IEcollection
08-08-2018, 05:03 PM
TS2: same WB (TS2BT1)
- Ticket 1: add vlan access-map ATTACK 20, action forward
- Ticket 2: Nat pool 123.45.67.0/24 change pool /24 to /28 same subnet interface L123
- Ticket 3: wrong access-list, check cost ospf.
- Ticket 4: local preference on R21 and change cost inteface e0/0 SW200 to 100
- Ticket 5: ip ospf network point-to-multipoint on R14/51/60
- Ticket 6: R15 network 2001:CC:1E:8BAD:2001::/104. Network int vlan 2001 to ospfv3
- Ticket 7: wrong rt import/export on MPLS VPN/ network int l0 R1 to ospf
- Ticket 8: SW300/301: ip dhcp relay information trusted on vlan 2000
- Ticket 9: tunnel key mismatch
- Ticket 10: ip nat inside source static tcp 10.2.200.1 23 201.99.25.2 23
ip nat outside source static 201.99.70.2 201.99.70.25
Diag H3+: same WB:
H2+ CFG
PART 1:
- VTP transparent: pre-configured
- Interfaces between switches are pre-configurable access vlan 999 and shutdown.
- Require SW4 configuration to port e2/0 of SW3 block and e2/1 SW3 forward for vlan 34
- Etherchannel requires the Cisco PAgP.
- Load-balance configuration: src-dst-ip (SW3 & SW4) and src-mac (SW5 & SW6).
- R17, R19, R20, R21 have been pre-configured with VRF Corp and its interfaces have been assigned to the VRF.
PART 2 + 3:
OSPF
- OSPF in DC1 AS65002:
o Not have configuration of OSPF on SW3, SW4, R17, and R18 and it required not use the network command and the presence of Type 2 LSA.
o The interface ports of R17, R18 were shutdown
o The DMZPN OSPF area (R17, R19, R20, R21) is identical to WB
o R17 advertise default by command: default-information originate and allow to configure 1 static route: ip route vrf Corp 0.0.0.0 0.0.0.0 e0 / 0 192.0.2.1.
- OSPF in HQ AS65002:
o SW1, R11, R12 configured OSPF. SW1 has configured vlan 100,101 and priority 255 on two 100,101 vlan interfaces
o R11, R12 advertised default always
- OSPF in Main Office AS65002:
o Same as HQ
- OSPF Core AS65001:
o Have been pre-configured, check carefully OSPF, router-id,
o R9, R10 shutdown 2 ports and no any configuration
o R9, R10 need to add distance external 175
EIGRP
- CORE
o Switch to name mode EIGRP. Need to delete router eigrp 1 ([pre-configured)
o R53, R54 shutdown 2 ports e0/0, e0/1
o Interface lo0 is not advertised on all Router R50 -> R54
o R53, R54 is not advertised link between R53 - R9 and R54 - R10
o R9, R10 is not advertised link between R9 - R53 and R10 - R54
o The lo52 interface of R52 is configured with bandwidth 1 and requires redistribute and EIGRP
o Remember the metric rib-scale command 153 on all routers R9, R10, R50 -> R54
- AS65005
o Configured, checked carefully
- AS65007
o Configured, checked carefully
o Summary-metric 0.0.0.0 0.0.0.0/0 distance 21 has been configured
BGP
- R1 is the RR of all PE routers (ipv4 and vpnv4)
- The CE R11, R12, R13, R14, R15 R16 use allowas-in
- InterVPN-Routing the same WB
- R15, R16 advertise default-route by neighbor command
- InterVPN Routing: same as WB
- R55, R56 : route-map not yet configured
+ I add prefix-list/route-map to permit 172.0.0.0/8 le 32
- Note: CE in Jocobs do not see AS65001 in NLRI
You need add command:
No-prepend replace-as (R55,R56,R58)
- IPv6: SW3 enable ospfv3 vlan 100(RP-H)/34/153/173,
SW4 enable ospfv3 vlan 100(RP-M)/34/164
PART 4
- Section 4.1: Do not use deny in ACLs
- Section 4.2: I don' t do it.
