CCNPv7 TSHOOT

Chapter 9 Lab 9-2, In Synch Instructor Version

Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.

Physical Topology

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

Logical Topology

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

Objectives
 Load the trouble ticket device configuration files for each trouble ticket.
 Diagnose and resolve problems related to AAA, LLDP, port security, FHRP interface tracking, FHRP
IP SLA object tracking, MST, VTP, ACLs, route authentication, VRF, and BGP.
 Document troubleshooting progress, configuration changes, and problem resolution.

Background
This lab covers a range of problems and requires that you make use of the troubleshooting skills acquired
throughout this course to resolve the routing and switching problems introduced. These trouble tickets may
involve technologies from any ROUTE or SWITCH lab. But the focus is on connectivity issues related to AAA,
LLDP, port security, FHRP interface tracking, FHRP IP SLA object tracking, MST, VTP, ACLs, route
authentication, VRF, and BGP.
For each task or trouble ticket, the trouble scenario and problem symptom are described. While
troubleshooting, you will discover the cause of the problem, correct it, and then document the process and
results.
Trouble Tickets and Troubleshooting Logs
This lab includes three tasks. Each task is associated with a trouble ticket (TT) and introduces one or more
errors on one or more devices. If time is a consideration, each task or trouble ticket can be performed
independently.
Instructor note: Unlike the labs in previous chapters, step-by-step solutions and validation procedures are
not included in this lab. Solutions and discussions are included in the debrief for each TT. Students are
expected to use the commands and troubleshooting procedures introduced in previous labs to diagnose the
problems in this lab.
Note: This lab uses Cisco ISR G2 routers running Cisco IOS 15.4(3) images with IP Base and Security
packages enabled, and Cisco Catalyst 3560 and 2960 switches running Cisco IOS 15.0(2) IP Services and

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

LAN Base images, respectively. The 3560 and 2960 switches are configured with the SDM templates dual-
ipv4-and-ipv6 routing and lanbase-routing, respectively. Depending on the router or switch model and
Cisco IOS Software version, the commands available and output produced might vary from what is shown in
this lab. Any changes made to the baseline configurations or topology (other than errors introduced) are noted
in the trouble ticket so that you are aware of them prior to beginning the troubleshooting process.
Instructor Notes:
 The lab topology should be pre-built prior to the students starting the lab. Ensure that all switches and
routers (ALS1, DLS1, DLS2, R1, R2, and R3) have the course lab configuration files installed in flash
memory. These can be downloaded from NetSpace. The device configurations for all devices are
included at the end of this lab, either directly or by reference to the first trouble ticket, TT-A. The
configuration file for ALS1 can be copied into a text file using the naming convention Labxy-ALS1-
TT-z-Cfg.txt where x is the chapter number, y is the lab number within the chapter, and z is the
upper case letter indicating the particular trouble ticket in the lab; similarly for DLS1, DLS2, R1, R2,
and R3.
 The device configurations that contain trouble ticket errors and modifications from the baseline are
included at the end of the lab, and the errors in them are identified.
 All device configurations are provided for TT-A, including those that are the same as the EIGRP-BGP
baseline from Lab 8-2. The configurations provided here are not running-config outputs, but rather
sequences of commands that generate running-config files.
 Device configurations can be used by instructors for cut-and-paste for TT-A and subsequent tickets –
use a terminal emulator line delay of at least 100 ms if pasting configurations directly into global
configuration mode on a device.
 Where a configuration is noted as being the same as a previous one, the only change is in the
MOTD, which identifies the Lab and TT.
 Each device should have a directory named “tshoot” in flash. This directory should contain the
baseline configuration file for that device as well as configuration files for all labs in this course.
 Instructors can use a TFTP server, a USB drive, or a flash memory card as source, and use the copy
or archive tar command to copy all course configuration files into the flash:/tshoot directory for
each device in the topology.
 For this lab and subsequent labs, the student is responsible for loading the baseline or trouble ticket
configurations using the procedure described in the BASE Lab.
 Set the correct time on R2, which serves as the primary NTP server for the lab network. These labs
use Pacific Time Zone, but each site should use their own time zone.
 If time is an issue, each task (trouble ticket) can be performed independently.
Required Resources
 3 routers (Cisco IOS Release 15.4 or comparable)
 2 multilayer switches and 1 access layer switch (Cisco IOS Release 15.0(2) or comparable with Fast
Ethernet interfaces)
 SRV1 (PC with static IP address): Windows 7 with RADIUS, TFTP, and syslog servers, plus an SSH
client, SNMP monitor, and WireShark software
 PC-B (DHCP client): Windows 7 with SSH client and WireShark software
 PC-C (DHCP client): Windows 7 with SSH client and WireShark software
 Serial and Ethernet cables, as shown in the topology
Instructor Notes:
 This lab is divided into multiple tasks. Each task is associated with a trouble ticket (TT) and
introduces one or more errors on one or more devices.

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

 Students can work individually or as a team.

 Suggested actions and results presented during the troubleshooting process for each TT can be
shared with the students during debrief or copies of the instructor version of the lab can be made
available to the students to assist them in verifying their work.

Task 1: Trouble Ticket Lab 9-2 TT-A

Instructor note: This trouble ticket involves issues related to VRF, BGP synchronization, MD5 BGP Peer
Authentication, VTPv3, and MST.
Step 1: Review trouble ticket Lab 9-2 TT-A.
A LABCO company technology directive is to move toward using virtual routing and forwarding (VRF), in
parallel with shifts toward desktop, server, and data virtualization. In an effort to come up to speed with the
technologies, the network administrator, Sapna, built a lab environment. Sapna configured VRF on R2 to
simulate ISP routers in AS 65502 and AS 65503, to model a multihomed BGP environment, with two ISPs
accessed through edge routers R1 and R3. Sapna decided to avoid all NAT configurations and focus on VRF
and BGP. To gain BGP expertise, she implemented BGP according to the following specifications:
 R1 and R3 are iBGP peers via their loopback interfaces.
 R1 and R3 are the only BGP speakers in AS 65501.
 The R1, R2, and R3 serial interfaces are used for eBGP peering.
 AS 65501 is a transit AS, with BGP synchronization configured as a sanity check.
 BGP MD5 authentication with password cisco is configured for all BGP neighborships.
 IPv4 is the BGP transport for both IPv4 and IPv6 routes.
 AS 65502 Lo0 IPv4 and IPv6 routes are propagated via BGP from AS 65502 to AS65501.
 AS 65503 Lo1 IPv4 and IPv6 routes are propagated via BGP from AS 65503 to AS65501.
 R1 and R3 advertise 10.1.0.0/16 and their connected serial IPv6 networks via BGP.
 BGP-VRF implementation tests:
1. Successful IPv4 source traceroute from Lo1 on R2 through AS 65501 to Lo1 on R2, using the
command traceroute vrf VPN_A 192.168.2.2 source lo1 on R2 (full circle).
2. Successful IPv6 traceroute from S0/0/0 on R2 through AS65501 to Lo1 on R2, using the
command traceroute vrf VPN_A ipv6 2001:db8:cafe:222::2 on R2.
Taking advantage of the short-term administrative sanction for testing VRF, Sapna decided to also implement
MST and VTP version 3 in the LAN. She implemented MST and VTPv3 according to the following sequential
specifications:
 Ensure that VLANs 99,100,110,120,200,300,666,999 are configured on all switches. The new E-
PEER VLAN 300 is to be used as the sole VLAN for EIGRP peering between DLS1 and DLS2.
 To simplify the MST and VTPv3 configuration, allow VLANs 99,100,110,120,200,300 on all
EtherChannel trunks.
 Change the VTP domain name to TSHOOT on all switches.
 Change the VTP version to 3 on all switches.
 Change the spanning tree mode to MST on all switches.
 Change the VTP mode for the MST database to transparent on all switches (vtp mode
transparent mst in global configuration mode).

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 5 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

 Configure all switches with MST region name TSHOOT and configuration revision number 25
(administratively assigned – different from the VTP configuration revision number).
 Configure MST instance 1 on all switches to map to VLANs 99, 110, and 120.
 Change the VTP mode for both VLAN and MST databses to server on all switches.
 Configure DLS1 as the primary server for the VLAN VTP feature.
 Configure DLS2 as the primary server for the MST VTP feature.
 Configure an MD5 VTP password of cisco on all switches using the hidden keyword so that the key
generated from the password cannot be discovered from the show vtp password command
output and cannot be discovered by viewing the vlan.dat file (as a text file); the hidden keyword
forces the password to be entered each time there is a change in primary server for the VLAN VTP
feature or for the MST VTP feature.
 Configure DLS1 as the MST root for instance 1.
 Configure MST instance 2 on DLS2 to map to VLANs 100, 200, and 300. MST instance 2 should
propagate to the other switches (check with show spanning-tree mst configuration and
show spanning-tree mst).
 Configure DLS2 as the MST root for instance 2.
Sapna asked you to help troubleshoot some missing routes required for BGP-VRF implementation tests; for
example, the VRF VPN_A IPv4 routing table should have a BGP-learned route for Lo1 on R2. Your task is to
verify that the VRF-BGP implementation strictly follows her specifications, and to verify that VTPv3 is working
properly with MST. Configuration changes should be made where necessary to realize the specifications.

Step 2: Load the device trouble ticket configuration files for TT-A.
Using the procedure described in the BASE Lab, verify that the lab configuration files are present in flash. Load
the proper configuration files indicated in the Device Configuration File Table.
Note: Some of the devices have configuration files including alias commands, which are simply shortcuts for
commands that are used frequently and are tedious to enter. For example, on R1 you will see the command
alias exec srb show run | begin router bgp; this command allows you to enter srb in place of show
run | begin router bgp.

Device Configuration File Table

Device Name File to Load Notes

ALS1 Lab92-ALS1-TT-A-Cfg.txt This file contains configurations based on the “baseline” resulting
from completing TT-A for Lab 8-2.
DLS1 Lab92-DLS1-TT-A-Cfg.txt This file contains configurations based on the “baseline” resulting
from completing TT-A for Lab 8-2 – some errors within.
DLS2 Lab92-DLS2-TT-A-Cfg.txt This file contains configurations based on the “baseline” resulting
from completing TT-A for Lab 8-2.
R1 Lab92-R1-TT-A-Cfg.txt This file contains configurations based on the “baseline” resulting
from completing TT-A for Lab 8-2 – some errors within.
R2 Lab92-R2-TT-A-Cfg.txt This file contains configurations based on the “baseline” resulting
from completing TT-A for Lab 8-2.
R3 Lab92-R3-TT-A-Cfg.txt This file contains configurations based on the “baseline” resulting
from completing TT-A for Lab 8-2 – some errors within.
SRV1 N/A Static IP: 10.1.100.1/24 and 2001:DB8:CAFE:100::1/64
Default gateway: 10.1.100.254 and 2001:DB8:CAFE:100::D1
PC-B N/A DHCPv4 and DHCPv6
PC-C N/A DHCPv4 and DHCPv6

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 6 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

Instructor note: The student loads the “broken” TT configuration files for all devices, even though only the
configurations indicated in the Notes column contain errors.

Step 3: Configure SRV1 and start the syslog and TFTP servers.
Note: In this lab (Lab 9-2), R2 has its source interface for TFTP set as Loopback0 to enable archiving to
work with the IPv4 instance of the VRF configuration.

Step 4: Release and renew the DHCP lease on PC-B and PC-C.
a. Ensure that PC-B is configured as an IPv4/IPv6 DHCP client in the OFFICE VLAN and PC-C is
configured as an IPv4/IPv6 DHCP client in the GUEST VLAN.
b. After loading all TT-A device configuration files, issue the ipconfig /release and ipconfig /renew
commands on PC-B and PC-C.

Step 5: Outline the troubleshooting approach and validation steps.

Use this space to identify your troubleshooting approach and the key steps to verify that the problem is
resolved. Troubleshooting approaches to select from include the follow-the-path, perform-comparison,
bottom-up, top-down, divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem)
methods.

Note: In addition to a specific approach, you can use the generic troubleshooting process: defining a problem,
gathering information, analyzing the information, eliminating possible problem causes, formulating a
hypothesis about the likely cause of the problem, testing that hypothesis, and solving the problem.
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
The perform-comparison, bottom-up, or the follow-the-path method can be used. Other problem-solving
methods are the top-down, divide-and-conquer, shoot-from-the-hip, and swap-components approaches.
Verification steps can include:
Edge router R1 has R2 Lo0 routes appearing as BGP routes in the routing tables, and edge router R3 has
R2 Lo1 routes appearing as BGP routes in the routing tables.
The next hop addresses for the respective R2 Lo0 routes are reachable from R1 and R3.
R2 has all the right routes, as verified by show ip route vrf VPN_A, show ip route vrf VPN_B,
show ipv6 route vrf VPN_A, and show ipv6 route vrf VPN_B.
On R2 traceroute vrf VPN_A 192.168.2.2 source lo1 and traceroute vrf VPN_A ipv6
2001:db8:cafe:222::2 are successful.
All switches have MST instance 1 and 2 in their databases with: DLS1 the root for instance 1, DLS2 the
root for instance 2, DLS1 the primary server for the VLAN VTP feature, DLS2 the primary server for the
MST VTP feature, DLS1 a secondary server for the MST VTP feature, DLS2 a secondary server for the
VLAN VTP feature, and ALS1 a secondary server for both the MST and VLAN VTP features.
Create instance 3 mapped to VLAN 100 on DLS2 to test that VTPv3 is propagating MST instances
properly. Then move VLAN 100 back to instance 2.
Check that all devices can successfully archive configuration files to SRV1.

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 7 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

Step 6: Record the troubleshooting process and configuration changes.

Use this log to document your actions and results during the troubleshooting process. List the commands you
used to gather information. As you progress, record what you think the problem might be and which actions
you will take to correct the problem.

Device Actions and Results

Step 7: Document trouble ticket debrief notes.

Use this space to make notes of the key learning points that you picked up during the discussion of this
trouble ticket with your instructor. The notes can include problems encountered, solutions applied, useful
commands employed, alternate solutions and methods, and procedure and communication improvements.
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________

Trouble Ticket TT-A Debrief—Instructor Notes

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 8 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

Since the ticket describes a missing BGP route in the VRF VPN_A routing table, and since R2 is the only
router running VRF, and since the missing route has to propagate from AS 65503 to AS 65501 to AS 65502,
the BGP route has to propagate through the LAN via iBGP. So it only makes sense to first verify full LAN
connectivity together with the VTPv3 and MST specifications.
The show spanning-tree mst configuration command reveals that DLS2 and ALS1 have the
correct MST database information. But DLS1 is missing instance 2 as well as VLAN 110. MST depends on
switches in the MST region having the same VLANs, so VLAN 100 has to be added to DLS1; but attempting
to generates and error that it is not the primary server for the VLAN VTP feature; recall that VTPv3 is
specified for the LAN, as verified by the show vtp status command. Change the VLAN mode for the VTP
database to transparent: vtp mode transparent vlan. Then add VLAN 110 and change the mode back
to server:
DLS1(config)# vlan 110
DLS1(config-vlan)# name GUEST
DLS1(config-vlan)# exit
DLS1(config)# vtp mode server vlan
Setting device to VTP Server mode for VLANS.

Now MST instance 2 can be added to the MST database. But the show vtp status output shows that
DLS1 is not the primary server for the MST VTP feature, so we proceed similarly:
DLS1(config)# vtp mode transparent mst
Setting device to VTP Transparent mode for MST.
DLS1(config)# spanning-tree mst configuration
DLS1(config-mst)# instance 2 vlan 100,200,300
DLS1(config-mst)# exit
DLS1(config)# vtp mode server mst
Setting device to VTP Server mode for MST.
DLS1(config)# do show spanning-tree mst configuration
Name [TSHOOT]
Revision 25 Instances configured 3

Instance Vlans mapped

-------- ---------------------------------------------------------------------
0 1-98,101-109,111-119,121-199,201-299,301-4094
1 99,110,120
2 100,200,300
-------------------------------------------------------------------------------
DLS1(config)# do vtp primary mst force
This system is becoming primary server for feature mst
Enter VTP Password:<cisco>
Oct 29 16:36:26.354: %SW_VLAN-4-VTP_PRIMARY_SERVER_CHG: 001b.2b74.8d80 has become the primary
server for the MST VTP feature
DLS1(config)# do show vtp status
VTP Version capable : 1 to 3
VTP version running : 3
VTP Domain Name : TSHOOT
VTP Pruning Mode : Disabled
VTP Traps Generation : Enabled
Device ID : 001b.2b74.8d80

Feature VLAN:
--------------
VTP Operating Mode : Server
Number of existing VLANs : 13
Number of existing extended VLANs : 0
Maximum VLANs supported locally : 1005
Configuration Revision : 0
Primary ID : 0000.0000.0000
Primary Description :
MD5 digest :

Feature MST:
--------------
VTP Operating Mode : Primary Server
Configuration Revision : 1
Primary ID : 001b.2b74.8d80
Primary Description : DLS1

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 9 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

MD5 digest : 0x90 0xF6 0x7E 0xBE 0xBE 0x6A 0x6C 0x4A
0x58 0xFE 0xCB 0x2E 0xDC 0x2C 0x33 0xEF

Feature UNKNOWN:
--------------
VTP Operating Mode : Transparent

The port channels and the participating interfaces are down on DLS1, so attempt shutdown followed by no
shutdown on opposing port channel interfaces of each EtherChannel. This does the trick. The output of
show interfaces trunk on DLS1 confirms that all is well. Now we can move on to the BGP and VRF
issues, if any.
Recall that we are using IPv4 as the BGP transport for both IPv4 and IPv6 routes. We first focus on
troubleshooting IPv4. On R1 and R3 an invalid MD5 digest message associated with port 179 indicates a
password mismatch for the iBGP peering. The ticket says the password should be cisco, so the easiest fix is
to reenter the neighbor ip-address cisco command. The console messages immediately show the
neighborship come up.
After giving BGP time to propagate routes, the show ip route vrf VPN_A command on R2 reveals that
the Lo1 network on R2, 192.168.2.2/32 is still not present. On R1 we have
R1# show bgp ipv4 unicast
BGP table version is 9, local router ID is 1.0.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

* i 10.1.0.0/16 192.168.3.1 0 100 0 i
*> 0.0.0.0 0 32768 i
*> 192.168.2.1/32 209.165.200.226 0 0 65502 i
* i 192.168.2.2/32 192.168.3.1 0 100 0 65503 i

The route is learned via iBGP but not installed in the routing table (not advertised by eBGP to R2). It could be
a synchronization issue because iBGP routes would be propagated by eBGP if synchronization is turned off.
A check on R1 and R3 reveals that synchronization is on, consistent with the network administrator’s
specifications. The route 192.168.2.2/32 does not appear in the EIGRP topology table of R1 (show ip
eigrp topology all-links), as contrasted with 192.168.2.1/32, which appears as an external EIGRP
route in the R3 routing table and as a BGP route in the R2 VRF VPN_B routing table:
R2# show ip route vrf VPN_B | begin Gateway
Gateway of last resort is not set

10.0.0.0/16 is subnetted, 1 subnets

B 10.1.0.0 [20/0] via 209.165.200.221, 01:08:43
192.168.2.0/32 is subnetted, 2 subnets
B 192.168.2.1 [20/0] via 209.165.200.221, 01:08:13
C 192.168.2.2 is directly connected, Loopback1
209.165.200.0/24 is variably subnetted, 3 subnets, 2 masks
C 209.165.200.220/30 is directly connected, Serial0/0/1
C 209.165.200.221/32 is directly connected, Serial0/0/1
L 209.165.200.222/32 is directly connected, Serial0/0/1

Since the specifications require synchronization, we have to ensure that 192.168.2.2/32 route is present as an
IGP route in the EIGRP routing domain. On R1 we see that BGP routes are redistributed into EIGRP (for both
IPv4 and IPv6). However, on R2, there are no redistribute commands. Add the same commands on R3
as appear on R1 for both IPv4 and IPv6 EIGRP address families, in the toplogy base configuration mode:
redistribute bgp 65501 metric 1544 2000 255 1 1500. After waiting awhile for BGP, we find
that R1 has learned 192.168.2.2/32 as an external EIGRP route, and R2 has learned it via BGP:
R2# show ip route vrf VPN_A | begin Gateway
Gateway of last resort is not set

10.0.0.0/16 is subnetted, 1 subnets

B 10.1.0.0 [20/0] via 209.165.200.225, 02:41:16

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 10 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

192.168.2.0/32 is subnetted, 2 subnets

C 192.168.2.1 is directly connected, Loopback0
B 192.168.2.2 [20/0] via 209.165.200.225, 00:05:48
209.165.200.0/24 is variably subnetted, 3 subnets, 2 masks
C 209.165.200.224/30 is directly connected, Serial0/0/0
C 209.165.200.225/32 is directly connected, Serial0/0/0
L 209.165.200.226/32 is directly connected, Serial0/0/0

Finally, the requirements include specific traceroute tests:

R2# traceroute vrf VPN_A 192.168.2.2 source lo1
Type escape sequence to abort.
Tracing the route to 192.168.2.2
VRF info: (vrf in name/id, vrf out name/id)
1 209.165.200.225 4 msec 0 msec 0 msec
2 10.1.2.1 4 msec 0 msec 4 msec
3 10.1.30.253 4 msec 0 msec 4 msec
4 10.1.2.14 0 msec 0 msec 0 msec
5 209.165.200.222 4 msec * 0 msec
R2# traceroute vrf VPN_A ipv6 2001:db8:cafe:222::2
Type escape sequence to abort.
Tracing the route to 2001:DB8:CAFE:222::2

1 2001:DB8:CAFE:10::1 [AS 65501] 0 msec 0 msec 4 msec

2 2001:DB8:CAFE:20::D1 0 msec 4 msec 0 msec
3 2001:DB8:CAFE:300::D2 4 msec 0 msec 4 msec
4 2001:DB8:CAFE:212::3 0 msec 4 msec 0 msec
5 2001:DB8:CAFE:14::2 [AS 65501] 0 msec 4 msec 0 msec

For this ticket, there are no IPv6 issues to troubleshoot.

