Points
Points
=====
- Question Type
1. MCQ
2. Drag and drop
3. Lab Simulation
- "Next" Only
- Valid for 3 years
- NRC / License / Passport
- Example Test Question in Test Begin
- Survey Questions in Test Last
- Reschedule Time (within 1 year)
- Spoto (680Q+ within 1 month)
During Exam
===========
**** #do wr or #wr after configured
**** during Lab, default password id "cisco"
**** need to check with #sh run | begin or #sh interface trunk or #sh ip interface
brief
**** if "Verify" keyword in question, please check the ping from PC.
**** if "Traffic on all trunks should be restricted to only active VLANs" in
question, please add the "#sw trunk allowed vlans xxx".
Switch Lab
----------
Lab-1
1. #spanning-tree mode rapid-pvst
2. #switchport mode trunk
3. #switchport mode trunk
Lab-2
1. #spanning-tree pathcost method long (Spanningtree default is 16 bits that
changed to 32 bits)
2. #no switchport access vlan 400 (to delete the original configured access port)
#switchport trunk encapsulation dot1q
#switchport mode trunk
3. #int range e0/2-3
#switchport trunk allowed vlan 1,400
#channel-group-10 mode active
Lab-3
#int e0/0
1. #switchport trunk encapsulation dot1q
#switchport mode trunk
2. #udld port aggressive
3. #interface range e0/2-3
#switchport trunk ecapsulation dot1q
#switchport trunk allowed vlan 1,300
#switchport mode trunk
#channel-group 10 mode active
Lab-4
1. #interface e0/1
#sw m access
#sw acc vlan 100
#spanning-tree portfast
Route Lab(OSPF)
---------------
***** if add network range in ospf, use wildcard mask. If add network range with
summarize as area 10 range x.x.x.x x.x.x.x, use subnet mask
Lab-5
#sh run | section ospf
1.#router ospf 10
#router-id 1.1.1.1
#interface range e0/0-1
#ip ospf 10 area 0
2.#router ospf 10
#area 10 range 10.1.0.0 255.255.0.0
3.#router ospf 10
#area 20 range 10.2.0.0 255.255.0.0
Lab-6
***** if not want the nodes to participate in DR/BDR election process, add the
relative interface #ip ospf network point-to-point or set priority no 0 #ip ospf
priority 0
#show ip ospf neighbour (Full/-)
1.#int e0/1
#ip ospf network point-to-point
#clear ip ospf process
2.#int e0/0
#ip ospf network point-to-point
#clear ip ospf process
3.#int e0/0
#ip ospf priority 255
#clear ip ospf process
Lab-7
****
#sh ip int br
#show run | section interface
#show run | section ospf
1.#ip prefix-list Name seq 1 deny 10.0.1.1/24
#router ospf 10
#area 10 filter-list prefix Name in
#clear ip ospf process
2.#ip prefix-list Name seq 1 deny 10.2.1.1/24
#router ospf 10
#area 10 filter-list prefix Name out
#clear ip ospf process
Lab-8
**** when add the vrf to interface, need to re-configure the IP address to
interface.
**** when add ipsec to gre tunnel, use #tunnel protection ipsec profile XXX
**** If there is no VRF CORP, create VRF #vrf definition CORP
Step
----
Create VRF -> Create GRE Tunnel0 -> Add VRF in GRE Tunnel0 -> Reconfigure the GRE
Tunnel0 -> Add the GRE Tuneel0 in IPSec Profile
#show run | section interface
#show run | section vrf
#show run | section ipsec
#show ip int br
R1
#config t
#ip route vrf CORP 10.100.2.0 255.255.255.0 10.100.100.2
#interface Tunnel 0
#vrf forwarding CORP
#ip address 10.100.100.1 255.255.255.0
#tunnel source Ethernet 0/1
#tunnel destination 10.10.2.1
#tunnel protection ipsec profile XXX
#exit
#interface Ethernet 0/0.100
#vrf forwarding CORP
#ip address 10.100.1.1 255.255.255.0
#end
R2
#config t
#ip route vrf CORP 10.100.1.0 255.255.255.0 10.100.100.1
#interface Tunnel 0
#vrf forwarding CORP
#ip address 10.100.100.2 255.255.255.0
#tunnel source Ethernet 0/2
#tunnel destination 10.10.1.1
