CCIE Enterprise Infrastructure Practice Lab v1 · CCIE Enterprise Infrastructure Practice Lab v1.0...

CCIE Enterprise Infrastructure Practice Lab v1.0

Web: www.ccielabcenter.com / Mail: [email protected]



Description

Author: CCIE Lab Center (CLC) Focus: Practice Level: Expert (CCIE) Stream: CCIE Enterprise Infrastructure Content: Diagrams (Topology) & Questions. Format: PDF Protection: None Price: Free Links to Download:

Lab Simulator (Eve-ng): https://mega.nz/file/P7xjGYRC#f9271lat541J72_9YReQMGVH9Jc3K81co8CNTTg-NY8

HD Topology (PNG): https://mega.nz/file/O25nEQqb#xZsTxSLXB8bG5JGpO1JilnyUQciI7r8KPlvtUgTDxN0

Note: This is a not for sale product.



Diagram#0 – Eve-ng Topology



Diagram#1 - Main Topology



Diagram#2 - Switching Topology



Diagram#3 - EIGRP Topology



Diagram#4 - OSPF Topology



Diagram#5 – OSPF IPv6 Topology



Diagram#6 – BGP Topology



Diagram#7 – BGP IPv6 Topology



Diagram#8 – Multicast Topology



Diagram#9 – MPLS Topology



Diagram#10 – SD-WAN Topology



Diagram#11 – DMVPN Topology



Diagram#12 – FLEX-VPN Topology



Refer Diagram#2 Configure the network in New York AS64510 site as per the following requirements:

1. Configure VLANs as per the diagram in New York site.

2. Complete the configuration of vlans so that all routers & end devices that are located in New York (AS64510) must be available for reachability (ping and traceroute) respectively.

3. All four switches (SW1-SW4) in New York site must be connected with each other via dot1q trunks and they should not rely on negotiation.

4. Do not create any Port Channel.

SECTION 1: Network Infrastructure 30 Points

QUESTION

SECTION 1.1.a: VLAN Technologies 2 Points

SECTION 1.1: Layer 2 Technologies 8 Points



Refer Diagram#2

Configure the network in New York AS64510 site as per the following requirements:

1. The VTP domain must be set to CLC 2. Use VTP version 2 3. All switch in New York site must accept & update their VLAN database from SW1. 4. Secure all VTP updates with an MD5 digest of the ASCII string "https://ccielabcenter.com” 5. In order to avoid as much as possible unknown unicast flooding in all vlans the administrator

requires that any dynamic entries learned by other, all four swicth must be retained for 30 mins before being refreshed.

6. All four switch must avoid tagging VLAN 123 and allow it as native.

SECTION 1.1.b: Virtual Trunking Protocol 2 Points

QUESTION



Refer Diagram#2


1. SW1 must be the root switch for all vlans 2. SW2 must be the backup root switch for all vlans 3. Explicitly configure the root and backup roles, assuming that other switches with default

configuration may eventually be added in the network in the future

4. All Switches must maintain one stp instance per vlan 5. Use stp mode that has only 3 possible port states. 6. All access ports must immediately transitioned to the forwarding state upon link up and they

must still participate in STP . Use single command per switch to enable this 7. Access ports must automatically shut down if they receive any BPDU and an administrator must

still manually re-enable the port. Use a single command per switch to enable this feature.

SECTION 1.1.c: Spanning Tree Protocol 2 Points

QUESTION



Refer Diagram#2


1. Configure layer 2 ether channels between SW1 & SW2 as per the diagram. 2. SW1 must initiate ether channel negotiation using LACP and SW2 must never initiate ether

channel negotiation. 3. Your ether channel configuration must not impact the trunks.

4. Ensure that all ports included in ether channel are effectively in use and bundled in the expected channel.

SECTION 1.1.d: Ether Channel Protocol 2 Points

QUESTION



Refer Diagram#3

Configure the network in Brazil AS64540 site as per the following requirements:

1. You must use the EIGRP Autonomous System as per the topology 2. The interface loopback0 on each L3 device must be seen as an internal EIGRP prefix by all other

devices. 3. Ensure the EIGRP is not running on any interface that is facing another AS. Use any method to

accomplish this requirement. 4. At the end VPC-2 must be able to ping both the gateway routers Loopback0.