Note: While not included in this lab, there are some exotic cases with suitably connected arrays of
autonomous systems where BGP synchronization, in a particular AS with redistribution of BGP into IGP not in
effect, actually enables traffic that would otherwise be black-holed. (Try asking your neighborhood
service provider network engineer about this. In math this type of contrived exceptional behavior is called a
“pathological counterexample”.) It all comes down to strictly following the BGP best path algorithm and BGP
synchronization rules. While BGP is redistributed into the IGP(s) of an AS, it is functionally inconsequential as
to whether or not synchronization is enabled.
Note: For the remainder of this lab, MST and VTP are not included intentionally as trouble ticket issues.
However, the nature of how the configurations of the devices load may require revisiting the techniques used
to complete ticket TT-A. Often shutting down and bringing back up opposite ends of port-channel trunks is
sufficient, but sometimes it may be necessary to manually add all missing VLANs to each switch, change
VLAN and/or MST VTP modes to transparent, configure the MST region name and/or revision number,
configure an MST instance, change the VLAN and/or MST VTP modes back to specifications, and configure
the MST instance spanning-tree priority settings to specifications. After all this, it still may be necessary to
bounce opposite ends of the trunks for MST to reconverge.

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 11 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

Task 2: Trouble Ticket Lab 9-2 TT-B

Instructor note: This trouble ticket involves issues related to ACLs, HSRP interface tracking, and EIGRP
summarization.

Step 1: Review trouble ticket Lab 9-2 TT-B.

With BGP, VRF, MST, and VTPv3 now functional and LABCO network upgrades scheduled over a week
away, the network administrator, Sapna, decided to use the remaining time to secure the iBGP traffic,
implement HSRP interface tracking, and configure EIGRP summarization in the development lab. Here is the
implementation plan she followed:
 Add ACLs on DLS1 and DLS2 to restrict traffic between the loopbacks of R1 and R3. (The ACLs
cannot be applied on R1 and R3 because packets sourced by a router are not filtered by an ACL on
the same router.) Add an ACE for all UDP traffic (used for network management). Since EIGRP
updates must also be supported, add an ACE for EIGRP messaging. Add an ACE to enable ICMP
testing.
 Implement HSRP interface tracking on DLS1 so that if the uplink is down then DLS2 becomes
standby for all VLANs. Similarly, configure DLS1 to become standby for all VLANs if the uplink from
DLS2 is down.
 Create loopbacks on DLS1 and implement IPv4 and IPv6 EIGRP summarization on the uplink from
DLS2 so that the DLS1 loopback routes are summarized before propagation. Make sure that the IPv4
and IPv6 summary addresses are as economical as possible.
Sapna called you in to help her troubleshoot several issues. The iBGP connection is down. And testing
indicates that the HSRP interface tracking is not working properly. Also, R3 is not receiving the summary
routes for the loopbacks on DLS1.
You are tasked with helping Sapna troubleshoot the issues described, as well as verifying that the IPv4 and
IPv6 EIGRP summary routes are as economical as possible.

Step 2: Load the device trouble ticket configuration files for TT-B.
Using the procedure described in the BASE Lab, verify that the lab configuration files are present in flash.
Load the proper configuration files indicated in the Device Configuration File Table.

Device Configuration File Table

Device Name File to Load Notes

ALS1 Lab92-ALS1-TT-B-Cfg.txt This file contains configurations based on the “baseline” resulting from
completing TT-A for this lab.
DLS1 Lab92-DLS1-TT-B-Cfg.txt This file contains configurations based on the “baseline” resulting from
completing TT-A for this lab – some errors within.
DLS2 Lab92-DLS2-TT-B-Cfg.txt This file contains configurations based on the “baseline” resulting from
completing TT-A for this lab – some errors within.
R1 Lab92-R1-TT-B-Cfg.txt This file contains configurations based on the “baseline” resulting from
completing TT-A for this lab.
R2 Lab92-R2-TT-B-Cfg.txt This file contains configurations based on the “baseline” resulting from
completing T-A for this lab.
R3 Lab92-R3-TT-B-Cfg.txt This file contains configurations based on the “baseline” resulting from
completing TT-A for this lab.
SRV1 N/A Static IP: 10.1.100.1/24 and 2001:DB8:CAFE:100::1/64
Default gateway: 10.1.100.254 and 2001:DB8:CAFE:100::D1
PC-B N/A DHCPv4 and DHCPv6
PC-C N/A DHCPv4 and DHCPv6

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 12 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

Step 3: Configure SRV1 and start the syslog and TFTP servers, as described in Task 1.

Step 4: Release and renew the DHCP leases on PC-B and PC-C, as described in Task 1.

Step 5: Outline the troubleshooting approach and validation steps.

Use this space to identify your troubleshooting approach and the key steps to verify that the problem is
resolved. Troubleshooting approaches to select from include the follow-the-path, perform-comparison,
bottom-up, top-down, divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem)
methods.

Note: In addition to a specific approach, you can use the generic troubleshooting process: defining a problem,
gathering information, analyzing the information, eliminating possible problem causes, formulating a
hypothesis about the likely cause of the problem, testing that hypothesis, and solving the problem.
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
The follow-the-path, bottom-up, or the perform-comparison method can be used. Other problem-solving
methods are the top-down, divide-and-conquer, shoot-from-the-hip, and swap-components approaches.
Verification steps can include:
Shutting down F0/5 on DLS1 should result in DLS2 becoming the HSRP active router for all VLANs.
Shutting down F0/5 on DLS2 should result in DLS2 becoming the HSRP active router for all VLANs.
The BGP state should be Established for the iBGP neighborship.
The 10.1.0.0/24 EIGRP routes should be unchanged from the previous ticket, TT-A.
R3 should have summary routes 10.2.0.0/22 and 2001:DB8:CAFE:2000::/53 in its routing tables.

Step 6: Configure DHCP redundancy for IPv4 and IPv6.

Use this log to document your actions and results during the troubleshooting process. List the commands you
used to gather information. As you progress, record what you think the problem might be and which actions
you will take to correct the problem.

Device Actions and Results

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 13 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

Device Actions and Results

Step 7: Document trouble ticket debrief notes.

Use this space to make notes of the key learning points that you picked up during the discussion of this
trouble ticket with your instructor. The notes can include problems encountered, solutions applied, useful
commands employed, alternate solutions and methods, and procedure and communication improvements.
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
Trouble Ticket TT-B Debrief—Instructor Notes
The output from the command show bgp summary on R1 reveals that the BGP state is Active for the iBGP
session. The ACL on DLS1 is applied inward on F0/5:
access-list 100 permit tcp host 192.168.1.1 host 192.168.3.1 eq bgp
access-list 100 permit udp any any
access-list 100 permit eigrp any any
access-list 100 permit icmp any any

The ACL on DLS2 is applied inward on F0/5:

access-list 100 permit tcp host 192.168.3.1 host 192.168.1.1 eq bgp
access-list 100 permit udp any any
access-list 100 permit eigrp any any
access-list 100 permit icmp any any

Since the TCP session for iBGP is client-server connection with destination port 179. By symmetry, we can
assume without loss of generality that R1 initiates the BGP TCP session, in which case the ACL on DLS2
blocks the return TCP traffic for the iBGP session. There are several possible fixes – one is to add an ACE to
each ACL permitting the source port to be 179 – for example, on DLS1 the ACL becomes
access-list 100 permit tcp host 192.168.1.1 host 192.168.3.1 eq bgp
access-list 100 permit tcp host 192.168.1.1 eq bgp host 192.168.3.1
access-list 100 permit udp any any
access-list 100 permit eigrp any any
access-list 100 permit icmp any any

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 14 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

The result is that the iBGP session is now Established (show bgp neighbors 192.168.3.1 on R1).
Next, for the HSRP interface tracking, shut down F0/5 on DLS1. The result is…nothing changes with respect
to active/standby status for DLS1 or DLS2. Similarly, shutting down F0/5 on DLS2 has no effect on HSRP. A
look at the HSRP configuration on DLS1 SVI 99 shows
standby 99 ip 10.1.99.254
standby 99 priority 110
standby 99 preempt
standby 99 track 1 decrement 10

SVI 110 and SVI 120 on DLS1 are configured similarly. This means that when the line protocol of F0/5 goes
down, the HSRP priority is decremented from 110 to 100, which is the default HSRP priority in place for the
same SVI on DLS2. With HSRP, if priorities are equal, the current active router does not change (independent
of preempt). The decrement value needs to be greater than 10. On SVI 99, 110, and 120 on DLS1 increase
the decrement to 20; on SVI 100 and 200 on DLS2 increase the decrement to 20; e.g., on DLS1 SVI 99:
standby 99 track F0/5 20

Note that the switch treats this command like a macro and converts this singular command to
standby 99 track 1 decrement 20

in interface VLAN 99 configuration mode and

track 1 interface FastEthernet0/5 line-protocol

in global configuration mode (à la VRRP interface tracking). This track command is referenced by each SVI
configured with HSRP interface tracking since they are all tracking the same interface (F0/5).
Now, shutting down F0/5 on DLS1 forces DLS2 to become the HSRP active router for VLANs 99, 110, and
120 (it was already active for VLANs 100 and 200). Bringing F0/5 on DLS1 back up and then shutting down
F0/5 on DLS2 forces DLS1 to become the HSRP active router for VLANs 100 and 200 (it is active for VLANs
99, 110, and 120 under normal circumstances).
The next task is to troubleshoot EIGRP route summarization. First note that DLS2 is receiving the loopback
IPv6 EIGRP networks from DLS1, but not the IPv4 networks. Recall that with EIGRP Named mode, routes
associated with IPv6-enabled interfaces are automatically propagated as soon as an IPv6 address-family is
defined. However, for an IPv4 address-family it is still necessary to use network commands. On DLS1, the
network commands for the loopback interfaces are missing; add the loopback networks:
router eigrp HQ
address-family ipv4 unicast autonomous-system 1
network 10.2.1.1 0.0.0.0
network 10.2.2.1 0.0.0.0

Now the loopback IPv4 EIGRP networks from DLS1 are seen on DLS2.
A look at the routing tables on R3 reveals that the expected summary routes from DLS2 are not present. Here
is the DLS2 F0/5 configuration:
ip summary-address eigrp 1 10.2.0.0 255.255.252.0
ipv6 summary-address eigrp 1 2001:DB8:CAFE:2000::/52

It may take awhile to figure out why this is not working. The problem is that we are using EIGRP Named
Mode, so the configurations are in the wrong place! The commands belong in the F0/5 af-interface mode
under the respective address family within the EIGRP HQ parent mode. Once the summary-address
commands are entered in the correct mode, the summaries are propagated to R3:
R3# show ip route | include 10.2.0.0
D 10.2.0.0/22 [90/2667520] via 10.1.2.13, 01:01:34, GigabitEthernet0/1
R3# show ipv6 route | include 2001:DB8:CAFE:2000::
D 2001:DB8:CAFE:2000::/52 [90/2667520]

The only thing left to check is the economy of the summary addresses. The IPv4 summary is 22 bits, which is
the longest possible prefix. But a little binary math reveals that the IPv6 summary can be 53 bits instead of 52;
change the summary address configuration on DLS2:
router eigrp HQ
address-family ipv6 unicast autonomous-system 1
af-interface FastEthernet0/5

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 15 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

summary-address 2001:DB8:CAFE:2000::/53

Task 3: Trouble Ticket Lab 9-2 TT-C

Instructor note: This trouble ticket involves R1 prefix advertisement and issues related to AAA, HSRP SLA
object tracking, LLDP, and port security.

Step 1: Review trouble ticket Lab 9-2 TT-C.

Time was running short for the network administrator, Sapna, to wrap up any testing in the development lab
prior to the network upgrade. In the remaining time she decided to focus on SLA object tracking for HSRP,
LLDP, and port security. Sapna introduced SLA object tracking and LLDP into the topology. She made initial
attempts to scale the port security configuration. Here is the implementation plan she followed:
 Remove HSRP interface tracking from DLS1 and DLS2.
 Configure HSRP with SLA object tracking. On DLS1, create an SLA based on TCP connectivity to
port 22 for the IPv6 address of interface S0/0/0 on R1. If the TCP session between DLS1 and R1
S0/0/0 fails then DLS2 becomes the active router for VLANs 99, 110, and 120. The IPv4 networks for
the serial links are not advertised via EIGRP to the LAN but the IPv6 networks are – this explains why
IPv6 is used for the SLA. Also, there is a known issue with the ICMP echo SLA with IPv6 – this
explains why the TCP Connect option is used. When the line protocol for F0/5 on DLS1 is down, the
IPv6 route for R1 S0/0/0 is not in the routing table of DLS1 (Inter-VRF routing is not configured on R2,
so DLS1 has no way to learn the IPv6 route for R1 S0/0/0 if F0/5 on DLS1 is down), so R1 S0/0/0 is
not reachable from DLS1 when the line protocol for F0/5 on DLS1 is down. Hence, the SLA state is
down when either the DLS1-R1 uplink is down or the R1-R2 serial link is down. The point is that this
HSRP SLA object tracking solution improves upon the previous HSRP interface tracking solution.
 On DLS2, create a parallel HSRP SLA object tracking solution based on TCP connectivity to port 22
for the IPv6 address of interface S0/0/1 on R3.
 In consideration of the fact that the SLA objects are using TCP Connect with port 22, ensure that it is
still possible to SSH to R1 and to R2.
 Globally enable Link Layer Discovery Protocol (LLDP) on all network devices (lldp run). Ensure
that all network devices can “see” their neighbors via LLDP.
 Port security is removed from the ALS1 ports associated with OFFICE VLAN 120, and port security is
added to the two ALS1 port-channel interfaces, allowing up to 10 sticky secure MAC addresses each.
Sapna has come to depend on your exceptional troubleshooting expertise. Help Sapna figure out why HSRP
failover is not working when some uplinks and serial links are down. Also, she is not sure if TCP Connect is
the cause, but she says SSH to one of the edge routers is failing. And the VRF router is not seeing any LLDP
neighbors! Lastly, Sapna needs help determining how she underestimated the MAC address count required
to prevent port security from placing interfaces in the err-disable state.

Step 2: Load the device trouble ticket configuration files for TT-C.
Using the procedure described in the BASE Lab, verify that the lab configuration files are present in flash.
Load the proper configuration files indicated in the Device Configuration File Table.

Device Configuration File Table

Device Name File to Load Notes
ALS1 Lab92-ALS1-TT-C-Cfg.txt This file contains configurations based on the “baseline” resulting from
completing TT-B for this lab.
DLS1 Lab92-DLS1-TT-C-Cfg.txt This file contains configurations based on the “baseline” resulting from
completing TT-B for this lab.
DLS2 Lab92-DLS2-TT-C-Cfg.txt This file contains configurations based on the “baseline” resulting from
completing TT-B for this lab – some errors within.
R1 Lab92-R1-TT-C-Cfg.txt This file contains configurations based on the “baseline” resulting from
completing TT-B for this lab – some errors within.

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 16 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

Device Name File to Load Notes

R2 Lab92-R2-TT-C-Cfg.txt This file contains configurations based on the “baseline” resulting from
completing TT-B for this lab – some errors within.
R3 Lab92-R3-TT-C-Cfg.txt This file contains configurations based on the “baseline” resulting from
completing TT-B for this lab – some errors within.
SRV1 N/A Static IP: 10.1.100.1/24 and 2001:DB8:CAFE:100::1/64
Default gateway: 10.1.100.254 and 2001:DB8:CAFE:100::D1
PC-B N/A DHCPv4 and DHCPv6
PC-C N/A DHCPv4 and DHCPv6

Step 3: Configure SRV1 and start the syslog and TFTP servers, as described in Task 1.

Step 4: Release and renew the DHCP leases on PC-B and PC-C, as described in Task 1.

Step 5: Outline the troubleshooting approach and validation steps.

Use this space to identify your troubleshooting approach and the key steps to verify that the problem is
resolved. Troubleshooting approaches to select from include the follow-the-path, perform-comparison,
bottom-up, top-down, divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem)
methods.
Note: In addition to a specific approach, you can use the generic troubleshooting process: defining a problem,
gathering information, analyzing the information, eliminating possible problem causes, formulating a
hypothesis about the likely cause of the problem, testing that hypothesis, and solving the problem.
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
The follow-the-path, bottom-up, or the perform-comparison method can be used. Other problem-solving
methods are the top-down, divide-and-conquer, shoot-from-the-hip, and swap-components approaches.
Verification steps can include:
 Shutting down DLS1-R1 uplink or R1-R2 uplink results in DLS2 becoming the active HSRP router for
VLANs 99, 110, and 120.
 Shutting down DLS2-R3 uplink or R3-R2 uplink results in DLS1 becoming the active HSRP router for
VLANs 100 and 200.
 SSH to edge routers is successful.
 DLS1, ALS1, DLS2, R1, and R3 can see their LLDP neighbors.
 The number of MAC addresses associated with each of ALS1 Po1 and Po2 is less than the maximum
number specified by the port-security commands on the trunk ports.

