- Equipment List
- General Guidelines
- Setting Up the Lab
- Practice Lab 1 Exercises Section 1.0: Basic Configuration (10 points)
- Section 2.0: Routing Configuration (25 points)
- Section 3.0: ISDN Configuration (8 points)
- Section 4.0: PIX Configuration (5 points)
- Section 5.0: IPSec/GRE Configuration (10 points)
- Section 6.0: IOS Firewall + IOS IDS Configuration(10 points)
- Section 7.0: AAA (7 points)
- Section 8.0: Advanced Security (10 points)
- Section 9.0: IP Services and Protocol-Independent Features (10 points)
- Section 10.0: Security Violations (5 points)
- Verification, Hints, and Troubleshooting Tips
- Section 1.0: Basic Configuration
- Section 2.0: Routing Configuration
- Section 3.0: ISDN Configuration
- Section 4.0: PIX Configuration
- Section 5.0: IPSec/GRE Configuration
- Section 6.0: IOS Firewall Configuration
- Section 7.0: AAA
- Section 8.0: Advanced Security
- Section 9.0: IP Services and Protocol-Independent Features
- Section 10.0: Security Violations
Section 2.0: Routing Configuration (25 points)
2.1: Core Routing OSPF/EIGRP/RIP (5 points)
Configure OSPF, EIGRP, and RIP as shown in Figure 1-3. All routing/update traffic should be encrypted. Mutually redistribute between IGPs only where necessary.
2.2: OSPF (4 points)
Configure a loopback on R3 10.50.13.97/28 in Area 66. R5 should see this network in the routing table. Do not use any summarization technique to achieve this task. Performance should not be compromised.
Configure the following loopbacks on R3; put them in Area 30 on R3.
30.30.1.0/24 30.30.2.0/24 30.30.3.0/24 30.30.4.0/24 30.30.5.0/24 30.30.6.0/24
2.3: EIGRP (3 points)
Configure three null routes on R2 to appear in the EIGRP-200 database for the following subnets: 10.50.22.16/28 10.50.22.32/28 10.50.22.64/28. Redistribute EIGRP-200 on R2 into OSPF. All other routers should see these routes as one route with a cost of 10.
2.4: RIP (3 points)
Configure RIPv2 on PIX to peer with inside router R6 and outside router R3. Use strong encryption. Do not configure a static default route. PIX should learn all routes via RIP. You must ensure that no other device can establish adjacency with the PIX and that routing updates are secured.
Configure RIP version 1 between R1 and R5. R5 should be able to ping all parts of the network.
Advertise VLAN 6 network 192.168.6.0/24 on R6 in RIPv2. Make sure you can ping the AAA server from the PIX.
2.5: BGP (10 points)
2.5.1: Basic BGP Configuration (2 points)
Configure the BGP peers as follows using Figure 1-4.
R2 R3 eBGP R2 R1 iBGP R1 R3 eBGP R1 R5 iBGP R5 R4 eBGP R3 R6 iBGP (configure static NAT 10.10.6.2 to 10.50.31.22 on PIX to achieve this task)
NOTE
You can use "no sync" on all BGP peers.
2.5.2: BGP Connections (2 points)
Ensure that eBGP connection state on R6 shows local port as 179 always.
2.5.3: BGP and OSPF (2 points)
Advertise loopback2 on R2 and R4 in BGP. Redistribute BGP into OSPF on these routers so that BGP routes on all OSPF routers are seen as OSPF (E1) and not through BGP. Ensure all routers can ping these loopbacks using the optimal path. Do not use the distance command to achieve this task.
2.5.4: BGP and RIP (2 points)
Advertise loopback2 on R1 in BGP and RIPv1. Advertise loopback1 in RIPv1 only. R5 should be able to ping all routers in the network and vice versa.
2.5.5: BGP Attributes (2 points)
Advertise loopback1 and loopback2 on R6 in BGP. Do not use the network statement to advertise loopback2. R3 should see both loopbacks as internal. Ensure all routers in the network can ping these loopbacks using the optimal path.