PART 5
- Same WB
- Ticket 1: add vlan access-map ATTACK 20, action forward
- Ticket 2: Nat pool 123.45.67.0/24 change pool /24 to /28 same subnet interface L123
- Ticket 3: wrong access-list, check cost ospf.
- Ticket 4: local preference on R21 and change cost inteface e0/0 SW200 to 100
- Ticket 5: ip ospf network point-to-multipoint on R14/51/60
- Ticket 6: R15 network 2001:CC:1E:8BAD:2001::/104. Network int vlan 2001 to ospfv3
- Ticket 7: wrong rt import/export on MPLS VPN/ network int l0 R1 to ospf
- Ticket 8: SW300/301: ip dhcp relay information trusted on vlan 2000
- Ticket 9: tunnel key mismatch
- Ticket 10: ip nat inside source static tcp 10.2.200.1 23 201.99.25.2 23
ip nat outside source static 201.99.70.2 201.99.70.25
Diag H3+: same WB:
H2+ CFG
PART 1:
- VTP transparent: pre-configured
- Interfaces between switches are pre-configurable access vlan 999 and shutdown.
- Require SW4 configuration to port e2/0 of SW3 block and e2/1 SW3 forward for vlan 34
- Etherchannel requires the Cisco PAgP.
- Load-balance configuration: src-dst-ip (SW3 & SW4) and src-mac (SW5 & SW6).
- R17, R19, R20, R21 have been pre-configured with VRF Corp and its interfaces have been assigned to the VRF.
PART 2 + 3:
OSPF
- OSPF in DC1 AS65002:
o Not have configuration of OSPF on SW3, SW4, R17, and R18 and it required not use the network command and the presence of Type 2 LSA.
o The interface ports of R17, R18 were shutdown
o The DMZPN OSPF area (R17, R19, R20, R21) is identical to WB
o R17 advertise default by command: default-information originate and allow to configure 1 static route: ip route vrf Corp 0.0.0.0 0.0.0.0 e0 / 0 192.0.2.1.
- OSPF in HQ AS65002:
o SW1, R11, R12 configured OSPF. SW1 has configured vlan 100,101 and priority 255 on two 100,101 vlan interfaces
o R11, R12 advertised default always
- OSPF in Main Office AS65002:
o Same as HQ
- OSPF Core AS65001:
o Have been pre-configured, check carefully OSPF, router-id,
o R9, R10 shutdown 2 ports and no any configuration
o R9, R10 need to add distance external 175
EIGRP
- CORE
o Switch to name mode EIGRP. Need to delete router eigrp 1 ([pre-configured)
o R53, R54 shutdown 2 ports e0/0, e0/1
o Interface lo0 is not advertised on all Router R50 -> R54
o R53, R54 is not advertised link between R53 - R9 and R54 - R10
o R9, R10 is not advertised link between R9 - R53 and R10 - R54
o The lo52 interface of R52 is configured with bandwidth 1 and requires redistribute and EIGRP
o Remember the metric rib-scale command 153 on all routers R9, R10, R50 -> R54
- AS65005
o Configured, checked carefully
- AS65007
o Configured, checked carefully
o Summary-metric 0.0.0.0 0.0.0.0/0 distance 21 has been configured
BGP
- R1 is the RR of all PE routers (ipv4 and vpnv4)
- The CE R11, R12, R13, R14, R15 R16 use allowas-in
- InterVPN-Routing the same WB
- R15, R16 advertise default-route by neighbor command
- InterVPN Routing: same as WB
- R55, R56 : route-map not yet configured
+ I add prefix-list/route-map to permit 172.0.0.0/8 le 32
- Note: CE in Jocobs do not see AS65001 in NLRI
You need add command:
No-prepend replace-as (R55,R56,R58)
- IPv6: SW3 enable ospfv3 vlan 100(RP-H)/34/153/173,
SW4 enable ospfv3 vlan 100(RP-M)/34/164
PART 4
- Section 4.1: Do not use deny in ACLs
- Section 4.2: I don' t do it.
PART 5
- Same WB