Step 6: Record the troubleshooting process and configuration changes.

Use this log to document your actions and results during the troubleshooting process. List the commands you
used to gather information. As you progress, record what you think the problem might be and which actions
you will take to correct the problem.

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 17 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

Device Actions and Results

Step 7: Document trouble ticket debrief notes.

Use this space to make notes of the key learning points that you picked up during the discussion of this
trouble ticket with your instructor. The notes can include problems encountered, solutions applied, useful
commands employed, alternate solutions and methods, and procedure and communication improvements.
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________

Trouble Ticket TT-C Debrief—Instructor Notes

By now it may be evident that getting the LAN in order takes priority. Depending on your setup, you may see
that the port-channels on ALS1 are being err-disabled by port security from MAC-address-overload.

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 18 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

Rather than delay troubleshooting port security issues, which can be notoriously stubborn, the bottom-up and
follow-the-path approach here is recommended: remove port security temporarily, get MST and VTP
functioning, and then reapply port security. Here is one recommended approach:
1. Shut down the port-channel interfaces on ALS1 (this also shuts down the constituent interfaces).
2. Remove the switchport port-security command on the port-channel and constituent
interfaces of ALS1.
3. Use the clear port-security all interface port-channel 1 and clear port-
security all interface port-channel 2 commands on ALS1.
4. Increase the maximum count for sticky secure MAC addresses allowed by port security on the port-
channel and constituent interfaces of ALS1.
5. If you are using NETLAB then you are more likely to see the port security err-disable issue come up –
it may take awhile for your students to discover that the “unused” G0/0 interfaces on R1, R2, and R3
have the commands ip address dhcp and no shutdown configured, which is definitely
contributing to the MAC address count - shut these interfaces down.
6. Bring up the port-channel interfaces (port security should still be disabled): enter interface range
po1,po2 followed by no shutdown to bring up the port channels and constituent interfaces on
ALS1.
7. Bring MST and VTP to the normal functioning state prescribed by the specifications (TT-A).
8. Shut down the port-channel interfaces on ALS1.
9. Add the command switchport port-security commands on the port-channel and constituent
interfaces of ALS1. Note that you have to enable port security on a port-channel interface before you
can enable it on a constituent interface.
10. Bring up the port channels and the constituent interfaces as in Step 6.
Port Security Notes:
 ALS1 is (and has been since the first lab) configured with the commands errdisable recovery
cause psecure-violation and errdisable recovery interval 120, so every two
minutes ALS1 attempts to recover from the err-disable state.
 A little detective work tracking down MAC addresses from the output of show run interface po1
and show run interface po2 on ALS1 reveals that some sticky secure MAC addresses come
from the SVIs on the switches and some from the HSRP virtual MAC addresses (appearing in the
MAC address table as static CPU addresses).
 The command show port-security interface F0/1 shows the maximum number of MAC
addresses allowed on F0/1 (for example).
Hopefully this brings the port security under control. It is not useful to allow the port security issues to
monopolize more than 30 minutes of lab time, as the behavior is somewhat inconsistent when MST, HSRP,
EtherChannel, and IP SLA (next issue) are all in play; if the interfaces continue to shut down due to port
security after 30 minutes of specifically troubleshooting port security behavior, instruct students to remove the
switchport port-security command on the port-channel and constituent interfaces of ALS1.

Next, the HSRP TCP Connect SLA object tracking issue can be addressed.
The show ip sla statistics command on DLS1 indicates all successes and no failures, and the show
track command on DLS1 indicates that SLA 2 is “Up”.
On DLS2, the show track command indicates all successes and no failures. But the show track
command on DLS2 has no output at all! Using the perform-comparison troubleshooting approach, we see
from DLS1 to add the command track 23 ip sla 2 in global configuration mode on DLS1. The show

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 19 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

track command on DLS2 now indicates proper tracking operation on DLS2, but we still need to check
whether HSRP failover is working correctly based on the tracking of this object:
 Shutting down DLS1-R1 uplink or R1-R2 uplink results in DLS2 becoming the active HSRP router for
VLANs 99, 110, and 120.
 Shutting down DLS2-R3 uplink or R3-R2 uplink results in DLS1 becoming the active HSRP router for
VLANs 100 and 200.

Next to troubleshoot is SSH access to the edge routers. Taking the divide-and-conquer approach, SSH to R3
from DLS2 fails, but SSH to R3 from R2 succeeds. This indicates an ACL issue. We only have packet filters on
DLS1 and DLS2 (from TT-A); they restrict TCP to BGP, so we update the ACLs, adding the lines:
access-list 100 permit tcp any any eq 22
access-list 100 permit tcp any eq 22 any

After these ACL updates, SSH from the LAN works to R3 but not to R1.
On R1 we see:
R1# show run | section line vty
line vty 0 4
exec-timeout 0 0
logging synchronous
login
transport input ssh

On R3 we see:
R3# show run | section line vty
line vty 0 4
exec-timeout 0 0
logging synchronous
transport input ssh

With SSH to R3 prompting for a username and password, the only possibility is that AAA is in effect. AAA was
in fact stipulated in the original baseline. On R1 we find:
R1# show run | include aaa
no aaa new-model

Cut-and-paste the baseline AAA configuration for R1:

aaa new-model
aaa authentication login default local
aaa authentication login CONSOLE none
aaa authorization exec default local

Now SSH works to R1. Note that the TCP Connect feature of SLA 2 does not prevent SSH access to R1 or
R3, even if the IPv6 addresses in the IPv6-defined SLA are used as destination IPv6 SSH addresses.

For LLDP, note that the Cisco implementation of LLDP is based on the IEEE 802.1ab standard. The point of
this anecdote is the “802.1” part. The 802.1 standards are bridging and network management standards
specific to the LAN and MAN. In particular, they deal with Ethernet, FDDI, and Token Ring. LLDP, unlike
CDP, does not work over serial links. This explains why R2 does not see any LLDP neighbors.

Since the port security issues were resolved at the beginning, this completes the ticket resolution.

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 20 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

Device Configurations (Instructor version)

Note: All device configurations are provided for TT-A, TT-B, and TT-C. The configs provided here are not
running-config outputs. They can be used for copy-and-paste. The MOTD identifies the Lab and TT.

TT-A Configurations
Switch ALS1
!Lab 9-2 Switch ALS1 TT-A Config
!
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ALS1
!
logging buffered 16384
enable secret cisco
!
username cisco secret cisco
aaa new-model
!
!
aaa authentication login default local
aaa authentication login CONSOLE none
aaa authorization exec default local
!
!
clock timezone PST -8
clock summer-time PDT recurring
do clock set 09:05:00 Oct 29 2014
system mtu routing 1500
ip routing
!
!
no ip domain-lookup
ip domain-name tshoot.net
ipv6 unicast-routing
!
errdisable recovery cause psecure-violation
errdisable recovery interval 120
!
vtp mode transparent
!
vlan 99
name MANAGEMENT
!
vlan 100
name SERVERS
!
vlan 110
name GUEST
!
vlan 120
name OFFICE
!
vlan 200
name VOICE
!
vlan 300

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 21 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

name E-PEER
!
vlan 666
name NATIVE

vlan 999
name PARKING_LOT
!
spanning-tree mode mst
spanning-tree portfast default
!
vtp domain TSHOOT
vtp version 3
vtp mode transparent mst
vtp mode server vlan
spanning-tree mst configuration
name TSHOOT
revision 25
instance 1 vlan 99,110,120
exit
vtp mode server mst
vtp password cisco hidden
!
ip ssh source-interface Vlan99
ip ssh dh min size 2048
!
!
interface Port-channel1
description Channel to DLS1
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
no shutdown
!
interface Port-channel2
description Channel to DLS2
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
no shutdown
!
interface FastEthernet0/1
description Channel to DLS1
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
channel-group 1 mode on
no shutdown
!
interface FastEthernet0/2
description Channel to DLS1
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
channel-group 1 mode on
no shutdown
!
interface FastEthernet0/3
description Channel to DLS2
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
channel-group 2 mode on
no shutdown
!
interface FastEthernet0/4
description Channel to DLS2
switchport trunk native vlan 666

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 22 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

switchport trunk allowed vlan 99,100,110,120,200,300

switchport mode trunk
switchport nonegotiate
channel-group 2 mode on
no shutdown
!
interface FastEthernet0/5
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/6
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/7
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/8
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/9
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/10
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/11
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/12
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/13
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/14
description PARKING_LOT
switchport access vlan 999
switchport mode access

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 23 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

switchport nonegotiate
shutdown
!
interface FastEthernet0/15
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/16
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/17
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/18
description To PC-B
switchport access vlan 120
switchport mode access
switchport voice vlan 200
switchport port-security maximum 3
switchport port-security
switchport port-security mac-address sticky
spanning-tree portfast
no shutdown
!
interface FastEthernet0/19
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/20
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/21
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/22
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/23
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/24
description PARKING_LOT
switchport access vlan 999

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 24 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

switchport mode access

switchport nonegotiate
shutdown
!
interface GigabitEthernet0/1
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface GigabitEthernet0/2
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 10.1.99.251 255.255.255.0
ipv6 address FE80::A1 link-local
ipv6 address 2001:DB8:CAFE:99::A1/64
no ip proxy-arp
no shutdown
!
interface Vlan110
ip address 10.1.110.251 255.255.255.0
ipv6 address FE80::A1 link-local
ipv6 address 2001:DB8:CAFE:110::A1/64
ipv6 nd prefix 2001:DB8:CAFE:110::/64 no-autoconfig
ipv6 nd managed-config-flag
no ip proxy-arp
no shutdown
!
interface Vlan120
ip address 10.1.120.251 255.255.255.0
ipv6 address FE80::A1 link-local
ipv6 address 2001:DB8:CAFE:120::A1/64
ipv6 nd prefix 2001:DB8:CAFE:120::/64 no-autoconfig
ipv6 nd managed-config-flag
no ip proxy-arp
no shutdown
!
interface Vlan200
ip address 10.1.200.251 255.255.255.0
ipv6 address FE80::A1 link-local
ipv6 address 2001:DB8:CAFE:200::A1/64
ipv6 nd prefix 2001:DB8:CAFE:200::/64 no-autoconfig
ipv6 nd managed-config-flag
no ip proxy-arp
no shutdown
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.1.99.254
logging source-interface Vlan99
logging host 10.1.100.1
ipv6 route ::/0 2001:DB8:CAFE:99::D1
!
snmp-server community cisco RO
snmp-server community san-fran RW
snmp-server trap-source Vlan99
snmp-server location TSHOOT Lab Facility
snmp-server contact [email protected]
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps port-security
snmp-server enable traps vlan-membership

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 25 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

snmp-server host 10.1.100.1 version 2c cisco

!
banner motd ^*** Lab 9-2 Switch ALS1 TT-A Config ***^
!
ipv6 access-list REMOTEv6
deny ipv6 any any
!
line con 0
exec-timeout 0 0
logging synchronous
login authentication CONSOLE
line vty 0 4
exec-timeout 0 0
ipv6 access-class REMOTEv6 in
logging synchronous
length 0
transport input ssh
!
ntp source Vlan99
ntp server 192.168.2.1
!
crypto key gen rsa general-keys modulus 1024
!
!
archive
log config
logging enable
logging size 50
notify syslog contenttype plaintext
hidekeys
path tftp://10.1.100.1/$h-archive-config
write-memory
file prompt quiet
!
end
!

Switch DLS1
!Lab 9-2 Switch DLS1 TT-A Config
!
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname DLS1
!
!
logging buffered 16384
enable secret cisco
!
username cisco secret cisco
aaa new-model
!
!
aaa authentication login default local
aaa authentication login CONSOLE none
aaa authorization exec default local
!
!
clock timezone PST -8
clock summer-time PDT recurring
do clock set 09:05:00 Oct 29 2014
system mtu routing 1500
ip routing
no ip domain-lookup
ip domain-name tshoot.net
!
ip dhcp excluded-address 10.1.110.1 10.1.110.5
ip dhcp excluded-address 10.1.120.1 10.1.120.5
ip dhcp excluded-address 10.1.200.1 10.1.200.5
ip dhcp excluded-address 10.1.120.129 10.1.120.254
ip dhcp excluded-address 10.1.200.129 10.1.200.254

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 26 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

ip dhcp excluded-address 10.1.110.129 10.1.110.254

!
ip dhcp pool VOICE
network 10.1.200.0 255.255.255.0
default-router 10.1.200.254
!
ip dhcp pool GUEST
network 10.1.110.0 255.255.255.0
default-router 10.1.110.254
!
ip dhcp pool OFFICE
network 10.1.120.0 255.255.255.0
default-router 10.1.120.254
!
!
ipv6 unicast-routing
ipv6 dhcp pool DHCPv6OFFICE
address prefix 2001:DB8:CAFE:120:ABCD::/80
domain-name tshoot.net
!
ipv6 dhcp pool DHCPv6VOICE
address prefix 2001:DB8:CAFE:200:ABCD::/80
domain-name tshoot.net
!
ipv6 dhcp pool DHCPv6GUEST
address prefix 2001:DB8:CAFE:110:ABCD::/80
domain-name tshoot.net
!
!
errdisable recovery cause bpduguard
!
!
vlan 99
name MANAGEMENT
!
vlan 100
name SERVERS
!
vlan 120
name OFFICE
!
vlan 200
name VOICE
!
vlan 300
name E-PEER
!
vlan 666
name NATIVE
!
vlan 999
name PARKING_LOT
!
!
spanning-tree mode mst
!
vtp domain TSHOOT
vtp version 3
vtp mode server vlan
vtp mode transparent mst
spanning-tree mst configuration
name TSHOOT
revision 25
instance 1 vlan 99,110,120
exit
vtp mode server mst
do vtp primary vlan force
vtp password cisco hidden
!
spanning-tree mst 1 priority 24576
spanning-tree mst 2 priority 28672
spanning-tree portfast default
!

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 27 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

ip ssh source-interface Vlan99

ip ssh dh min size 2048
!
interface Port-channel1
description Channel to ALS1
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
no shutdown
!
interface Port-channel10
description Channel to DLS2
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
shutdown
!
interface FastEthernet0/1
description Channel to ALS1
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
channel-group 1 mode on
no shutdown
!
interface FastEthernet0/2
description Channel to ALS1
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
channel-group 1 mode on
no shutdown
!
interface FastEthernet0/3
description Channel to DLS2
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
channel-group 10 mode on
shutdown
!
interface FastEthernet0/4
description Channel to DLS2
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
channel-group 10 mode on
shutdown
!
interface FastEthernet0/5
description FE to R1
no switchport
ip address 10.1.2.1 255.255.255.252
ipv6 address FE80::D1 link-local
ipv6 address 2001:DB8:CAFE:20::D1/64
speed 100
duplex full
spanning-tree bpduguard enable
no shutdown
!
interface FastEthernet0/6

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 28 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

description FE to SRV1
switchport access vlan 100
switchport mode access
switchport nonegotiate
spanning-tree portfast
no shutdown
!
interface FastEthernet0/7
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/8
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/9
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/10
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/11
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/12
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/13
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/14
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/15
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/16
description PARKING_LOT
switchport access vlan 999

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 29 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

switchport mode access

switchport nonegotiate
shutdown
!
interface FastEthernet0/17
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/18
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/19
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/20
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/21
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/22
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/23
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/24
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface GigabitEthernet0/1
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface GigabitEthernet0/2
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 30 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 10.1.99.252 255.255.255.0
no ip proxy-arp
standby 99 ip 10.1.99.254
standby 99 priority 110
standby 99 preempt
ipv6 address FE80::D1 link-local
ipv6 address 2001:DB8:CAFE:99::D1/64
no shutdown
!
interface Vlan100
ip address 10.1.100.252 255.255.255.0
no ip proxy-arp
standby 100 ip 10.1.100.254
standby 100 preempt
ipv6 address FE80::D1 link-local
ipv6 address 2001:DB8:CAFE:100::D1/64
no shutdown
!
interface Vlan110
ip address 10.1.110.252 255.255.255.0
no ip proxy-arp
standby 110 ip 10.1.110.254
standby 110 priority 110
standby 110 preempt
ipv6 address FE80::D1 link-local
ipv6 address 2001:DB8:CAFE:110::D1/64
ipv6 nd prefix 2001:DB8:CAFE:110::/64 no-autoconfig
ipv6 nd managed-config-flag
ipv6 dhcp server DHCPv6GUEST
no shutdown
!
interface Vlan120
ip address 10.1.120.252 255.255.255.0
no ip proxy-arp
standby 120 ip 10.1.120.254
standby 120 priority 110
standby 120 preempt
ipv6 address FE80::D1 link-local
ipv6 address 2001:DB8:CAFE:120::D1/64
ipv6 nd prefix 2001:DB8:CAFE:120::/64 no-autoconfig
ipv6 nd managed-config-flag
ipv6 dhcp server DHCPv6OFFICE
no shutdown
!
interface Vlan200
ip address 10.1.200.252 255.255.255.0
no ip proxy-arp
standby 200 ip 10.1.200.254
standby 200 preempt
ipv6 address FE80::D1 link-local
ipv6 address 2001:DB8:CAFE:200::D1/64
ipv6 nd prefix 2001:DB8:CAFE:200::/64 no-autoconfig
ipv6 nd managed-config-flag
ipv6 dhcp server DHCPv6VOICE
no shutdown
!
interface Vlan300
ip address 10.1.30.252 255.255.255.0
no ip proxy-arp
ipv6 address FE80::D1 link-local
ipv6 address 2001:DB8:CAFE:300::D1/64
no shutdown
!
router eigrp HQ
!
address-family ipv4 unicast autonomous-system 1
!

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 31 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

af-interface default
passive-interface
exit-af-interface
!
af-interface f0/5
no passive-interface
exit-af-interface
!
af-interface vlan300
no passive-interface
exit-af-interface
!
topology base
exit-af-topology
network 10.1.0.0 0.0.255.255
exit-address-family
!
address-family ipv6 unicast autonomous-system 1
!
af-interface default
passive-interface
exit-af-interface
!
af-interface f0/5
no passive-interface
exit-af-interface
!
af-interface vlan300
no passive-interface
exit-af-interface
!
topology base
exit-af-topology
exit-address-family
!
no ip http server
no ip http secure-server
!
!
logging source-interface Vlan99
logging host 10.1.100.1
!
snmp-server community cisco RO
snmp-server community san-fran RW
snmp-server trap-source Vlan99
snmp-server location TSHOOT Lab Facility
snmp-server contact [email protected]
snmp-server enable traps eigrp
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps port-security
snmp-server enable traps config
snmp-server enable traps hsrp
snmp-server enable traps vlan-membership
snmp-server enable traps errdisable
snmp-server host 10.1.100.1 version 2c cisco
!
!
banner motd ^*** Lab 9-2 Switch DLS1 TT-A Config ***^
!
line con 0
exec-timeout 0 0
logging synchronous
login authentication CONSOLE
line vty 0 4
exec-timeout 0 0
logging synchronous
transport input ssh
!
ntp source Vlan99
ntp server 192.168.2.1
!

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 32 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

crypto key gen rsa general-keys modulus 1024

!
archive
log config
logging enable
logging size 50
notify syslog contenttype plaintext
hidekeys
path tftp://10.1.100.1/$h-archive-config
write-memory
file prompt quiet
!
end
!