#tunnel protection ipsec profile XXX
exit
#interface 0/0.101
#vrf forwarding CORP
#ip address 10.101.2.1 255.255.255.0
#end
Lab-9
#sh run
#sh ip int br
R1
#config t
#ip route vrf CORP 10.100.1.0 255.255.255.0 10.100.100.2
#interface Tunnel 0
#vrf forwarding CORP
#ip address 10.100.100.1 255.255.255.0
#tunnel source Ethernet 0/1
#tunnel destination 10.10.2.1
#tunnel protection ipsec profile XXX
#end
R2
#config t
#ip route vrf CORP 10.101.2.0 255.255.255.0 10.100.100.1
#interface Tunnel 0
#vrf forwarding CORP
#ip address 10.100.100.2 255.255.255.0
#tunnel source Ethernet 0/2
#tunnel destination 10.10.1.1
#tunnel protection ipsec profile XXX
#end
Lab-10
**** In OSPF, add VRF to OSP with #route ospf 100 vrf CORP
Step
----
Add router ospf 100 vrf CORP -> create crypto keyring XXX vrf CORP and built pre-
shared-key address x.x.x.x x.x.x.x key XXX -> add CORP vrf to WAN Int,
#sh run
#sh ip int br
#sh route ospf
R1
#config t
#no router ospf 100
#router ospf 100 vrf CORP
#router-id 10.10.10.10
#exit
#crypto keyring test vrf CORP
#pre-shared key address 10.10.2.1 0.0.0.0 key cisco
#interface Ethernet 0/1
#vrf forwarding CORP
#ip address 10.10.1.1 255.255.255.0
#ip ospf network point-to-point
#ip ospf 100 area 0
#interface Tunnel 0
#tunnel vrf CORP
#tunnel protection ipsec profile XXX
R2
#config t
#no router ospf 100
#router ospf 100vrf CORP
#router-id 20.20.20.20
#exit
#crypto keyring test vrf CORP
#pre-shared key address 10.10.1.1 0.0.0.0 key cisco
#interface Ethernet Ethernet 0/2
#vrf forwarding CORP
#ip address 10.10.21 255.255.255.0
Lab-11 (BGP-1)
****** (Watch carefully address-family)
#sh run
#sh ip int br
#sh router bgp summary
R2
#config t
#router bgp 500
#bgp router-id LOOPBACK ID
#neighbor 209.165.200.225 remote-as 400
#neighbor 209.165.200.229 remote-as 500
#network 209.165.201.9 mask 255.255.255.255
#network 209.165.201.10 mask 255.255.255.255
#end
#wr
Lab-12 (BGP-2)
****** (Watch Carefully address-family)
#sh ip int br
#sh router bgp summary
#sh run | section bgp
R1
#en
#config t
#router bgp 100
#bgp router-id 10.1.1.100
#neighbor 209.165.200.226 remote-as 200
#neighbor 209.165.202.129 remote-as 300
#address-family ipv4
#network 10.1.1.100 mask 255.255.255.255
#network 209.165.201.0 mask 255.255.255.248
#network 209.165.201.8 mask 255.255.255.248
#end
#wr
Lab-13 (Security-1)
******* virtual-link = line vty 0 4
#sh run | section aux
R2
#en
#config terminal
#line aux 0
#password Cisco!
#exit
#service password-encryption
#line vty 0 4
#transport input ssh
#exec-timeout 25 0
#end
#wr
Lab-15 (CoPP)
****** ACL > class-map > policy-map > apply in control-plane
#show run
#show ip access-list
R10
#en
#config t
#ip access-list extended 120
#5 permit ospf any any
#end
#wr
R30
#en
#config t
#ip access-list extended TELNET
#permit tcp 192.168.24.0 0.0.0.255 any eq telnet
#exit
#class-map match-any TelnetClass
#match access-group name TELNET
#exit
#policy-map COPP
#class TelnetClass
#police 8000 conform-action transmit exceed-action drop
#control-plane
#service-policy input COPP
#end
#wr
Lab-16 (OSPF4)
******
R30
#show run
#show router ospf
#show ip int br
#config t
#router ospf 30
#router-id 10.0.1.30
#network 10.0.1.30 0.0.0.0 area 0
#network 10.10.30.0 0.0.0.255 area 0
#network 10.20.30.0 0.0.0.255 area 0
#network 10.50.40.0 0.0.0.255 area 50
#area 50 range 10.50.0.0 255.255.128.0
#end
#wr
Lab-19 (Security2)
****** higest level of privilege = 15
R2
#en
#sh run
#config t
#username NetworkAdmin privilege 15 password CiscoENCOR
#line vty 0 4
#transport input telnet
#login local
#line aux 0
#exec-timeout 20 0
#end
#wr