Scribd
Upload
117 views7 pages

Exam Day Preparation and Lab Instructions

Uploaded by

kaung khant zaw
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
117 views7 pages

Exam Day Preparation and Lab Instructions

Uploaded by

kaung khant zaw
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd

Day-1

=====
- Question Type
1. MCQ
2. Drag and drop
3. Lab Simulation

- "Next" Only
- Valid for 3 years
- NRC / License / Passport
- Example Test Question in Test Begin
- Survey Questions in Test Last
- Reschedule Time (within 1 year)
- Spoto (680Q+ within 1 month)

On the Exam Day


---------------
Need to arrive 30 mins before the exam

During Exam
===========
**** #do wr or #wr after configured
**** during Lab, default password id "cisco"
**** need to check with #sh run | begin or #sh interface trunk or #sh ip interface
brief
**** if "Verify" keyword in question, please check the ping from PC.
**** if "Traffic on all trunks should be restricted to only active VLANs" in
question, please add the "#sw trunk allowed vlans xxx".

Switch Lab
----------
Lab-1
1. #spanning-tree mode rapid-pvst
2. #switchport mode trunk
3. #switchport mode trunk

Lab-2
1. #spanning-tree pathcost method long (Spanningtree default is 16 bits that
changed to 32 bits)
2. #no switchport access vlan 400 (to delete the original configured access port)
#switchport trunk encapsulation dot1q
#switchport mode trunk
3. #int range e0/2-3
#switchport trunk allowed vlan 1,400
#channel-group-10 mode active

Lab-3
#int e0/0
1. #switchport trunk encapsulation dot1q
#switchport mode trunk
2. #udld port aggressive
3. #interface range e0/2-3
#switchport trunk ecapsulation dot1q
#switchport trunk allowed vlan 1,300
#switchport mode trunk
#channel-group 10 mode active

Lab-4
1. #interface e0/1
#sw m access
#sw acc vlan 100
#spanning-tree portfast

Route Lab(OSPF)
---------------
***** if add network range in ospf, use wildcard mask. If add network range with
summarize as area 10 range x.x.x.x x.x.x.x, use subnet mask
Lab-5
#sh run | section ospf
1.#router ospf 10
#router-id [Link]
#interface range e0/0-1
#ip ospf 10 area 0
2.#router ospf 10
#area 10 range [Link] [Link]
3.#router ospf 10
#area 20 range [Link] [Link]

Lab-6
***** if not want the nodes to participate in DR/BDR election process, add the
relative interface #ip ospf network point-to-point or set priority no 0 #ip ospf
priority 0
#show ip ospf neighbour (Full/-)
1.#int e0/1
#ip ospf network point-to-point
#clear ip ospf process
2.#int e0/0
#ip ospf network point-to-point
#clear ip ospf process
3.#int e0/0
#ip ospf priority 255
#clear ip ospf process

Lab-7
****
#sh ip int br
#show run | section interface
#show run | section ospf
1.#ip prefix-list Name seq 1 deny [Link]/24
#router ospf 10
#area 10 filter-list prefix Name in
#clear ip ospf process
2.#ip prefix-list Name seq 1 deny [Link]/24
#router ospf 10
#area 10 filter-list prefix Name out
#clear ip ospf process

Lab-8
**** when add the vrf to interface, need to re-configure the IP address to
interface.
**** when add ipsec to gre tunnel, use #tunnel protection ipsec profile XXX
**** If there is no VRF CORP, create VRF #vrf definition CORP
Step
----
Create VRF -> Create GRE Tunnel0 -> Add VRF in GRE Tunnel0 -> Reconfigure the GRE
Tunnel0 -> Add the GRE Tuneel0 in IPSec Profile
#show run | section interface
#show run | section vrf
#show run | section ipsec
#show ip int br
R1
#config t
#ip route vrf CORP [Link] [Link] [Link]
#interface Tunnel 0
#vrf forwarding CORP
#ip address [Link] [Link]
#tunnel source Ethernet 0/1
#tunnel destination [Link]
#tunnel protection ipsec profile XXX
#exit
#interface Ethernet 0/0.100
#vrf forwarding CORP
#ip address [Link] [Link]
#end
R2
#config t
#ip route vrf CORP [Link] [Link] [Link]
#interface Tunnel 0
#vrf forwarding CORP
#ip address [Link] [Link]
#tunnel source Ethernet 0/2
#tunnel destination [Link]
#tunnel protection ipsec profile XXX
exit
#interface 0/0.101
#vrf forwarding CORP
#ip address [Link] [Link]
#end