Switch DLS2
!Lab 9-2 Switch DLS2 TT-A Config
!
service timestamps debug datetime msec
service timestamps log datetime
service password-encryption
!
hostname DLS2
!
!
logging buffered 16384
enable secret cisco
!
username cisco secret cisco
aaa new-model
!
!
aaa authentication login default local
aaa authentication login CONSOLE none
aaa authorization exec default local
!
!
clock timezone PST -8
clock summer-time PDT recurring
do clock set 09:05:00 Oct 29 2014
system mtu routing 1500
ip routing
no ip domain-lookup
ip domain-name tshoot.net
!
!
ip dhcp excluded-address 10.1.120.251 10.1.120.254
ip dhcp excluded-address 10.1.200.251 10.1.200.254
ip dhcp excluded-address 10.1.110.251 10.1.110.254
ip dhcp excluded-address 10.1.110.1 10.1.110.128
ip dhcp excluded-address 10.1.120.1 10.1.120.128
ip dhcp excluded-address 10.1.200.1 10.1.200.128
!
ip dhcp pool VOICE
network 10.1.200.0 255.255.255.0
default-router 10.1.200.254
!
ip dhcp pool GUEST
network 10.1.110.0 255.255.255.0
default-router 10.1.110.254
!
ip dhcp pool OFFICE
network 10.1.120.0 255.255.255.0
default-router 10.1.120.254
!
!
ipv6 unicast-routing
!
ipv6 dhcp pool DHCPv6OFFICE
address prefix 2001:DB8:CAFE:120:ABCD::/80
domain-name tshoot.net

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 33 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

!
ipv6 dhcp pool DHCPv6VOICE
address prefix 2001:DB8:CAFE:200:ABCD::/80
domain-name tshoot.net
!
ipv6 dhcp pool DHCPv6GUEST
address prefix 2001:DB8:CAFE:110:ABCD::/80
domain-name tshoot.net
!
!
errdisable recovery cause bpduguard
!
!
vlan 99
name MANAGEMENT
!
vlan 100
name SERVERS
!
vlan 110
name GUEST
!
vlan 120
name OFFICE
!
vlan 200
name VOICE
!
vlan 300
name E-PEER
!
vlan 666
name NATIVE
!
vlan 999
name PARKING_LOT
!
!
spanning-tree mode mst
!
vtp domain TSHOOT
vtp version 3
vtp mode server mst
vtp mode server vlan
do vtp primary mst force
!
!
spanning-tree mst configuration
name TSHOOT
revision 25
instance 1 vlan 99,110,120
exit
vtp password cisco hidden
!
!
spanning-tree mst 1 priority 28672
spanning-tree mst 2 priority 24576
spanning-tree portfast default
!
ip ssh source-interface Vlan99
ip ssh dh min size 2048
!
interface Port-channel2
description Channel to ALS1
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
no shutdown
!
interface Port-channel10
description Channel to DLS1

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 34 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

switchport trunk encapsulation dot1q

switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
no shutdown
!
interface FastEthernet0/1
description Channel to ALS1
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
channel-group 2 mode on
no shutdown
!
interface FastEthernet0/2
description Channel to ALS1
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
channel-group 2 mode on
no shutdown
!
interface FastEthernet0/3
description Channel to DLS1
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
channel-group 10 mode on
no shutdown
!
interface FastEthernet0/4
description Channel to DLS1
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
channel-group 10 mode on
no shutdown
!
interface FastEthernet0/5
description FE to R3
no switchport
ip address 10.1.2.13 255.255.255.252
ipv6 address FE80::D2 link-local
ipv6 address 2001:DB8:CAFE:212::D2/64
speed 100
duplex full
spanning-tree bpduguard enable
no shutdown
!
interface FastEthernet0/6
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/7
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/8

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 35 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/9
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/10
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/11
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/12
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/13
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/14
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/15
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/16
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/17
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/18
description FE to PC-C
switchport access vlan 110
switchport mode access

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 36 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

switchport nonegotiate
spanning-tree portfast
no shutdown
!
interface FastEthernet0/19
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/20
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/21
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/22
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/23
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/24
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface GigabitEthernet0/1
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface GigabitEthernet0/2
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 10.1.99.253 255.255.255.0
no ip proxy-arp
standby 99 ip 10.1.99.254
standby 99 preempt
ipv6 address FE80::D2 link-local
ipv6 address 2001:DB8:CAFE:99::D2/64
no shutdown
!

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 37 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

interface Vlan100
ip address 10.1.100.253 255.255.255.0
no ip proxy-arp
standby 100 ip 10.1.100.254
standby 100 priority 110
standby 100 preempt
ipv6 address FE80::D2 link-local
ipv6 address 2001:DB8:CAFE:100::D2/64
ipv6 nd prefix 2001:DB8:CAFE:100::/64 no-autoconfig
ipv6 nd managed-config-flag
no shutdown
!
interface Vlan110
ip address 10.1.110.253 255.255.255.0
no ip proxy-arp
standby 110 ip 10.1.110.254
standby 110 preempt
ipv6 address FE80::D2 link-local
ipv6 address 2001:DB8:CAFE:110::D2/64
ipv6 nd prefix 2001:DB8:CAFE:110::/64 no-autoconfig
ipv6 nd managed-config-flag
ipv6 dhcp server DHCPv6GUEST
no shutdown
!
interface Vlan120
ip address 10.1.120.253 255.255.255.0
no ip proxy-arp
standby 120 ip 10.1.120.254
standby 120 preempt
ipv6 address FE80::D2 link-local
ipv6 address 2001:DB8:CAFE:120::D2/64
ipv6 nd prefix 2001:DB8:CAFE:120::/64 no-autoconfig
ipv6 nd managed-config-flag
ipv6 dhcp server DHCPv6OFFICE
no shutdown
!
interface Vlan200
ip address 10.1.200.253 255.255.255.0
no ip proxy-arp
standby 200 ip 10.1.200.254
standby 200 priority 110
standby 200 preempt
ipv6 address FE80::D2 link-local
ipv6 address 2001:DB8:CAFE:200::D2/64
ipv6 nd prefix 2001:DB8:CAFE:200::/64 no-autoconfig
ipv6 nd managed-config-flag
ipv6 dhcp server DHCPv6VOICE
no shutdown
!
interface Vlan300
ip address 10.1.30.253 255.255.255.0
no ip proxy-arp
ipv6 address FE80::D2 link-local
ipv6 address 2001:DB8:CAFE:300::D2/64
no shutdown
!
router eigrp HQ
!
address-family ipv4 unicast autonomous-system 1
!
af-interface default
passive-interface
exit-af-interface
!
af-interface f0/5
no passive-interface
exit-af-interface
!
af-interface vlan300
no passive-interface
exit-af-interface
!
topology base

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 38 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

exit-af-topology
network 10.1.0.0 0.0.255.255
exit-address-family
!
address-family ipv6 unicast autonomous-system 1
!
af-interface default
passive-interface
exit-af-interface
!
af-interface f0/5
no passive-interface
exit-af-interface
!
af-interface vlan300
no passive-interface
exit-af-interface
!
topology base
exit-af-topology
exit-address-family
!
no ip http server
no ip http secure-server
!
!
logging source-interface Vlan99
logging host 10.1.100.1
!
snmp-server community cisco RO
snmp-server community san-fran RW
snmp-server trap-source Vlan99
snmp-server location TSHOOT Lab Facility
snmp-server contact [email protected]
snmp-server enable traps eigrp
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps port-security
snmp-server enable traps config
snmp-server enable traps hsrp
snmp-server enable traps vlan-membership
snmp-server enable traps errdisable
snmp-server host 10.1.100.1 version 2c cisco
!
!
banner motd ^*** Lab 9-2 Switch DLS2 TT-A Config ***^
!
line con 0
exec-timeout 0 0
logging synchronous
login authentication CONSOLE
line vty 0 4
exec-timeout 0 0
logging synchronous
transport input ssh
!
ntp source Vlan99
ntp server 192.168.2.1
!
crypto key gen rsa general-keys modulus 1024
!
archive
log config
logging enable
logging size 50
notify syslog contenttype plaintext
hidekeys
path tftp://10.1.100.1/$h-archive-config
write-memory
file prompt quiet
!
end

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 39 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

Router R1
!Lab 9-2 Router R1 TT-A Config
!
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R1
!
logging buffered 16384
enable secret cisco
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login CONSOLE none
aaa authorization exec default local
!
!
clock timezone PST -8
clock summer-time PDT recurring
do clock set 09:05:00 Oct 29 2014
!
!
no ip domain lookup
ip domain name tshoot.net
ip cef
ipv6 unicast-routing
ipv6 cef
!
username cisco secret cisco
!
!
ip ssh source-interface Loopback0
ip ssh dh min size 2048
!
!
interface Loopback0
ip address 192.168.1.1 255.255.255.255
ipv6 address FE80::1 link-local
ipv6 address 2001:DB8:CAFE:201::1/128
!
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
shutdown
!
interface GigabitEthernet0/1
description FE to DLS1
ip address 10.1.2.2 255.255.255.252
ip flow ingress
duplex full
speed 100
ipv6 address FE80::1 link-local
ipv6 address 2001:DB8:CAFE:20::1/64
no shutdown
!
interface Serial0/0/0
description WAN link to R2: 2 Mbps leased line
ip address 209.165.200.225 255.255.255.252
ip flow ingress
encapsulation ppp
ipv6 address FE80::1 link-local
ipv6 address 2001:DB8:CAFE:10::1/126

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 40 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

clock rate 2000000

no shutdown
!
interface Serial0/0/1
description WAN link to R3 (not used)
no ip address
shutdown
!
router eigrp HQ
!
address-family ipv4 unicast autonomous-system 1
!
af-interface default
passive-interface
exit-af-interface
!
af-interface GigabitEthernet0/1
no passive-interface
exit-af-interface
!
topology base
redistribute bgp 65501 metric 1544 2000 255 1 1500
exit-af-topology
network 192.168.1.1 0.0.0.0
network 10.1.2.0 0.0.0.3
exit-address-family
!
address-family ipv6 unicast autonomous-system 1
!
af-interface default
passive-interface
exit-af-interface
!
af-interface GigabitEthernet0/1
no passive-interface
exit-af-interface
!
topology base
redistribute bgp 65501 metric 1544 2000 255 1 1500
exit-af-topology
exit-address-family
!
router bgp 65501
bgp router-id 1.0.0.1
bgp log-neighbor-changes
neighbor 192.168.3.1 remote-as 65501
neighbor 192.168.3.1 password cisocs
neighbor 192.168.3.1 update-source Loopback0
neighbor 209.165.200.226 remote-as 65502
neighbor 209.165.200.226 password cisco
!
address-family ipv4
synchronization
network 10.1.0.0 mask 255.255.0.0
neighbor 192.168.3.1 activate
neighbor 192.168.3.1 next-hop-self
neighbor 209.165.200.226 activate
exit-address-family
!
address-family ipv6
synchronization
network 2001:DB8:CAFE:10::/126
neighbor 192.168.3.1 activate
neighbor 192.168.3.1 next-hop-self
neighbor 192.168.3.1 route-map IPv4TransportIPv6RouteFromR3 in
neighbor 209.165.200.226 activate
neighbor 209.165.200.226 route-map IPv4TransportIPv6RouteFromR2 in
exit-address-family
!
!
route-map IPv4TransportIPv6RouteFromR2 permit 10
set ipv6 next-hop 2001:DB8:CAFE:10::2
!

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 41 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

route-map IPv4TransportIPv6RouteFromR3 permit 10

set ipv6 next-hop 2001:DB8:CAFE:203::3
!
!
crypto key gen rsa general-keys modulus 1024
!
!
ip http server
ip http secure-server
ip flow-top-talkers
top 3
sort-by bytes
cache-timeout 600000
!
ip route 10.1.0.0 255.255.0.0 Null0
!
logging source-interface Loopback0
logging host 10.1.100.1
!
!
snmp-server community cisco RO
snmp-server community san-fran RW
snmp-server trap-source Loopback0
snmp-server location TSHOOT Lab Facility
snmp-server contact [email protected]
snmp-server enable traps eigrp
snmp-server enable traps flash insertion
snmp-server enable traps flash removal
snmp-server enable traps config
snmp-server enable traps cpu threshold
snmp-server host 10.1.100.1 version 2c cisco
!
!
alias exec srb show run | begin router bgp
alias exec sre show run | begin router eigrp
banner motd ^*** Lab 9-2 Router R1 TT-A Config ***^
!
line con 0
exec-timeout 0 0
logging synchronous
login authentication CONSOLE
!
line vty 0 4
exec-timeout 0 0
logging synchronous
transport input ssh
!
ntp source Loopback0
ntp update-calendar
ntp server 192.168.2.1
!
archive
log config
logging enable
logging size 50
notify syslog contenttype plaintext
hidekeys
path tftp://10.1.100.1/$h-archive-config
write-memory
file prompt quiet
!
end
!

Router R2
!Lab 9-2 Router R2 TT-A Config
!
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 42 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

hostname R2
!
logging buffered 16384
enable secret cisco
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login CONSOLE none
aaa authorization exec default local
!
!
clock timezone PST -8
clock summer-time PDT recurring
do clock set 09:05:00 Oct 29 2014
!
!
no ip domain lookup
ip domain name tshoot.net
ip cef
ipv6 unicast-routing
ipv6 cef
!
!
username cisco secret cisco
!
!
ip tftp source-interface lo0
ip ssh source-interface Loopback0
ip ssh dh min size 2048
!
!
vrf definition VPN_A
rd 100:1
route-target export 100:1
route-target import 100:1
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition VPN_B
rd 200:1
route-target export 200:1
route-target import 200:1
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
interface Loopback0
vrf forwarding VPN_A
ip address 192.168.2.1 255.255.255.255
ipv6 address FE80::2 link-local
ipv6 address 2001:DB8:CAFE:202::2/128
!
interface Loopback1
vrf forwarding VPN_B
ip address 192.168.2.2 255.255.255.255
ipv6 address FE80::2 link-local
ipv6 address 2001:DB8:CAFE:222::2/128
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 43 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

shutdown
!
interface GigabitEthernet0/1
description optional connection for PC-C w/ static address
no ip address
shutdown
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
description WAN link to R1: 2 Mbps leased line
vrf forwarding VPN_A
ip address 209.165.200.226 255.255.255.252
ip flow ingress
encapsulation ppp
ipv6 address FE80::2 link-local
ipv6 address 2001:DB8:CAFE:10::2/126
no shutdown
!
interface Serial0/0/1
description WAN link to R3: 2 Mbps leased line
vrf forwarding VPN_B
ip address 209.165.200.222 255.255.255.252
ip flow ingress
encapsulation ppp
ipv6 address FE80::2 link-local
ipv6 address 2001:DB8:CAFE:14::2/126
clock rate 2000000
no shutdown
!
!
router bgp 65502
bgp router-id 2.0.0.2
bgp log-neighbor-changes
no bgp default ipv4-unicast
!
address-family ipv4 vrf VPN_A
bgp router-id 2.2.0.2
network 192.168.2.1 mask 255.255.255.255
neighbor 209.165.200.225 remote-as 65501
neighbor 209.165.200.225 password cisco
neighbor 209.165.200.225 activate
exit-address-family
!
address-family ipv6 vrf VPN_A
bgp router-id 2.2.0.2
network 2001:DB8:CAFE:202::2/128
neighbor 209.165.200.225 remote-as 65501
neighbor 209.165.200.225 password cisco
neighbor 209.165.200.225 activate
neighbor 209.165.200.225 route-map IPv4TransportIPv6RouteA in
exit-address-family
!
address-family ipv4 vrf VPN_B
bgp router-id 2.0.2.2
network 192.168.2.2 mask 255.255.255.255
neighbor 209.165.200.221 remote-as 65501
neighbor 209.165.200.221 local-as 65503 no-prepend replace-as
neighbor 209.165.200.221 password cisco
neighbor 209.165.200.221 activate
neighbor 209.165.200.221 allowas-in
exit-address-family
!
address-family ipv6 vrf VPN_B
bgp router-id 2.0.2.2
network 2001:DB8:CAFE:222::2/128
neighbor 209.165.200.221 remote-as 65501
neighbor 209.165.200.221 local-as 65503 no-prepend replace-as
neighbor 209.165.200.221 password cisco
neighbor 209.165.200.221 activate
neighbor 209.165.200.221 allowas-in
neighbor 209.165.200.221 route-map IPv4TransportIPv6RouteB in

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 44 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

exit-address-family
!
!
route-map IPv4TransportIPv6RouteA permit 10
set ipv6 next-hop 2001:DB8:CAFE:10::3
!
route-map IPv4TransportIPv6RouteB permit 10
set ipv6 next-hop 2001:DB8:CAFE:14::3
!
!
crypto key gen rsa general-keys modulus 1024
!
ip http server
ip http secure-server
ip flow-top-talkers
top 3
sort-by bytes
cache-timeout 600000
!
!
logging source-interface Loopback0
!
!
snmp-server community cisco RO
snmp-server community san-fran RW
snmp-server trap-source Loopback0
snmp-server location TSHOOT Lab Facility
snmp-server contact [email protected]
snmp-server enable traps eigrp
snmp-server enable traps flash insertion
snmp-server enable traps flash removal
snmp-server enable traps config
snmp-server enable traps cpu threshold
snmp-server host 10.1.100.1 version 2c cisco
!
!
banner motd ^*** Lab 9-2 Router R2 TT-A Config ***^
!
line con 0
exec-timeout 0 0
logging synchronous
login authentication CONSOLE
!
line vty 0 4
exec-timeout 0 0
logging synchronous
transport input ssh
!
archive
log config
logging enable
logging size 50
notify syslog contenttype plaintext
hidekeys
path tftp://10.1.100.1/$h-archive-config
write-memory
file prompt quiet
!
end
!

Router R3
!Lab 9-2 Router R3 TT-A Config
!
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R3
!
!

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 45 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

logging buffered 16384

enable secret cisco
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login CONSOLE none
aaa authorization exec default local
!
!
clock timezone PST -8
clock summer-time PDT recurring
do clock set 09:05:00 Oct 29 2014
!
!
no ip domain lookup
ip domain name tshoot.net
ip cef
ipv6 unicast-routing
ipv6 cef
!
username cisco secret cisco
!
!
ip ssh source-interface Loopback0
ip ssh dh min size 2048
!
!
interface Loopback0
ip address 192.168.3.1 255.255.255.255
ipv6 address FE80::3 link-local
ipv6 address 2001:DB8:CAFE:203::3/64
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
shutdown
!
interface GigabitEthernet0/1
description FE to DLS1
ip address 10.1.2.14 255.255.255.252
ip flow ingress
duplex full
speed 100
ipv6 address FE80::3 link-local
ipv6 address 2001:DB8:CAFE:212::3/64
no shutdown
!
interface Serial0/0/0
description WAN link to R1 - (Not used)
no ip address
encapsulation ppp
clock rate 2000000
shutdown
!
interface Serial0/0/1
description WAN link to R2: 2 Mbps leased line
ip address 209.165.200.221 255.255.255.252
ip flow ingress
encapsulation ppp
ipv6 address FE80::3 link-local
ipv6 address 2001:DB8:CAFE:14::3/126
no shutdown
!
!
router eigrp HQ
!
address-family ipv4 unicast autonomous-system 1
!
af-interface default

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 46 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

passive-interface
exit-af-interface
!
af-interface GigabitEthernet0/1
no passive-interface
exit-af-interface
!
topology base
exit-af-topology
network 10.1.2.12 0.0.0.3
network 192.168.3.1 0.0.0.0
exit-address-family
!
address-family ipv6 unicast autonomous-system 1
!
af-interface default
passive-interface
exit-af-interface
!
af-interface GigabitEthernet0/1
no passive-interface
exit-af-interface
!
topology base
exit-af-topology
exit-address-family
!
!
!
router bgp 65501
bgp router-id 3.0.0.3
bgp log-neighbor-changes
neighbor 192.168.1.1 remote-as 65501
neighbor 192.168.1.1 password cisco
neighbor 192.168.1.1 update-source Loopback0
neighbor 209.165.200.222 remote-as 65503
neighbor 209.165.200.222 password cisco
!
address-family ipv4
synchronization
network 10.1.0.0 mask 255.255.0.0
neighbor 192.168.1.1 activate
neighbor 192.168.1.1 next-hop-self
neighbor 209.165.200.222 activate
exit-address-family
!
address-family ipv6
synchronization
network 2001:DB8:CAFE:14::/126
neighbor 192.168.1.1 activate
neighbor 192.168.1.1 next-hop-self
neighbor 192.168.1.1 route-map IPv4TransportIPv6RouteFromR1 in
neighbor 209.165.200.222 activate
neighbor 209.165.200.222 route-map IPv4TransportIPv6RouteFromR2 in
exit-address-family
!
!
route-map IPv4TransportIPv6RouteFromR2 permit 10
set ipv6 next-hop 2001:DB8:CAFE:14::2
!
route-map IPv4TransportIPv6RouteFromR1 permit 10
set ipv6 next-hop 2001:DB8:CAFE:201::1
!
!
crypto key gen rsa general-keys modulus 1024
!
ip http server
ip http secure-server
ip flow-top-talkers
top 3
sort-by bytes
cache-timeout 600000
!