SECTION 1.2: Layer 3 Technology - EIGRP 4 Points

SECTION 1.2.a: Routing: EIGRP 2 Points

QUESTION



Refer Diagram#3

Configure the network in Australia AS64550 & Singapore AS64520 site as per the following requirements:

1. You must use the EIGRP Autonomous System as per the topology 2. The interface loopback0 on each L3 device must be seen as an internal EIGRP prefix by all other

devices. 3. Ensure the EIGRP is not running on any interface that is facing another AS. Use any method to

accomplish this requirement. 4. At the end make sure that the reachability is successful.

SECTION 1.2.b: Routing: EIGRP 2 Points

QUESTION



Refer Diagram#4


1. Configure OSPF as per the topology 2. The interface loopback0 on each L3 device must be seen as an internal OSPF prefix by all other

devices 3. Make sure that SW3 & SW4 must use SW1 to reach the router and SW1 & SW2 must use only 1

hop to reach the router. You can use any method to accomplish this task. 4. Devices SW3 & SW4 must behave as a stub. 5. Ensure that OSPF is not running on any interface that is facing another AS. Use any method to

accomplish this requirement.

SECTION 1.3: Layer 3 Technology - OSPF 6 Points

SECTION 1.3.a: Routing: OSPF 3 Points

QUESTION



Refer Diagram#4

Configure the network in San Jose AS64580, W DC AS64530, New Zealand AS64560 & London AS64570 site as per the following requirements:

1. Configure OSPF as per the topology 2. In WDC all devices must see vEdge3 as a Designated Router & vEdge4 as a Backup Designated

Router. 3. The interface loopback0 on each L3 device must be seen as an internal OSPF prefix by all other

devices 4. Ensure the OSPF is not running on any interface that is facing another AS. Use any method to

accomplish this requirement.

SECTION 1.3.b: Routing: OSPF 2 Points

QUESTION



Refer Diagram#5 Configure the network in Singapore AS64520 & Brazil AS64540 site as per the following requirements:

1. Configure OSPFv3 as per the topology 2. All the ipv6 interfaces along with loopback0 must be seen as an internal OSPFv3 prefix by all

other devices 3. Ensure that OSPFv3 is not running on any interface that is facing another AS. Use any method to

accomplish this requirement. 4. At the end VPC-2 must be able to reach the loopback0 on SW8.

SECTION 1.3.c: Routing: OSPFv3 1 Points

QUESTION



Refer Diagram#6

Configure the network MPLS Core site as per the following requirements: There are pre-confguration in MPLS Core AS500. The admisnistrator has already configured OSPF in AS500 Configure all the CSR (ISP & P Routers) as per below requirements :

1. All BGP routers must use their interface loopback0 as their BGP router-id.

2. Disable the default ipv4 unicast address family for peering session establishment in all BGP routers.

3. Interface loopback on each router must be seen as a internal BGP route

4. P1 must be the ipv4 route-reflector for BGP AS500. 5. P1 must use the peer-gorup named “CLC” for all internal peerings (ISP Routers). 6. At the end all IGP routes must be reachable to each other and must have a successful

ping test.

SECTION 1.4: Layer 3 Technology - BGP 10 Points

QUESTION

SECTION 1.4.a: Routing: IBGP 4 Points



Refer Diagram#6

Configure the network of MPLS & WAN sites Configure all PE & CE sites as per the following requirements:

1. All BGP devices must use their interface loopback0 as their BGP router-id

2. Disable the default ipv4 unicast address family for peering session establishment in all BGP routers.

3. All PE devices must establish EBGP peerings with CE & Vice Versa. 4. On CE devices redistribute IGP into BGP and vice versa to receive the required routes and

reachability. 5. Make sure that the routes received from PE must not enter the IGP through CE devices and

must receive only summary routes from ISP’s. 6. Make sure your configuration does not disallows you the end-to-end rechability.