Lab-9
#sh run
#sh ip int br
R1
#config t
#ip route vrf CORP [Link] [Link] [Link]
#interface Tunnel 0
#vrf forwarding CORP
#ip address [Link] [Link]
#tunnel source Ethernet 0/1
#tunnel destination [Link]
#tunnel protection ipsec profile XXX
#end
R2
#config t
#ip route vrf CORP [Link] [Link] [Link]
#interface Tunnel 0
#vrf forwarding CORP
#ip address [Link] [Link]
#tunnel source Ethernet 0/2
#tunnel destination [Link]
#tunnel protection ipsec profile XXX
#end

Lab-10
**** In OSPF, add VRF to OSP with #route ospf 100 vrf CORP
Step
----
Add router ospf 100 vrf CORP -> create crypto keyring XXX vrf CORP and built pre-
shared-key address x.x.x.x x.x.x.x key XXX -> add CORP vrf to WAN Int,
#sh run
#sh ip int br
#sh route ospf
R1
#config t
#no router ospf 100
#router ospf 100 vrf CORP
#router-id [Link]
#exit
#crypto keyring test vrf CORP
#pre-shared key address [Link] [Link] key cisco
#interface Ethernet 0/1
#vrf forwarding CORP
#ip address [Link] [Link]
#ip ospf network point-to-point
#ip ospf 100 area 0
#interface Tunnel 0
#tunnel vrf CORP
#tunnel protection ipsec profile XXX
R2
#config t
#no router ospf 100
#router ospf 100vrf CORP
#router-id [Link]
#exit
#crypto keyring test vrf CORP
#pre-shared key address [Link] [Link] key cisco
#interface Ethernet Ethernet 0/2
#vrf forwarding CORP
#ip address 10.10.21 [Link]

Lab-11 (BGP-1)
****** (Watch carefully address-family)
#sh run
#sh ip int br
#sh router bgp summary
R2
#config t
#router bgp 500
#bgp router-id LOOPBACK ID
#neighbor [Link] remote-as 400
#neighbor [Link] remote-as 500
#network [Link] mask [Link]
#network [Link] mask [Link]
#end
#wr

Lab-12 (BGP-2)
****** (Watch Carefully address-family)
#sh ip int br
#sh router bgp summary
#sh run | section bgp
R1
#en
#config t
#router bgp 100
#bgp router-id [Link]
#neighbor [Link] remote-as 200
#neighbor [Link] remote-as 300
#address-family ipv4
#network [Link] mask [Link]
#network [Link] mask [Link]
#network [Link] mask [Link]
#end
#wr

Lab-13 (Security-1)
******* virtual-link = line vty 0 4
#sh run | section aux
R2
#en
#config terminal
#line aux 0
#password Cisco!
#exit
#service password-encryption
#line vty 0 4
#transport input ssh
#exec-timeout 25 0
#end
#wr

Lab-14 (Etherchannel and trunk)


****** Fewst Priority Number is Root Bridge(Value = 0)
#sh run
#show etherchannel summary
Sw10
#en
#config t
#no int po21
#default int range eth0/0-1
#interface range eth0/0-1
#channel-group 21 mode passive
#interface int range eth0/0-1,po21
#switchport trunk encapsulation dot1q
#switchport mode trunk
#no shutdown
#exit
#spanning-tree vlan 12 priority 0
#end
#wr

Lab-15 (CoPP)
****** ACL > class-map > policy-map > apply in control-plane
#show run
#show ip access-list
R10
#en
#config t
#ip access-list extended 120
#5 permit ospf any any
#end
#wr
R30
#en
#config t
#ip access-list extended TELNET
#permit tcp [Link] [Link] any eq telnet
#exit
#class-map match-any TelnetClass
#match access-group name TELNET
#exit
#policy-map COPP
#class TelnetClass
#police 8000 conform-action transmit exceed-action drop
#control-plane
#service-policy input COPP
#end
#wr

Lab-16 (OSPF4)
******
R30
#show run
#show router ospf
#show ip int br
#config t
#router ospf 30
#router-id [Link]
#network [Link] [Link] area 0
#network [Link] [Link] area 0
#network [Link] [Link] area 0
#network [Link] [Link] area 50
#area 50 range [Link] [Link]
#end
#wr

Lab-17 (NetworkFlow and SPAN)


******
R1
#sh run
#config t
#flow exporter NetFlow
#destination [Link]
#exit
#ip sla 10
#http get [Link]
#frequency 300
#exit
#ip sla schedule 10 life forever start-time now
#end
#wr
Sw1
#en
#sh run
#config t
#monitor session 7 source interface eth0/0 both
#monitor session 7 destination interface eth1/1
#end
#wr