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 47 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

ip route 10.1.0.0 255.255.0.0 Null0

!
logging source-interface Loopback0
logging host 10.1.100.1
!
!
snmp-server community cisco RO
snmp-server community san-fran RW
snmp-server trap-source Loopback0
snmp-server location TSHOOT Lab Facility
snmp-server contact [email protected]
snmp-server enable traps eigrp
snmp-server enable traps flash insertion
snmp-server enable traps flash removal
snmp-server enable traps config
snmp-server enable traps cpu threshold
snmp-server host 10.1.100.1 version 2c cisco
!
!
banner motd ^*** Lab 9-2 Router R3 TT-A Config ***^
!
line con 0
exec-timeout 0 0
logging synchronous
login authentication CONSOLE
!
line vty 0 4
exec-timeout 0 0
logging synchronous
transport input ssh
!
ntp source Loopback0
ntp update-calendar
ntp server 192.168.2.1
!
archive
log config
logging enable
logging size 50
notify syslog contenttype plaintext
hidekeys
path tftp://10.1.100.1/$h-archive-config
write-memory
file prompt quiet
!
end
!

TT-B Configurations
Switch ALS1
!Lab 9-2 Switch ALS1 TT-B Config
!
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ALS1
!
logging buffered 16384
enable secret cisco
!
username cisco secret cisco
aaa new-model
!
!
aaa authentication login default local
aaa authentication login CONSOLE none
aaa authorization exec default local
!

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 48 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

!
clock timezone PST -8
clock summer-time PDT recurring
do clock set 09:05:00 Oct 29 2014
system mtu routing 1500
ip routing
!
!
no ip domain-lookup
ip domain-name tshoot.net
ipv6 unicast-routing
!
errdisable recovery cause psecure-violation
errdisable recovery interval 120
!
vtp mode transparent
!
vlan 99
name MANAGEMENT
!
vlan 100
name SERVERS
!
vlan 110
name GUEST
!
vlan 120
name OFFICE
!
vlan 200
name VOICE
!
vlan 300
name E-PEER
!
vlan 666
name NATIVE

vlan 999
name PARKING_LOT
!
spanning-tree mode mst
spanning-tree portfast default
!
vtp domain TSHOOT
vtp version 3
vtp mode transparent mst
vtp mode server vlan
spanning-tree mst configuration
name TSHOOT
revision 25
instance 1 vlan 99,110,120
instance 2 vlan 100,200,300
exit
vtp mode server mst
vtp password cisco hidden
!
ip ssh source-interface Vlan99
ip ssh dh min size 2048
!
!
interface Port-channel1
description Channel to DLS1
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
no shutdown
!
interface Port-channel2
description Channel to DLS2
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 49 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

switchport mode trunk

switchport nonegotiate
no shutdown
!
interface FastEthernet0/1
description Channel to DLS1
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
channel-group 1 mode on
no shutdown
!
interface FastEthernet0/2
description Channel to DLS1
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
channel-group 1 mode on
no shutdown
!
interface FastEthernet0/3
description Channel to DLS2
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
channel-group 2 mode on
no shutdown
!
interface FastEthernet0/4
description Channel to DLS2
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
channel-group 2 mode on
no shutdown
!
interface FastEthernet0/5
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/6
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/7
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/8
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/9
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 50 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

shutdown
!
interface FastEthernet0/10
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/11
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/12
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/13
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/14
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/15
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/16
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/17
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/18
description To PC-B
switchport access vlan 120
switchport mode access
switchport voice vlan 200
switchport port-security maximum 3
switchport port-security
switchport port-security mac-address sticky
spanning-tree portfast
no shutdown
!
interface FastEthernet0/19
description PARKING_LOT
switchport access vlan 999
switchport mode access

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 51 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

switchport nonegotiate
shutdown
!
interface FastEthernet0/20
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/21
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/22
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/23
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/24
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface GigabitEthernet0/1
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface GigabitEthernet0/2
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 10.1.99.251 255.255.255.0
ipv6 address FE80::A1 link-local
ipv6 address 2001:DB8:CAFE:99::A1/64
no ip proxy-arp
no shutdown
!
interface Vlan110
ip address 10.1.110.251 255.255.255.0
ipv6 address FE80::A1 link-local
ipv6 address 2001:DB8:CAFE:110::A1/64
ipv6 nd prefix 2001:DB8:CAFE:110::/64 no-autoconfig
ipv6 nd managed-config-flag
no ip proxy-arp
no shutdown
!
interface Vlan120

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 52 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

ip address 10.1.120.251 255.255.255.0

ipv6 address FE80::A1 link-local
ipv6 address 2001:DB8:CAFE:120::A1/64
ipv6 nd prefix 2001:DB8:CAFE:120::/64 no-autoconfig
ipv6 nd managed-config-flag
no ip proxy-arp
no shutdown
!
interface Vlan200
ip address 10.1.200.251 255.255.255.0
ipv6 address FE80::A1 link-local
ipv6 address 2001:DB8:CAFE:200::A1/64
ipv6 nd prefix 2001:DB8:CAFE:200::/64 no-autoconfig
ipv6 nd managed-config-flag
no ip proxy-arp
no shutdown
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.1.99.254
logging source-interface Vlan99
logging host 10.1.100.1
ipv6 route ::/0 2001:DB8:CAFE:99::D1
!
snmp-server community cisco RO
snmp-server community san-fran RW
snmp-server trap-source Vlan99
snmp-server location TSHOOT Lab Facility
snmp-server contact [email protected]
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps port-security
snmp-server enable traps vlan-membership
snmp-server host 10.1.100.1 version 2c cisco
!
banner motd ^*** Lab 9-2 Switch ALS1 TT-B Config ***^
!
ipv6 access-list REMOTEv6
deny ipv6 any any
!
line con 0
exec-timeout 0 0
logging synchronous
login authentication CONSOLE
line vty 0 4
exec-timeout 0 0
ipv6 access-class REMOTEv6 in
logging synchronous
length 0
transport input ssh
!
ntp source Vlan99
ntp server 192.168.2.1
!
crypto key gen rsa general-keys modulus 1024
!
!
archive
log config
logging enable
logging size 50
notify syslog contenttype plaintext
hidekeys
path tftp://10.1.100.1/$h-archive-config
write-memory
file prompt quiet
!
end
!

Switch DLS1

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 53 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

!Lab 9-2 Switch DLS1 TT-B Config

!
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname DLS1
!
!
logging buffered 16384
enable secret cisco
!
username cisco secret cisco
aaa new-model
!
!
aaa authentication login default local
aaa authentication login CONSOLE none
aaa authorization exec default local
!
!
clock timezone PST -8
clock summer-time PDT recurring
do clock set 09:05:00 Oct 29 2014
system mtu routing 1500
ip routing
no ip domain-lookup
ip domain-name tshoot.net
!
ip dhcp excluded-address 10.1.110.1 10.1.110.5
ip dhcp excluded-address 10.1.120.1 10.1.120.5
ip dhcp excluded-address 10.1.200.1 10.1.200.5
ip dhcp excluded-address 10.1.120.129 10.1.120.254
ip dhcp excluded-address 10.1.200.129 10.1.200.254
ip dhcp excluded-address 10.1.110.129 10.1.110.254
!
ip dhcp pool VOICE
network 10.1.200.0 255.255.255.0
default-router 10.1.200.254
!
ip dhcp pool GUEST
network 10.1.110.0 255.255.255.0
default-router 10.1.110.254
!
ip dhcp pool OFFICE
network 10.1.120.0 255.255.255.0
default-router 10.1.120.254
!
!
ipv6 unicast-routing
ipv6 dhcp pool DHCPv6OFFICE
address prefix 2001:DB8:CAFE:120:ABCD::/80
domain-name tshoot.net
!
ipv6 dhcp pool DHCPv6VOICE
address prefix 2001:DB8:CAFE:200:ABCD::/80
domain-name tshoot.net
!
ipv6 dhcp pool DHCPv6GUEST
address prefix 2001:DB8:CAFE:110:ABCD::/80
domain-name tshoot.net
!
!
errdisable recovery cause bpduguard
!
!
vlan 99
name MANAGEMENT
!
vlan 100
name SERVERS
!
vlan 110

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 54 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

name GUEST
!
vlan 120
name OFFICE
!
vlan 200
name VOICE
!
vlan 300
name E-PEER
!
vlan 666
name NATIVE
!
vlan 999
name PARKING_LOT
!
!
spanning-tree mode mst
!
vtp domain TSHOOT
vtp version 3
vtp mode server vlan
vtp mode transparent mst
spanning-tree mst configuration
name TSHOOT
revision 25
instance 1 vlan 99,110,120
instance 2 vlan 100,200,300
exit
vtp mode server mst
do vtp primary vlan force
vtp password cisco hidden
!
spanning-tree mst 1 priority 24576
spanning-tree mst 2 priority 28672
spanning-tree portfast default
!
ip ssh source-interface Vlan99
ip ssh dh min size 2048
!
!!
interface Loopback0
ip address 10.2.1.1 255.255.255.0
ipv6 address FE80::D1 link-local
ipv6 address 2001:DB8:CAFE:2222::D1/64
!
interface Loopback1
ip address 10.2.2.1 255.255.255.0
ipv6 address FE80::D1 link-local
ipv6 address 2001:DB8:CAFE:2666::D1/64
!
interface Port-channel1
description Channel to ALS1
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
no shutdown
!
interface Port-channel10
description Channel to DLS2
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
no shutdown
!
interface FastEthernet0/1
description Channel to ALS1
switchport trunk encapsulation dot1q

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 55 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

switchport trunk native vlan 666

switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
channel-group 1 mode on
no shutdown
!
interface FastEthernet0/2
description Channel to ALS1
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
channel-group 1 mode on
no shutdown
!
interface FastEthernet0/3
description Channel to DLS2
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
channel-group 10 mode on
no shutdown
!
interface FastEthernet0/4
description Channel to DLS2
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
channel-group 10 mode on
no shutdown
!
interface FastEthernet0/5
description FE to R1
no switchport
ip address 10.1.2.1 255.255.255.252
ip access-group 100 in
ipv6 address FE80::D1 link-local
ipv6 address 2001:DB8:CAFE:20::D1/64
speed 100
duplex full
spanning-tree bpduguard enable
no shutdown
!
interface FastEthernet0/6
description FE to SRV1
switchport access vlan 100
switchport mode access
switchport nonegotiate
spanning-tree portfast
no shutdown
!
interface FastEthernet0/7
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/8
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/9
description PARKING_LOT

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 56 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

switchport access vlan 999

switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/10
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/11
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/12
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/13
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/14
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/15
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/16
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/17
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/18
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/19
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 57 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

shutdown
!
interface FastEthernet0/20
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/21
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/22
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/23
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/24
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface GigabitEthernet0/1
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface GigabitEthernet0/2
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 10.1.99.252 255.255.255.0
no ip proxy-arp
standby 99 ip 10.1.99.254
standby 99 priority 110
standby 99 track f0/5 10
standby 99 preempt
ipv6 address FE80::D1 link-local
ipv6 address 2001:DB8:CAFE:99::D1/64
no shutdown
!
interface Vlan100
ip address 10.1.100.252 255.255.255.0
no ip proxy-arp
standby 100 ip 10.1.100.254
standby 100 preempt
ipv6 address FE80::D1 link-local
ipv6 address 2001:DB8:CAFE:100::D1/64

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 58 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

no shutdown
!
interface Vlan110
ip address 10.1.110.252 255.255.255.0
no ip proxy-arp
standby 110 ip 10.1.110.254
standby 110 priority 110
standby 110 track f0/5 10
standby 110 preempt
ipv6 address FE80::D1 link-local
ipv6 address 2001:DB8:CAFE:110::D1/64
ipv6 nd prefix 2001:DB8:CAFE:110::/64 no-autoconfig
ipv6 nd managed-config-flag
ipv6 dhcp server DHCPv6GUEST
no shutdown
!
interface Vlan120
ip address 10.1.120.252 255.255.255.0
no ip proxy-arp
standby 120 ip 10.1.120.254
standby 120 priority 110
standby 120 track f0/5 10
standby 120 preempt
ipv6 address FE80::D1 link-local
ipv6 address 2001:DB8:CAFE:120::D1/64
ipv6 nd prefix 2001:DB8:CAFE:120::/64 no-autoconfig
ipv6 nd managed-config-flag
ipv6 dhcp server DHCPv6OFFICE
no shutdown
!
interface Vlan200
ip address 10.1.200.252 255.255.255.0
no ip proxy-arp
standby 200 ip 10.1.200.254
standby 200 preempt
ipv6 address FE80::D1 link-local
ipv6 address 2001:DB8:CAFE:200::D1/64
ipv6 nd prefix 2001:DB8:CAFE:200::/64 no-autoconfig
ipv6 nd managed-config-flag
ipv6 dhcp server DHCPv6VOICE
no shutdown
!
interface Vlan300
ip address 10.1.30.252 255.255.255.0
no ip proxy-arp
ipv6 address FE80::D1 link-local
ipv6 address 2001:DB8:CAFE:300::D1/64
no shutdown
!
router eigrp HQ
!
address-family ipv4 unicast autonomous-system 1
!
af-interface default
passive-interface
exit-af-interface
!
af-interface f0/5
no passive-interface
exit-af-interface
!
af-interface vlan300
no passive-interface
exit-af-interface
!
topology base
exit-af-topology
network 10.1.0.0 0.0.255.255
exit-address-family
!
address-family ipv6 unicast autonomous-system 1
!
af-interface default

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 59 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

passive-interface
exit-af-interface
!
af-interface f0/5
no passive-interface
exit-af-interface
!
af-interface vlan300
no passive-interface
exit-af-interface
!
topology base
exit-af-topology
exit-address-family
!
no ip http server
no ip http secure-server
!
!
logging source-interface Vlan99
logging host 10.1.100.1
!
access-list 100 permit tcp host 192.168.1.1 host 192.168.3.1 eq bgp
access-list 100 permit udp any any
access-list 100 permit eigrp any any
access-list 100 permit icmp any any
!
snmp-server community cisco RO
snmp-server community san-fran RW
snmp-server trap-source Vlan99
snmp-server location TSHOOT Lab Facility
snmp-server contact [email protected]
snmp-server enable traps eigrp
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps port-security
snmp-server enable traps config
snmp-server enable traps hsrp
snmp-server enable traps vlan-membership
snmp-server enable traps errdisable
snmp-server host 10.1.100.1 version 2c cisco
!
!
banner motd ^*** Lab 9-2 Switch DLS1 TT-B Config ***^
!
line con 0
exec-timeout 0 0
logging synchronous
login authentication CONSOLE
line vty 0 4
exec-timeout 0 0
logging synchronous
transport input ssh
!
ntp source Vlan99
ntp server 192.168.2.1
!
crypto key gen rsa general-keys modulus 1024
!
archive
log config
logging enable
logging size 50
notify syslog contenttype plaintext
hidekeys
path tftp://10.1.100.1/$h-archive-config
write-memory
file prompt quiet
!
end
!

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 60 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

Switch DLS2
!Lab 9-2 Switch DLS2 TT-B Config
!
service timestamps debug datetime msec
service timestamps log datetime
service password-encryption
!
hostname DLS2
!
!
logging buffered 16384
enable secret cisco
!
username cisco secret cisco
aaa new-model
!
!
aaa authentication login default local
aaa authentication login CONSOLE none
aaa authorization exec default local
!
!
clock timezone PST -8
clock summer-time PDT recurring
do clock set 09:05:00 Oct 29 2014
system mtu routing 1500
ip routing
no ip domain-lookup
ip domain-name tshoot.net
!
!
ip dhcp excluded-address 10.1.120.251 10.1.120.254
ip dhcp excluded-address 10.1.200.251 10.1.200.254
ip dhcp excluded-address 10.1.110.251 10.1.110.254
ip dhcp excluded-address 10.1.110.1 10.1.110.128
ip dhcp excluded-address 10.1.120.1 10.1.120.128
ip dhcp excluded-address 10.1.200.1 10.1.200.128
!
ip dhcp pool VOICE
network 10.1.200.0 255.255.255.0
default-router 10.1.200.254
!
ip dhcp pool GUEST
network 10.1.110.0 255.255.255.0
default-router 10.1.110.254
!
ip dhcp pool OFFICE
network 10.1.120.0 255.255.255.0
default-router 10.1.120.254
!
!
ipv6 unicast-routing
!
ipv6 dhcp pool DHCPv6OFFICE
address prefix 2001:DB8:CAFE:120:ABCD::/80
domain-name tshoot.net
!
ipv6 dhcp pool DHCPv6VOICE
address prefix 2001:DB8:CAFE:200:ABCD::/80
domain-name tshoot.net
!
ipv6 dhcp pool DHCPv6GUEST
address prefix 2001:DB8:CAFE:110:ABCD::/80
domain-name tshoot.net
!
!
errdisable recovery cause bpduguard
!
!
vlan 99
name MANAGEMENT
!