SECTION 1.4.b: Routing: IBGP & EBGP 4 Points

QUESTION



Refer Diagram#7 Configure the network in Singapore AS64520 & Brazil AS64540 sites as per the following requirements:

1. Configure BGP ipv6 as per the topology 2. All the ipv6 interfaces along with loopback0 must be seen as an internal BGP prefix by all other

devices 3. Ensure the BGP is not running on any interface that is facing another AS. Use any method to

accomplish this requirement. 4. Your configuration must allow the reachability with distribution of routes 5. At the end Ipv6 address of VPC-2 must be able to reach the loopback0 ipv6 address on SW8 and

vice versa.

SECTION 1.4.c: Routing: Ipv6 BGP 2 Points

QUESTION



Refer Diagram#8 Configure the network in New York AS64510 & Brazil AS64540 as per the following requirements

1. You must configure the multicast network as per the topology. 2. Only network segments with active receivers that explicitly require the data must receive the

multicast traffic 3. Interface loopback0 of R4 in Brazil must be configured as RP 4. Use a standard method of dynamically distributing the RP 5. All Routers & Switch in New York & Brazil must participate in the multicast routing as per the

topology 6. For testing purpose configure interface ethernet0/0 of VPC-1 to join group 235.1.1.1 7. Do not enable additional multicast interfaces other than required.

SECTION 1.5: Layer 3 Technology - Multicast 2 Points

SECTION 1.5.a: Routing - Multicast 2 Points

QUESTION



Refer Diagram#10

Configure the network in San Jose AS64510 as per the following requirements

1. Configure vManage, vBond, vSmart for SD-WAN Systems. 2. Using CLI you must configure VPN0 & VPN512 interfaces in vManage, vBond, vSmart as per

the topology. 3. Using GUI Register vBond & vSmart in vManage. 4. The registration must be done using CA Server. 5. At the end vBond & vSmart must be seen as synced with vManage

SECTION 2: Software Defined Infrastructure 25 Points

SECTION 2.1.a: SD-WAN Technology 5 Points

QUESTION



Refer Diagram#10

Configure the network in London AS64570, New Zealand AS64560 & WDC AS64530 as per the following requirements

1. Configure vEdge for SD-WAN connectivity. 2. Using CLI you must configure VPN0 & VPN512 interfaces in vEdge as per the topology. 3. Using GUI Register vEdge in vManage. 4. The registration must be done using CA Server. 5. At the end all vEdges must be seen as synced with vManage

SECTION 2.1.b: SD-WAN Technology 5 Points

QUESTION



Refer Diagram#10

Configure the network SD-WAN Technology as per the following requirements

1. Configure vManage for SD-WAN as per the topology. 2. Using GUI/CLI you must configure/use the below templates.

Feature Templates - System

Feature Templates – OSPF & BGP for vEdges

Device Templates for vSmart Controllers

Device Templates for vEdges

Feature Templates for Internal Routing Protocols

Internal Routing Protocols on the Internal Routing Devices

Service VPN using Templates

SECTION 2.2.a: SD-WAN Technology 10 Points

QUESTION



Refer Diagram#10

Configure the network SD-WAN Technology as per the following requirements

1. Configure vManage for SD-WAN as per the topology. 2. Using GUI/CLI you must configure/use the below policies.

Application Aware Policies using Telnet and Web.

