5 !
interface Ethernet0 ip address 150.100.2.3 255.255.255.0 media-type 10BaseT
!
interface Serial0 no ip address encapsulation frame-relay frame-relay
lmi-type ansi !
interface Serial0.1 point-to-point ip address 150.100.100.4
255.255.255.0 ip ospf message-digest-key 1 md5 cisco ip ospf
network point-to-multipoint no arp frame-relay
IP network 345 frame-relay interface dlci 100
!
The Power Of Knowing
www.actualtests.com
91
interface Serial1 no ip address shutdown
!
interface TokenRing0 ip address 150.100.15.33 255.255.255.224
appletalk cable-range 40-40 40.4 appletalk zone ring2
appletalk protocol eigrp no appletalk protocol rtmp
IP network 40
ring-speed 16
source-bridge 2 1 200
!
router ospf 100 summary-address 150.100.2.0 255.255.255.0
summary-address 150.100.15.0 255.255.255.0
redistribute connected subnets network 150.100.100.0 0.0.0.255 area 0
distribute-list 10 out connected area 0 authentication
message-digest
!
router bgp 3 no synchronization network 199.55.3.0 aggregate-address
199.0.0.0 255.0.0.0 summary-only neighbor
150.100.2.254 remote-as 254 neighbor 150.100.2.254 distribute-list 1
out neighbor 150.100.2.254 filter-list 1 in neighbor
150.100.14.1 remote-as 3
!
no ip classless ip as-patch access-list 1 permit ^254$ access-list 1
deny 199.55.3.0 0.0.0.255 access-list 1 permit any access-list 10
permit 150.100.15.32 0.0.0.31 access-list 10 permit 150.100.2.0 0.0.0.255
!
!
!
IP router eigrp 3 network 345
!
!
IP router rip no network
!
!
!
!
line con 0 line aux 0 line vty 0 4 password cisco login
!
end
Router5
The Power Of Knowing
www.actualtests.com
92
r5#sh ru
Building configuration…
Current configuration:
!
version 11.2 no service password-encryption no service
udp-small-servers no service tcp-small-servers
!
hostname r5 !
enable password cisco !
username r5 password 0 cisco username r3 password 0 cisco no ip
domain-lookup ip multicast-routing ip dvmrp route-limit
20000 appletalk routing eigrp 5 appletalk route-redistribution
IP routing 0005.0005.0005 isdn switch-type basic-net3 dlsw local-peer
peer-id 150.100.14.241 dlsw remote-peer 0 tcp
150.100.15.33 dlsw remote-peer 0 tcp 150.100.20.2 keepalive 0 timeout
1200 dlsw bridge-group 1
!
interface Tunnel0 no ip address appletalk cable-range 35-35.5
appletalk zone r35 appletalk protocol eigrp no appletalk
protocol rtmp tunnel source Serial0 tunnel destination 150.100.100.3 !
interface Tunnel1 no ip address appletalk cable-range 45-45 45.5
appletalk zone r45 appletalk protocol eigrp
no appletalk protocol rtmp tunnel source Serial0 tunnel destination
150.100.100.4 !
interface Ethernet0 ip address 150.100.14.241 255.255.255.240
appletalk cable-range 50-50 50.5 appletalk zone vlan 1
appletalk protocol eigrp no appletalk protocol rtmp
IP network 50
bridge group 1
!
interface Serial0 ip address 150.100.100.5 255.255.255.0 ip pim
dense-mode encapsulation frame-relay ip ospf message-digestkey
1 md5 cisco ip ospf network point-to-multipoint ip igmp join-group 224.1.1.1
IP network 345 no IP split-horizon eigrp 3 custom-queue list 1
frame-relay interface-dlci 100 frame-relay interface-dlci 101
frame-relay lmi-type ansi
!
interface Serial1 ip address 150.100.14.2 255.255.255.252
IP network 15
!
interface Serial2 no ip address shutdown
!
interface Serial3 no ip address shutdown
!
The Power Of Knowing
www.actualtests.com
93
interface Serial4 no ip address shutdown
!
interface Serial5
no ip address shutdown
!
interface Serial6 no ip address shutdown
!
interface Serial7 no ip address shutdown
!
interface Serial8 no ip address shutdown
!
interface Serial9 no ip address shutdown
!
interface BRI0 ip address 150.100.14.5 255.255.255.252 encapsulation ppp
IP network 35 dialer idle-timeout 60 dialer map ip 150.100.15.6 name
r3 broadcast 81752322 dialer map IP 35.0003.0003.0003
name r3 broadcast 81752322 dialer-group 1
ppp authentication chap
!
router ospf 100 network 150.100.100.0 0.0.0.255 area 0 network
150.100.14.0 0.0.0.255 area 3 area 0 authentication messagedigest
area 3 range 150.100.14.0 255.255.255.0 area 3 virtual-link
150.100.10.1 message-digest-key 1 md5 cisco !
no ip classless ip route 150.100.23.0 255.255.255.0 150.100.14.6 150
access-list 100 deny ip any host 255.255.255.255 access-list
100 deny ospf any any access-list 100 permit ip host 150.100.14.5 host
150.100.14.6 access-list 100 permit ip 150.100.14.240
0.0.0.15 150.100.23.0 0.0.0.255 access-list 900 deny sap any sap any
sap access-list 900 deny rip any rip any
access-list 900 deny any any all any 457 access-list 900 permit any 50
all 23 all queue-list 1 queue 1 byte-count 4000 queue-list 1
queue 2 byte-count 2000 queue-list 1 queue 3 byte-count 2000
queue-list 1 queue 4 byte-count 500
!
!
IP route 23 35.0003.0003.0003 floating-static !
IP router eigrp 3 network 345 network 15
!
!
IP router rip no network 345 no network 15
!
!
The Power Of Knowing
www.actualtests.com
94
!
dialer-list 1 protocol ip list 100 dialer-list 1 protocol IP list 900
bridge 1 protocol ieee
!
line con 0 line aux 0 password cisco login
!
end
Note: Section A contains 9 labs. Section B contains 8 Labs. Total
number of labs is 17.
The Power Of Knowing
www.actualtests.com
95