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 61 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

vlan 100
name SERVERS
!
vlan 110
name GUEST
!
vlan 120
name OFFICE
!
vlan 200
name VOICE
!
vlan 300
name E-PEER
!
vlan 666
name NATIVE
!
vlan 999
name PARKING_LOT
!
!
spanning-tree mode mst
!
vtp domain TSHOOT
vtp version 3
vtp mode server mst
vtp mode server vlan
do vtp primary mst force
!
!
spanning-tree mst configuration
name TSHOOT
revision 25
instance 1 vlan 99,110,120
instance 2 vlan 100,200,300
exit
vtp password cisco hidden
!
!
spanning-tree mst 1 priority 28672
spanning-tree mst 2 priority 24576
spanning-tree portfast default
!
ip ssh source-interface Vlan99
ip ssh dh min size 2048
!
interface Port-channel2
description Channel to ALS1
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
no shutdown
!
interface Port-channel10
description Channel to DLS1
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
no shutdown
!
interface FastEthernet0/1
description Channel to ALS1
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
channel-group 2 mode on

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 62 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

no shutdown
!
interface FastEthernet0/2
description Channel to ALS1
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
channel-group 2 mode on
no shutdown
!
interface FastEthernet0/3
description Channel to DLS1
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
channel-group 10 mode on
no shutdown
!
interface FastEthernet0/4
description Channel to DLS1
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
channel-group 10 mode on
no shutdown
!
interface FastEthernet0/5
description FE to R3
no switchport
ip address 10.1.2.13 255.255.255.252
ip access-group 100 in
ip summary-address eigrp 1 10.2.0.0 255.255.252.0
ipv6 address FE80::D2 link-local
ipv6 address 2001:DB8:CAFE:212::D2/64
ipv6 summary-address eigrp 1 2001:DB8:CAFE:2000::/52
speed 100
duplex full
spanning-tree bpduguard enable
no shutdown
!
interface FastEthernet0/6
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/7
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/8
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/9
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 63 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

!
interface FastEthernet0/10
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/11
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/12
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/13
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/14
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/15
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/16
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/17
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/18
description FE to PC-C
switchport access vlan 110
switchport mode access
switchport nonegotiate
spanning-tree portfast
no shutdown
!
interface FastEthernet0/19
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/20

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 64 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/21
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/22
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/23
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/24
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface GigabitEthernet0/1
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface GigabitEthernet0/2
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 10.1.99.253 255.255.255.0
no ip proxy-arp
standby 99 ip 10.1.99.254
standby 99 preempt
ipv6 address FE80::D2 link-local
ipv6 address 2001:DB8:CAFE:99::D2/64
no shutdown
!
interface Vlan100
ip address 10.1.100.253 255.255.255.0
no ip proxy-arp
standby 100 ip 10.1.100.254
standby 100 priority 110
standby 100 track f0/5 10
standby 100 preempt
ipv6 address FE80::D2 link-local
ipv6 address 2001:DB8:CAFE:100::D2/64
ipv6 nd prefix 2001:DB8:CAFE:100::/64 no-autoconfig
ipv6 nd managed-config-flag
no shutdown

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 65 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

!
interface Vlan110
ip address 10.1.110.253 255.255.255.0
no ip proxy-arp
standby 110 ip 10.1.110.254
standby 110 preempt
ipv6 address FE80::D2 link-local
ipv6 address 2001:DB8:CAFE:110::D2/64
ipv6 nd prefix 2001:DB8:CAFE:110::/64 no-autoconfig
ipv6 nd managed-config-flag
ipv6 dhcp server DHCPv6GUEST
no shutdown
!
interface Vlan120
ip address 10.1.120.253 255.255.255.0
no ip proxy-arp
standby 120 ip 10.1.120.254
standby 120 preempt
ipv6 address FE80::D2 link-local
ipv6 address 2001:DB8:CAFE:120::D2/64
ipv6 nd prefix 2001:DB8:CAFE:120::/64 no-autoconfig
ipv6 nd managed-config-flag
ipv6 dhcp server DHCPv6OFFICE
no shutdown
!
interface Vlan200
ip address 10.1.200.253 255.255.255.0
no ip proxy-arp
standby 200 ip 10.1.200.254
standby 200 priority 110
standby 200 track f0/5 10
standby 200 preempt
ipv6 address FE80::D2 link-local
ipv6 address 2001:DB8:CAFE:200::D2/64
ipv6 nd prefix 2001:DB8:CAFE:200::/64 no-autoconfig
ipv6 nd managed-config-flag
ipv6 dhcp server DHCPv6VOICE
no shutdown
!
interface Vlan300
ip address 10.1.30.253 255.255.255.0
no ip proxy-arp
ipv6 address FE80::D2 link-local
ipv6 address 2001:DB8:CAFE:300::D2/64
no shutdown
!
router eigrp HQ
!
address-family ipv4 unicast autonomous-system 1
!
af-interface default
passive-interface
exit-af-interface
!
af-interface f0/5
no passive-interface
exit-af-interface
!
af-interface vlan300
no passive-interface
exit-af-interface
!
topology base
exit-af-topology
network 10.1.0.0 0.0.255.255
exit-address-family
!
address-family ipv6 unicast autonomous-system 1
!
af-interface default
passive-interface
exit-af-interface
!

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 66 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

af-interface f0/5
no passive-interface
exit-af-interface
!
af-interface vlan300
no passive-interface
exit-af-interface
!
topology base
exit-af-topology
exit-address-family
!
no ip http server
no ip http secure-server
!
!
logging source-interface Vlan99
logging host 10.1.100.1
!
access-list 100 permit tcp host 192.168.3.1 host 192.168.1.1 eq bgp
access-list 100 permit udp any any
access-list 100 permit eigrp any any
access-list 100 permit icmp any any
!
snmp-server community cisco RO
snmp-server community san-fran RW
snmp-server trap-source Vlan99
snmp-server location TSHOOT Lab Facility
snmp-server contact [email protected]
snmp-server enable traps eigrp
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps port-security
snmp-server enable traps config
snmp-server enable traps hsrp
snmp-server enable traps vlan-membership
snmp-server enable traps errdisable
snmp-server host 10.1.100.1 version 2c cisco
!
!
banner motd ^*** Lab 9-2 Switch DLS2 TT-B Config ***^
!
line con 0
exec-timeout 0 0
logging synchronous
login authentication CONSOLE
line vty 0 4
exec-timeout 0 0
logging synchronous
transport input ssh
!
ntp source Vlan99
ntp server 192.168.2.1
!
crypto key gen rsa general-keys modulus 1024
!
archive
log config
logging enable
logging size 50
notify syslog contenttype plaintext
hidekeys
path tftp://10.1.100.1/$h-archive-config
write-memory
file prompt quiet
!
end
!

Router R1

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 67 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

!Lab 9-2 Router R1 TT-B Config

!
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R1
!
logging buffered 16384
enable secret cisco
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login CONSOLE none
aaa authorization exec default local
!
!
clock timezone PST -8
clock summer-time PDT recurring
do clock set 09:05:00 Oct 29 2014
!
!
no ip domain lookup
ip domain name tshoot.net
ip cef
ipv6 unicast-routing
ipv6 cef
!
username cisco secret cisco
!
!
ip ssh source-interface Loopback0
ip ssh dh min size 2048
!
!
interface Loopback0
ip address 192.168.1.1 255.255.255.255
ipv6 address FE80::1 link-local
ipv6 address 2001:DB8:CAFE:201::1/128
!
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
shutdown
!
interface GigabitEthernet0/1
description FE to DLS1
ip address 10.1.2.2 255.255.255.252
ip flow ingress
duplex full
speed 100
ipv6 address FE80::1 link-local
ipv6 address 2001:DB8:CAFE:20::1/64
no shutdown
!
interface Serial0/0/0
description WAN link to R2: 2 Mbps leased line
ip address 209.165.200.225 255.255.255.252
ip flow ingress
encapsulation ppp
ipv6 address FE80::1 link-local
ipv6 address 2001:DB8:CAFE:10::1/126
clock rate 2000000
no shutdown
!
interface Serial0/0/1
description WAN link to R3 (not used)
no ip address

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 68 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

shutdown
!
router eigrp HQ
!
address-family ipv4 unicast autonomous-system 1
!
af-interface default
passive-interface
exit-af-interface
!
af-interface GigabitEthernet0/1
no passive-interface
exit-af-interface
!
topology base
redistribute bgp 65501 metric 1544 2000 255 1 1500
exit-af-topology
network 192.168.1.1 0.0.0.0
network 10.1.2.0 0.0.0.3
exit-address-family
!
address-family ipv6 unicast autonomous-system 1
!
af-interface default
passive-interface
exit-af-interface
!
af-interface GigabitEthernet0/1
no passive-interface
exit-af-interface
!
topology base
redistribute bgp 65501 metric 1544 2000 255 1 1500
exit-af-topology
exit-address-family
!
router bgp 65501
bgp router-id 1.0.0.1
bgp log-neighbor-changes
neighbor 192.168.3.1 remote-as 65501
neighbor 192.168.3.1 password cisco
neighbor 192.168.3.1 update-source Loopback0
neighbor 209.165.200.226 remote-as 65502
neighbor 209.165.200.226 password cisco
!
address-family ipv4
synchronization
network 10.1.0.0 mask 255.255.0.0
neighbor 192.168.3.1 activate
neighbor 192.168.3.1 next-hop-self
neighbor 209.165.200.226 activate
exit-address-family
!
address-family ipv6
synchronization
network 2001:DB8:CAFE:10::/126
neighbor 192.168.3.1 activate
neighbor 192.168.3.1 next-hop-self
neighbor 192.168.3.1 route-map IPv4TransportIPv6RouteFromR3 in
neighbor 209.165.200.226 activate
neighbor 209.165.200.226 route-map IPv4TransportIPv6RouteFromR2 in
exit-address-family
!
!
route-map IPv4TransportIPv6RouteFromR2 permit 10
set ipv6 next-hop 2001:DB8:CAFE:10::2
!
route-map IPv4TransportIPv6RouteFromR3 permit 10
set ipv6 next-hop 2001:DB8:CAFE:203::3
!
!
crypto key gen rsa general-keys modulus 1024
!

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 69 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

!
ip http server
ip http secure-server
ip flow-top-talkers
top 3
sort-by bytes
cache-timeout 600000
!
ip route 10.1.0.0 255.255.0.0 Null0
!
logging source-interface Loopback0
logging host 10.1.100.1
!
!
snmp-server community cisco RO
snmp-server community san-fran RW
snmp-server trap-source Loopback0
snmp-server location TSHOOT Lab Facility
snmp-server contact [email protected]
snmp-server enable traps eigrp
snmp-server enable traps flash insertion
snmp-server enable traps flash removal
snmp-server enable traps config
snmp-server enable traps cpu threshold
snmp-server host 10.1.100.1 version 2c cisco
!
!
alias exec srb show run | begin router bgp
alias exec sre show run | begin router eigrp
banner motd ^*** Lab 9-2 Router R1 TT-B Config ***^
!
line con 0
exec-timeout 0 0
logging synchronous
login authentication CONSOLE
!
line vty 0 4
exec-timeout 0 0
logging synchronous
transport input ssh
!
ntp source Loopback0
ntp update-calendar
ntp server 192.168.2.1
!
archive
log config
logging enable
logging size 50
notify syslog contenttype plaintext
hidekeys
path tftp://10.1.100.1/$h-archive-config
write-memory
file prompt quiet
!
end
!

Router R2
!Lab 9-2 Router R2 TT-B Config
!
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R2
!
logging buffered 16384
enable secret cisco
!
aaa new-model

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 70 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

!
!
aaa authentication login default local
aaa authentication login CONSOLE none
aaa authorization exec default local
!
!
clock timezone PST -8
clock summer-time PDT recurring
do clock set 09:05:00 Oct 29 2014
!
!
no ip domain lookup
ip domain name tshoot.net
ip cef
ipv6 unicast-routing
ipv6 cef
!
!
username cisco secret cisco
!
!
ip tftp source-interface lo0
ip ssh source-interface Loopback0
ip ssh dh min size 2048
!
!
vrf definition VPN_A
rd 100:1
route-target export 100:1
route-target import 100:1
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition VPN_B
rd 200:1
route-target export 200:1
route-target import 200:1
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
interface Loopback0
vrf forwarding VPN_A
ip address 192.168.2.1 255.255.255.255
ipv6 address FE80::2 link-local
ipv6 address 2001:DB8:CAFE:202::2/128
!
interface Loopback1
vrf forwarding VPN_B
ip address 192.168.2.2 255.255.255.255
ipv6 address FE80::2 link-local
ipv6 address 2001:DB8:CAFE:222::2/128
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
shutdown
!
interface GigabitEthernet0/1
description optional connection for PC-C w/ static address
no ip address
shutdown

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 71 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

duplex auto
speed auto
shutdown
!
interface Serial0/0/0
description WAN link to R1: 2 Mbps leased line
vrf forwarding VPN_A
ip address 209.165.200.226 255.255.255.252
ip flow ingress
encapsulation ppp
ipv6 address FE80::2 link-local
ipv6 address 2001:DB8:CAFE:10::2/126
no shutdown
!
interface Serial0/0/1
description WAN link to R3: 2 Mbps leased line
vrf forwarding VPN_B
ip address 209.165.200.222 255.255.255.252
ip flow ingress
encapsulation ppp
ipv6 address FE80::2 link-local
ipv6 address 2001:DB8:CAFE:14::2/126
clock rate 2000000
no shutdown
!
!
router bgp 65502
bgp router-id 2.0.0.2
bgp log-neighbor-changes
no bgp default ipv4-unicast
!
address-family ipv4 vrf VPN_A
bgp router-id 2.2.0.2
network 192.168.2.1 mask 255.255.255.255
neighbor 209.165.200.225 remote-as 65501
neighbor 209.165.200.225 password cisco
neighbor 209.165.200.225 activate
exit-address-family
!
address-family ipv6 vrf VPN_A
bgp router-id 2.2.0.2
network 2001:DB8:CAFE:202::2/128
neighbor 209.165.200.225 remote-as 65501
neighbor 209.165.200.225 password cisco
neighbor 209.165.200.225 activate
neighbor 209.165.200.225 route-map IPv4TransportIPv6RouteA in
exit-address-family
!
address-family ipv4 vrf VPN_B
bgp router-id 2.0.2.2
network 192.168.2.2 mask 255.255.255.255
neighbor 209.165.200.221 remote-as 65501
neighbor 209.165.200.221 local-as 65503 no-prepend replace-as
neighbor 209.165.200.221 password cisco
neighbor 209.165.200.221 activate
neighbor 209.165.200.221 allowas-in
exit-address-family
!
address-family ipv6 vrf VPN_B
bgp router-id 2.0.2.2
network 2001:DB8:CAFE:222::2/128
neighbor 209.165.200.221 remote-as 65501
neighbor 209.165.200.221 local-as 65503 no-prepend replace-as
neighbor 209.165.200.221 password cisco
neighbor 209.165.200.221 activate
neighbor 209.165.200.221 allowas-in
neighbor 209.165.200.221 route-map IPv4TransportIPv6RouteB in
exit-address-family
!
!
route-map IPv4TransportIPv6RouteA permit 10
set ipv6 next-hop 2001:DB8:CAFE:10::3
!

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 72 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

route-map IPv4TransportIPv6RouteB permit 10

set ipv6 next-hop 2001:DB8:CAFE:14::3
!
!
crypto key gen rsa general-keys modulus 1024
!
ip http server
ip http secure-server
ip flow-top-talkers
top 3
sort-by bytes
cache-timeout 600000
!
!
logging source-interface Loopback0
!
!
snmp-server community cisco RO
snmp-server community san-fran RW
snmp-server trap-source Loopback0
snmp-server location TSHOOT Lab Facility
snmp-server contact [email protected]
snmp-server enable traps eigrp
snmp-server enable traps flash insertion
snmp-server enable traps flash removal
snmp-server enable traps config
snmp-server enable traps cpu threshold
snmp-server host 10.1.100.1 version 2c cisco
!
!
banner motd ^*** Lab 9-2 Router R2 TT-B Config ***^
!
line con 0
exec-timeout 0 0
logging synchronous
login authentication CONSOLE
!
line vty 0 4
exec-timeout 0 0
logging synchronous
transport input ssh
!
archive
log config
logging enable
logging size 50
notify syslog contenttype plaintext
hidekeys
path tftp://10.1.100.1/$h-archive-config
write-memory
file prompt quiet
!
end
!

Router R3
!Lab 9-2 Router R3 TT-B Config
!
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R3
!
!
logging buffered 16384
enable secret cisco
!
aaa new-model
!
!

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 73 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

aaa authentication login default local

aaa authentication login CONSOLE none
aaa authorization exec default local
!
!
clock timezone PST -8
clock summer-time PDT recurring
do clock set 09:05:00 Oct 29 2014
!
!
no ip domain lookup
ip domain name tshoot.net
ip cef
ipv6 unicast-routing
ipv6 cef
!
username cisco secret cisco
!
!
ip ssh source-interface Loopback0
ip ssh dh min size 2048
!
!
interface Loopback0
ip address 192.168.3.1 255.255.255.255
ipv6 address FE80::3 link-local
ipv6 address 2001:DB8:CAFE:203::3/64
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
shutdown
!
interface GigabitEthernet0/1
description FE to DLS1
ip address 10.1.2.14 255.255.255.252
ip flow ingress
duplex full
speed 100
ipv6 address FE80::3 link-local
ipv6 address 2001:DB8:CAFE:212::3/64
no shutdown
!
interface Serial0/0/0
description WAN link to R1 - (Not used)
no ip address
encapsulation ppp
clock rate 2000000
shutdown
!
interface Serial0/0/1
description WAN link to R2: 2 Mbps leased line
ip address 209.165.200.221 255.255.255.252
ip flow ingress
encapsulation ppp
ipv6 address FE80::3 link-local
ipv6 address 2001:DB8:CAFE:14::3/126
no shutdown
!
!
router eigrp HQ
!
address-family ipv4 unicast autonomous-system 1
!
af-interface default
passive-interface
exit-af-interface
!
af-interface GigabitEthernet0/1
no passive-interface
exit-af-interface

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 74 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

!
topology base
redistribute bgp 65501 metric 1544 2000 255 1 1500
exit-af-topology
network 10.1.2.12 0.0.0.3
network 192.168.3.1 0.0.0.0
exit-address-family
!
address-family ipv6 unicast autonomous-system 1
!
af-interface default
passive-interface
exit-af-interface
!
af-interface GigabitEthernet0/1
no passive-interface
exit-af-interface
!
topology base
redistribute bgp 65501 metric 1544 2000 255 1 1500
exit-af-topology
exit-address-family
!
!
!
router bgp 65501
bgp router-id 3.0.0.3
bgp log-neighbor-changes
neighbor 192.168.1.1 remote-as 65501
neighbor 192.168.1.1 password cisco
neighbor 192.168.1.1 update-source Loopback0
neighbor 209.165.200.222 remote-as 65503
neighbor 209.165.200.222 password cisco
!
address-family ipv4
synchronization
network 10.1.0.0 mask 255.255.0.0
neighbor 192.168.1.1 activate
neighbor 192.168.1.1 next-hop-self
neighbor 209.165.200.222 activate
exit-address-family
!
address-family ipv6
synchronization
network 2001:DB8:CAFE:14::/126
neighbor 192.168.1.1 activate
neighbor 192.168.1.1 next-hop-self
neighbor 192.168.1.1 route-map IPv4TransportIPv6RouteFromR1 in
neighbor 209.165.200.222 activate
neighbor 209.165.200.222 route-map IPv4TransportIPv6RouteFromR2 in
exit-address-family
!
!
route-map IPv4TransportIPv6RouteFromR2 permit 10
set ipv6 next-hop 2001:DB8:CAFE:14::2
!
route-map IPv4TransportIPv6RouteFromR1 permit 10
set ipv6 next-hop 2001:DB8:CAFE:201::1
!
!
crypto key gen rsa general-keys modulus 1024
!
ip http server
ip http secure-server
ip flow-top-talkers
top 3
sort-by bytes
cache-timeout 600000
!
ip route 10.1.0.0 255.255.0.0 Null0
!
logging source-interface Loopback0
logging host 10.1.100.1

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 75 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

!
!
snmp-server community cisco RO
snmp-server community san-fran RW
snmp-server trap-source Loopback0
snmp-server location TSHOOT Lab Facility
snmp-server contact [email protected]
snmp-server enable traps eigrp
snmp-server enable traps flash insertion
snmp-server enable traps flash removal
snmp-server enable traps config
snmp-server enable traps cpu threshold
snmp-server host 10.1.100.1 version 2c cisco
!
!
banner motd ^*** Lab 9-2 Router R3 TT-B Config ***^
!
line con 0
exec-timeout 0 0
logging synchronous
login authentication CONSOLE
!
line vty 0 4
exec-timeout 0 0
logging synchronous
transport input ssh
!
ntp source Loopback0
ntp update-calendar
ntp server 192.168.2.1
!
archive
log config
logging enable
logging size 50
notify syslog contenttype plaintext
hidekeys
path tftp://10.1.100.1/$h-archive-config
write-memory
file prompt quiet
!
end
!