Load Balancing using Multiple vEdge in WDC

SECTION 2.2.b: SD-WAN Technology 5 Points

QUESTION



Refer Diagram#9

The administrator has decided to use VPN Technology for securing the MPLS network. Configure MPLS Core AS500 as per below requirements:

1. Ensure that all ISP(PE) Routers must make VPNv4 neighborship with P1 2. P1 must reflect VPNv4 prefixes to all its PE’s 3. Configure all ISP(PE) routers as per below VRF’s

ISP1 CSR1: SAN-JOSE

ISP1 vEdge1: LONDON

ISP1 vEdge2: NEW-ZEALAND

ISP2 CSR2: SAN-JOSE

ISP2 R11: HOME

ISP2 R1: NEW-YORK

ISP2 R2: SINGAPORE

ISP2 vEdge3: WDC

ISP3 vEdge1: LONDON

ISP3 vEdge2: NEW-ZEALAND

ISP3 R6: AUSTRALIA

ISP3 R3: BRAZIL

ISP4 R1: NEW-YORK

ISP4 R2: SINGAPORE

ISP4 vEdge4: WDC

ISP4 R4: Brazil

4. You must configure in such a way to receive all prefixes from CE routers. 5. The Mpls core network AS 500 has been already configured with OSPF by the Service Provider

Administrator.

6. At the end of the exam your configuration must not impact the services running at customer end.

SECTION 3: Transport Technologies and Solutions 15 Points

SECTION 3.1.a: Routing: MPLS 4 Points

QUESTION



Refer Diagram#9

The administrator has decided to use VPN Technology for securing the network. Configure MPLS Core AS 6500 as per below requirements:

1. San Jose AS64580 & New York AS64510 must be able to connect with every device in the CLC Network.

2. Singapore AS64520 & Brazil AS64540 must be able to connect with each other in CLC Network. 3. Ensure that non other than the above mentioned are reachable to each others network. 4. The Mpls core network AS500 has been already configured with OSPF by the Service Provider

Administrator. 5. In MPLS Core, all P & PE routers must use LDP protocol & must use their interface loopback0 as

their LDP Router ID. 6. In MPLS Core all PE routers must allow maximum 500 prefixes from CE and must generate a log

when the prefixes reaches 80% of the total prefixes allowed. 7. You are not supposed to modify any changes on CE Routers to accomplish this task.

SECTION 3.1.b: Routing: MPLS 4 Points

QUESTION



Refer Diagram#11 The administrator has decided to use Dual-Hub VPN Technology for securing the network but facing certain issues in getting spoke to spoke reachability.

1. The admin has already configured the dmvpn configuration with a dual hub technology. Interface tunnel0 & tunnel1 on all four routers R1, R2, R3 & R4 are used. R3 is the DMVPN-Hub1 router for both spokes R1 & R2 and R4 is the DMVPN-

Hub2 router for both spokes R1 & R2. 2. You must be able to get the OSPF adjacency up through the tunnels between both the

Hubs and Spokes routers. 3. You need to check and troubleshoot the issue/reason due to which the spoke-to-spoke

connections are down.

4. When you make a tarceroute, Spoke-to-Spoke traffic does not transit via the Hub router.

SECTION 3.2.a: Routing: DMVPN Dual-Hub 4 Points

QUESTION



Refer Diagram#12 The administrator has decided to use Flex VPN Technology for securing the network in Australia AS64550 site as per the following requirements.

1. The administrator has already configured the Flex-VPN Technology in Australia AS64550. 2. R6 is the Hub and R7 & R8 are the Spokes. 3. You are suppose to identify the cause and get the services back to live again. 4. At the end you must the test your solution with below commands:

a. Show ip interface brief ----> you must see the virtual-access interfaces as up & up b. Show crypto ipsec sa ----> you must see the hits on encrypt and decrypt packets c. Show crypto ikev sa detailed ----> you must see the other spoke ip address (as remote)

with ready status.

SECTION 3.2.b: Routing: FLEX-VPN 3 Points

QUESTION



The administrator has decided to use Network Time Protocol Service(NTP). Configure NTP in New York AS64510 as per the below requirements.

1. Configure R1 as the NTP master. 2. Configure SW1 & SW2 as the NTP slave. 3. The interface Loopback0 of all three devices : R1, SW1 & SW2 must be used for peering. 4. Ensure that all the slave routers are synchronized with the master router NTP.