LAB-18 (VPN and VRF4)


******
R11
#show run | section vrf
#config t
#int e0/0
#vrf forwarding FINANCE
#ip address [Link] [Link]
#exit
#int e0/1
#vrf forwarding FINANCE
#ip address [Link] [Link]
#exit
#int tu0
#vrf forwarding FINANCE
#ip add [Link] [Link]
#tunnel source [Link]
#tunnel destination [Link]
#exit
#ip route vrf FINANCE [Link] [Link] [Link]
#end
#wr

Lab-19 (Security2)
****** higest level of privilege = 15
R2
#en
#sh run
#config t
#username NetworkAdmin privilege 15 password CiscoENCOR
#line vty 0 4
#transport input telnet
#login local
#line aux 0
#exec-timeout 20 0
#end
#wr

Common questions

Powered by AI

The document suggests verifying OSPF configuration and neighbor states by using commands such as #show ip ospf neighbour to view the status (Full/-) of OSPF neighbors. It also recommends inspecting the running configuration for OSPF with #show run | section ospf and interface states with #show ip int br. These checks ensure that OSPF is correctly configured, operational, and that all neighboring routers are in the expected state .

Integrating VRF with OSPF is done by initially configuring OSPF with a VRF-aware instance using #router ospf [id] vrf CORP. Then, a crypto keyring with pre-shared keys should be configured using #crypto keyring [name] vrf CORP to secure neighbor communications. Add the VRF to the WAN interface and specify OSPF network types correctly. This ensures isolated OSPF routing per VRF while securing OSPF updates through pre-shared keys .

To prevent nodes from participating in DR/BDR elections in OSPF, configure the relevant interface with the command #ip ospf network point-to-point or set its priority to zero using #ip ospf priority 0. This configuration should be followed by starting the OSPF process with #clear ip ospf process to ensure changes take effect .

Restricting traffic on VLAN trunks to active VLANs optimizes network efficiency by reducing unnecessary broadcast traffic and potential security risks. This is accomplished using the command #switchport trunk allowed vlan followed by the list of active VLANs. This ensures that only tagged frames from specified VLANs traverse the trunk port, thereby minimizing potential congestion and security gaps .

OSPF route filtering using prefix-lists is configured by creating a prefix list to match specific networks, e.g., #ip prefix-list [Name] seq [number] deny [network/mask]. Apply the prefix list within an OSPF area with #area [area-id] filter-list prefix [Name] [in/out]. This ensures that unwanted routes are filtered at the OSPF area boundary, controlling route advertisement propagation within an OSPF topology .

For BGP configuration and verification, establish BGP sessions using #neighbor [IP] remote-as [AS number] for each peer. Ensure address families are carefully watched. Add networks with the #network [IP] mask [subnet], and afterwards, verify the BGP configuration and status using #show router bgp summary. Always confirm that router IDs and peer relationships are constructed correctly per the document's network topology .

Configuring IPsec on a GRE Tunnel involves: 1) Assigning the tunnel interface, e.g., #interface Tunnel0. 2) Adding the IP address with #ip address x.x.x.x 255.255.255.x. 3) Specifying the tunnel source and destination addresses. 4) Enabling IPsec protection by identifying the profile with #tunnel protection ipsec profile XXX, ensuring secure encapsulated traffic within the GRE tunnel .

To set up the spanning-tree pathcost method to long, use the command #spanning-tree pathcost method long on the switch. This setting changes the path cost calculations from the default 16-bit to 32-bit, improving path selection accuracy for faster networks. It's essential to ensure that this configuration is uniformly applied across all network devices to maintain consistency in path selection .

To implement a VRF-Corp GRE Tunnel with IPSec protection, perform the following steps: 1) Create VRF with the command #vrf definition CORP. 2) Configure the GRE Tunnel, #interface Tunnel0 and assign the VRF with #vrf forwarding CORP. 3) Reconfigure the GRE Tunnel0 by adding the IP address, #ip address 10.100.100.1 255.255.255.0, and set the tunnel source and destination. 4) Apply IPSec protection using #tunnel protection ipsec profile XXX. Verify configuration using commands like #show run | section interface and #show run | section ipsec .

Secure remote access configuration involves setting line VTY parameters for SSH. Use #line vty 0 4 to select VTY lines, followed by #transport input ssh to specify SSH for remote connections. Set timeouts with #exec-timeout and ensure login credentials are secure by specifying #login local for locally stored authentication details and encrypt passwords using #service password-encryption .

You might also like