Trouble Ticket—TT-C Configurations

Switch ALS1
!Lab 9-2 Switch ALS1 TT-C Config
!
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ALS1
!
logging buffered 16384
enable secret cisco
!
username cisco secret cisco
aaa new-model
!
!
aaa authentication login default local
aaa authentication login CONSOLE none
aaa authorization exec default local
!
!
clock timezone PST -8
clock summer-time PDT recurring

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 76 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

do clock set 09:05:00 Oct 29 2014

system mtu routing 1500
ip routing
!
!
no ip domain-lookup
ip domain-name tshoot.net
ipv6 unicast-routing
!
errdisable recovery cause psecure-violation
errdisable recovery interval 120
!
vtp mode transparent
!
vlan 99
name MANAGEMENT
!
vlan 100
name SERVERS
!
vlan 110
name GUEST
!
vlan 120
name OFFICE
!
vlan 200
name VOICE
!
vlan 300
name E-PEER
!
vlan 666
name NATIVE

vlan 999
name PARKING_LOT
!
spanning-tree mode mst
spanning-tree portfast default
!
vtp domain TSHOOT
vtp version 3
vtp mode transparent mst
vtp mode server vlan
spanning-tree mst configuration
name TSHOOT
revision 25
instance 1 vlan 99,110,120
instance 2 vlan 100,200,300
exit
vtp mode server mst
vtp password cisco hidden
!
lldp run
!
ip ssh source-interface Vlan99
ip ssh dh min size 2048
!
!
interface Port-channel1
description Channel to DLS1
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
switchport port-security maximum 10
switchport port-security mac-address sticky
switchport port-security
no shutdown
!
interface Port-channel2
description Channel to DLS2

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 77 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

switchport trunk native vlan 666

switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
switchport port-security maximum 10
switchport port-security mac-address sticky
switchport port-security
no shutdown
!
interface FastEthernet0/1
description Channel to DLS1
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
switchport port-security maximum 10
switchport port-security mac-address sticky
switchport port-security
channel-group 1 mode on
no shutdown
!
interface FastEthernet0/2
description Channel to DLS1
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
switchport port-security maximum 10
switchport port-security mac-address sticky
switchport port-security
channel-group 1 mode on
no shutdown
!
interface FastEthernet0/3
description Channel to DLS2
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
switchport port-security maximum 10
switchport port-security mac-address sticky
switchport port-security
channel-group 2 mode on
no shutdown
!
interface FastEthernet0/4
description Channel to DLS2
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
switchport port-security maximum 10
switchport port-security mac-address sticky
switchport port-security
channel-group 2 mode on
no shutdown
!
interface FastEthernet0/5
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/6
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/7
description PARKING_LOT

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 78 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

switchport access vlan 999

switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/8
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/9
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/10
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/11
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/12
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/13
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/14
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/15
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/16
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/17
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 79 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

shutdown
!
interface FastEthernet0/18
description To PC-B
switchport access vlan 120
switchport mode access
switchport voice vlan 200
spanning-tree portfast
no shutdown
!
interface FastEthernet0/19
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/20
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/21
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/22
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/23
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/24
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface GigabitEthernet0/1
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface GigabitEthernet0/2
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 10.1.99.251 255.255.255.0
ipv6 address FE80::A1 link-local

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 80 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

ipv6 address 2001:DB8:CAFE:99::A1/64

no ip proxy-arp
no shutdown
!
interface Vlan110
ip address 10.1.110.251 255.255.255.0
ipv6 address FE80::A1 link-local
ipv6 address 2001:DB8:CAFE:110::A1/64
ipv6 nd prefix 2001:DB8:CAFE:110::/64 no-autoconfig
ipv6 nd managed-config-flag
no ip proxy-arp
no shutdown
!
interface Vlan120
ip address 10.1.120.251 255.255.255.0
ipv6 address FE80::A1 link-local
ipv6 address 2001:DB8:CAFE:120::A1/64
ipv6 nd prefix 2001:DB8:CAFE:120::/64 no-autoconfig
ipv6 nd managed-config-flag
no ip proxy-arp
no shutdown
!
interface Vlan200
ip address 10.1.200.251 255.255.255.0
ipv6 address FE80::A1 link-local
ipv6 address 2001:DB8:CAFE:200::A1/64
ipv6 nd prefix 2001:DB8:CAFE:200::/64 no-autoconfig
ipv6 nd managed-config-flag
no ip proxy-arp
no shutdown
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.1.99.254
logging source-interface Vlan99
logging host 10.1.100.1
ipv6 route ::/0 2001:DB8:CAFE:99::D1
!
snmp-server community cisco RO
snmp-server community san-fran RW
snmp-server trap-source Vlan99
snmp-server location TSHOOT Lab Facility
snmp-server contact [email protected]
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps port-security
snmp-server enable traps vlan-membership
snmp-server host 10.1.100.1 version 2c cisco
!
banner motd ^*** Lab 9-2 Switch ALS1 TT-C Config ***^
!
ipv6 access-list REMOTEv6
deny ipv6 any any
!
line con 0
exec-timeout 0 0
logging synchronous
login authentication CONSOLE
line vty 0 4
exec-timeout 0 0
ipv6 access-class REMOTEv6 in
logging synchronous
length 0
transport input ssh
!
ntp source Vlan99
ntp server 192.168.2.1
!
crypto key gen rsa general-keys modulus 1024
!
!
archive

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 81 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

log config
logging enable
logging size 50
notify syslog contenttype plaintext
hidekeys
path tftp://10.1.100.1/$h-archive-config
write-memory
file prompt quiet
!
end
!

Switch DLS1
!Lab 9-2 Switch DLS1 TT-C Config
!
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname DLS1
!
!
logging buffered 16384
enable secret cisco
!
username cisco secret cisco
!aaa new-model
!
!
!aaa authentication login default local
!aaa authentication login CONSOLE none
!aaa authorization exec default local
!
!
clock timezone PST -8
clock summer-time PDT recurring
do clock set 09:05:00 Oct 29 2014
system mtu routing 1500
ip routing
no ip domain-lookup
ip domain-name tshoot.net
!
ip dhcp excluded-address 10.1.110.1 10.1.110.5
ip dhcp excluded-address 10.1.120.1 10.1.120.5
ip dhcp excluded-address 10.1.200.1 10.1.200.5
ip dhcp excluded-address 10.1.120.129 10.1.120.254
ip dhcp excluded-address 10.1.200.129 10.1.200.254
ip dhcp excluded-address 10.1.110.129 10.1.110.254
!
ip dhcp pool VOICE
network 10.1.200.0 255.255.255.0
default-router 10.1.200.254
!
ip dhcp pool GUEST
network 10.1.110.0 255.255.255.0
default-router 10.1.110.254
!
ip dhcp pool OFFICE
network 10.1.120.0 255.255.255.0
default-router 10.1.120.254
!
!
ipv6 unicast-routing
ipv6 dhcp pool DHCPv6OFFICE
address prefix 2001:DB8:CAFE:120:ABCD::/80
domain-name tshoot.net
!
ipv6 dhcp pool DHCPv6VOICE
address prefix 2001:DB8:CAFE:200:ABCD::/80
domain-name tshoot.net
!
ipv6 dhcp pool DHCPv6GUEST

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 82 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

address prefix 2001:DB8:CAFE:110:ABCD::/80

domain-name tshoot.net
!
!
errdisable recovery cause bpduguard
!
!
vlan 99
name MANAGEMENT
!
vlan 100
name SERVERS
!
vlan 110
name GUEST
!
vlan 120
name OFFICE
!
vlan 200
name VOICE
!
vlan 300
name E-PEER
!
vlan 666
name NATIVE
!
vlan 999
name PARKING_LOT
!
!
spanning-tree mode mst
!
vtp domain TSHOOT
vtp version 3
vtp mode server vlan
vtp mode transparent mst
spanning-tree mst configuration
name TSHOOT
revision 25
instance 1 vlan 99,110,120
instance 2 vlan 100,200,300
exit
vtp mode server mst
do vtp primary vlan force
vtp password cisco hidden
!
spanning-tree mst 1 priority 24576
spanning-tree mst 2 priority 28672
spanning-tree portfast default
!
track 23 ip sla 2
!
lldp run
!
ip ssh source-interface Vlan99
ip ssh dh min size 2048
!
!!
interface Loopback0
ip address 10.2.1.1 255.255.255.0
ipv6 address FE80::D1 link-local
ipv6 address 2001:DB8:CAFE:2222::D1/64
!
interface Loopback1
ip address 10.2.2.1 255.255.255.0
ipv6 address FE80::D1 link-local
ipv6 address 2001:DB8:CAFE:2666::D1/64
!
interface Port-channel1
description Channel to ALS1
switchport trunk encapsulation dot1q

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 83 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

switchport trunk native vlan 666

switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
no shutdown
!
interface Port-channel10
description Channel to DLS2
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
no shutdown
!
interface FastEthernet0/1
description Channel to ALS1
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
channel-group 1 mode on
no shutdown
!
interface FastEthernet0/2
description Channel to ALS1
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
channel-group 1 mode on
no shutdown
!
interface FastEthernet0/3
description Channel to DLS2
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
channel-group 10 mode on
no shutdown
!
interface FastEthernet0/4
description Channel to DLS2
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
channel-group 10 mode on
no shutdown
!
interface FastEthernet0/5
description FE to R1
no switchport
ip address 10.1.2.1 255.255.255.252
ip access-group 100 in
ipv6 address FE80::D1 link-local
ipv6 address 2001:DB8:CAFE:20::D1/64
speed 100
duplex full
spanning-tree bpduguard enable
no shutdown
!
interface FastEthernet0/6
description FE to SRV1
switchport access vlan 100
switchport mode access
switchport nonegotiate
spanning-tree portfast

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 84 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

no shutdown
!
interface FastEthernet0/7
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/8
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/9
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/10
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/11
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/12
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/13
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/14
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/15
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/16
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/17

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 85 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/18
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/19
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/20
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/21
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/22
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/23
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/24
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface GigabitEthernet0/1
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface GigabitEthernet0/2
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface Vlan1
no ip address
shutdown
!

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 86 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

interface Vlan99
ip address 10.1.99.252 255.255.255.0
no ip proxy-arp
standby 99 ip 10.1.99.254
standby 99 priority 110
standby 99 track 23 decrement 20
standby 99 preempt
ipv6 address FE80::D1 link-local
ipv6 address 2001:DB8:CAFE:99::D1/64
no shutdown
!
interface Vlan100
ip address 10.1.100.252 255.255.255.0
no ip proxy-arp
standby 100 ip 10.1.100.254
standby 100 preempt
ipv6 address FE80::D1 link-local
ipv6 address 2001:DB8:CAFE:100::D1/64
no shutdown
!
interface Vlan110
ip address 10.1.110.252 255.255.255.0
no ip proxy-arp
standby 110 ip 10.1.110.254
standby 110 priority 110
standby 110 track 23 decrement 20
standby 110 preempt
ipv6 address FE80::D1 link-local
ipv6 address 2001:DB8:CAFE:110::D1/64
ipv6 nd prefix 2001:DB8:CAFE:110::/64 no-autoconfig
ipv6 nd managed-config-flag
ipv6 dhcp server DHCPv6GUEST
no shutdown
!
interface Vlan120
ip address 10.1.120.252 255.255.255.0
no ip proxy-arp
standby 120 ip 10.1.120.254
standby 120 priority 110
standby 120 track 23 decrement 20
standby 120 preempt
ipv6 address FE80::D1 link-local
ipv6 address 2001:DB8:CAFE:120::D1/64
ipv6 nd prefix 2001:DB8:CAFE:120::/64 no-autoconfig
ipv6 nd managed-config-flag
ipv6 dhcp server DHCPv6OFFICE
no shutdown
!
interface Vlan200
ip address 10.1.200.252 255.255.255.0
no ip proxy-arp
standby 200 ip 10.1.200.254
standby 200 preempt
ipv6 address FE80::D1 link-local
ipv6 address 2001:DB8:CAFE:200::D1/64
ipv6 nd prefix 2001:DB8:CAFE:200::/64 no-autoconfig
ipv6 nd managed-config-flag
ipv6 dhcp server DHCPv6VOICE
no shutdown
!
interface Vlan300
ip address 10.1.30.252 255.255.255.0
no ip proxy-arp
ipv6 address FE80::D1 link-local
ipv6 address 2001:DB8:CAFE:300::D1/64
no shutdown
!
router eigrp HQ
!
address-family ipv4 unicast autonomous-system 1
!
af-interface default
passive-interface

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 87 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

exit-af-interface
!
af-interface F0/5
no passive-interface
exit-af-interface
!
af-interface vlan300
no passive-interface
exit-af-interface
!
topology base
exit-af-topology
network 10.1.0.0 0.0.255.255
network 10.2.1.1 0.0.0.0
network 10.2.2.1 0.0.0.0
exit-address-family
!
address-family ipv6 unicast autonomous-system 1
!
af-interface default
passive-interface
exit-af-interface
!
af-interface F0/5
no passive-interface
exit-af-interface
!
af-interface vlan300
no passive-interface
exit-af-interface
!
topology base
exit-af-topology
exit-address-family
!
no ip http server
no ip http secure-server
!
ip sla 2
tcp-connect 2001:DB8:CAFE:10::1 22 control disable
threshold 100
timeout 200
frequency 6
ip sla schedule 2 life forever start-time now
!
logging source-interface Vlan99
logging host 10.1.100.1
!
access-list 100 permit tcp host 192.168.1.1 host 192.168.3.1 eq bgp
access-list 100 permit tcp host 192.168.1.1 eq bgp host 192.168.3.1
access-list 100 permit udp any any
access-list 100 permit eigrp any any
access-list 100 permit icmp any any
!
snmp-server community cisco RO
snmp-server community san-fran RW
snmp-server trap-source Vlan99
snmp-server location TSHOOT Lab Facility
snmp-server contact [email protected]
snmp-server enable traps eigrp
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps port-security
snmp-server enable traps config
snmp-server enable traps hsrp
snmp-server enable traps vlan-membership
snmp-server enable traps errdisable
snmp-server host 10.1.100.1 version 2c cisco
!
!
banner motd ^*** Lab 9-2 Switch DLS1 TT-C Config ***^
!

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 88 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
exec-timeout 0 0
logging synchronous
login
transport input ssh
!
ntp source Vlan99
ntp server 192.168.2.1
!
crypto key gen rsa general-keys modulus 1024
!
archive
log config
logging enable
logging size 50
notify syslog contenttype plaintext
hidekeys
path tftp://10.1.100.1/$h-archive-config
write-memory
file prompt quiet
!
end
!

Switch DLS2
!Lab 9-2 Switch DLS2 TT-C Config
!
service timestamps debug datetime msec
service timestamps log datetime
service password-encryption
!
hostname DLS2
!
!
logging buffered 16384
enable secret cisco
!
username cisco secret cisco
aaa new-model
!
!
aaa authentication login default local
aaa authentication login CONSOLE none
aaa authorization exec default local
!
!
clock timezone PST -8
clock summer-time PDT recurring
do clock set 09:05:00 Oct 29 2014
system mtu routing 1500
ip routing
no ip domain-lookup
ip domain-name tshoot.net
!
!
ip dhcp excluded-address 10.1.120.251 10.1.120.254
ip dhcp excluded-address 10.1.200.251 10.1.200.254
ip dhcp excluded-address 10.1.110.251 10.1.110.254
ip dhcp excluded-address 10.1.110.1 10.1.110.128
ip dhcp excluded-address 10.1.120.1 10.1.120.128
ip dhcp excluded-address 10.1.200.1 10.1.200.128
!
ip dhcp pool VOICE
network 10.1.200.0 255.255.255.0
default-router 10.1.200.254
!
ip dhcp pool GUEST
network 10.1.110.0 255.255.255.0

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 89 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

default-router 10.1.110.254
!
ip dhcp pool OFFICE
network 10.1.120.0 255.255.255.0
default-router 10.1.120.254
!
!
ipv6 unicast-routing
!
ipv6 dhcp pool DHCPv6OFFICE
address prefix 2001:DB8:CAFE:120:ABCD::/80
domain-name tshoot.net
!
ipv6 dhcp pool DHCPv6VOICE
address prefix 2001:DB8:CAFE:200:ABCD::/80
domain-name tshoot.net
!
ipv6 dhcp pool DHCPv6GUEST
address prefix 2001:DB8:CAFE:110:ABCD::/80
domain-name tshoot.net
!
!
errdisable recovery cause bpduguard
!
!
vlan 99
name MANAGEMENT
!
vlan 100
name SERVERS
!
vlan 110
name GUEST
!
vlan 120
name OFFICE
!
vlan 200
name VOICE
!
vlan 300
name E-PEER
!
vlan 666
name NATIVE
!
vlan 999
name PARKING_LOT
!
!
spanning-tree mode mst
!
vtp domain TSHOOT
vtp version 3
vtp mode server mst
vtp mode server vlan
do vtp primary mst force
!
!
spanning-tree mst configuration
name TSHOOT
revision 25
instance 1 vlan 99,110,120
instance 2 vlan 100,200,300
exit
vtp password cisco hidden
!
!
spanning-tree mst 1 priority 28672
spanning-tree mst 2 priority 24576
spanning-tree portfast default
!
lldp run

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 90 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

!
ip ssh source-interface Vlan99
ip ssh dh min size 2048
!
interface Port-channel2
description Channel to ALS1
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
no shutdown
!
interface Port-channel10
description Channel to DLS1
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
no shutdown
!
interface FastEthernet0/1
description Channel to ALS1
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
channel-group 2 mode on
no shutdown
!
interface FastEthernet0/2
description Channel to ALS1
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
channel-group 2 mode on
no shutdown
!
interface FastEthernet0/3
description Channel to DLS1
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
channel-group 10 mode on
no shutdown
!
interface FastEthernet0/4
description Channel to DLS1
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
channel-group 10 mode on
no shutdown
!
interface FastEthernet0/5
description FE to R3
no switchport
ip address 10.1.2.13 255.255.255.252
ip access-group 100 in
ipv6 address FE80::D2 link-local
ipv6 address 2001:DB8:CAFE:212::D2/64
speed 100
duplex full
spanning-tree bpduguard enable
no shutdown

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 91 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

!
interface FastEthernet0/6
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/7
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/8
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/9
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/10
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/11
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/12
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/13
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/14
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/15
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/16
description PARKING_LOT

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 92 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

switchport access vlan 999

switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/17
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/18
description FE to PC-C
switchport access vlan 110
switchport mode access
switchport nonegotiate
spanning-tree portfast
no shutdown
!
interface FastEthernet0/19
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/20
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/21
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/22
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/23
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/24
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface GigabitEthernet0/1
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface GigabitEthernet0/2
description PARKING_LOT
switchport access vlan 999
switchport mode access