SECTION 4: Infrastructure Security and Services 15 Points

SECTION 4.1.a: Services: NTP 3 Points

QUESTION



Configure R1 in the New York AS64510 site as per the following requirements

1. Enable SSH access in R1 using the domain name “ ccielabcenter.com “ 2. R1 must accept up to three remote authorized users to connect at the same time using SSH 3. Create the user "clc" with password "https://ccielabcenter.com" in the local database of R1 4. Ensure that R1 accepts SSH connections with clients with source ip in 172.0.0.0/8. All other

source ip must be denied. Use any ACL to configure this requirement. 5. R1 must produce a syslog message for all SSH connection attempts whether permitted or denied 6. When authenticate the username “ clc “ must be granted privilege level 1 7. Ensure that SSH is the only remote access method permitted on VTY lines of R1 8. Ensure that the console is not affected by your solution and no username prompt is presented

on the console port. 9. Test your solution from any device that is in allowed condition.

SECTION 4.1.b: Services: SSH 4 Points

QUESTION



Configure the network in New York AS64510 as per the following requirements:

1. R1 must assign hosts (VPC-1) in VLAN 10 on SW3 with a valid IP address from the prefix 172.10.253.254/24

2. Ensure that addresses that were statically configured will never be assigned to any hosts. 3. Ensure that the distribution switches SW1 and SW3 forward DHCP discover broadcast messages

received from VLAN 100 to VPC-1 (in VLAN 10) as unicast message. 4. Ensure that the VPC-1 effectively receives an IP address as well as its default gateway

information.

SECTION 4.2.a: Services: DHCP 4 Points

QUESTION



The administrator has decided to make some changes in network services. Configure Home AS64590 site as per below requirements :

1. R11 router must allow all the incoming & outgoing traffic from required sources. 2. R11 router must use its interface loopback0 ip address for swapping any destination

traffic. 3. You are allowed to use a single standard list to complete this task 4. R11 router must enable all private corporate traffic that is originated from any host with

source ip address 172.0.0.0/8 to connect to any public destination. 5. R11 must swap the source ip address in these packets with the ip address of its interface

loopback0 6. R11 must allow multiple concurrent connections.

SECTION 4.2.b: Services: NAT 4 Points

QUESTION




1. Configure API calls for real-time monitoring of application-aware routing: SLA Class as

per the below informations

Display information about the SLA classes operating on the router

CLI Equivalent: show app-route sla-class

URL: https://172.80.200.11/dataservice/device/app-route/sla-class?deviceId=deviceId

Method: GET

Request Parameters

Name Required Description Parameter Type Data Type

deviceId Yes IP address of device

Query String

Response Content Type: application/json

SECTION 5: Infrastructure Automation and Programmability 15 Points

SECTION 5.1: Monitoring Endpoints 5 Points

QUESTION




1. Configure API calls for real-time monitoring of application-aware routing: Statistics as

per the below informations

Display statistics about data traffic characteristics for all operational data plane tunnel.

CLI Equivalent: show app-route stats

URL: https://172.80.200.11/dataservice/device/app-route/statistics?deviceId=deviceId

Method: GET

Request Parameters

Name Required Description Parameter Type Data Type

deviceId Yes IP address of device

Query String

local-color Optional Local color Query String

remote-color Optional Remote color Query String

remote-system-ip Optional Remote system IP address

Query IPv4

Response Content Type: application/json

SECTION 5.2: Configuring Endpoints 5 Points

QUESTION




1. Use Python to establish a session to the vManage server, with the username and

password indicated on the command line

Class with REST Api GET and POST libraries

python rest_api_lib.py vmanage_hostname username password

PARAMETERS: vmanage_hostname : Ip address of the vmanage or the dns name of the vmanage username : Username to login the vmanage password : Password to login the vmanage

Note: All the three arguments are manadatory

SECTION 5.3: IAP: Python requests library and Postman 5 Points

QUESTION

CCIE Enterprise Infrastructure Practice Lab v1 · CCIE Enterprise Infrastructure Practice Lab v1.0...

Documents

Transcript of CCIE Enterprise Infrastructure Practice Lab v1 · CCIE Enterprise Infrastructure Practice Lab v1.0...