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 93 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

switchport nonegotiate
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 10.1.99.253 255.255.255.0
no ip proxy-arp
standby 99 ip 10.1.99.254
standby 99 preempt
ipv6 address FE80::D2 link-local
ipv6 address 2001:DB8:CAFE:99::D2/64
no shutdown
!
interface Vlan100
ip address 10.1.100.253 255.255.255.0
no ip proxy-arp
standby 100 ip 10.1.100.254
standby 100 priority 110
standby 100 track 23 decrement 20
standby 100 preempt
ipv6 address FE80::D2 link-local
ipv6 address 2001:DB8:CAFE:100::D2/64
ipv6 nd prefix 2001:DB8:CAFE:100::/64 no-autoconfig
ipv6 nd managed-config-flag
no shutdown
!
interface Vlan110
ip address 10.1.110.253 255.255.255.0
no ip proxy-arp
standby 110 ip 10.1.110.254
standby 110 preempt
ipv6 address FE80::D2 link-local
ipv6 address 2001:DB8:CAFE:110::D2/64
ipv6 nd prefix 2001:DB8:CAFE:110::/64 no-autoconfig
ipv6 nd managed-config-flag
ipv6 dhcp server DHCPv6GUEST
no shutdown
!
interface Vlan120
ip address 10.1.120.253 255.255.255.0
no ip proxy-arp
standby 120 ip 10.1.120.254
standby 120 preempt
ipv6 address FE80::D2 link-local
ipv6 address 2001:DB8:CAFE:120::D2/64
ipv6 nd prefix 2001:DB8:CAFE:120::/64 no-autoconfig
ipv6 nd managed-config-flag
ipv6 dhcp server DHCPv6OFFICE
no shutdown
!
interface Vlan200
ip address 10.1.200.253 255.255.255.0
no ip proxy-arp
standby 200 ip 10.1.200.254
standby 200 priority 110
standby 200 track 23 decrement 20
standby 200 preempt
ipv6 address FE80::D2 link-local
ipv6 address 2001:DB8:CAFE:200::D2/64
ipv6 nd prefix 2001:DB8:CAFE:200::/64 no-autoconfig
ipv6 nd managed-config-flag
ipv6 dhcp server DHCPv6VOICE
no shutdown
!
interface Vlan300
ip address 10.1.30.253 255.255.255.0
no ip proxy-arp
ipv6 address FE80::D2 link-local
ipv6 address 2001:DB8:CAFE:300::D2/64
no shutdown

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 94 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

!
router eigrp HQ
!
address-family ipv4 unicast autonomous-system 1
!
af-interface default
passive-interface
exit-af-interface
!
af-interface F0/5
summary-address 10.2.0.0 255.255.252.0
no passive-interface
exit-af-interface
!
af-interface vlan300
no passive-interface
exit-af-interface
!
topology base
exit-af-topology
network 10.1.0.0 0.0.255.255
exit-address-family
!
address-family ipv6 unicast autonomous-system 1
!
af-interface default
passive-interface
exit-af-interface
!
af-interface F0/5
summary-address 2001:DB8:CAFE:2000::/53
no passive-interface
exit-af-interface
!
af-interface vlan300
no passive-interface
exit-af-interface
!
topology base
exit-af-topology
exit-address-family
!
no ip http server
no ip http secure-server
!
ip sla 2
tcp-connect 2001:DB8:CAFE:14::3 22 control disable
threshold 100
timeout 200
frequency 6
ip sla schedule 2 life forever start-time now
!
logging source-interface Vlan99
logging host 10.1.100.1
!
access-list 100 permit tcp host 192.168.3.1 host 192.168.1.1 eq bgp
access-list 100 permit tcp host 192.168.3.1 eq bgp host 192.168.1.1
access-list 100 permit udp any any
access-list 100 permit eigrp any any
access-list 100 permit icmp any any
!
snmp-server community cisco RO
snmp-server community san-fran RW
snmp-server trap-source Vlan99
snmp-server location TSHOOT Lab Facility
snmp-server contact [email protected]
snmp-server enable traps eigrp
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps port-security
snmp-server enable traps config
snmp-server enable traps hsrp

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 95 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

snmp-server enable traps vlan-membership

snmp-server enable traps errdisable
snmp-server host 10.1.100.1 version 2c cisco
!
!
banner motd ^*** Lab 9-2 Switch DLS2 TT-C Config ***^
!
line con 0
exec-timeout 0 0
logging synchronous
login authentication CONSOLE
line vty 0 4
exec-timeout 0 0
logging synchronous
transport input ssh
!
ntp source Vlan99
ntp server 192.168.2.1
!
crypto key gen rsa general-keys modulus 1024
!
archive
log config
logging enable
logging size 50
notify syslog contenttype plaintext
hidekeys
path tftp://10.1.100.1/$h-archive-config
write-memory
file prompt quiet
!
end
!

Router R1
!Lab 9-2 Router R1 TT-C Config
!
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R1
!
logging buffered 16384
enable secret cisco
!
!aaa new-model
!
!
!aaa authentication login default local
!aaa authentication login CONSOLE none
!aaa authorization exec default local
!
!
clock timezone PST -8
clock summer-time PDT recurring
do clock set 09:05:00 Oct 29 2014
!
!
no ip domain lookup
ip domain name tshoot.net
ip cef
ipv6 unicast-routing
ipv6 cef
!
username cisco secret cisco
!
!
lldp run
!
!

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 96 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

ip ssh source-interface Loopback0

ip ssh dh min size 2048
!
!
interface Loopback0
ip address 192.168.1.1 255.255.255.255
ipv6 address FE80::1 link-local
ipv6 address 2001:DB8:CAFE:201::1/128
!
!
interface GigabitEthernet0/0
ip address dhcp
no shutdown
duplex auto
speed auto
shutdown
!
interface GigabitEthernet0/1
description FE to DLS1
ip address 10.1.2.2 255.255.255.252
ip flow ingress
duplex full
speed 100
ipv6 address FE80::1 link-local
ipv6 address 2001:DB8:CAFE:20::1/64
no shutdown
!
interface Serial0/0/0
description WAN link to R2: 2 Mbps leased line
ip address 209.165.200.225 255.255.255.252
ip flow ingress
encapsulation ppp
ipv6 address FE80::1 link-local
ipv6 address 2001:DB8:CAFE:10::1/126
clock rate 2000000
no shutdown
!
interface Serial0/0/1
description WAN link to R3 (not used)
no ip address
shutdown
!
router eigrp HQ
!
address-family ipv4 unicast autonomous-system 1
!
af-interface default
passive-interface
exit-af-interface
!
af-interface GigabitEthernet0/1
no passive-interface
exit-af-interface
!
topology base
redistribute bgp 65501 metric 1544 2000 255 1 1500
exit-af-topology
network 192.168.1.1 0.0.0.0
network 10.1.2.0 0.0.0.3
exit-address-family
!
address-family ipv6 unicast autonomous-system 1
!
af-interface default
passive-interface
exit-af-interface
!
af-interface GigabitEthernet0/1
no passive-interface
exit-af-interface
!
topology base
redistribute bgp 65501 metric 1544 2000 255 1 1500

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 97 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

exit-af-topology
exit-address-family
!
router bgp 65501
bgp router-id 1.0.0.1
bgp log-neighbor-changes
neighbor 192.168.3.1 remote-as 65501
neighbor 192.168.3.1 password cisco
neighbor 192.168.3.1 update-source Loopback0
neighbor 209.165.200.226 remote-as 65502
neighbor 209.165.200.226 password cisco
!
address-family ipv4
synchronization
network 10.1.0.0 mask 255.255.0.0
neighbor 192.168.3.1 activate
neighbor 192.168.3.1 next-hop-self
neighbor 209.165.200.226 activate
exit-address-family
!
address-family ipv6
synchronization
network 2001:DB8:CAFE:10::/126
neighbor 192.168.3.1 activate
neighbor 192.168.3.1 next-hop-self
neighbor 192.168.3.1 route-map IPv4TransportIPv6RouteFromR3 in
neighbor 209.165.200.226 activate
neighbor 209.165.200.226 route-map IPv4TransportIPv6RouteFromR2 in
exit-address-family
!
!
route-map IPv4TransportIPv6RouteFromR2 permit 10
set ipv6 next-hop 2001:DB8:CAFE:10::2
!
route-map IPv4TransportIPv6RouteFromR3 permit 10
set ipv6 next-hop 2001:DB8:CAFE:203::3
!
!
crypto key gen rsa general-keys modulus 1024
!
!
ip http server
ip http secure-server
ip flow-top-talkers
top 3
sort-by bytes
cache-timeout 600000
!
ip route 10.1.0.0 255.255.0.0 Null0
!
logging source-interface Loopback0
logging host 10.1.100.1
!
!
snmp-server community cisco RO
snmp-server community san-fran RW
snmp-server trap-source Loopback0
snmp-server location TSHOOT Lab Facility
snmp-server contact [email protected]
snmp-server enable traps eigrp
snmp-server enable traps flash insertion
snmp-server enable traps flash removal
snmp-server enable traps config
snmp-server enable traps cpu threshold
snmp-server host 10.1.100.1 version 2c cisco
!
!
alias exec srb show run | begin router bgp
alias exec sre show run | begin router eigrp
banner motd ^*** Lab 9-2 Router R1 TT-C Config ***^
!
line con 0
exec-timeout 0 0

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 98 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

logging synchronous
!
line vty 0 4
exec-timeout 0 0
logging synchronous
login
transport input ssh
!
ntp source Loopback0
ntp update-calendar
ntp server 192.168.2.1
!
archive
log config
logging enable
logging size 50
notify syslog contenttype plaintext
hidekeys
path tftp://10.1.100.1/$h-archive-config
write-memory
file prompt quiet
!
end
!

Router R2
!Lab 9-2 Router R2 TT-C Config
!
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R2
!
logging buffered 16384
enable secret cisco
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login CONSOLE none
aaa authorization exec default local
!
!
clock timezone PST -8
clock summer-time PDT recurring
do clock set 09:05:00 Oct 29 2014
!
!
no ip domain lookup
ip domain name tshoot.net
ip cef
ipv6 unicast-routing
ipv6 cef
!
!
username cisco secret cisco
!
!
lldp run
!
!
ip tftp source-interface lo0
ip ssh source-interface Loopback0
ip ssh dh min size 2048
!
!
vrf definition VPN_A
rd 100:1
route-target export 100:1

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 99 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

route-target import 100:1

!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition VPN_B
rd 200:1
route-target export 200:1
route-target import 200:1
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
interface Loopback0
vrf forwarding VPN_A
ip address 192.168.2.1 255.255.255.255
ipv6 address FE80::2 link-local
ipv6 address 2001:DB8:CAFE:202::2/128
!
interface Loopback1
vrf forwarding VPN_B
ip address 192.168.2.2 255.255.255.255
ipv6 address FE80::2 link-local
ipv6 address 2001:DB8:CAFE:222::2/128
!
interface GigabitEthernet0/0
no shutdown
ip address dhcp
duplex auto
speed auto
shutdown
!
interface GigabitEthernet0/1
description optional connection for PC-C w/ static address
no ip address
shutdown
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
description WAN link to R1: 2 Mbps leased line
vrf forwarding VPN_A
ip address 209.165.200.226 255.255.255.252
ip flow ingress
encapsulation ppp
ipv6 address FE80::2 link-local
ipv6 address 2001:DB8:CAFE:10::2/126
no shutdown
!
interface Serial0/0/1
description WAN link to R3: 2 Mbps leased line
vrf forwarding VPN_B
ip address 209.165.200.222 255.255.255.252
ip flow ingress
encapsulation ppp
ipv6 address FE80::2 link-local
ipv6 address 2001:DB8:CAFE:14::2/126
clock rate 2000000
no shutdown
!
!
router bgp 65502
bgp router-id 2.0.0.2
bgp log-neighbor-changes
no bgp default ipv4-unicast

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 100 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

!
address-family ipv4 vrf VPN_A
bgp router-id 2.2.0.2
network 192.168.2.1 mask 255.255.255.255
neighbor 209.165.200.225 remote-as 65501
neighbor 209.165.200.225 password cisco
neighbor 209.165.200.225 activate
exit-address-family
!
address-family ipv6 vrf VPN_A
bgp router-id 2.2.0.2
network 2001:DB8:CAFE:202::2/128
neighbor 209.165.200.225 remote-as 65501
neighbor 209.165.200.225 password cisco
neighbor 209.165.200.225 activate
neighbor 209.165.200.225 route-map IPv4TransportIPv6RouteA in
exit-address-family
!
address-family ipv4 vrf VPN_B
bgp router-id 2.0.2.2
network 192.168.2.2 mask 255.255.255.255
neighbor 209.165.200.221 remote-as 65501
neighbor 209.165.200.221 local-as 65503 no-prepend replace-as
neighbor 209.165.200.221 password cisco
neighbor 209.165.200.221 activate
neighbor 209.165.200.221 allowas-in
exit-address-family
!
address-family ipv6 vrf VPN_B
bgp router-id 2.0.2.2
network 2001:DB8:CAFE:222::2/128
neighbor 209.165.200.221 remote-as 65501
neighbor 209.165.200.221 local-as 65503 no-prepend replace-as
neighbor 209.165.200.221 password cisco
neighbor 209.165.200.221 activate
neighbor 209.165.200.221 allowas-in
neighbor 209.165.200.221 route-map IPv4TransportIPv6RouteB in
exit-address-family
!
!
route-map IPv4TransportIPv6RouteA permit 10
set ipv6 next-hop 2001:DB8:CAFE:10::3
!
route-map IPv4TransportIPv6RouteB permit 10
set ipv6 next-hop 2001:DB8:CAFE:14::3
!
!
crypto key gen rsa general-keys modulus 1024
!
ip http server
ip http secure-server
ip flow-top-talkers
top 3
sort-by bytes
cache-timeout 600000
!
!
logging source-interface Loopback0
!
!
snmp-server community cisco RO
snmp-server community san-fran RW
snmp-server trap-source Loopback0
snmp-server location TSHOOT Lab Facility
snmp-server contact [email protected]
snmp-server enable traps eigrp
snmp-server enable traps flash insertion
snmp-server enable traps flash removal
snmp-server enable traps config
snmp-server enable traps cpu threshold
snmp-server host 10.1.100.1 version 2c cisco
!
!

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 101 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

banner motd ^*** Lab 9-2 Router R2 TT-C Config ***^

!
line con 0
exec-timeout 0 0
logging synchronous
login authentication CONSOLE
!
line vty 0 4
exec-timeout 0 0
logging synchronous
transport input ssh
!
archive
log config
logging enable
logging size 50
notify syslog contenttype plaintext
hidekeys
path tftp://10.1.100.1/$h-archive-config
write-memory
file prompt quiet
!
end
!

Router R3
!Lab 9-2 Router R3 TT-C Config
!
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R3
!
!
logging buffered 16384
enable secret cisco
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login CONSOLE none
aaa authorization exec default local
!
!
clock timezone PST -8
clock summer-time PDT recurring
do clock set 09:05:00 Oct 29 2014
!
!
no ip domain lookup
ip domain name tshoot.net
ip cef
ipv6 unicast-routing
ipv6 cef
!
username cisco secret cisco
!
!
lldp run
!
!
ip ssh source-interface Loopback0
ip ssh dh min size 2048
!
!
interface Loopback0
ip address 192.168.3.1 255.255.255.255
ipv6 address FE80::3 link-local
ipv6 address 2001:DB8:CAFE:203::3/64

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 102 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

!
interface GigabitEthernet0/0
no shutdown
ip address dhcp
duplex auto
speed auto
shutdown
!
interface GigabitEthernet0/1
description FE to DLS1
ip address 10.1.2.14 255.255.255.252
ip flow ingress
duplex full
speed 100
ipv6 address FE80::3 link-local
ipv6 address 2001:DB8:CAFE:212::3/64
no shutdown
!
interface Serial0/0/0
description WAN link to R1 - (Not used)
no ip address
encapsulation ppp
clock rate 2000000
shutdown
!
interface Serial0/0/1
description WAN link to R2: 2 Mbps leased line
ip address 209.165.200.221 255.255.255.252
ip flow ingress
encapsulation ppp
ipv6 address FE80::3 link-local
ipv6 address 2001:DB8:CAFE:14::3/126
no shutdown
!
!
router eigrp HQ
!
address-family ipv4 unicast autonomous-system 1
!
af-interface default
passive-interface
exit-af-interface
!
af-interface GigabitEthernet0/1
no passive-interface
exit-af-interface
!
topology base
redistribute bgp 65501 metric 1544 2000 255 1 1500
exit-af-topology
network 10.1.2.12 0.0.0.3
network 192.168.3.1 0.0.0.0
exit-address-family
!
address-family ipv6 unicast autonomous-system 1
!
af-interface default
passive-interface
exit-af-interface
!
af-interface GigabitEthernet0/1
no passive-interface
exit-af-interface
!
topology base
redistribute bgp 65501 metric 1544 2000 255 1 1500
exit-af-topology
exit-address-family
!
!
!
router bgp 65501
bgp router-id 3.0.0.3

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 103 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

bgp log-neighbor-changes
neighbor 192.168.1.1 remote-as 65501
neighbor 192.168.1.1 password cisco
neighbor 192.168.1.1 update-source Loopback0
neighbor 209.165.200.222 remote-as 65503
neighbor 209.165.200.222 password cisco
!
address-family ipv4
synchronization
network 10.1.0.0 mask 255.255.0.0
neighbor 192.168.1.1 activate
neighbor 192.168.1.1 next-hop-self
neighbor 209.165.200.222 activate
exit-address-family
!
address-family ipv6
synchronization
network 2001:DB8:CAFE:14::/126
neighbor 192.168.1.1 activate
neighbor 192.168.1.1 next-hop-self
neighbor 192.168.1.1 route-map IPv4TransportIPv6RouteFromR1 in
neighbor 209.165.200.222 activate
neighbor 209.165.200.222 route-map IPv4TransportIPv6RouteFromR2 in
exit-address-family
!
!
route-map IPv4TransportIPv6RouteFromR2 permit 10
set ipv6 next-hop 2001:DB8:CAFE:14::2
!
route-map IPv4TransportIPv6RouteFromR1 permit 10
set ipv6 next-hop 2001:DB8:CAFE:201::1
!
!
crypto key gen rsa general-keys modulus 1024
!
ip http server
ip http secure-server
ip flow-top-talkers
top 3
sort-by bytes
cache-timeout 600000
!
ip route 10.1.0.0 255.255.0.0 Null0
!
logging source-interface Loopback0
logging host 10.1.100.1
!
!
snmp-server community cisco RO
snmp-server community san-fran RW
snmp-server trap-source Loopback0
snmp-server location TSHOOT Lab Facility
snmp-server contact [email protected]
snmp-server enable traps eigrp
snmp-server enable traps flash insertion
snmp-server enable traps flash removal
snmp-server enable traps config
snmp-server enable traps cpu threshold
snmp-server host 10.1.100.1 version 2c cisco
!
!
banner motd ^*** Lab 9-2 Router R3 TT-C Config ***^
!
line con 0
exec-timeout 0 0
logging synchronous
login authentication CONSOLE
!
line vty 0 4
exec-timeout 0 0
logging synchronous
transport input ssh
!

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 104 of 105
CCNPv7 TSHOOT Lab 9-2, In Synch

ntp source Loopback0

ntp update-calendar
ntp server 192.168.2.1
!
archive
log config
logging enable
logging size 50
notify syslog contenttype plaintext
hidekeys
path tftp://10.1.100.1/$h-archive-config
write-memory
file prompt quiet
!
end
!

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 105 of 105